Communication Complexity. The dialogues of Alice and Bob...
|
|
- Francis Wilcox
- 5 years ago
- Views:
Transcription
1 Communication Complexity The dialogues of Alice and Bob...
2 Alice and Bob make a date
3 Alice and Bob make a date Are you free on Friday?
4 Alice and Bob make a date Are you free on Friday? No, have to work at the Krusty Krab.
5 Alice and Bob make a date Are you free on Friday? No, have to work at the Krusty Krab. How about Saturday?
6 Alice and Bob make a date Are you free on Friday? No, have to work at the Krusty Krab. How about Saturday? No, have to work at the Krusty Krab.
7 Alice and Bob make a date Are you free on Friday? No, have to work at the Krusty Krab. How about Saturday? No, have to work at the Krusty Krab....
8 Alice and Bob make a date Are you free on Friday? No, have to work at the Krusty Krab. How about Saturday? No, have to work at the Krusty Krab.... How many s can it take to set a date?
9 Measures of Communication We want to quantify the amount of communication sent back and forth.
10 Measures of Communication We want to quantify the amount of communication sent back and forth. Several ways to do this: number of s, total number of characters, volume of breath...
11 Measures of Communication We want to quantify the amount of communication sent back and forth. Several ways to do this: number of s, total number of characters, volume of breath... Being computer scientists, we will use bits.
12 Alice s schedule Alice s schedule for the week: Mon Tue... Morn Aftn Eve Morn Aftn Eve... Free Busy Busy Busy Free Free...
13 Alice s schedule Alice s schedule for the week: Mon Tue... Morn Aftn Eve Morn Aftn Eve... Free Busy Busy Busy Free Free... We can convert this into a string of bits where 0=Busy, 1=Free
14 Alice s schedule Alice s schedule for the week: Mon Tue... Morn Aftn Eve Morn Aftn Eve... Free Busy Busy Busy Free Free... We can convert this into a string of bits where 0=Busy, 1=Free Any 21 bit string is a valid input.
15 Set Intersection Alice s schedule for the week: Mon Tue... Morn Aftn Eve Morn Aftn Eve Bob s schedule for the week: Mon Tue... Morn Aftn Eve Morn Aftn Eve
16 Set Intersection Alice s schedule for the week: Bob s schedule for the week:
17 Set Intersection Alice s schedule for the week: Bob s schedule for the week: Q: Is there a position where both strings have a 1?
18 Set Intersection Alice s schedule for the week: Bob s schedule for the week: Q: Is there a position where both strings have a 1? Known as the set intersection problem.
19 Set Intersection In general, Alice and Bob will each hold a n bit binary string.
20 Set Intersection In general, Alice and Bob will each hold a n bit binary string. Again, the task is to decide if these strings have a common position with a 1 or not.
21 Set Intersection In general, Alice and Bob will each hold a n bit binary string. Again, the task is to decide if these strings have a common position with a 1 or not. Notice the problem can always be solved with n+1 bits of communication---alice can send her entire input to Bob, he can produce the correct output.
22 Set Intersection In general, Alice and Bob will each hold a n bit binary string. Again, the task is to decide if these strings have a common position with a 1 or not. Notice the problem can always be solved with n+1 bits of communication---alice can send her entire input to Bob, he can produce the correct output. This is known as the trivial protocol.
23 Try It!?
24 Communication Matrix
25 010 Communication Matrix
26 Communication Protocol We also assume the communication is in bits
27 Communication Protocol We also assume the communication is in bits
28 Communication Protocol We also assume the communication is in bits
29 Communication Protocol We also assume the communication is in bits
30 Communication Protocol We also assume the communication is in bits
31 Communication Protocol We also assume the communication is in bits
32 Communication Protocol We also assume the communication is in bits
33 Communication Protocol We also assume the communication is in bits. 1 The last bit of the protocol is the answer!
34 Communication Protocol The first bit Alice sends depends only on her input. She knows nothing about Bob s schedule
35 Communication Protocol The first bit Alice sends depends only on her input. She knows nothing about Bob s schedule
36 Communication Protocol The first bit Alice sends depends only on her input. She knows nothing about Bob s schedule
37 Communication Protocol The first bit Alice sends depends only on her input. She knows nothing about Bob s schedule
38 Communication Protocol The first bit Alice sends depends only on her input. She knows nothing about Bob s schedule
39 Communication Protocol The first bit Alice sends depends only on her input. She knows nothing about Bob s schedule We can divide Alice s inputs into two groups: -those where she first says 1 -those where she first says 0
40 Communication Protocol The first bit Bob sends depends only on his input and the bit sent by Alice
41 Communication Protocol The first bit Bob sends depends only on his input and the bit sent by Alice
42 Communication Protocol The first bit Bob sends depends only on his input and the bit sent by Alice Conclusion: Bob groups his inputs into two sets, conditioned on Alice s message.
