One-way functions and P=NP












5












$begingroup$


This site contains various discussions of one-way functions and their relation to P versus NP.



Some of these discussions use a language
$L={(x',y) ~mid~ x'le x text{ and } f(x)=y }$, where $f:Sigma^*toSigma^*$ is the one-way function and $x'le x$ is the prefix relation.
Now one central claim is that this language $L$ is contained in NP, since the word $x$ is a YES-certificate for $(x',y)in L$.



I do not see why this claim is justified.

Why is the length of the certificate $x$ polynomially bounded in the length of $(x',y)$?



Couldn't it be possible that $x$ is exponentially long in $y$ and $x'$, but $f(x)$ is short and quickly computable from $x$?






one-way-function







share|improve this question









$endgroup$












  • $begingroup$
    It is likely that a proof that P=NP is not an effective proof. Crypto works about the same if the effort to crack n bit keys is 2^n or n^65536.
    $endgroup$
    – Joshua
    Dec 17 '18 at 19:56
















5












$begingroup$


This site contains various discussions of one-way functions and their relation to P versus NP.



Some of these discussions use a language
$L={(x',y) ~mid~ x'le x text{ and } f(x)=y }$, where $f:Sigma^*toSigma^*$ is the one-way function and $x'le x$ is the prefix relation.
Now one central claim is that this language $L$ is contained in NP, since the word $x$ is a YES-certificate for $(x',y)in L$.



I do not see why this claim is justified.

Why is the length of the certificate $x$ polynomially bounded in the length of $(x',y)$?



Couldn't it be possible that $x$ is exponentially long in $y$ and $x'$, but $f(x)$ is short and quickly computable from $x$?






one-way-function







share|improve this question









$endgroup$












  • $begingroup$
    It is likely that a proof that P=NP is not an effective proof. Crypto works about the same if the effort to crack n bit keys is 2^n or n^65536.
    $endgroup$
    – Joshua
    Dec 17 '18 at 19:56














5












5








5


1



$begingroup$


This site contains various discussions of one-way functions and their relation to P versus NP.



Some of these discussions use a language
$L={(x',y) ~mid~ x'le x text{ and } f(x)=y }$, where $f:Sigma^*toSigma^*$ is the one-way function and $x'le x$ is the prefix relation.
Now one central claim is that this language $L$ is contained in NP, since the word $x$ is a YES-certificate for $(x',y)in L$.



I do not see why this claim is justified.

Why is the length of the certificate $x$ polynomially bounded in the length of $(x',y)$?



Couldn't it be possible that $x$ is exponentially long in $y$ and $x'$, but $f(x)$ is short and quickly computable from $x$?






one-way-function







share|improve this question









$endgroup$




This site contains various discussions of one-way functions and their relation to P versus NP.



Some of these discussions use a language
$L={(x',y) ~mid~ x'le x text{ and } f(x)=y }$, where $f:Sigma^*toSigma^*$ is the one-way function and $x'le x$ is the prefix relation.
Now one central claim is that this language $L$ is contained in NP, since the word $x$ is a YES-certificate for $(x',y)in L$.



I do not see why this claim is justified.

Why is the length of the certificate $x$ polynomially bounded in the length of $(x',y)$?



Couldn't it be possible that $x$ is exponentially long in $y$ and $x'$, but $f(x)$ is short and quickly computable from $x$?






one-way-function




one-way-function






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 17 '18 at 14:33









AlexisAlexis

1284




1284












  • $begingroup$
    It is likely that a proof that P=NP is not an effective proof. Crypto works about the same if the effort to crack n bit keys is 2^n or n^65536.
    $endgroup$
    – Joshua
    Dec 17 '18 at 19:56


















  • $begingroup$
    It is likely that a proof that P=NP is not an effective proof. Crypto works about the same if the effort to crack n bit keys is 2^n or n^65536.
    $endgroup$
    – Joshua
    Dec 17 '18 at 19:56
















