Computational Complexity

 		 
About

Computational complexity and other fun stuff in math and computer science as viewed by Lance Fortnow and Bill Gasarch.

My Links

Bill's Home Page

Lance's Home Page

Weblog Home

Weblog Archives and Search

Podcast

Mailing List

Feeds: Posts Comments

Foundations of Complexity

Graduate Student Guide

Favorite Theorems

Recent Posts

A Speech and A Weblog

Proof, The Movie

Turing, The Novel

The Buzz

Creative Commons

Balanced NP Sets

Is P versus NP formally independent?

STOC 2004

Institute of Advanced Study

Scheduling Research

Complexity Links

IEEE Conference on Computational Complexity

Electronic Colloquium on Computational Complexity

BEATCS Computational Complexity Column

Complexity Zoo

Favorite Complexity Books

Weblogs

Abie Flaxman

Andy Drucker

Ars Mathematica

Computing Research Policy

D. Sivakumar

David Eppstein

David Molnar

David Pennock

Doron Zeilberger

Jeff Erickson

John Langford

Kurt Van Etten

Luca Aceto

Luca Trevisan

Michael Mitzenmacher

Muthu Muthukrishnan

Michael Nielsen

Paul Goldberg

Oded Goldreich

Scott Aaronson

Sorelle Friedler

Suresh Venkatasubramanian

Terence Tao

Other Links

DMANET

FYI

Nielsen's Principles of Research

Parberry's TCS Guides

Theory Matters

Theorynet

Discussion Groups

Computer Science Theory

Theory Edge
 

Creative Commons License
This work is licensed under a Creative Commons License.

Powered by Blogger™

Monday, September 29, 2003

 
One-Way Functions

Posted by Lance

What is a one-way function, intuitively a function that is easy to compute and hard to invert? Taking this intuitive idea to a formal definition has yield two quite different meanings, sometimes causing confusion.

The first directly tries to translate the intuition. A function f is one-way if

  1. f is 1-1 (so an inverse is unique),
  2. f is length increasing (so the output of the inverse function is not too large),
  3. f is computable in polynomial time, and
  4. there is no polynomial-time computable g such that for all x, g(f(x))=x.
This is a nice clean definition that fulfills the intuition but is not that useful for cryptography, since f could be easily invertible on all but a small number of inputs, or with stronger adversaries. To handle these issues we have a different looking definition.

A function f is r(n)-secure one-way if

  1. There is a function l(n)≥n such that f maps strings of length n to strings of length l(n),
  2. f is computable in polynomial time, and
  3. for all probabilistic polynomial-time algorithms A, the probability that f(A(f(x)))=f(x) is at most r(n) where the probability is taken over x chosen uniformly from the strings of length n and the random coins used by A.
There are many variations on both definitions and a considerable amount of theory devoted to each. Grollmann and Selman show that one-way functions of the first kind exist if and only if P ≠ UP. On the other hand Håstad, Impagliazzo, Levin and Luby show that from any one-way function of the second kind, one can create a pseudorandom generator.

At one point I tried using complexity-theoretic one-way functions and cryptographic one-way functions to distinguish the two, but this only caused confusion. So we have to live with the fact that we have these two definitions with the same name and we'll have to just use context to figure out which definition is appropriate. If you give a talk or write a paper about one-way functions, it never hurts to distinguish which version you are talking about.

3:21 PM # 0 comments

Comment Feeds: This Post All

Links to this post:

Create a Link

Weblog Home

Archives