43 Communication Matrix
44 Communication Matrix 0 1
45 Communication Matrix
46 Communication Matrix
47 Communication Matrix
48 Observations Protocol partitions matrix into rectangles. With each additional bit of communication, a rectangle can be split into two. After c bits of communication, at most 2 c rectangles. For protocol to be correct, all inputs lying in the same rectangle must have the same output value. We say that such a rectangle is monochromatic.
49 Diagonal property of rectangles (x,y) (x,y ) If (x,y) and (x,y ) lie in the same rectangle...
50 Diagonal property of rectangles (x,y) (x,y ) (x,y) (x,y ) So must (x,y ) and (x,y).
51 010 Going back to SI
52 010 Going back to SI
53 010 Going back to SI
54 010 Going back to SI
55 010 Going back to SI
56 010 Going back to SI
57 010 Going back to SI
58 010 Going back to SI
59 Lower bound for SI Notice that all the entries on the anti-diagonal are 0. All the entries below the anti-diagonal are 1. No two anti-diagonal entries can be in the same monochromatic rectangle!
60 Lower bound for SI Notice that all the entries on the anti-diagonal are 0. All the entries below the anti-diagonal are 1. No two anti-diagonal entries can be in the same monochromatic rectangle! This means at least 2 n many monochromatic rectangles are needed---n bits of communication.
61 Recap We just showed a lower bound---any protocol with less than n bits of communication will incorrectly answer the set intersection problem on some input. For set intersection, the trivial protocol is optimal!
62 Bob goes to the moon
63 Bob goes to the moon Alice wishes to send a huge file M to Bob
64 Bob goes to the moon Alice wishes to send a huge file M to Bob
65 Bob goes to the moon Is the file corrupted along the way? Alice wishes to send a huge file M to Bob
66 Bob goes to the moon Is the file corrupted along the way? Alice wishes to send a huge file M to Bob Bob receives some file M. Does M=M?
67 Bob goes to the moon M M Bob could just send M back. This is very costly.
68 Checking Equality More abstractly, the problem is the following: Alice has an n bit string M, Bob has an n bit string M. They want to answer 1 if M=M and 0 otherwise.
69 010 Communication Matrix
70 010 Communication Matrix This is known as the identity matrix
71 Communication Matrix
72 Communication Matrix By the diagonal property of rectangles, no two pairs (x,x) and (y,y) can be in the same monochromatic rectangle.
73 Communication Matrix By the diagonal property of rectangles, no two pairs (x,x) and (y,y) can be in the same monochromatic rectangle. Again we need 2 n many monochromatic rectangles, and so n bits of communication.
74 Communication Matrix By the diagonal property of rectangles, no two pairs (x,x) and (y,y) can be in the same monochromatic rectangle. Again we need 2 n many monochromatic rectangles, and so n bits of communication. Is communication complexity always so boring?
75 Randomized Model Not if we allow randomness! Alice and Bob are each given the same book of random numbers. This is known as shared randomness. For every input, they must output the correct answer with probability 90%.
76 Randomized Protocol M M
77 Randomized Protocol Alice looks at string R=first n bits of book. M M
78 Randomized Protocol Alice looks at string R=first n bits of book. Then she computes a = M R = i M i R i mod 2. M M
79 Randomized Protocol Alice looks at string R=first n bits of book. Bob checks if a=a, where a = M R = i M ir i mod 2. M M
80 Randomized Protocol Alice looks at string R=first n bits of book. Bob checks if a=a, where a = M R = i M ir i mod 2. M M If they are equal he outputs 1, otherwise outputs 0.
81 Correctness of Protocol If M=M then we will always have a=a. No mistakes.
82 Correctness of Protocol If M=M then we will always have a=a. No mistakes. If M = M what is the probability that a=a?
83 Correctness of Protocol If M=M then we will always have a=a. No mistakes. If M = M what is the probability that a=a? As M = M, they must differ in some position. Say it is the first one.
