Hard problems

1
NP-Complete Problems

• Coloring is complete
• In particular, we can reduce solving any search
  problem to finding a valid coloring for some
  collection of circles!
• So, if we could solve Coloring quickly, then P
  NP
• Thats why we believe Coloring cant be solved
  quickly by any computer.
• We call such problems NP-Complete.

2
NP-complete problems

• Coloring
• Traveling Salesman Problem
• Knapsack problem
• Partition Problem

3
Knapsack problem

• We are given a set of items each having an
  integer weight
• We are given an integer capacity for the
  knapsack
• We ask if we can exactly pack the knapsack using
  a subset of these items

4
Sample Knapsack problem

• Item weights 2,4,9,13,17,23,32,70,123,157
• Capacity is 228
• Packing 157 32 17 13 9
• Capacity is 226
• Packing (there are none)

5
Partition problem

• We are given a set of items each having an
  integer weight
• We are asked if we can divide all the items into
  2 groups with equal total weight
• Is this NP-complete?

6
Partition problem

• We are given a set of items each having an
  integer weight
• We are asked if we can divide all the items into
  2 groups with equal total weight
• Like knapsack problem
• Capacity of knapsack is half the total weight

7
Sample Partition problem

• Item weights 2,4,9,13,17,23,32,70,123,157
• Total weight is 450
• Packing 123 70 32 225
• Packing 157 23 17 13 9 4 2 225
• Why is this different from the PCP?

8
Other Hard Problems?

• There are other problems besides NP-Complete
  Problems that we also believe are hard.
• Can we be sure?
• No.
• But people have been trying to solve certain
  mathematical problems for centuries.
• So it seems reasonable to assume that nobody will
  figure out how to solve them soon
• Then again, what about Fermats Last Theorem?
• People continue to work on NP-completeness.

9
Wrap-up

• Weve seen problems that computers cant solve at
  all, and also problems that computers probably
  cant solve in our lifetimes.
• Too much bad news?
• Could it ever be useful to have hard problems?
• Yes!
• Cryptography

10
Security and Cryptography
11
Cryptography

• Why do we care so much about hard problems?
• Because sometimes we want to make things hard.
• Protecting Privacy, Authenticity
• Want to make it hard for adversaries to
• Steal our credit cards
• Impersonate us
• Etc.
• Makes it possible for companies to protect
  intellectual property.

12
Cryptography

• Science of making things hard for adversaries
  Cryptography
• Dates back to Julius Caesar
• Caesar cipher shift each character by a few
  places
• "UHWXUA WR URPH" encodes RETURN TO ROME
• Used extensively during WW 2 (and every other
  war)
• Used to encode passwords
• Used to prevent copying of software and data
  (e.g. DVD).

13
Requirements of a cryptosystem

• Easy to encode messages
• Hard to decode messages

14
One Approach...
Its so complicated! It must be secure!
Cryptosystem XYZ (Patent Pending)
15
One Approach...
16
One Approach...

• Unfortunately, this approach is often used in
  real life.
• This is one of the reasons why you hear about so
  many security systems being broken!
• Examples DVD encryption (DeCSS), Cell phones
  in Europe (GSM), encoding of
  fonts by Adobe, many many
  more

17
More sophisticated approach

• Use the theory of hard search problemsand the
  notion of reducing one problem to another.
• Show that if you break this security system, you
  do so by solving some of the worlds greatest
  unsolved problems first!

18
Encryption

• The most basic problem in Cryptography is
  Encryption

Private Message m
Bob
Alice
19
Encryption

• The most basic problem in Cryptography is
  Encryption

Private Message m
Bob
Alice
Eve the eavesdropper
20
Encryption

• The most basic problem in Cryptography is
  Encryption

Encrypted Message E(m)
Bob
Alice
Eve the eavesdropper
21
Encryption

• Have to make it easy for Bob to recover m
• But hard for Eve to learn anything about m

Encrypted Message E(m)
Bob
Alice
Eve the eavesdropper
22
Public-Key CryptographyDiffie-Hellman 1976
Bobs Public Key
Bobs Secret Key
Bob

• Everybody knows Bobs published Public Key.
• Only Bob knows his private key.

23
Public-Key Encryption
Encrypted Message E(m)
Bob
Alice

• Alice uses Bobs public key to encrypt m.
• Bob uses his private key to recover (decrypt) m.
• Relationship between public and private key is
  such that encryption with former enables
  decryption with latter

24
Public-Key Encryption
Encrypted Message E(m)
Bob
Alice
Eve the eavesdropper

• Alice and Eve both know Bobs public key.
• Eve must not be able to break the encryption
  even though she knows the public key.
• Discovering private key from public key must be
  VERY hard.