$begingroup$
It is likely that a proof that P=NP is not an effective proof. Crypto works about the same if the effort to crack n bit keys is 2^n or n^65536.
$endgroup$
– Joshua
Dec 17 '18 at 19:56




$begingroup$
It is likely that a proof that P=NP is not an effective proof. Crypto works about the same if the effort to crack n bit keys is 2^n or n^65536.
$endgroup$
– Joshua
Dec 17 '18 at 19:56










1 Answer
1






active

oldest

votes


















8












$begingroup$

Yes, it could be that in the language you give, $x$ is exponentially long in $(y,x')$, and $f$ is an efficiently computable one-way function (note that it only has to run in time polynomial in its input length, so $f(x)$ needs not be computable in time polynomial in $(y,x')$).



However, this is really a minor issue: the answers to this question that you read are simply a bit informal, and only give an intuition of the proof that OWF implies $P neq NP$. Intuitively, to fix this, modify your language as follows:



$L={(1^n, x',y) ~mid~ exists x, |x| = n, x'le x, text{ and } f(x)=y }$,



where $1^n$ means a sequence of $n$ consecutive one, which exactly allows to fix the issue you point out (note that here $x'le x$ means $x'$ is a prefix of $x$).



Note: the second answer to the question you link to does provide a link to an exercise sheet which contains the more formal solution.






share|improve this answer











$endgroup$













  • $begingroup$
    Sorry, but with your modification it is not clear anymore how to invert function $f$ in polynomial time, in case $L$ is in $P$. For exploting $L$, it seems that now I need some a priori bound on $n$, but this might be exponentially large in the length of $y$.
    $endgroup$
    – Alexis
    Dec 17 '18 at 15:04










  • $begingroup$
    Inverting $f$ needs not be polynomial in the output size $y$, but still in the input size $x$, which is the case if $L$ is in $P$. You should check the detailed solution given on page 2-3 of the exercise sheet I link to (courses.cs.ut.ee/all/MTAT.07.004/2016_fall/uploads/solution/…).
    $endgroup$
    – Geoffroy Couteau
    Dec 17 '18 at 15:29












  • $begingroup$
    With polynomial runtime for f you can not generate an output f(x) with superpolynonial size - so actually any limitation on x also translates to y implicitly.
    $endgroup$
    – tylo
    Dec 18 '18 at 11:56













Your Answer





StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f65937%2fone-way-functions-and-p-np%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









8












$begingroup$

Yes, it could be that in the language you give, $x$ is exponentially long in $(y,x')$, and $f$ is an efficiently computable one-way function (note that it only has to run in time polynomial in its input length, so $f(x)$ needs not be computable in time polynomial in $(y,x')$).



However, this is really a minor issue: the answers to this question that you read are simply a bit informal, and only give an intuition of the proof that OWF implies $P neq NP$. Intuitively, to fix this, modify your language as follows:



$L={(1^n, x',y) ~mid~ exists x, |x| = n, x'le x, text{ and } f(x)=y }$,



where $1^n$ means a sequence of $n$ consecutive one, which exactly allows to fix the issue you point out (note that here $x'le x$ means $x'$ is a prefix of $x$).



Note: the second answer to the question you link to does provide a link to an exercise sheet which contains the more formal solution.






share|improve this answer











$endgroup$













  • $begingroup$
    Sorry, but with your modification it is not clear anymore how to invert function $f$ in polynomial time, in case $L$ is in $P$. For exploting $L$, it seems that now I need some a priori bound on $n$, but this might be exponentially large in the length of $y$.
    $endgroup$
    – Alexis
    Dec 17 '18 at 15:04










  • $begingroup$
    Inverting $f$ needs not be polynomial in the output size $y$, but still in the input size $x$, which is the case if $L$ is in $P$. You should check the detailed solution given on page 2-3 of the exercise sheet I link to (courses.cs.ut.ee/all/MTAT.07.004/2016_fall/uploads/solution/…).
    $endgroup$
    – Geoffroy Couteau
    Dec 17 '18 at 15:29












  • $begingroup$
    With polynomial runtime for f you can not generate an output f(x) with superpolynonial size - so actually any limitation on x also translates to y implicitly.
    $endgroup$
    – tylo
    Dec 18 '18 at 11:56


















8












$begingroup$

Yes, it could be that in the language you give, $x$ is exponentially long in $(y,x')$, and $f$ is an efficiently computable one-way function (note that it only has to run in time polynomial in its input length, so $f(x)$ needs not be computable in time polynomial in $(y,x')$).



