Kolmogorov complexity and cryptography

We consider (in the framework of algorithmic information theory) questions of the following type: construct a message that contains different amounts of information for recipients that have (or do not have) certain a priori information. Assume, for example, that the recipient knows some string a, and we want to send her some information that allows her to reconstruct some string b (using a). On the other hand, this information alone should not allow the eavesdropper (who does not know a) to reconstruct b. It is indeed possible (if the strings a and b are not too simple). Then we consider more complicated versions of this question. What if the eavesdropper knows some string c? How long should be our message? We provide some conditions that guarantee the existence of a polynomial-size message; we show then that without these conditions this is not always possible. 1 Non-informative conditional descriptions In this section we construct (for given strings a and b that satisfy some conditions) a string f that contains enough information to obtain b from a, but does not contain any information about b in itself (without a), and discuss some generalizations of this problem. Uniform and non-uniform complexity Let us start with some general remarks about conditional descriptions and their complexity. Let X be a set of binary strings, and let y be a string. Then C(X → y) can be defined as the minimal length of a program that maps every element of X to y. (As usually, we fix some optimal programming language. We can also replace minimal length by minimal complexity.) Evidently, C(X → y)≥ max x∈X C(y|x) (if a program p works for all x ∈ X , it works for every x), but the reverse inequality is not always true. It may happen that the “uniform” complexity of the problem X → y (left hand side) is significantly greater than the “nonuniform” complexity of the same problem (right hand side). ∗This paper contains some results of An.A. Muchnik (1958–2007) reported in his talks at the Kolmogorov seminar (Moscow State Lomonosov University, Math. Department, Logic and Algorithms theory division, March 11, 2003 and April 8, 2003) but not published at that time. These results were stated (without proofs) in the joint talk of Andrej Muchnik and Alexei Semenov at Dagstuhl Seminar 03181, 27.04.2003–03.05.2003. This text was prepared by Alexey Chernov and Alexander Shen in 2008–2009.