84 Correctness of Protocol M=0 M =1
85 Correctness of Protocol M=0 M =1 Consider the random strings R in pairs (0r, 1r).
86 Correctness of Protocol M=0 M =1 Consider the random strings R in pairs (0r, 1r). Now notice that M 0r = M 1r M 0r = M 1r
87 Correctness of Protocol M=0 M =1 Consider the random strings R in pairs (0r, 1r). Now notice that M 0r = M 1r M 0r = M 1r So either
88 Correctness of Protocol M=0 M =1 Consider the random strings R in pairs (0r, 1r). Now notice that M 0r = M 1r M 0r = M 1r So either M 0r = M 0r
89 Correctness of Protocol M=0 M =1 Consider the random strings R in pairs (0r, 1r). Now notice that M 0r = M 1r M 0r = M 1r So either M 0r = M 0r or
90 Correctness of Protocol M=0 M =1 Consider the random strings R in pairs (0r, 1r). Now notice that M 0r = M 1r M 0r = M 1r So either M 0r = M 0r or M 1r = M 1r
91 Correctness of Protocol M=0 M =1 Consider the random strings R in pairs (0r, 1r). Now notice that M 0r = M 1r M 0r = M 1r So either M 0r = M 0r or M 1r = M 1r For half the random strings, we get different answers.
92 Randomized Protocol Protocol Recap:
93 Randomized Protocol Protocol Recap: Alice computes a = M R = i M i R i mod 2.
94 Randomized Protocol Protocol Recap: Alice computes a = M R = i M i R i mod 2. Bob computes a = M R = i M ir i mod 2.
95 Randomized Protocol Protocol Recap: Alice computes a = M R = i M i R i mod 2. Bob computes a = M R = i M ir i mod 2. If M=M then a=a for any R.
96 Randomized Protocol Protocol Recap: Alice computes a = M R = i M i R i mod 2. Bob computes a = M R = i M ir i mod 2. If M=M then a=a for any R. If M = M then a=a for at most half of the R s.
97 Deterministic vs. Random Here we have a case where with randomness we can provably do better than without. Deterministically, we must send the entire input, n bits! But if Alice and Bob share a book of randomness, constant communication suffices.
98 On the model You may object that sharing a book of randomness is a lame assumption.
99 On the model You may object that sharing a book of randomness is a lame assumption. Now we will see how to do away with this assumption and just use private randomness.
100 On the model You may object that sharing a book of randomness is a lame assumption. Now we will see how to do away with this assumption and just use private randomness. As a result, the amount of communication needed will go from constant to order log n.
101 Equality with random primes Idea: With her own (private) randomness Alice chooses a random prime number between 1 and n 2.
102 Equality with random primes Idea: With her own (private) randomness Alice chooses a random prime number between and. 1 n 2 She sends Bob p and a=m mod p.
103 Equality with random primes Idea: With her own (private) randomness Alice chooses a random prime number between and. 1 n 2 She sends Bob p and a=m mod p. This is known as a fingerprint of M.
104 Equality with random primes Idea: With her own (private) randomness Alice chooses a random prime number between and. 1 n 2 She sends Bob p and a=m mod p. This is known as a fingerprint of M. How many bits does this take?
105 Equality with random primes Idea: With her own (private) randomness Alice chooses a random prime number between and. 1 n 2 She sends Bob p and a=m mod p. This is known as a fingerprint of M. How many bits does this take? Again Bob checks if a=m mod p.
106 Correctness of the protocol If M=M then again clearly a=a.
107 Correctness of the protocol If M=M then again clearly a=a. Suppose that M = M yet it happens that a=a : M mod p = M mod p
108 Correctness of the protocol If M=M then again clearly a=a. Suppose that M = M yet it happens that a=a : M mod p = M mod p This means that M M mod p =0.
109 Correctness of the protocol If M=M then again clearly a=a. Suppose that M = M yet it happens that a=a : M mod p = M mod p This means that M M mod p =0. How many prime divisors can M-M have?
110 There are lots of primes! Prime number theorem (1896): Asymptotically, the number of primes less than N is N ln(n).
111 There are lots of primes! Prime number theorem (1896): Asymptotically, the number of primes less than N is N ln(n). In other words, if we choose a random n bit number, the probability it is prime is at least 1 n.
112 There are lots of primes! Prime number theorem (1896): Asymptotically, the number of primes less than N is N ln(n). In other words, if we choose a random n bit number, the probability it is prime is at least 1 n. There are about n 2 primes less than 2 ln(n) n 2 and only n of them are bad.
113 Questions? How do you choose a random prime efficiently? Can you find an n-bit prime efficiently deterministically? Can every protocol with shared randomness be modified to use private randomness in this way?
Randomness. What next?