However, this is really a minor issue: the answers to this question that you read are simply a bit informal, and only give an intuition of the proof that OWF implies $P neq NP$. Intuitively, to fix this, modify your language as follows:



$L={(1^n, x',y) ~mid~ exists x, |x| = n, x'le x, text{ and } f(x)=y }$,



where $1^n$ means a sequence of $n$ consecutive one, which exactly allows to fix the issue you point out (note that here $x'le x$ means $x'$ is a prefix of $x$).



Note: the second answer to the question you link to does provide a link to an exercise sheet which contains the more formal solution.






share|improve this answer











$endgroup$













  • $begingroup$
    Sorry, but with your modification it is not clear anymore how to invert function $f$ in polynomial time, in case $L$ is in $P$. For exploting $L$, it seems that now I need some a priori bound on $n$, but this might be exponentially large in the length of $y$.
    $endgroup$
    – Alexis
    Dec 17 '18 at 15:04










  • $begingroup$
    Inverting $f$ needs not be polynomial in the output size $y$, but still in the input size $x$, which is the case if $L$ is in $P$. You should check the detailed solution given on page 2-3 of the exercise sheet I link to (courses.cs.ut.ee/all/MTAT.07.004/2016_fall/uploads/solution/…).
    $endgroup$
    – Geoffroy Couteau
    Dec 17 '18 at 15:29












  • $begingroup$
    With polynomial runtime for f you can not generate an output f(x) with superpolynonial size - so actually any limitation on x also translates to y implicitly.
    $endgroup$
    – tylo
    Dec 18 '18 at 11:56
















8












8








8





$begingroup$

Yes, it could be that in the language you give, $x$ is exponentially long in $(y,x')$, and $f$ is an efficiently computable one-way function (note that it only has to run in time polynomial in its input length, so $f(x)$ needs not be computable in time polynomial in $(y,x')$).



However, this is really a minor issue: the answers to this question that you read are simply a bit informal, and only give an intuition of the proof that OWF implies $P neq NP$. Intuitively, to fix this, modify your language as follows:



$L={(1^n, x',y) ~mid~ exists x, |x| = n, x'le x, text{ and } f(x)=y }$,



where $1^n$ means a sequence of $n$ consecutive one, which exactly allows to fix the issue you point out (note that here $x'le x$ means $x'$ is a prefix of $x$).



Note: the second answer to the question you link to does provide a link to an exercise sheet which contains the more formal solution.






share|improve this answer











$endgroup$



Yes, it could be that in the language you give, $x$ is exponentially long in $(y,x')$, and $f$ is an efficiently computable one-way function (note that it only has to run in time polynomial in its input length, so $f(x)$ needs not be computable in time polynomial in $(y,x')$).



However, this is really a minor issue: the answers to this question that you read are simply a bit informal, and only give an intuition of the proof that OWF implies $P neq NP$. Intuitively, to fix this, modify your language as follows:



$L={(1^n, x',y) ~mid~ exists x, |x| = n, x'le x, text{ and } f(x)=y }$,



where $1^n$ means a sequence of $n$ consecutive one, which exactly allows to fix the issue you point out (note that here $x'le x$ means $x'$ is a prefix of $x$).



