Weizmann Logo
ECCC
Electronic Colloquium on Computational Complexity

Under the auspices of the Computational Complexity Foundation (CCF)

Login | Register | Classic Style



REPORTS > DETAIL:

Revision(s):

Revision #1 to TR15-008 | 26th August 2018 01:13

The Power of Negations in Cryptography

RSS-Feed




Revision #1
Authors: Igor Carboni Oliveira, Siyao Guo, Tal Malkin, Alon Rosen
Accepted on: 26th August 2018 01:13
Downloads: 757
Keywords: 


Abstract:

The study of monotonicity and negation complexity for Boolean functions has been prevalent in complexity theory as well as in computational learning theory, but little attention has been given to it in the cryptographic context. Recently, Goldreich and Izsak (2012) have initiated a study of whether cryptographic primitives can be monotone, and showed that one-way functions can be monotone (assuming they exist), but a pseudorandom generator cannot.

In this paper, we start by filling in the picture and proving that many other basic cryptographic primitives cannot be monotone. We then initiate a quantitative study of the power of negations, asking how many negations are required. We provide several
lower bounds, some of them tight, for various cryptographic primitives and building blocks including one-way permutations, pseudorandom functions, small-bias generators, hard-core predicates, error-correcting codes, and randomness extractors. Among our results, we highlight the following.

i) Unlike one-way functions, one-way permutations cannot be monotone.

ii) We prove that pseudorandom functions require $\log n - O(1)$ negations (which is optimal up to the additive term).

iii) Error-correcting codes with optimal distance parameters require $\log n - O(1)$ negations (again, optimal up to the additive term).

iv) We prove a general result for monotone functions, showing a lower bound on the depth of any circuit with $t$ negations on the bottom that computes a monotone function $f$ in terms of the monotone circuit depth of $f$. This result addresses a question posed by Koroth and Sarma (2014) in the context of the circuit complexity of the Clique problem.



Changes to previous version:

Section 5.7 has been updated in order to fix a minor issue in the proof of Proposition 5.9.


Paper:

TR15-008 | 14th January 2015 15:23

The Power of Negations in Cryptography





TR15-008
Authors: Igor Carboni Oliveira, Siyao Guo, Tal Malkin, Alon Rosen
Publication: 14th January 2015 22:59
Downloads: 1476
Keywords: 


Abstract:

The study of monotonicity and negation complexity for Boolean functions has been prevalent in complexity theory as well as in computational learning theory, but little attention has been given to it in the cryptographic context. Recently, Goldreich and Izsak (2012) have initiated a study of whether cryptographic primitives can be monotone, and showed that one-way functions can be monotone (assuming they exist), but a pseudorandom generator cannot.

In this paper, we start by filling in the picture and proving that many other basic cryptographic primitives cannot be monotone. We then initiate a quantitative study of the power of negations, asking how many negations are required. We provide several
lower bounds, some of them tight, for various cryptographic primitives and building blocks including one-way permutations, pseudorandom functions, small-bias generators, hard-core predicates, error-correcting codes, and randomness extractors. Among our results, we highlight the following.

i) Unlike one-way functions, one-way permutations cannot be monotone.

ii) We prove that pseudorandom functions require $\log n - O(1)$ negations (which is optimal up to the additive term).

iii) Error-correcting codes with optimal distance parameters require $\log n - O(1)$ negations (again, optimal up to the additive term).

iv) We prove a general result for monotone functions, showing a lower bound on the depth of any circuit with $t$ negations on the bottom that computes a monotone function $f$ in terms of the monotone circuit depth of $f$. This result addresses a question posed by Koroth and Sarma (2014) in the context of the circuit complexity of the Clique problem.



ISSN 1433-8092 | Imprint