Showing papers by "Moni Naor published in 1995"

Splitters and near-optimal derandomization

Abstract: We present a fairly general method for finding deterministic constructions obeying what we call k-restrictions; this yields structures of size not much larger than the probabilistic bound. The structures constructed by our method include (n,k)-universal sets (a collection of binary vectors of length n such that for any subset of size k of the indices, all 2/sup k/ configurations appear) and families of perfect hash functions. The near-optimal constructions of these objects imply the very efficient derandomization of algorithms in learning, of fixed-subgraph finding algorithms, and of near optimal /spl Sigma/II/spl Sigma/ threshold formulae. In addition, they derandomize the reduction showing the hardness of approximation of set cover. They also yield deterministic constructions for a local-coloring protocol, and for exhaustive testing of circuits.

What Can Be Computed Locally

Abstract: The purpose of this paper is a study of computation that can be done locally in a distributed network, where "locally" means within time (or distance) independent of the size of the network. Locally checkable labeling (LCL) problems are considered, where the legality of a labeling can be checked locally (e.g., coloring). The results include the following: There are nontrivial LCL problems that have local algorithms. There is a variant of the dining philosophers problem that can be solved locally. Randomization cannot make an LCL problem local; i.e., if a problem has a local randomized algorithm then it has a local deterministic algorithm. It is undecidable, in general, whether a given LCL has a local algorithm. However, it is decidable whether a given LCL has an algorithm that operates in a given time $t$. Any LCL problem that has a local algorithm has one that is order-invariant (the algorithm depends only on the order of the processor IDs).

Synthesizers and their application to the parallel construction of pseudo-random functions

Abstract: We present a new cryptographic primitive called pseudo-random synthesizer and show how to use it in order to get a parallel construction of a pseudo-random function. We show an NC/sup 1/ implementation of pseudo-random synthesizers based on the RSA or the Diffie-Hellman assumptions. This yields the first parallel (NC/sup 2/) pseudo-random function and the only alternative to the original construction of Goldreich, Gold-wasser and Micali (GGM). The security of our constructions is similar to the security of the underling assumptions. We discuss the connection with problems in computational learning theory.

Amortized Communication Complexity

Abstract: In this work we study the direct-sum problem with respect to communication complexity: Consider a relation $f$ defined over $\{0,1\}^{n} \times \{0,1\}^{n}$. Can the communication complexity of simultaneously computing $f$ on $\cal l$ instances $(x_1,y_1),\ldots,(x_{\cal l},y_{\cal l})$ be smaller than the communication complexity of computing $f$ on the $\cal l$ instances, separately? Let the amortized communication complexity of $f$ be the communication complexity of simultaneously computing $f$ on $\cal l$ instances, divided by $\cal l$. We study the properties of the amortized communication complexity. We show that the amortized communication complexity of a relation can be smaller than its communication complexity. More precisely, we present a partial function whose (deterministic) communication complexity is $\Theta(\log n)$ and its amortized (deterministic) communication complexity is $O(1)$. Similarly, for randomized protocols, we present a function whose randomized communication complexity is $\Theta(\log n)$ and its amortized randomized communication complexity is $O(1)$. We also give a general lower bound on the amortized communication complexity of any function $f$ in terms of its communication complexity $C(f)$: for every function $f$ the amortized communication complexity of $f$ is $\Omega \left (\sqrt{C(f)} - \log n \right)$.

Local computations on static and dynamic graphs

Abstract: The purpose of this paper is a study of computation that can be done locally in a distributed network. By locally we mean within time (or distance) independent of the size of the network. In particular we are interested in algorithms that ore robust, i.e., perform well even if the underlying graph is not stable and links continuously fail and come-up. We introduce and study the happy coloring and orientation problem and show that it yields a robust local solution to the (d,m)-dining philosophers problem of Naor and Stockmeyer [17]. This problem is similar to the usual dining philosophers problem, except that each philosopher has access to d forks but needs only m of them to eat. We give a robust local solution if m/spl les/[d/2] (necessity of this inequality for any local solution was known previously). Two other problems we investigate are: (1) the amount of initial symmetry-breaking needed to solve certain problems locally (for example, our algorithms need considerably less symmetry-breaking than having a unique ID on each node), and (2) the single-step color reduction problem: given a coloring with c colors of the nodes of a graph, what is the smallest number of colors c' such that every node can recolor itself with one of c' colors as a function of its immediate neighborhood only. >

An Efficient Existentially Unforgeable signature Scheme and its Applications

Abstract: A signature scheme is existentially unforgeable if, given any polynomial (in the security parameter) number of pairs (m>sub /sub sub /sub sub /sub sub /sub sub /sub sub /sub sub /sub sub /sub sub /sub sub /sub sub /sub< }. We present an existentially unforgeable signature scheme that requires at most 6 times the amount of time needed to generate a signature using RSA (which is not existentially unforgeable), and point out applications where its use is desirable.