Randomness What next? Random Walk Attribution These slides were prepared for the New Jersey Governor s School course The Math Behind the Machine taught in the summer of 2012 by Grant Schoenebeck Large
More informationLecture 20: Lower Bounds for Inner Product & Indexing
15-859: Information Theory and Applications in TCS CMU: Spring 201 Lecture 20: Lower Bounds for Inner Product & Indexing April 9, 201 Lecturer: Venkatesan Guruswami Scribe: Albert Gu 1 Recap Last class
More informationTutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction
Tutorial on Quantum Computing Vwani P. Roychowdhury Lecture 1: Introduction 1 & ) &! # Fundamentals Qubits A single qubit is a two state system, such as a two level atom we denote two orthogonal states
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More information15-251: Great Theoretical Ideas In Computer Science Recitation 9 : Randomized Algorithms and Communication Complexity Solutions
15-251: Great Theoretical Ideas In Computer Science Recitation 9 : Randomized Algorithms and Communication Complexity Solutions Definitions We say a (deterministic) protocol P computes f if (x, y) {0,
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationDiscrete Mathematics for CS Spring 2007 Luca Trevisan Lecture 11. Error Correcting Codes Erasure Errors
CS 70 Discrete Mathematics for CS Spring 2007 Luca Trevisan Lecture 11 Error Correcting Codes Erasure Errors We will consider two situations in which we wish to transmit information on an unreliable channel.
More informationDiscrete Mathematics and Probability Theory Fall 2013 Vazirani Note 6
CS 70 Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 6 Error Correcting Codes We will consider two situations in which we wish to transmit information on an unreliable channel. The
More informationLecture 7: Fingerprinting. David Woodruff Carnegie Mellon University
Lecture 7: Fingerprinting David Woodruff Carnegie Mellon University How to Pick a Random Prime How to pick a random prime in the range {1, 2,, M}? How to pick a random integer X? Pick a uniformly random
More informationCryptography. P. Danziger. Transmit...Bob...
10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of
More informationLecture 16: Communication Complexity
CSE 531: Computational Complexity I Winter 2016 Lecture 16: Communication Complexity Mar 2, 2016 Lecturer: Paul Beame Scribe: Paul Beame 1 Communication Complexity In (two-party) communication complexity
More informationLecture 22: RSA Encryption. RSA Encryption
Lecture 22: Recall: RSA Assumption We pick two primes uniformly and independently at random p, q $ P n We define N = p q We shall work over the group (Z N, ), where Z N is the set of all natural numbers
More information9. Distance measures. 9.1 Classical information measures. Head Tail. How similar/close are two probability distributions? Trace distance.
9. Distance measures 9.1 Classical information measures How similar/close are two probability distributions? Trace distance Fidelity Example: Flipping two coins, one fair one biased Head Tail Trace distance
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 6, 2012 CPSC 467b, Lecture 9 1/53 Euler s Theorem Generating RSA Modulus Finding primes by guess and check Density of
More informationTheory of Computation
Theory of Computation Lecture #2 Sarmad Abbasi Virtual University Sarmad Abbasi (Virtual University) Theory of Computation 1 / 1 Lecture 2: Overview Recall some basic definitions from Automata Theory.
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationElliptic Curves. Giulia Mauri. Politecnico di Milano website:
Elliptic Curves Giulia Mauri Politecnico di Milano email: giulia.mauri@polimi.it website: http://home.deib.polimi.it/gmauri May 13, 2015 Giulia Mauri (DEIB) Exercises May 13, 2015 1 / 34 Overview 1 Elliptic
More informationLecture 3,4: Multiparty Computation
CS 276 Cryptography January 26/28, 2016 Lecture 3,4: Multiparty Computation Instructor: Sanjam Garg Scribe: Joseph Hui 1 Constant-Round Multiparty Computation Last time we considered the GMW protocol,
More informationQuantum Communication Complexity
Quantum Communication Complexity Ronald de Wolf Communication complexity has been studied extensively in the area of theoretical computer science and has deep connections with seemingly unrelated areas,
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationSolutions to the Mathematics Masters Examination
Solutions to the Mathematics Masters Examination OPTION 4 Spring 2007 COMPUTER SCIENCE 2 5 PM NOTE: Any student whose answers require clarification may be required to submit to an oral examination. Each
More information2. Polynomials. 19 points. 3/3/3/3/3/4 Clearly indicate your correctly formatted answer: this is what is to be graded. No need to justify!
