Results 1  10
of
126
On Lattices, Learning with Errors, Random Linear Codes, and Cryptography
 In STOC
, 2005
"... Our main result is a reduction from worstcase lattice problems such as SVP and SIVP to a certain learning problem. This learning problem is a natural extension of the ‘learning from parity with error’ problem to higher moduli. It can also be viewed as the problem of decoding from a random linear co ..."
Abstract

Cited by 364 (6 self)
 Add to MetaCart
(Show Context)
Our main result is a reduction from worstcase lattice problems such as SVP and SIVP to a certain learning problem. This learning problem is a natural extension of the ‘learning from parity with error’ problem to higher moduli. It can also be viewed as the problem of decoding from a random linear code. This, we believe, gives a strong indication that these problems are hard. Our reduction, however, is quantum. Hence, an efficient solution to the learning problem implies a quantum algorithm for SVP and SIVP. A main open question is whether this reduction can be made classical. We also present a (classical) publickey cryptosystem whose security is based on the hardness of the learning problem. By the main result, its security is also based on the worstcase quantum hardness of SVP and SIVP. Previous latticebased publickey cryptosystems such as the one by Ajtai and Dwork were based only on uniqueSVP, a special case of SVP. The new cryptosystem is much more efficient than previous cryptosystems: the public key is of size Õ(n2) and encrypting a message increases its size by a factor of Õ(n) (in previous cryptosystems these values are Õ(n4) and Õ(n2), respectively). In fact, under the assumption that all parties share a random bit string of length Õ(n2), the size of the public key can be reduced to Õ(n). 1
Improved approximation algorithms for minimum weight vertex separators
 In Proceedings of the 30th Annual Symposium on Foundations of Computer Science, FOCS’89
, 1989
"... vertex separators ..."
A New Look at Survey Propagation and its Generalizations
"... We study the survey propagation algorithm [19, 5, 4], which is an iterative technique that appears to be very effective in solving random kSAT problems even with densities close to threshold. We first describe how any SAT formula can be associated with a novel family of Markov random fields (MRFs), ..."
Abstract

Cited by 66 (11 self)
 Add to MetaCart
We study the survey propagation algorithm [19, 5, 4], which is an iterative technique that appears to be very effective in solving random kSAT problems even with densities close to threshold. We first describe how any SAT formula can be associated with a novel family of Markov random fields (MRFs), parameterized by a real number ρ. We then show that applying belief propagation— a wellknown “messagepassing” technique—to this family of MRFs recovers various algorithms, ranging from pure survey propagation at one extreme (ρ = 1) to standard belief propagation on the uniform distribution over SAT assignments at the other extreme (ρ = 0). Configurations in these MRFs have a natural interpretation as generalized satisfiability assignments, on which a partial order can be defined. We isolate cores as minimal elements in this partial
Spectral techniques applied to sparse random graphs. Random Structures and Algorithms
 Random Structures and Algorithms
, 2003
"... We analyze the eigenvalue gap for the adjacency matrices of sparse random graphs. Let λ1 ≥... ≥ λn be the eigenvalues of an nvertex graph, and let λ = max[λ2, λn]. Let c be a large enough constant. For graphs of average degree d = c log n it is well known that λ1 ≥ d, and we show that λ = O ( √ ..."
Abstract

Cited by 62 (3 self)
 Add to MetaCart
We analyze the eigenvalue gap for the adjacency matrices of sparse random graphs. Let λ1 ≥... ≥ λn be the eigenvalues of an nvertex graph, and let λ = max[λ2, λn]. Let c be a large enough constant. For graphs of average degree d = c log n it is well known that λ1 ≥ d, and we show that λ = O ( √ d). For d = c it is no longer true that λ = O ( √ d), but we show that by removing a small number of vertices of highest degree in G, one gets a graph G ′ for which λ = O ( √ d). Our proofs are based on the techniques of Kahn and Szemeredi from STOC 1989, who proved similar results for regular graphs. Our results are useful for extending the analysis of certain heuristics to sparser instances of NPhard problems. We illustrate this by removing some unnecessary logarithmic factors in the density of kSAT formulas that are refuted by the algorithm of Goerdt and Krivelevich from STACS 2001. 1
Ruling out PTAS for graph minbisection, dense ksubgraph, and bipartite clique
 SIAM J. Comput
"... Abstract Assuming that NP 6 ` "ffl?0 BPTIME(2nffl), we show that Graph MinBisection, Dense kSubgraph and Bipartite Clique have no Polynomial Time Approximation Scheme (PTAS). We give a reduction from the Minimum Distance of Code Problem (MDC). Starting with an instance of MDC, we build a Q ..."
Abstract