Synthesizers and Their Application to the Parallel Construction of Pseudo-random Functions

Abstract: We present a new cryptographic primitive called pseudo-random synthesizer and show how to use it in order to get a parallel construction of a pseudo-random function We show an NC/sup 1/ implementation of pseudo-random synthesizers based on the RSA or the Diffie-Hellman assumptions This yields the first parallel (NC/sup 2/) pseudo-random function and the only alternative to the original construction of Goldreich, Gold-wasser and Micali (GGM) The security of our constructions is similar to the security of the underling assumptions We discuss the connection with problems in computational learning theory

Fairness in scheduling

Abstract: On-line machine scheduling has been studied extensively, but the fundamental issue of fairness in scheduling is still mostly open. In this paper we explore the issue in settings where there are long-lived processes which should be repeatedly scheduled for various tasks throughout the lifetime of a system. For any such instance we develop a notion ofdesiredload of a process, which is a function of the tasks it participates in. Theunfairnessof a system is the maximum, taken over all processes, of the difference between the desired load and the actual load.An example of such a setting is thecarpool problemsuggested by Fagin and Williams IBM Journal of Research and Development27(2) (1983), 133?139]. In this problem, a set ofnpeople form a carpool. On each day a subset of the people arrive and one of them is designated as the driver. A scheduling rule is required so that the driver will be determined in a “fair” way.We investigate this problem under various assumptions on the input distribution. We also show that the carpool problems can capture several other problems of fairness in scheduling.

Optimal File Sharing in Distributed Networks

Abstract: The following file distribution problem is considered: Given a network of processors represented by an undirected graph $G=(V,E)$ and a file size $k$, an arbitrary file w of $k$ bits is to be distributed among all nodes of $G$. To this end, each node is assigned a memory device such that by accessing the memory of its own and of its adjacent nodes, the node can reconstruct the contents of w. The objective is to minimize the total size of memory in the network. This paper presents a file distribution scheme which realizes this objective for $k \gg \log \Delta_G$, where $\Delta_G$ stands for the maximum degree in $G$: For this range of $k$, the total memory size required by the suggested scheme approaches an integer programming lower bound on that size. The scheme is also constructive in the sense that given $G$ and $k$, the memory size at each node in $G$, as well as the mapping of any file w into the node memory devices, can be computed in time complexity which is polynomial in $k$ and $|V|$. Furthermore, each node can reconstruct the contents of such a file w in $O(k^2)$ bit operations. Finally, it is shown that the requirement of $k$ being much larger than $\log \Delta_G$ is necessary in order to have total memory size close to the integer programming lower bound.

Search Problems in the Decision Tree Model

Abstract: The relative power of determinism, randomness, and nondeterminism for search problems in the Boolean decision tree model is studied. It is shown that the gaps between the nondeterministic, the randomized, and the deterministic complexities can be arbitrarily large for search problems. An interesting connection of this model to the complexity of resolution proofs is also mentioned.

System and method for certifying content of hard-copy documents

Abstract: A system and method are provided for facilitating proof that a specific item, such as a document, has been sent via a communication medium, such as the mail service of the United States Postal Service, at a specific time. A bit map image is produced, such as by scanning a hard copy document. Preferably the bit map is compressed into a data string and hashed. The hash file is signed by a certifying authority, such as the USPS, using an existentially unforgeable signature scheme. The original document, a code representation of the string, and a code representation of the signature are sent via the communication medium. As a result, the combination of materials sent provides proof of the authenticity of the content of the document.

On the complexity of statistical reasoning

Abstract: We show that basic problems in reasoning about statistics are NP-hard to even approximately solve. We consider the problem of detecting internal inconsistencies in a set of statistics. We say that a set of statistics is /spl epsiv/-inconsistent if one of the probabilities must be off by at least /spl epsiv/. For a positive constant /spl epsiv/, we show NP-hard to distinguish /spl epsiv/-inconsistent statistics from self-consistent statistics. This result holds when restricted to complete sets of pairwise statistics over Boolean domains. We next consider what may, be determined about distributions with a given (consistent) set of pairwise statistics over Boolean domains. We show it NP-hard to distinguish between the case that Pr(X/sub i//spl and/X/sub j/) is necessarily 0 and the case that Pr(X/sub i//spl and/X/sub j/) can have any value in [0, 1/2 ]. Similarly, we show it NP-hard to distinguish between the case that |Corr(X/sub i/, X/sub j/)|=-1 and the case that |Corr(X/sub i/, X/sub j/)| is unconstrained. Whereas the connection between PCP and hardness of approximations has been known since Feige et al. (1991), we introduce the application of "zero-knowledge" PCP's as a tool for proving NP-hardness results for approximation problems. >

Local Computations on Static and Dynamic Graphs (Preliminary Version).

Abstract: The present invention provides disazo compounds expressed by the general formula [wherein A represents (wherein R represents alkyl radical, alkoxy radical, nitro radical, dialkylamino radical or halogen, n is 0 or an integer ranging from 1 to 3, and R may be identical or different when n is an integer of 2 or 3)]; a process for the preparation of said compounds; and photosensitive materials having a high sensitivity as well as a high flexibility which comprises a conductive support and a photosensitive layer formed thereon, said photosensitive layer containing a disazo pigment, as an effective ingredient, which is expressed by the general formula [wherein R' represents a member selected from the group consisting of hydrogen, ethyl radical, chloroethyl radical and hydroxyethyl radical, A' represents a member selected from the group consisting of (wherein X represents a member selected from the group consisting of aromatic rings such as benzene ring, naphthalene ring, etc., heterocyclic rings such as indole ring, carbazole ring, benzofuran ring, etc. and their substituents, Ar1 represents a member selected from the group consisting of aromatic rings such as benzene ring, naphthalene ring, etc., heterocyclic rings such as dibenzofuran ring, etc. and their substituents, Ar2 and Ar3 represent respectively a member selected from the group consisting of aromatic rings such as benzene ring, naphthalene ring, etc. and their substituents, R1 and R3 represent respectively a member selected from the group consisting of hydrogen, lower alkyl radical or phenyl radical and their substituents, and R2 represents a member selected from the group consisting of lower alkyl radical, carboxyl radical and their esters)].