1. Short Modular Arithmetic/RSA. 16 points: 3/3/3/3/4 For each question, please answer in the correct format. When an expression is asked for, it may simply be a number, or an expression involving variables
More informationLecture 21: Quantum communication complexity
CPSC 519/619: Quantum Computation John Watrous, University of Calgary Lecture 21: Quantum communication complexity April 6, 2006 In this lecture we will discuss how quantum information can allow for a
More informationU.C. Berkeley CS174: Randomized Algorithms Lecture Note 12 Professor Luca Trevisan April 29, 2003
U.C. Berkeley CS174: Randomized Algorithms Lecture Note 12 Professor Luca Trevisan April 29, 2003 Fingerprints, Polynomials, and Pattern Matching 1 Example 1: Checking Matrix Multiplication Notes by Alistair
More informationElliptic Curve Computations (1) View the graph and an elliptic curve Graph the elliptic curve y 2 = x 3 x over the real number field R.
Elliptic Curve Computations (1) View the graph and an elliptic curve Graph the elliptic curve y 2 = x 3 x over the real number field R. >> v = y^2 - x*(x-1)*(x+1) v = y^2 - x*(x-1)*(x+1) >> ezplot(v, [-1,3,-5,5])
More informationNetwork Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30
Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) LIU Zhen Due Date: March 30 Questions: 1. RSA (20 Points) Assume that we use RSA with the prime numbers p = 17 and q = 23. (a) Calculate
More informationAlgorithms lecture notes 1. Hashing, and Universal Hash functions
Algorithms lecture notes 1 Hashing, and Universal Hash functions Algorithms lecture notes 2 Can we maintain a dictionary with O(1) per operation? Not in the deterministic sense. But in expectation, yes.
More informationIntroduction to Cryptography Lecture 13
Introduction to Cryptography Lecture 13 Benny Pinkas June 5, 2011 Introduction to Cryptography, Benny Pinkas page 1 Electronic cash June 5, 2011 Introduction to Cryptography, Benny Pinkas page 2 Simple
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More informationQuantum Information & Quantum Computation
CS90A, Spring 005: Quantum Information & Quantum Computation Wim van Dam Engineering, Room 509 vandam@cs http://www.cs.ucsb.edu/~vandam/teaching/cs90/ Administrative The Final Examination will be: Monday
More informationLECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS
LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several
More informationPartitions and Covers
University of California, Los Angeles CS 289A Communication Complexity Instructor: Alexander Sherstov Scribe: Dong Wang Date: January 2, 2012 LECTURE 4 Partitions and Covers In previous lectures, we saw
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More informationGreat Theoretical Ideas in Computer Science
15-251 Great Theoretical Ideas in Computer Science Randomness and Computation Lecture 18 (October 25, 2007) Checking Our Work Suppose we want to check p(x) q(x) = r(x), where p, q and r are three polynomials.
More informationQuantum Communication
Quantum Communication Harry Buhrman CWI & University of Amsterdam Physics and Computing Computing is physical Miniaturization quantum effects Quantum Computers ) Enables continuing miniaturization ) Fundamentally
More informationAsymmetric Communication Complexity and Data Structure Lower Bounds
Asymmetric Communication Complexity and Data Structure Lower Bounds Yuanhao Wei 11 November 2014 1 Introduction This lecture will be mostly based off of Miltersen s paper Cell Probe Complexity - a Survey
More informationQuantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139
Quantum Error Correcting Codes and Quantum Cryptography Peter Shor M.I.T. Cambridge, MA 02139 1 We start out with two processes which are fundamentally quantum: superdense coding and teleportation. Superdense
More informationMa/CS 6a Class 1. Course Details
Ma/CS 6a Class 1 By Adam Sheffer Course Details Adam Sheffer. adamsh@caltech.edu 1:00 Monday, Wednesday, and Friday. http://www.math.caltech.edu/~2014-15/1term/ma006a/ 1 Course Structure No exam! Grade
More informationThe Laws of Cryptography Zero-Knowledge Protocols