Cited by 57 (0 self)
 Add to MetaCart
Abstract Assuming that NP 6 ` &quot;ffl?0 BPTIME(2nffl), we show that Graph MinBisection, Dense kSubgraph and Bipartite Clique have no Polynomial Time Approximation Scheme (PTAS). We give a reduction from the Minimum Distance of Code Problem (MDC). Starting with an instance of MDC, we build a Quasirandom PCP that suffices to prove the desired inapproximability results. In a Quasirandom PCP, the query pattern of the verifier looks random in certain precise sense. Among the several new techniques we introduce, the most interesting one gives a way of certifying that a given polynomial belongs to a given linear subspace of polynomials. As is important for our purpose, the certificate itself happens to be another polynomial and it can be checked probabilistically by reading a constant number of its values.
The PrizeCollecting Generalized Steiner Tree Problem Via A New Approach Of PrimalDual Schema
"... In this paper we study the prizecollecting version of the Generalized Steiner Tree problem. To the best of our knowledge, there is no general combinatorial technique in approximation algorithms developed to study the prizecollecting versions of various problems. These problems are studied on a cas ..."
Abstract

Cited by 45 (13 self)
 Add to MetaCart
In this paper we study the prizecollecting version of the Generalized Steiner Tree problem. To the best of our knowledge, there is no general combinatorial technique in approximation algorithms developed to study the prizecollecting versions of various problems. These problems are studied on a case by case basis by Bienstock et al. [5] by applying an LProunding technique which is not a combinatorial approach. The main contribution of this paper is to introduce a general combinatorial approach towards solving these problems through novel primaldual schema (without any need to solve an LP). We fuse the primaldual schema with Farkas lemma to obtain a combinatorial 3approximation algorithm for the PrizeCollecting Generalized Steiner Tree problem. Our work also inspires a combinatorial algorithm [12] for solving a special case of Kelly’s problem [21] of pricing edges. We also consider the kforest problem, a generalization of kMST and kSteiner tree, and we show that in spite of these problems for which there are constant factor approximation algorithms, the kforest problem is much harder to approximate. In particular, obtaining an approximation factor better than O(n 1/6−ε) for kforest requires substantially new ideas including improving the approximation factor O(n 1/3−ε) for the notorious densest ksubgraph problem. We note that kforest and prizecollecting version of Generalized Steiner Tree are closely related to each other, since the latter is the Lagrangian relaxation of the former.
On the Compressibility of NP Instances and Cryptographic Applications
"... We study compression that preserves the solution to an instance of a problem rather than preserving the instance itself. Our focus is on the compressibility of N P decision problems. We consider N P problems that have long instances but relatively short witnesses. The question is, can one efficientl ..."
Abstract

Cited by 38 (0 self)
 Add to MetaCart
We study compression that preserves the solution to an instance of a problem rather than preserving the instance itself. Our focus is on the compressibility of N P decision problems. We consider N P problems that have long instances but relatively short witnesses. The question is, can one efficiently compress an instance and store a shorter representation that maintains the information of whether the original input is in the language or not. We want the length of the compressed instance to be polynomial in the length of the witness and polylog in the length of original input. We discuss the differences between this notion and similar notions from parameterized complexity. Such compression enables to succinctly store instances until a future setting will allow solving them, either via a technological or algorithmic breakthrough or simply until enough time has elapsed. We give a new classification of N P with respect to compression. This classification forms a stratification of N P that we call the VC hierarchy. The hierarchy is based on a new type of reduction called Wreduction and there are compressioncomplete problems for each class. Our motivation for studying this issue stems from the vast cryptographic implications compressibility has. For example, we say that SAT is compressible if there exists a polynomial p(·, ·) so that given a
A Spectral Technique for Random Satisfiable 3CNF Formulas
, 2002
"... Let I be a random 3CNF formula generated by choosing a truth assignment φ for variables x_1, ..., x_n uniformly at random and including every clause with i literals set true by φ with probability p_i, independently. We show that for any 0 ≤ η_2, η_3 ≤ 1 ..."
Abstract

Cited by 36 (3 self)
 Add to MetaCart
(Show Context)
Let I be a random 3CNF formula generated by choosing a truth assignment &phi; for variables x_1, ..., x_n uniformly at random and including every clause with i literals set true by &phi; with probability p_i, independently. We show that for any 0 &le; &eta;_2, &eta;_3 &le; 1 there is a constant d_min so that for all d &ge; d_min a spectral algorithm similar to the graph coloring algorithm of [1] will find a satisfying assignment with high probability for p_1 = d/n&sup2;, p_2 = ...
Detecting high logdensities: an O(n1/4) approximation for densest ksubgraph
 In Proc. of the 42nd STOC
, 2010
"... ar ..."
(Show Context)