TY - GEN
T1 - From randomizing polynomials to parallel algorithms
AU - Ishai, Yuval
AU - Kushilevitz, Eyal
AU - Paskin-Cherniavsky, Anat
PY - 2012
Y1 - 2012
N2 - Randomizing polynomials represent a function f(x) by a low-degree randomized mapping p(x, r) over a finite field F such that, for any input x, the output distribution of p(x, r) depends only on the value of f(x). We study the class of functions f which admit an efficient representation by constant-degree randomizing polynomials. It is known that this class contains NC 1 as well as log-space classes contained in NC 2. Whether it contains all polynomial-time computable functions is a wide open question. A positive answer would have major and unexpected consequences, including the existence of efficient constant-round multiparty protocols with unconditional security, and the equivalence of (polynomial-time) cryptography and cryptography in NC 0. We obtain evidence for the limited power of randomizing polynomials by showing that a useful subclass of constant-degree randomizing polynomials cannot efficiently capture functions beyond NC. Concretely, we consider randomizing polynomials over fields F of a small characteristic in which each monomial has degree (at most) 2 in the random inputs r and constant degree in x. This subclass captures most constructions of randomizing polynomials from the literature. Our main result is that all functions f which can be efficiently represented by such randomizing polynomials over fields of a small characteristic are in non-uniform NC. (The same holds over arbitrary fields given a quadratic residuosity oracle.) This result is obtained in two steps: (1) we observe that computing f as above reduces to counting roots of degree-2 multivariate polynomials; (2) we design parallel algorithms for the latter problem. These parallel root counting algorithms may be of independent interest. On the flip side, our main result provides an avenue for obtaining new parallel algorithms via the construction of randomizing polynomials. This gives an unexpected application of cryptography to algorithm design. We provide several examples for the potential usefulness of this approach.
AB - Randomizing polynomials represent a function f(x) by a low-degree randomized mapping p(x, r) over a finite field F such that, for any input x, the output distribution of p(x, r) depends only on the value of f(x). We study the class of functions f which admit an efficient representation by constant-degree randomizing polynomials. It is known that this class contains NC 1 as well as log-space classes contained in NC 2. Whether it contains all polynomial-time computable functions is a wide open question. A positive answer would have major and unexpected consequences, including the existence of efficient constant-round multiparty protocols with unconditional security, and the equivalence of (polynomial-time) cryptography and cryptography in NC 0. We obtain evidence for the limited power of randomizing polynomials by showing that a useful subclass of constant-degree randomizing polynomials cannot efficiently capture functions beyond NC. Concretely, we consider randomizing polynomials over fields F of a small characteristic in which each monomial has degree (at most) 2 in the random inputs r and constant degree in x. This subclass captures most constructions of randomizing polynomials from the literature. Our main result is that all functions f which can be efficiently represented by such randomizing polynomials over fields of a small characteristic are in non-uniform NC. (The same holds over arbitrary fields given a quadratic residuosity oracle.) This result is obtained in two steps: (1) we observe that computing f as above reduces to counting roots of degree-2 multivariate polynomials; (2) we design parallel algorithms for the latter problem. These parallel root counting algorithms may be of independent interest. On the flip side, our main result provides an avenue for obtaining new parallel algorithms via the construction of randomizing polynomials. This gives an unexpected application of cryptography to algorithm design. We provide several examples for the potential usefulness of this approach.
KW - cryptography
KW - parallel algorithms
KW - randomizing polynomials
KW - secure computation
UR - http://www.scopus.com/inward/record.url?scp=84856424797&partnerID=8YFLogxK
U2 - 10.1145/2090236.2090244
DO - 10.1145/2090236.2090244
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84856424797
SN - 9781450311151
T3 - ITCS 2012 - Innovations in Theoretical Computer Science Conference
SP - 76
EP - 89
BT - ITCS 2012 - Innovations in Theoretical Computer Science Conference
T2 - 3rd Conference on Innovations in Theoretical Computer Science, ITCS 2012
Y2 - 8 January 2012 through 10 January 2012
ER -