Note: the second answer to the question you link to does provide a link to an exercise sheet which contains the more formal solution.







share|improve this answer














share|improve this answer



share|improve this answer








edited Dec 17 '18 at 14:51

























answered Dec 17 '18 at 14:47









Geoffroy CouteauGeoffroy Couteau

8,32011532




8,32011532












  • $begingroup$
    Sorry, but with your modification it is not clear anymore how to invert function $f$ in polynomial time, in case $L$ is in $P$. For exploting $L$, it seems that now I need some a priori bound on $n$, but this might be exponentially large in the length of $y$.
    $endgroup$
    – Alexis
    Dec 17 '18 at 15:04










  • $begingroup$
    Inverting $f$ needs not be polynomial in the output size $y$, but still in the input size $x$, which is the case if $L$ is in $P$. You should check the detailed solution given on page 2-3 of the exercise sheet I link to (courses.cs.ut.ee/all/MTAT.07.004/2016_fall/uploads/solution/…).
    $endgroup$
    – Geoffroy Couteau
    Dec 17 '18 at 15:29












  • $begingroup$
    With polynomial runtime for f you can not generate an output f(x) with superpolynonial size - so actually any limitation on x also translates to y implicitly.
    $endgroup$
    – tylo
    Dec 18 '18 at 11:56




















  • $begingroup$
    Sorry, but with your modification it is not clear anymore how to invert function $f$ in polynomial time, in case $L$ is in $P$. For exploting $L$, it seems that now I need some a priori bound on $n$, but this might be exponentially large in the length of $y$.
    $endgroup$
    – Alexis
    Dec 17 '18 at 15:04










  • $begingroup$
    Inverting $f$ needs not be polynomial in the output size $y$, but still in the input size $x$, which is the case if $L$ is in $P$. You should check the detailed solution given on page 2-3 of the exercise sheet I link to (courses.cs.ut.ee/all/MTAT.07.004/2016_fall/uploads/solution/…).
    $endgroup$
    – Geoffroy Couteau
    Dec 17 '18 at 15:29












  • $begingroup$
    With polynomial runtime for f you can not generate an output f(x) with superpolynonial size - so actually any limitation on x also translates to y implicitly.
    $endgroup$
    – tylo
    Dec 18 '18 at 11:56


















$begingroup$
Sorry, but with your modification it is not clear anymore how to invert function $f$ in polynomial time, in case $L$ is in $P$. For exploting $L$, it seems that now I need some a priori bound on $n$, but this might be exponentially large in the length of $y$.
$endgroup$
– Alexis
Dec 17 '18 at 15:04




$begingroup$
Sorry, but with your modification it is not clear anymore how to invert function $f$ in polynomial time, in case $L$ is in $P$. For exploting $L$, it seems that now I need some a priori bound on $n$, but this might be exponentially large in the length of $y$.
$endgroup$
– Alexis
Dec 17 '18 at 15:04












$begingroup$
Inverting $f$ needs not be polynomial in the output size $y$, but still in the input size $x$, which is the case if $L$ is in $P$. You should check the detailed solution given on page 2-3 of the exercise sheet I link to (courses.cs.ut.ee/all/MTAT.07.004/2016_fall/uploads/solution/…).
$endgroup$
– Geoffroy Couteau
Dec 17 '18 at 15:29






$begingroup$
Inverting $f$ needs not be polynomial in the output size $y$, but still in the input size $x$, which is the case if $L$ is in $P$. You should check the detailed solution given on page 2-3 of the exercise sheet I link to (courses.cs.ut.ee/all/MTAT.07.004/2016_fall/uploads/solution/…).
$endgroup$
– Geoffroy Couteau
Dec 17 '18 at 15:29














$begingroup$
With polynomial runtime for f you can not generate an output f(x) with superpolynonial size - so actually any limitation on x also translates to y implicitly.
$endgroup$
– tylo
Dec 18 '18 at 11:56






$begingroup$
With polynomial runtime for f you can not generate an output f(x) with superpolynonial size - so actually any limitation on x also translates to y implicitly.
$endgroup$
– tylo
Dec 18 '18 at 11:56




















draft saved

draft discarded




















































Thanks for contributing an answer to Cryptography Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


