Kolmogorov complexity and cryptography
نویسنده
چکیده
We consider (in the framework of algorithmic information theory) questions of the following type: construct a message that contains different amounts of information for recipients that have (or do not have) certain a priori information. Assume, for example, that the recipient knows some string a, and we want to send her some information that allows her to reconstruct some string b (using a). On the other hand, this information alone should not allow the eavesdropper (who does not know a) to reconstruct b. It is indeed possible (if the strings a and b are not too simple). Then we consider more complicated versions of this question. What if the eavesdropper knows some string c? How long should be our message? We provide some conditions that guarantee the existence of a polynomial-size message; we show then that without these conditions this is not always possible. 1 Non-informative conditional descriptions In this section we construct (for given strings a and b that satisfy some conditions) a string f that contains enough information to obtain b from a, but does not contain any information about b in itself (without a), and discuss some generalizations of this problem. Uniform and non-uniform complexity Let us start with some general remarks about conditional descriptions and their complexity. Let X be a set of binary strings, and let y be a string. Then C(X → y) can be defined as the minimal length of a program that maps every element of X to y. (As usually, we fix some optimal programming language. We can also replace minimal length by minimal complexity.) Evidently, C(X → y)≥ max x∈X C(y|x) (if a program p works for all x ∈ X , it works for every x), but the reverse inequality is not always true. It may happen that the “uniform” complexity of the problem X → y (left hand side) is significantly greater than the “nonuniform” complexity of the same problem (right hand side). ∗This paper contains some results of An.A. Muchnik (1958–2007) reported in his talks at the Kolmogorov seminar (Moscow State Lomonosov University, Math. Department, Logic and Algorithms theory division, March 11, 2003 and April 8, 2003) but not published at that time. These results were stated (without proofs) in the joint talk of Andrej Muchnik and Alexei Semenov at Dagstuhl Seminar 03181, 27.04.2003–03.05.2003. This text was prepared by Alexey Chernov and Alexander Shen in 2008–2009.
منابع مشابه
A Tight Upper Bound on Kolmogorov
The present paper links the concepts of Kolmogorov complexity (in Complexity theory) and Hausdorr dimension (in Fractal geometry) for a class of recursive (computable) !-languages. It is shown that the complexity of an innnite string contained in a 2-deenable set of strings is upper bounded by the Hausdorr dimension of this set and that this upper bound is tight. Moreover, we show that there ar...
متن کاملA Fast Publicly Verifiable Secret Sharing Scheme using Non-homogeneous Linear Recursions
A non-interactive (t,n)-publicly veriable secret sharing scheme (non-interactive (t,n)-PVSS scheme) is a (t,n)-secret sharing scheme in which anyone, not only the participants of the scheme, can verify the correctness of the produced shares without interacting with the dealer and participants. The (t,n)-PVSS schemes have found a lot of applications in cryptography because they are suitable for<...
متن کاملQuantum Kolmogorov Complexity and Information-Disturbance Theorem
In this paper, a representation of the information-disturbance theorem based on the quantum Kolmogorov complexity that was defined by P. Vitányi has been examined. In the quantum information theory, the information-disturbance relationship, which treats the trade-off relationship between information gain and its caused disturbance, is a fundamental result that is related to Heisenberg’s uncerta...
متن کاملNormalized Unconditional ϵ-Security of Private-Key Encryption
In this paper we introduce two normalized versions of non-perfect security for private-key encryption: one version in the framework of Shannon entropy, another version in the framework of Kolmogorov complexity. We prove the lower bound on either key entropy or key size for these models and study the relations between these normalized security notions.
متن کاملCompression Complexity
The Kolmogorov complexity of x, denoted C(x), is the length of the shortest program that generates x. For such a simple definition, Kolmogorov complexity has a rich and deep theory, as well as applications to a wide variety of topics including learning theory, complexity lower bounds and SAT algorithms. Kolmogorov complexity typically focuses on decompression, going from the compressed program ...
متن کاملLower bounds of shortest vector lengths in random knapsack lattices and random NTRU lattices
Finding the shortest vector of a lattice is one of the most important problems in computational lattice theory. For a random lattice, one can estimate the length of the shortest vector using the Gaussian heuristic. However, no rigorous proof can be provided for some classes of lattices, as the Gaussian heuristic may not hold for them. In the paper we study two types of random lattices in crypto...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1106.5433 شماره
صفحات -
تاریخ انتشار 2011