25
Basic Math Review

• Lets recall some basic mathematics
• A number p is called prime if its only factors
  are 1 and itself.
• Examples

26
Basic Math Review

• Lets recall some basic mathematics
• A number p is called prime if its only factors
  are 1 and itself.
• Examples 2, 3, 5, 7, 11, 13, 17, 19,

27
Basic Math Review

• Lets recall some basic mathematics
• A number p is called prime if its only factors
  are 1 and itself.
• Examples 2, 3, 5, 7, 11, 13, 17, 19,
• There are many prime numbers.
• Fact It is known how to check quickly if a
  number is prime or not.
• So, to find a big prime number, we can just keep
  generating large random numbers until we find a
  prime.

28
Basic Math Review

• Given two primes p and q, it is easy to multiply
  them together N pq
• But given N, how do you find p and q
  quickly?i.e. how do you factor N into primes?
• Easy for small numbers (e.g. 6 or 35).
• For centuries, mathematicians have been trying to
  find ways to factor large numbers quickly. No
  one knows how!
• Factoring a 10,000 digit N would take centuries
  on the fastest computer in existence!

29
How do we know factoring is hard?

• Problem has a long history
• Prizes are offered and have been for a long time
• Factoring progress happens slowly

30
Basic Math Crypto

• We want to make it so that for Eve the
  eavesdropper to break our system, she would have
  to factor a very large number.
• Well (almost) do that.

31
Modular Arithmetic

• Ordinary integers

-4 -3 -2 -1 0 1 2 3 4
32
Modular Arithmetic

• Ordinary integers
• Integers Modulo N

-4 -3 -2 -1 0 1 2 3 4
0
1
(N 1)
2
(N 2)
(N 3)
3

33
Modular Arithmetic

• Example Arithmetic Modulo 12
  (like Arithmetic performed on hours)
• 3 11 (Modulo 12)
• 2 4 (Modulo 12)
• 5 4 (Modulo 12)
• 4 3 (Modulo 12)

34
Modular Arithmetic

• Example Arithmetic Modulo 12
  (like Arithmetic on time)
• 3 11 (Modulo 12) 2
• 2 4 (Modulo 12)
• 5 4 (Modulo 12)
• 4 3 (Modulo 12)

35
Modular Arithmetic

• Example Arithmetic Modulo 12
  (like Arithmetic on time)
• 3 11 (Modulo 12) 2
• 2 4 (Modulo 12) 10
• 5 4 (Modulo 12)
• 4 3 (Modulo 12)

36
Modular Arithmetic

• Example Arithmetic Modulo 12
  (like Arithmetic on time)
• 3 11 (Modulo 12) 2
• 2 4 (Modulo 12) 10
• 5 4 (Modulo 12) 8
• 4 3 (Modulo 12)

37
Modular Arithmetic

• Example Arithmetic Modulo 12
  (like Arithmetic on time)
• 3 11 (Modulo 12) 2
• 2 4 (Modulo 12) 10
• 5 4 (Modulo 12) 8
• 4 3 (Modulo 12) 0

38
The RSA Encryption Scheme Rivest Shamir Adleman
1978

• Bob picks two large primes p and q, and computes
  N pq
• Fact Because Bob knows p and q, he can pick
  numbers e and d such that
• For all m (me)d m (Modulo N)
• Bob reveals e, N as his Public Key
• Bob retains d as his Private Key

39
The RSA Encryption Scheme

• Recall Fact Because Bob knows p and q, he can
  pick numbers e and d such that
• For all m (me)d m (Modulo N)
• To Encrypt a message m, Alice uses Bobs public
  key (e, N) to compute the encrypted message
• E(m) me (Modulo N)

40
The RSA Encryption Scheme

• Recall Fact Because Bob knows p and q, he can
  pick numbers e and d such that
• For all m (me)d m (Modulo N)
• To Encrypt a message m, Alice uses Bobs public
  key (e, N) to compute the encrypted message
• E(m) me (Modulo N)
• To Decrypt, Bob uses private key (d) to compute
• m (E(m))d (Modulo N) (me)d (Modulo N)

41
The RSA Encryption Scheme

• To Encrypt a message m, Alice computes
• E(m) me (Modulo N)
• The only known way to compute m from E(m)
  involves knowing d, which implies knowing p and
  q, which implies factoring N.
• For Eve to break this system, she would have to
  solve a long-standing open problem in Mathematics
• This is probably the most widely used Public-Key
  Encryption Scheme in the world.
• Look at Help on IE

42
Shifting Gears Proofs

• Bob wants to convince Alice of (prove to her) the
  validity of some statement (like I really am
  Bob!)
• But Bob doesnt want to reveal any of his secrets
  to Alice in the process

Bob
Alice
43
Zero-Knowledge Proofs

• What is the least amount of information Bob can
  reveal, while still convincing Alice?
• Amazingly, it is possible for Bob to convince
  Alice of something without revealing any new
  information to Alice at all!
• How can that be?