26 The Laws of Cryptography Zero-Knowledge Protocols 26.1 The Classes NP and NP-complete. 26.2 Zero-Knowledge Proofs. 26.3 Hamiltonian Cycles. An NP-complete problem known as the Hamiltonian Cycle Problem
More informationCourse MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography
Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 10 February 19, 2013 CPSC 467b, Lecture 10 1/45 Primality Tests Strong primality tests Weak tests of compositeness Reformulation
More informationMATH UN Midterm 2 November 10, 2016 (75 minutes)
Name: UNI: Instructor: Shrenik Shah MATH UN3025 - Midterm 2 November 10, 2016 (75 minutes) This examination booklet contains 6 problems. There are 10 sheets of paper including the front cover. This is
More informationLecture 11: Key Agreement
Introduction to Cryptography 02/22/2018 Lecture 11: Key Agreement Instructor: Vipul Goyal Scribe: Francisco Maturana 1 Hardness Assumptions In order to prove the security of cryptographic primitives, we
More informationTHE CUBIC PUBLIC-KEY TRANSFORMATION*
CIRCUITS SYSTEMS SIGNAL PROCESSING c Birkhäuser Boston (2007) VOL. 26, NO. 3, 2007, PP. 353 359 DOI: 10.1007/s00034-006-0309-x THE CUBIC PUBLIC-KEY TRANSFORMATION* Subhash Kak 1 Abstract. This note proposes
More informationLecture 16 Oct 21, 2014
CS 395T: Sublinear Algorithms Fall 24 Prof. Eric Price Lecture 6 Oct 2, 24 Scribe: Chi-Kit Lam Overview In this lecture we will talk about information and compression, which the Huffman coding can achieve
More informationLecture 1: Shannon s Theorem
Lecture 1: Shannon s Theorem Lecturer: Travis Gagie January 13th, 2015 Welcome to Data Compression! I m Travis and I ll be your instructor this week. If you haven t registered yet, don t worry, we ll work
More informationBy the way, = = 693 (mod 1823) and ord(3) = 911. I list the commands I used in Mathematica to solve this problem here.
9.1 Shrank s algorithm n = 1823, m = n = 43, g = 5, y = 693. The extended Euclidean algorithm gives 5 1094 3 1823 = 1, i.e., g 1 = 1094 (mod n). Compute (g im mod n) and (y g i mod n) for i = 0, 1,...,
More informationAlgorithms CMSC Homework set #1 due January 14, 2015
Algorithms CMSC-27200 http://alg15.cs.uchicago.edu Homework set #1 due January 14, 2015 Read the homework instructions on the website. The instructions that follow here are only an incomplete summary.
More informationCryptography and Security Final Exam
Cryptography and Security Final Exam Serge Vaudenay 29.1.2018 duration: 3h no documents allowed, except one 2-sided sheet of handwritten notes a pocket calculator is allowed communication devices are not
More informationU.C. Berkeley CS276: Cryptography Luca Trevisan February 5, Notes for Lecture 6
U.C. Berkeley CS276: Cryptography Handout N6 Luca Trevisan February 5, 2009 Notes for Lecture 6 Scribed by Ian Haken, posted February 8, 2009 Summary The encryption scheme we saw last time, based on pseudorandom
More informationDiscrete Logarithm Problem
Discrete Logarithm Problem Finite Fields The finite field GF(q) exists iff q = p e for some prime p. Example: GF(9) GF(9) = {a + bi a, b Z 3, i 2 = i + 1} = {0, 1, 2, i, 1+i, 2+i, 2i, 1+2i, 2+2i} Addition:
More informationUncertainty Principle
Uncertainty Principle n n A Fourier transform of f is a function of frequency v Let be Δv the frequency range n It can be proved that ΔtΔv 1/(4 π) n n If Δt is small, f corresponds to a small interval
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 22 November 27, 2017 CPSC 467, Lecture 22 1/43 BBS Pseudorandom Sequence Generator Secret Splitting Shamir s Secret Splitting Scheme
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 23, 2017 CPSC 467, Lecture 14 1/42 Computing in Z n Modular multiplication Modular inverses Extended Euclidean algorithm
More informationPseudonym and Anonymous Credential Systems. Kyle Soska 4/13/2016
Pseudonym and Anonymous Credential Systems Kyle Soska 4/13/2016 Moving Past Encryption Encryption Does: Hide the contents of messages that are being communicated Provide tools for authenticating messages
More informationCODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.
CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES A selection of the following questions will be chosen by the lecturer to form the Cryptology Assignment. The Cryptology Assignment is due by 5pm Sunday 1
More informationLecture 3: Superdense coding, quantum circuits, and partial measurements
CPSC 59/69: Quantum Computation John Watrous, University of Calgary Lecture 3: Superdense coding, quantum circuits, and partial measurements Superdense Coding January 4, 006 Imagine a situation where two
More informationLecture 11: Quantum Information III - Source Coding
CSCI5370 Quantum Computing November 25, 203 Lecture : Quantum Information III - Source Coding Lecturer: Shengyu Zhang Scribe: Hing Yin Tsang. Holevo s bound Suppose Alice has an information source X that
More informationDiscrete Mathematics and Probability Theory Spring 2015 Vazirani Midterm #2 Solution
CS 70 Discrete Mathematics and Probability Theory Spring 015 Vazirani Midterm # Solution PRINT your name:, (last) SIGN your name: (first) PRINT your student ID: CIRCLE your exam room: 3106 Etcheverry 3108
More informationCPSC 467b: Cryptography and Computer Security
Outline Authentication CPSC 467b: Cryptography and Computer Security Lecture 18 Michael J. Fischer Department of Computer Science Yale University March 29, 2010 Michael J. Fischer CPSC 467b, Lecture 18
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 14, 2013 CPSC 467b, Lecture 9 1/42 Integer Division (cont.) Relatively prime numbers, Z n, and φ(n) Computing in Z n
More informationPERFECTLY secure key agreement has been studied recently
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 45, NO. 2, MARCH 1999 499 Unconditionally Secure Key Agreement the Intrinsic Conditional Information Ueli M. Maurer, Senior Member, IEEE, Stefan Wolf Abstract
More informationEntanglement and information
Ph95a lecture notes for 0/29/0 Entanglement and information Lately we ve spent a lot of time examining properties of entangled states such as ab è 2 0 a b è Ý a 0 b è. We have learned that they exhibit
More information9 Knapsack Cryptography
9 Knapsack Cryptography In the past four weeks, we ve discussed public-key encryption systems that depend on various problems that we believe to be hard: prime factorization, the discrete logarithm, and
More informationNumber theory (Chapter 4)
EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?
More informationCourse Introduction. 1.1 Overview. Lecture 1. Scribe: Tore Frederiksen
Lecture 1 Course Introduction Scribe: Tore Frederiksen 1.1 Overview Assume we are in a situation where several people need to work together in order to solve a problem they cannot solve on their own. The
More informationBmMT 2017 Individual Round Solutions November 19, 2017
1. It s currently 6:00 on a 12 hour clock. What time will be shown on the clock 100 hours from now? Express your answer in the form hh : mm. Answer: 10:00 Solution: We note that adding any multiple of
More informationcommunication complexity lower bounds yield data structure lower bounds
communication complexity lower bounds yield data structure lower bounds Implementation of a database - D: D represents a subset S of {...N} 2 3 4 Access to D via "membership queries" - Q for each i, can
More informationYou submitted this homework on Wed 31 Jul :50 PM PDT (UTC -0700). You got a score of out of You can attempt again in 10 minutes.
Feedback Week 6 - Problem Set You submitted this homework on Wed 31 Jul 2013 1:50 PM PDT (UTC -0700) You got a score of 1000 out of 1 You can attempt again in 10 minutes Question 1 Recall that with symmetric
More informationQuantum Simultaneous Contract Signing
Quantum Simultaneous Contract Signing J. Bouda, M. Pivoluska, L. Caha, P. Mateus, N. Paunkovic 22. October 2010 Based on work presented on AQIS 2010 J. Bouda, M. Pivoluska, L. Caha, P. Mateus, N. Quantum
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 18 November 3, 2014 CPSC 467, Lecture 18 1/43 Zero Knowledge Interactive Proofs (ZKIP) Secret cave protocol ZKIP for graph isomorphism
More informationTheory of Computation Chapter 12: Cryptography
Theory of Computation Chapter 12: Cryptography Guan-Shieng Huang Dec. 20, 2006 0-0 Introduction Alice wants to communicate with Bob secretely. x Alice Bob John Alice y=e(e,x) y Bob y??? John Assumption
More informationCS Communication Complexity: Applications and New Directions
CS 2429 - Communication Complexity: Applications and New Directions Lecturer: Toniann Pitassi 1 Introduction In this course we will define the basic two-party model of communication, as introduced in the
More informationquantum distribution of a sudoku key Sian K. Jones University of South Wales
Games and Puzzles quantum distribution of a sudoku key Sian K. Jones University of South Wales sian-kathryn.jones@southwales.ac.uk Abstract: Sudoku grids are often cited as being useful in cryptography
More informationUniv.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.