Use MathJax to format equations. MathJax reference.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f65937%2fone-way-functions-and-p-np%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Wiesbaden

Image
Wappen Deutschlandkarte 50.0825 8.24 117 Koordinaten: 50° 5′  N , 8° 14′  O Basisdaten Bundesland: Hessen Regierungsbezirk: Darmstadt Höhe: 117 m ü. NHN Fläche: 203,93 km 2 Einwohner: 278.654 (31. Dez. 2017) [1] Bevölkerungsdichte: 1366 Einwohner je km 2 Postleitzahlen: 65183–65207, 55246, 55252 Vorlage:Infobox Gemeinde in Deutschland/Wartung/PLZ enthält Text Vorwahlen: 0611, 06122, 06127, 06134 Kfz-Kennzeichen: WI Gemeindeschlüssel: 06 4 14 000 LOCODE: DE WIB NUTS: DE714 Stadtgliederung: 26 Ortsbezirke Adresse der Stadtverwaltung: Schlossplatz 6 65183 Wiesbaden Webpräsenz: www.wiesbaden.de Oberbürgermeister: Sven Gerich (SPD) Lage der Landeshauptstadt Wiesbaden in Hessen und im Regierungsbezirk Darmstadt Offizielles Logo der Landeshauptstadt Wiesbaden Flagge der Landeshauptstadt Wiesbaden Wiesbaden is
Read more

Marschland

Image
Kilometerweite Marsch in den Vier- und Marschlanden am Elbdeich Die Wedeler Marschlandschaft in Schleswig-Holstein Der Hadelner Kanal zur Entwässerung der Marsch Die tief gelegene Marsch und ein Entwässerungskanal Das Schöpfwerk Otterndorf im Land Hadeln zur Entwässerung der Medem verfügte damals bereits über die größte Kreiselpumpe Europas. Das Schöpfwerk in Neuhaus für die Aue und des Neuhaus-Bülkauer Kanals Als Marsch(land) (v. niederdt., altsächs. mersc ) – auch Masch , Mersch oder Schwemmland genannt – bezeichnet man eine nacheiszeitlich entstandene geomorphologische Landform im Gebiet der nordwestdeutschen Küsten und Flüsse sowie vergleichbare Landformen weltweit. Inhaltsverzeichnis 1 Landschaft 2 Entstehung 3 Marschböden 4 Nutzung 5 Marschgebiete in Deutschland 6 Siehe auch 7 Literatur 8 Weblinks 9 Einzelnachweise Landschaft | Marschen sind generell flache Landstriche ohne natürliche Erhebungen. Si
Read more

Dieringhausen

Image
Dieringhausen Stadt Gummersbach 50.982777777778 7.5316666666667 165 Koordinaten: 50° 58′ 58″  N , 7° 31′ 54″  O Höhe: 165  (160–245)  m Einwohner: 5055  (30. Jun. 2016) Postleitzahl: 51645 Vorwahl: 02261 Lage von Dieringhausen in Gummersbach Im Hohl ca. 1927–1930 Ansicht von Südwesten bei Bünghausen Dieringhausen (im örtlichen Dialekt Dierkesen ) ist ein Ortsteil von Gummersbach im Oberbergischen Kreis, Regierungsbezirk Köln, Nordrhein-Westfalen (Deutschland). Inhaltsverzeichnis 1 Geographie 2 Geschichte 3 Kultur 3.1 Sehenswürdigkeiten 3.2 Regelmäßige Veranstaltungen 4 Infrastruktur und Wirtschaft 4.1 Verkehr 4.1.1 Schienen- und Busverkehr 4.1.2 Straßen 4.2 Öffentliche Einrichtungen 4.2.1 Schulen und Bildungseinrichtungen 4.2.2 Kirchliche Einrichtungen 5 Persönlichkeiten 5.1 In Dieringhausen geboren 5.2 In Dieringhausen gelebt 6 Einzelnachweise 7
Read more