44
Magic Tricks

• Magic tricks are like zero-knowledge proofs
• Good magic tricks reveal nothing about how
  they work.
• What makes a magic trick good?

45
A Magic Trick

• Two balls Purple and Red, otherwise identical
• Blindfolded Magician
• You give a random ball to magician

46
A Magic Trick (cont.)

• Magician tells you the color!
• Magician proves he can distinguish balls
  blindfolded.
• You learn nothing except this.

Abracadabra, Goobedy goo! It is Red!
Wow! Hesso cool!
47
A Magic Trick (cont.)

• You knew exactly what magician was going to do.
• And he did it, i.e. showed you he can do it!
• Since you knew to begin the magician was a
  magician and would get the right answer, you
  could not have learned anything new!

Its Red!
I knew hewould say that.
48
Zero Knowledge

• What it means
• Alice knows what is going to happen.
• She can produce the same answers herself no
  need for magician
• CS-speak Alice can simulate it herself!

Simulation
Abracadabra, Goobedy goo! It is Red!
49
Another Magic Trick

• Magician asks you to think of either
• Apple or
• Banana
• Magician then gives you a sealed box.

50
Mind Reading

• You tell Magician what you were thinking.

I was thinkingof a banana.
51
Mind Reading (cont.)

• Magician tells you to open box, and read
  piece of paper in box.
• Magician proves he can predict what you will
  say.

Banana
How did hedo that!!
52
Mind Reading (cont.)

• Again, you knew what was going to happen. If you
  believed magician was indeed a magician, you
  learn nothing new ? Zero-Knowledge
• Magician just shows you that he can do it
• you can simulate it yourself

Banana
Simulation
I was thinkingof a banana.
53
Mind Reading (cont.)

• But why do you believe the magician is more
  special than you?
• Because Magician committed to his guess
  before you told him.
• Commitment is the key.

54
Cryptographic Commitment

• Public Key Encryption Scheme
• To commit to a string x, I send y E(x).
• like putting it in the box
• To open the commitment (box), I use my secret
  key.
• Commitment is secret.
• And I cant change my mind about x once Ive
  sent the encryption.

55
ZK Proofs for NP-Complete Problems

• I tell you I have a solution to an NP-Complete
  problem, but I wont tell you what the solution
  is
• You can ask me questions, and my answers will
  reveal that I have a solution, but they wont
  reveal what the solution is

56
NP-Complete Problems

• Remember we can reduce any search problem to
  Coloring.

57
ZK Proof for Coloring

• Input Collection of circles.
• Magician Claims to Know Coloring using R, B, G
• Multi-step protocol. In each step
• First, Magician picks random permutation ?
  ?R,B,G? ? ?R,B,G?, and applies to coloring

?
58
ZK Proof (cont.)
Magician presents encrpyted permuted graph
59
ZK Proof (cont.)
Verifier (Alice) chooses a random pair of nodes
to verify
60
ZK Proof (cont.)
Magician decrypts those nodes and shows theyre
colored in valid way
61
Can Simulate Magician Each Time
Only difference is that a simulator wont know a
valid coloring (NP-Complete problem)
62
Simulated ZK Proof Interaction
63
ZK Proof Analysis

• Suppose Magician is an imposter does not know a
  valid coloring.
• Then at least one pair of connected circleswill
  have colors equal (color equality survives
  permutation).
• ?Alice catches Magician cheating with
  probability at least 1/n2.
• Repeat protocol 100 n2 times, ? Alice
  catches Magician cheating almost always!

64
ZK Proof Analysis (cont.)

• Simulator/imposter can produce the same results
  each time (just needs to produce different
  colorings for the two edges)
• Since magician permutes randomly each time
• Each result from simulator (or imposter) is in
  itself indistinguishable from what magician sends
• Verifier cannot put together graph from the
  pairs (cannot gain knowledge so zero-knowledge)

65
ZK Proof Analysis (cont.)

• Key difference between magician imposter
• Magician knows valid coloring, can commit to it,
  and wont be caught in pairwise game
• Simulator/imposter does not, and will ultimately
  be caught
• But commitments are secret, by security of
  encryption scheme.
• ? Simulator output and real life are
  indistinguishable to an eavesdropper, who cannot
  tell if magician is imposter or not

66
Wrap-up

• Today we saw some examples illustrating
  techniques from modern cryptography
• Encryption
• Zero Knowledge Proofs