Some Fundamental Insights of Computational Complexity Theory Avi Wigderson IAS, Princeton, NJ Hebrew University, Jerusalem

Complexity of Functions ADD MULT PRIME FACTOR

Complexity Classes Permanent #P Counting Problems Non-DET [Efficient Verification] Efficient Prob. Time Efficient DET. Time Memory Efficient ALGS Satisfyability NP 3-Coloring Discrete Log Factoring Primality testing RP Verifying polynomial identities Max Flow P Linear Programming Determinant L Graph Connectivity FEASIBLEFEASIBLE

COMP Axiom: FACTORING is HARD  FORMAL & RIGOROUS theorems COMPUTATIONFEASIBLECANNOT SIMULATE NATURE RANDOMNESS ENTROPY CRYPTOGRAPHY KNOWLEDGE LEARNING PROOFS COMPUTATIONAL IS WEAK NO FEASIBLEOF COMPUTATIONAL HARDNESS EFFICIENT OF SOME NATURAL CONCEPTS IS IMPOSSIBLE ZEROPROOFS FOR EVERY THEOREM EVERY PROBLEM HAS A SECURE PROTOCOL COMPUTATIONALCAN BE DETERMINISTICALLY INCREASED

COLORING PLANAR MAPS THM [AH] EVERY PLANAR MAP IS 4-COLORABLE FACT NOT EVERY PLANAR MAP IS 3-COLORABLE 3-COL

THM: IF 3-COL IS EASY THEN FACTOR IS EASY NP – EFFICIENTLY VERIFIABLE PROOFS EFFICIENT REDUCTIONS COMPLETENESS TRIVIAL:3-COL, FACTOR TRIVIAL:IS TRANSITIVE! THM[C,L,K,S]: 3-COL is NP-Complete

NP - COMPLETENESS P = NP? Among the most important scientific open problems

CRYPTOGRAPHY [DH] DIGITAL ENVELOPE [GM] [R] [RSA] ALL PARTIES FEASIBLE COMPUTERS PUBLIC KEY ENCRYPTION DIGITAL SIGNATURES THE MILLIONAIRE’S PROBLEM EVERYTHING! CONTRACT SIGNING PLAYING POKER EASY MULT FACTOR HARD

OBLIVIOUS COMPUTATION [Y] ALICEBOB ||       f(x,y) f(x,y) f(x,y) f(x,y) SMALL BOOLEAN CIRCUIT  NO CHEATERS!  ab  COMPLETE PROBLEM  ab a b a b  COMPLETE PROBLEM  MANY PLAYERS [GMW]

THM[CL] Statement Planar Map M Proof 3-COL of M Efficient ALG A 1-1 Alice Alice, Bob PRIVACY vs. FAULT TOLERANCE Alice: Bob: Really?? Convince me! Dr. Alice: Prof. Bob: Really?? Convince me! Zero Knowledge Interactive Proofs [GMR] Convincing Reveal no information THM[GMW] 3-Coloring has a ZK-Proof THM[GMW] Every theorem has a ZK-Proof Corollary: Fault-tolerant protocols

METRICS ON PROB. DISTRIBUTIONS Computational Indistinguishability D Pseudo-Random if THM[BM,Y] p.r. D exits with D probability distribution on {0,1} k Statistical test U k uniform distribution Information Theoretic v(D,D’)=MAX|T(D)-T(D’)| Complexity Theoretic [GM,Y] v c (D,D’)=MAX|T(D)-T(D’)| Eff T

COMPUTATIONAL ENTROPY   EFFICIENT A EASY HARD HARDNESS AMPLIFICATION feasible predicate b [B([B( THM[BM,Y] D 1 =(f(x),b(x)) is pseudorandom THM[BM,Y] D k =(b(f (k) (x)),...b(f(x)),b(x)) is p.r.

[BMY] PSEUDO-RANDOM GENERATORS n<<k  C(Factor) D k PSEUDO-RANDOM || G(x) EFFICIENT PRIVATE KEY CRYPTOGRAPHY x  U n D 0 - Random D 1 – Pseudo- Random D 2 – Pseudo- Random f(x)b(x) f(f(x)) b(f(x)) b(x) f (k+1) (x) b(f (k) (x)) b(x) HHcHc nn n n n n+1 n+2 n+k PSEUDO-RANDOM FUNCTION LEARNING PROOFS OF HARDNESS DERANDOMIZING PROBABILISTIC ALGS

HARDNESS vs. RANDOMNESS C(Factor) C(EXP-Time) [NW] a different C(Permanent) pseudo-random generator C(Satisfiability) [Y] Det. Simulation: Enumerate all s  {0,1} n A efficient probabilistic alg. for h:  input z

OPEN PROBLEMS PROVE “Axiom” PROVE Any Lower Bound PROVE PROJECTION REDUCTIONS THM PROVE