PPP-Completeness with Connections to Cryptography

@article{Sotiraki2018PPPCompletenessWC,
  title={PPP-Completeness with Connections to Cryptography},
  author={Katerina Sotiraki and Manolis Zampetakis and Giorgos Zirdelis},
  journal={2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS)},
  year={2018},
  pages={148-158}
}
Polynomial Pigeonhole Principle (PPP) is an important subclass of TFNP with profound connections to the complexity of the fundamental cryptographic primitives: collision-resistant hash functions and one-way permutations. In contrast to most of the other subclasses of TFNP, no complete problem is known for PPP. Our work identifies the first PPP-complete problem without any circuit or Turing Machine given explicitly in the input, and thus we answer a longstanding open question from… 

Figures and Tables from this paper

PPAD-Hardness via Iterated Squaring Modulo a Composite
We show that, relative to a random oracle, solving the End-of-Line problem (which is PPAD-complete) is no easier than computing the function f(N, x, T ) = x T mod N, where N is an n-bit RSA modulus,
Finding a Nash equilibrium is no easier than breaking Fiat-Shamir
TLDR
It is shown that solving the END−OF−METERED−LINE problem is no easier than breaking the soundness of the Fiat-Shamir transformation when applied to the sumcheck protocol, and opens up the possibility of sampling moderately-sized games for which it is hard to find a Nash equilibrium.
Total Functions in the Polynomial Hierarchy
TLDR
Higher in the hierarchy, the constructive version of the Sauer-Shelah lemma and the appropriate generalization of PPP that contains it are identified, as well as the problem of finding a king in a tournament.
Reductions in PPP
On the Cryptographic Hardness of Local Search
TLDR
The core observation behind the results is that the unique proofs property of incrementally-verifiable computations previously used to demonstrate hardness in PLS can be traded with a simple incremental completeness property.
The classes PPA-k: Existence from arguments modulo k
Classical and quantum dynamic programming for Subset-Sum and variants
TLDR
A novel dynamic programming data structure is introduced with applications to Subset-Sum and a number of variants, including Equal-Sums, where one seeks two disjoint subsets with the same sum, and an O(2) quantum algorithm for Shifted-Sum, an improvement on the best known O( 2) classical running time.
The Classes PPA-k: Existence from Arguments Modulo k
The complexity classes PPA-$k$, $k \geq 2$, have recently emerged as the main candidates for capturing the complexity of important problems in fair division, in particular Alon's Necklace-Splitting
Equal-subset-sum faster than the meet-in-the-middle
TLDR
This paper improves upon the state-of-the-art Equal-Subset-Sum algorithm and gives O∗(1.7088n) worst case Monte Carlo algorithm, which answers a question suggested by Woeginger in his inspirational survey.
Separations in Proof Complexity and TFNP
TLDR
It is shown that PPADS, PPAD, SOPL, and Reversible Resolution are captured by unary-SA, unARY-NS, and reversible Resolution, respectively, relative to an oracle.
...
1
2
...

References

SHOWING 1-10 OF 88 REFERENCES
The Journey from NP to TFNP Hardness
TLDR
This work shows that hard-on-average TFNP problems can be based on the weak assumption that there exists a hard- on-average language in NP, in particular, this includes the assumption of the existence of one-way functions.
On the Polynomial Parity Argument Complexity of the Combinatorial Nullstellensatz
TLDR
This work proves the PPA-completeness of two problems of radically different style, related respectively to the Combinatorial Nullstellensatz and the Chevalley-Warning Theorem over the two elements field GF(2), and shows that the maximal parse subcircuits of a P PA-circuit can be paired in polynomial time.
Almost Perfect Lattices, the Covering Radius Problem, and Applications to Ajtai's Connection Factor
TLDR
A rigorous self-contained proof of results along the lines of Ajtai's seminal work is presented, and it is shown how this reduction implies the existence of collision resistant cryptographic hash functions based on the worst-case inapproximability of the shortest vector problem within the same factors.
Revisiting the Cryptographic Hardness of Finding a Nash Equilibrium
TLDR
The hardness of PPAD assuming the existence of quasi-polynomially hard indistinguishability obfuscation and sub-exponentially hard one- way functions is proved and hardness can be based on polynomially hard compact public key functional encryption and one-way permutations.
Reducibility among Fractional Stability Problems
TLDR
A series of reductions that build in nontrivial ways on the framework established in previous work to expand the universe of known PPAD-complete problems and resolve the computational complexity of a number of outstanding open problems with practical applications.
Public-key cryptosystems from the worst-case shortest vector problem: extended abstract
TLDR
The main technical innovation is a reduction from variants of the shortest vector problem to corresponding versions of the "learning with errors" (LWE) problem; previously, only a quantum reduction of this kind was known.
Trapdoors for hard lattices and new cryptographic constructions
TLDR
A new notion of trapdoor function with preimage sampling, simple and efficient "hash-and-sign" digital signature schemes, and identity-based encryption are included.
On Ideal Lattices and Learning with Errors over Rings
TLDR
The “learning with errors” (LWE) problem is to distinguish random linear equations, which have been perturbed by a small amount of noise, from truly uniform ones, by introducing an algebraic variant of LWE called ring-LWE, and proving that it too enjoys very strong hardness guarantees.
On lattices, learning with errors, random linear codes, and cryptography
TLDR
A public-key cryptosystem whose hardness is based on the worst-case quantum hardness of SVP and SIVP, and an efficient solution to the learning problem implies a <i>quantum</i>, which can be made classical.
On the Cryptographic Hardness of Finding a Nash Equilibrium
We prove that finding a Nash equilibrium of a game is hard, assuming the existence of indistinguishability obfuscation and one-way functions with sub-exponential hardness. We do so by showing how
...
1
2
3
4
5
...