Results 1  10
of
270
Monotone Complexity
, 1990
"... We give a general complexity classification scheme for monotone computation, including monotone spacebounded and Turing machine models not previously considered. We propose monotone complexity classes including mAC i , mNC i , mLOGCFL, mBWBP , mL, mNL, mP , mBPP and mNP . We define a simple ..."
Abstract

Cited by 2825 (11 self)
 Add to MetaCart
We give a general complexity classification scheme for monotone computation, including monotone spacebounded and Turing machine models not previously considered. We propose monotone complexity classes including mAC i , mNC i , mLOGCFL, mBWBP , mL, mNL, mP , mBPP and mNP . We define a simple notion of monotone reducibility and exhibit complete problems. This provides a framework for stating existing results and asking new questions. We show that mNL (monotone nondeterministic logspace) is not closed under complementation, in contrast to Immerman's and Szelepcs 'enyi's nonmonotone result [Imm88, Sze87] that NL = coNL; this is a simple extension of the monotone circuit depth lower bound of Karchmer and Wigderson [KW90] for stconnectivity. We also consider mBWBP (monotone bounded width branching programs) and study the question of whether mBWBP is properly contained in mNC 1 , motivated by Barrington's result [Bar89] that BWBP = NC 1 . Although we cannot answer t...
Fully homomorphic encryption using ideal lattices
 In Proc. STOC
, 2009
"... We propose a fully homomorphic encryption scheme – i.e., a scheme that allows one to evaluate circuits over encrypted data without being able to decrypt. Our solution comes in three steps. First, we provide a general result – that, to construct an encryption scheme that permits evaluation of arbitra ..."
Abstract

Cited by 663 (17 self)
 Add to MetaCart
(Show Context)
We propose a fully homomorphic encryption scheme – i.e., a scheme that allows one to evaluate circuits over encrypted data without being able to decrypt. Our solution comes in three steps. First, we provide a general result – that, to construct an encryption scheme that permits evaluation of arbitrary circuits, it suffices to construct an encryption scheme that can evaluate (slightly augmented versions of) its own decryption circuit; we call a scheme that can evaluate its (augmented) decryption circuit bootstrappable. Next, we describe a public key encryption scheme using ideal lattices that is almost bootstrappable. Latticebased cryptosystems typically have decryption algorithms with low circuit complexity, often dominated by an inner product computation that is in NC1. Also, ideal lattices provide both additive and multiplicative homomorphisms (modulo a publickey ideal in a polynomial ring that is represented as a lattice), as needed to evaluate general circuits. Unfortunately, our initial scheme is not quite bootstrappable – i.e., the depth that the scheme can correctly evaluate can be logarithmic in the lattice dimension, just like the depth of the decryption circuit, but the latter is greater than the former. In the final step, we show how to modify the scheme to reduce the depth of the decryption circuit, and thereby obtain a bootstrappable encryption scheme, without reducing the depth that the scheme can evaluate. Abstractly, we accomplish this by enabling the encrypter to start the decryption process, leaving less work for the decrypter, much like the server leaves less work for the decrypter in a serveraided cryptosystem.
The NPcompleteness column: an ongoing guide
 JOURNAL OF ALGORITHMS
, 1987
"... This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NPCompleteness," W. H. Freem ..."
Abstract

Cited by 239 (0 self)
 Add to MetaCart
(Show Context)
This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NPCompleteness," W. H. Freeman & Co., New York, 1979 (hereinafter referred to as "[G&J]"; previous columns will be referred to by their dates). A background equivalent to that provided by [G&J] is assumed, and, when appropriate, crossreferences will be given to that book and the list of problems (NPcomplete and harder) presented there. Readers who have results they would like mentioned (NPhardness, PSPACEhardness, polynomialtimesolvability, etc.) or open problems they would like publicized, should
Candidate indistinguishability obfuscation and functional encryption for all circuits
 In FOCS
, 2013
"... In this work, we study indistinguishability obfuscation and functional encryption for general circuits: Indistinguishability obfuscation requires that given any two equivalent circuits C0 and C1 of similar size, the obfuscations of C0 and C1 should be computationally indistinguishable. In functional ..."
Abstract

Cited by 170 (37 self)
 Add to MetaCart
In this work, we study indistinguishability obfuscation and functional encryption for general circuits: Indistinguishability obfuscation requires that given any two equivalent circuits C0 and C1 of similar size, the obfuscations of C0 and C1 should be computationally indistinguishable. In functional encryption, ciphertexts encrypt inputs x and keys are issued for circuits C. Using the key SKC to decrypt a ciphertext CTx = Enc(x), yields the value C(x) but does not reveal anything else about x. Furthermore, no collusion of secret key holders should be able to learn anything more than the union of what they can each learn individually. We give constructions for indistinguishability obfuscation and functional encryption that supports all polynomialsize circuits. We accomplish this goal in three steps: • We describe a candidate construction for indistinguishability obfuscation for NC 1 circuits. The security of this construction is based on a new algebraic hardness assumption. The candidate and assumption use a simplified variant of multilinear maps, which we call Multilinear Jigsaw Puzzles. • We show how to use indistinguishability obfuscation for NC 1 together with Fully Homomorphic Encryption (with decryption in NC 1) to achieve indistinguishability obfuscation for all circuits.
On Uniformity within NC¹
 JOURNAL OF COMPUTER AND SYSTEM SCIENCES
, 1990
"... In order to study circuit complexity classes within NC¹ in a uniform setting, we need a uniformity condition which is more restrictive than those in common use. Two such conditions, stricter than NC¹ uniformity [Ru81,Co85], have appeared in recent research: Immerman's families of circuits defin ..."
Abstract