Cryptography Univ.-Prof. Dr. rer. nat. Rudolf Mathar 1 2 3 4 15 15 15 15 60 Written Examination Cryptography Tuesday, August 29, 2017, 01:30 p.m. Name: Matr.-No.: Field of study: Please pay attention to
More informationUniversity of Regina Department of Mathematics & Statistics Final Examination (April 21, 2009)
Make sure that this examination has 10 numbered pages University of Regina Department of Mathematics & Statistics Final Examination 200910 (April 21, 2009) Mathematics 124 The Art and Science of Secret
More informationDigital Signatures. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay
Digital Signatures Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay July 24, 2018 1 / 29 Group Theory Recap Groups Definition A set
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationInformation Complexity vs. Communication Complexity: Hidden Layers Game
Information Complexity vs. Communication Complexity: Hidden Layers Game Jiahui Liu Final Project Presentation for Information Theory in TCS Introduction Review of IC vs CC Hidden Layers Game Upper Bound
More information1 Randomized Computation
CS 6743 Lecture 17 1 Fall 2007 1 Randomized Computation Why is randomness useful? Imagine you have a stack of bank notes, with very few counterfeit ones. You want to choose a genuine bank note to pay at
More information5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes
5th March 2004 Unconditional Security of Quantum Key Distribution With Practical Devices Hermen Jan Hupkes The setting Alice wants to send a message to Bob. Channel is dangerous and vulnerable to attack.
More informationLecture Lecture 9 October 1, 2015
CS 229r: Algorithms for Big Data Fall 2015 Lecture Lecture 9 October 1, 2015 Prof. Jelani Nelson Scribe: Rachit Singh 1 Overview In the last lecture we covered the distance to monotonicity (DTM) and longest
More informationIs It As Easy To Discover As To Verify?
Is It As Easy To Discover As To Verify? Sam Buss Department of Mathematics U.C. San Diego UCSD Math Circle May 22, 2004 A discovered identity The Bailey-Borwein-Plouffe formula for π (1997): π = n=0 (
More informationAn Information Complexity Approach to the Inner Product Problem
An Information Complexity Approach to the Inner Product Problem William Henderson-Frost Advisor: Amit Chakrabarti Senior Honors Thesis Submitted to the faculty in partial fulfillment of the requirements
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationError Reconciliation in QKD. Distribution
Error Reconciliation in Quantum Key Distribution Richard P. Brent MSI, ANU 1 October 2009 Abstract The problem of "error reconciliation" arises in Quantum Cryptography, which is more accurately described
More informationCS Introduction to Complexity Theory. Lecture #11: Dec 8th, 2015
CS 2401 - Introduction to Complexity Theory Lecture #11: Dec 8th, 2015 Lecturer: Toniann Pitassi Scribe Notes by: Xu Zhao 1 Communication Complexity Applications Communication Complexity (CC) has many
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationUniversal Semantic Communication
Universal Semantic Communication Madhu Sudan MIT CSAIL Joint work with Brendan Juba (MIT CSAIL). An fantasy setting (SETI) Alice 010010101010001111001000 No common language! Is meaningful communication
More informationProportional Division Exposition by William Gasarch
1 Introduction Proportional Division Exposition by William Gasarch Whenever we say something like Alice has a piece worth 1/ we mean worth 1/ TO HER. Lets say we want Alice, Bob, Carol, to split a cake
More informationLogic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation
Quantum logic gates Logic gates Classical NOT gate Quantum NOT gate (X gate) A NOT A α 0 + β 1 X α 1 + β 0 A N O T A 0 1 1 0 Matrix form representation 0 1 X = 1 0 The only non-trivial single bit gate
More informationAn Introduction to Quantum Information. By Aditya Jain. Under the Guidance of Dr. Guruprasad Kar PAMU, ISI Kolkata
An Introduction to Quantum Information By Aditya Jain Under the Guidance of Dr. Guruprasad Kar PAMU, ISI Kolkata 1. Introduction Quantum information is physical information that is held in the state of
More informationLecture 28: Public-key Cryptography. Public-key Cryptography
Lecture 28: Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies on the fact that the adversary does not have access
More informationCarmen s Core Concepts (Math 135)
Carmen s Core Concepts (Math 135) Carmen Bruni University of Waterloo Week 8 1 The following are equivalent (TFAE) 2 Inverses 3 More on Multiplicative Inverses 4 Linear Congruence Theorem 2 [LCT2] 5 Fermat
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 19 November 8, 2017 CPSC 467, Lecture 19 1/37 Zero Knowledge Interactive Proofs (ZKIP) ZKIP for graph isomorphism Feige-Fiat-Shamir
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor Hard Core Bits Coin Flipping Over the Phone Zero Knowledge Lecture 10 (version 1.1) Tel-Aviv University 18 March 2008. Slightly revised March 19. Hard Core
More informationSolution to Midterm Examination
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Handout #13 Xueyuan Su November 4, 2008 Instructions: Solution to Midterm Examination This is a closed book
More information