Abstract
Goldreich [2000] proposed a candidate one-way function based on a bipartite graph of small right-degree d, where the vertices on the left (resp. right) represent input (resp. output) bits of the function. Each output bit is computed by evaluating a fixed d-ary binary predicate on the input bits adjacent to that output bit. We study this function when the predicate is random or depends linearly on many of its input bits. We assume that the graph is a random balanced bipartite graph with right-degree d.
Inverting this function as a one-way function by definition means finding an element in the preimage of output of this function for a random input. We bound the expected size of this preimage.
Next, using the preceding bound, we prove that two restricted types of backtracking algorithms called myopic and drunk backtracking algorithms with high probability take exponential time to invert the function, even if we allow the algorithms to use DPLL elimination rules. (For drunk algorithms, a similar result was proved by Itsykson [2010].)
We also ran a SAT solver on the satisfiability problem equivalent to the problem of inverting the function, and experimentally observed an exponential increase in running time as a function of the input length.
- Alekhnovich, M., Hirsch, E. A., and Itsykson, D. 2005. Exponential lower bounds for the running time of DPLL algorithms on satisfiable formulas. J. Autom. Reason. 35, 51--72. Google Scholar
Digital Library
- Applebaum, B. 2013. Pseudorandom generators with long stretch and low locality from random local one-way functions. SIAM J. Comput. 42, 5, 2008--2037.Google Scholar
Cross Ref
- Applebaum, B., Barak, B., and Wigderson, A. 2010. Public-key cryptography from different assumptions. In Proceedings of the 42nd ACM Symposium on Theory of Computing, (STOC’10). L. J. Schulman Ed., ACM, 171--180. DOI:http://doi.acm.org/10.1145/1806689.1806714. Google Scholar
Digital Library
- Applebaum, B., Ishai, Y., and Kushilevitz, E. 2006a. Cryptography in NC0. SIAM J. Comput. 36, 4, 845--888. Google Scholar
Digital Library
- Applebaum, B., Ishai, Y., and Kushilevitz, E. 2006b. On pseudorandom generators with linear stretch in NC0. In Proceedings of the 9th International Workshop on Approximation Algorithms for Combinatorial Optimization Problems and the 10th International Workshop on Randomization and Computation (APPROX-RANDOM’06). Lecture Notes in Computer Science, vol. 4110, Spring, Berlin, 260--271. Google Scholar
Digital Library
- Ben-Sasson, E. and Wigderson, A. 2001. Short proofs are narrow -- resolution made simple. J. ACM 48, 2, 149--169. Google Scholar
Digital Library
- Bogdanov, A. and Qiao, Y. 2009. On the security of Goldreich’s one-way function. In Proceedings of the 12th International Workshop on Approximation Algorithms for Combinatorial Optimization Problems and the 13th International Workshop on Randomization and Computation (APPROX-RANDOM’09). I. Dinur, K. Jansen, J. Naor, and J. D. P. Rolim Eds., Lecture Notes in Computer Science Series, vol. 5687, Springer, 392--405. DOI:http://dx.doi.org/10.1007/978-3-642-03685-9. Google Scholar
Digital Library
- Cook, J., Etesami, O., Miller, R., and Trevisan, L. 2009. Goldreich’s one-way function candidate and myopic backtracking algorithms. In Proceedings of the 6th Theory of Cryptography Conference (TCC’09). O. Reingold Ed., Lecture Notes in Computer Science Series, vol. 5444, Springer, 521--538. DOI:http://dx.doi.org/10.1007/978-3-642-00457-5. Google Scholar
Digital Library
- Eén, N. and Biere, A. 2005. Effective preprocessing in SAT through variable and clause elimination. In Proceedings of the 8th International Conference on Theory and Applications of Satisfiability Testing (SAT’05). F. Bacchus and T. Walsh Eds., Lecture Notes in Computer Science Series, vol. 3569, Springer, 61--75. Google Scholar
Digital Library
- Eén, N. and Sörensson, N. 2003. An extensible SAT-solver. In Proceedings of the 6th International Conference on Theory and Applications of Satisfiability Testing (SAT’03). E. Giunchiglia and A. Tacchella Eds., Lecture Notes in Computer Science Series, vol. 2919, Springer, 502--518.Google Scholar
- Goldreich, O. 2000. Candidate one-way functions based on expander graphs. Electron. Colloq. Computat. Complex. 7, 90. http://eccc.hpi-web.de/eccc-reports/2000/TR00-090/index.html.Google Scholar
- Itsykson, D. 2010. Lower bound on average-case complexity of inversion of Goldreich’s function by drunken backtracking algorithms. In Proceedings of the 5th International Computer Science Symposium in Russia (CSR’10). F. M. Ablayev and E. W. Mayr Eds., Lecture Notes in Computer Science Series, vol. 6072, Springer, 204--215. Google Scholar
Digital Library
- Itsykson, D. and Sokolov, D. 2011. Lower bounds for myopic DPLL algorithms with a cut heuristic. In Proceedings of the 22nd International Symposium on Algorithms and (ISAAC’11). T. Asano, S.-I. Nakano, Y. Okamoto, and O. Watanabe Eds., Lecture Notes in Computer Science Series, vol. 7074, Springer, 464--473. DOI:http://dx.doi.org/10.1007/978-3-642-25591-5. Google Scholar
Digital Library
- Itsykson, D. and Sokolov, D. 2012. The complexity of inversion of explicit Goldreich’s function by DPLL algorithms. Zapiski Nauchnykh Seminarov POMI 399, 88--108.Google Scholar
- Itsykson, D. and Sokolov, D. 2013. The complexity of inversion of explicit Goldreich’s function by DPLL algorithms. J. Math. Sci. 188, 1, 47--58. http://link.springer.com/article/10.1007%2Fs10958-012-1105-8.Google Scholar
Cross Ref
- Iwama, K. and Miyazaki, S. 1999. Tree-like resolution is superpolynomially slower than dag-like resolution for the pigeonhole principle. In Proceedings of 19th International Symposium on Algorithms and Computation (ISAAC’99). Lecture Notes in Computer Science Series, vol. 1741, 133--142. Google Scholar
Digital Library
- Miller, R. 2009. Goldreich’s one-way function candidate and drunken backtracking algorithms. Distinguished Majors Thesis. http://people.csail.mit.edu/rmiller/ram9a-dmp-thesis.pdf.Google Scholar
- Panjwani, S. K. 2001. An experimental evaluation of Goldreich’s one-way function. Technical Report, Department of Computer Science and Engineering, Indian Institute of Technology, Bombay.Google Scholar
Index Terms
On the One-Way Function Candidate Proposed by Goldreich
Recommendations
Goldreich's One-Way Function Candidate and Myopic Backtracking Algorithms
TCC '09: Proceedings of the 6th Theory of Cryptography Conference on Theory of CryptographyGoldreich (ECCC 2000) proposed a candidate one-way function construction which is parameterized by the choice of a small predicate (over <em>d</em> = <em>O</em> (1) variables) and of a bipartite expanding graph of right-degree <em>d</em> . The function ...
The complexity of inversion of explicit goldreich's function by DPLL algorithms
CSR'11: Proceedings of the 6th international conference on Computer science: theory and applicationsThe Goldreich's function has n binary inputs and n binary outputs. Every output depends on d inputs and is computed from them by the fixed predicate of arity d. Every Goldreich's function is defined by it's dependency graph G and predicate P. In 2000 O. ...






Comments