Cited by 127 (19 self)
 Add to MetaCart
In order to study circuit complexity classes within NC¹ in a uniform setting, we need a uniformity condition which is more restrictive than those in common use. Two such conditions, stricter than NC¹ uniformity [Ru81,Co85], have appeared in recent research: Immerman's families of circuits defined by firstorder formulas [Im87a,Im87b] and a uniformity corresponding to Buss' deterministic logtime reductions [Bu87]. We show that these two notions are equivalent, leading to a natural notion of uniformity for lowlevel circuit complexity classes. We show that recent results on the structure of NC¹ [Ba89] still hold true in this very uniform setting. Finally, we investigate a parallel notion of uniformity, still more restrictive, based on the regular languages. Here we give characterizations of subclasses of the regular languages based on their logical expressibility, extending recent work of Straubing, Th'erien, and Thomas [STT88]. A preliminary version of this work appeared as [BIS88].
Wrappers For Performance Enhancement And Oblivious Decision Graphs
, 1995
"... In this doctoral dissertation, we study three basic problems in machine learning and two new hypothesis spaces with corresponding learning algorithms. The problems we investigate are: accuracy estimation, feature subset selection, and parameter tuning. The latter two problems are related and are stu ..."
Abstract

Cited by 125 (7 self)
 Add to MetaCart
In this doctoral dissertation, we study three basic problems in machine learning and two new hypothesis spaces with corresponding learning algorithms. The problems we investigate are: accuracy estimation, feature subset selection, and parameter tuning. The latter two problems are related and are studied under the wrapper approach. The hypothesis spaces we investigate are: decision tables with a default majority rule (DTMs) and oblivious readonce decision graphs (OODGs).
The Power of Reconfiguration
, 1998
"... This paper concerns the computational aspects of the reconfigurable network model. The computational power of the model is investigated under several network topologies and assuming several variants of the model. In particular, it is shown that there are reconfigurable machines based on simple netwo ..."
Abstract

Cited by 89 (7 self)
 Add to MetaCart
This paper concerns the computational aspects of the reconfigurable network model. The computational power of the model is investigated under several network topologies and assuming several variants of the model. In particular, it is shown that there are reconfigurable machines based on simple network topologies, that are capable of solving large classes of problems in constant time. These classes depend on the kinds of switches assumed for the network nodes. Reconfigurable networks are also compared with various other models of parallel computation, like PRAM's and Branching Programs. Part of this work is to be presented at the 18th International Colloquium on Automata, Languages, and Programming (ICALP), July 1991, Madrid. y Department of Computer Science, The Hebrew University, Jerusalem 91904, Israel. Email: yosi@humus.huji.ac.il, Supported by Eshcol Fellowship. z Department of Applied Mathematics and Computer Science, The Weizmann Institute, Rehovot 76100, Israel. Email: p...
Comparing Information Without Leaking It
 Communications of the ACM
, 1996
"... We consider simple means by which two people may determine whether they possess the same information, without revealing anything else to each other in case that they do not. Incumbent of the Morris and Rose Goldman Career Development Chair. Research supported by an Alon Fellowship and a grant from ..."
Abstract

Cited by 80 (4 self)
 Add to MetaCart
(Show Context)
We consider simple means by which two people may determine whether they possess the same information, without revealing anything else to each other in case that they do not. Incumbent of the Morris and Rose Goldman Career Development Chair. Research supported by an Alon Fellowship and a grant from the Israel Science Foundation administered by the Israeli Academy of Sciences. Most of this work was done while the author was at the IBM Almaden Research Center. y Most of this work was done while the author was with Bellcore. 1 Introduction Consider the following problem, which actually arose in real life (we have masked the problem somewhat to protect confidentiality). Bob comes to Ron, a manager at his company, with a complaint about a sensitive matter; he asks Ron to keep his identity confidential. A few months later, Moshe (another manager) tells Ron that someone has complained to him, also with a confidentiality request, about the same matter. Ron and Moshe would like to determi...
Virtual BlackBox Obfuscation for All Circuits via Generic Graded Encoding
"... We present a new generalpurpose obfuscator for all polynomialsize circuits. The obfuscator uses graded encoding schemes, a generalization of multilinear maps. We prove that the obfuscator exposes no more information than the program’s blackbox functionality, and achieves virtual blackbox securit ..."
Abstract

Cited by 66 (1 self)
 Add to MetaCart
We present a new generalpurpose obfuscator for all polynomialsize circuits. The obfuscator uses graded encoding schemes, a generalization of multilinear maps. We prove that the obfuscator exposes no more information than the program’s blackbox functionality, and achieves virtual blackbox security, in the generic graded encoded scheme model. This proof is under the Bounded Speedup Hypothesis (BSH, a plausible worstcase complexitytheoretic assumption related to the Exponential Time Hypothesis), in addition to standard cryptographic assumptions. We also show that the weaker notion of indistinguishability obfuscation can be achieved without BSH. Very recently, Garg et al. (FOCS 2013) used graded encoding schemes to present a candidate obfuscator for indistinguishability obfuscation. They posed the problem of constructing a provably secure indistinguishability obfuscator in the generic graded encoding scheme model. Our obfuscator resolves this problem. Indeed, under BSH it achieves the stronger notion of virtual black box security, which is our focus in this work. Our construction is different from that of Garg et al., but is inspired by it, in particular by their use of permutation branching programs. We obtain our obfuscator by developing techniques used to obfuscate dCNF formulas (ePrint 2013), and applying them to permutation branching programs. This yields an obfuscator for the complexity class N C 1. We then use homomorphic encryption to obtain an obfuscator for any polynomialsize circuit. 1