The Diffie and Hellman model of a Public Key Cryptosystem has received much attention as a way to provide secure network communication. In this paper, we show that the original Diffie and Hellman model does not guarantee security against other users in the system. It is shown how users, which are more powerful adversarys than the traditionally considered passive eavesdroppers, can decrypt other users messages, in implementations of Public Key Cryptosystem using the RSA function, the Rabin function and the Goldwasser&Micali scheme. This weakness depends on the bit security of the encryption function. For the RSA (Rabin) function we show that computing, from the cyphertext, specific bits of the cleartext, is polynomially equivalent to inverting the function (factoring). As for many message spaces, this bit can be easily found out by communicating, the system is insecure. We present a modification of the Diffie and Hellman model of a Public-Key Cryptosystem, and one concrete implementation of the modified model. For this implementation, the difficulty of extracting partial information about clear text messages from their encoding, by eavesdroppers, users or by Chosen Cyphertext Attacks is proved equivalent to the computational difficulty of factoring. Such equivalence proof holds in a very strong probabilistic sense and for any message space. No additional assumptions, such as the existence of a perfect signature scheme, or a trusted authentication center, are made.
{"title":"Why and how to establish a private code on a public network","authors":"S. Goldwasser, S. Micali, Po Tong","doi":"10.1109/SFCS.1982.100","DOIUrl":"https://doi.org/10.1109/SFCS.1982.100","url":null,"abstract":"The Diffie and Hellman model of a Public Key Cryptosystem has received much attention as a way to provide secure network communication. In this paper, we show that the original Diffie and Hellman model does not guarantee security against other users in the system. It is shown how users, which are more powerful adversarys than the traditionally considered passive eavesdroppers, can decrypt other users messages, in implementations of Public Key Cryptosystem using the RSA function, the Rabin function and the Goldwasser&Micali scheme. This weakness depends on the bit security of the encryption function. For the RSA (Rabin) function we show that computing, from the cyphertext, specific bits of the cleartext, is polynomially equivalent to inverting the function (factoring). As for many message spaces, this bit can be easily found out by communicating, the system is insecure. We present a modification of the Diffie and Hellman model of a Public-Key Cryptosystem, and one concrete implementation of the modified model. For this implementation, the difficulty of extracting partial information about clear text messages from their encoding, by eavesdroppers, users or by Chosen Cyphertext Attacks is proved equivalent to the computational difficulty of factoring. Such equivalence proof holds in a very strong probabilistic sense and for any message space. No additional assumptions, such as the existence of a perfect signature scheme, or a trusted authentication center, are made.","PeriodicalId":127919,"journal":{"name":"23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130617487","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A central issue in relational database theory is that of decomposition. It has been agreed that decompositions should be injective, so as not to lose information, and surjective, so they decompose a relation into independent components. Injectiveness and surjectiveness are in general second-order notions. We show here how to express these notions in a first-order manner, assuming that we are dealing only with first-order constraints. As a consequence we get that the reconstruction map, which is the inverse to the decomposition map, is also first-order, but is not necessarily the natural join. This result is derived by applying Beth's Definability Theorem from model theory. For the case that the constraints used are implicational dependencies, we derive the exact syntactic form of the reconstruction map, and show that if the decomposition map is both injective and surjective then the reconstruction map is the natural join.
{"title":"On decomposition of relational databases","authors":"Moshe Y. Vardi","doi":"10.1109/SFCS.1982.75","DOIUrl":"https://doi.org/10.1109/SFCS.1982.75","url":null,"abstract":"A central issue in relational database theory is that of decomposition. It has been agreed that decompositions should be injective, so as not to lose information, and surjective, so they decompose a relation into independent components. Injectiveness and surjectiveness are in general second-order notions. We show here how to express these notions in a first-order manner, assuming that we are dealing only with first-order constraints. As a consequence we get that the reconstruction map, which is the inverse to the decomposition map, is also first-order, but is not necessarily the natural join. This result is derived by applying Beth's Definability Theorem from model theory. For the case that the constraints used are implicational dependencies, we derive the exact syntactic form of the reconstruction map, and show that if the decomposition map is both injective and surjective then the reconstruction map is the natural join.","PeriodicalId":127919,"journal":{"name":"23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129382963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The classical mover's problem is the following: can a rigid object in 3-dimensional space be moved from one given position to another while avoiding obstacles? It is known that a more general version of this problem involving objects with movable joints is PSPACE-complete, even for a simple tree-like structure. In this paper, we investigate a 2-dimensional mover's problem in which the object being moved is a robot arm with an arbitrary number of joints. We reduce the mover's problem for arms constrained to move within bounded regions whose boundaries are made up of straight lines to the mover's problem for a more complex linkage that is not constrained. We prove that the latter problem is PSPACE-hard even in 2-dimensional space and then turn to special cases of the mover's problem for arms. In particular, we give a polynomial time algorithm for moving an arm confined within a circle from one given configuration to another. We also give a polynomial time algorithm for moving the arm from its initial position to a position in which the end of the arm reaches a given point within the circle.
{"title":"On the movement of robot arms in 2-dimensional bounded regions","authors":"J. Hopcroft, D. Joseph, S. Whitesides","doi":"10.1137/0214025","DOIUrl":"https://doi.org/10.1137/0214025","url":null,"abstract":"The classical mover's problem is the following: can a rigid object in 3-dimensional space be moved from one given position to another while avoiding obstacles? It is known that a more general version of this problem involving objects with movable joints is PSPACE-complete, even for a simple tree-like structure. In this paper, we investigate a 2-dimensional mover's problem in which the object being moved is a robot arm with an arbitrary number of joints. We reduce the mover's problem for arms constrained to move within bounded regions whose boundaries are made up of straight lines to the mover's problem for a more complex linkage that is not constrained. We prove that the latter problem is PSPACE-hard even in 2-dimensional space and then turn to special cases of the mover's problem for arms. In particular, we give a polynomial time algorithm for moving an arm confined within a circle from one given configuration to another. We also give a polynomial time algorithm for moving the arm from its initial position to a position in which the end of the arm reaches a given point within the circle.","PeriodicalId":127919,"journal":{"name":"23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122883552","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We consider the notion of a (data) format where each format defines a family of data structures. These formats arose from the theory of databases. Previous works have investigated the notion of generic transformations of data structures between formats. We give a novel grouptheoretic view of genericity which unifies the original approaches of Hull-Yap and Aho-Ullman. Among the results are: A necessary and sufficient condition for the existence of generic embeddings; the fact that digraphs cannot be generically embedded in hypergraphs; the striking fact that there is no hypergraph on more than two vertices with the alternating group as its automorphism group, and combinatorial techniques for counting structures with a prescribed automorphism group.
{"title":"Generic transformation of data structures","authors":"C. Ó'Dúnlaing, C. Yap","doi":"10.1109/SFCS.1982.21","DOIUrl":"https://doi.org/10.1109/SFCS.1982.21","url":null,"abstract":"We consider the notion of a (data) format where each format defines a family of data structures. These formats arose from the theory of databases. Previous works have investigated the notion of generic transformations of data structures between formats. We give a novel grouptheoretic view of genericity which unifies the original approaches of Hull-Yap and Aho-Ullman. Among the results are: A necessary and sufficient condition for the existence of generic embeddings; the fact that digraphs cannot be generically embedded in hypergraphs; the striking fact that there is no hypergraph on more than two vertices with the alternating group as its automorphism group, and combinatorial techniques for counting structures with a prescribed automorphism group.","PeriodicalId":127919,"journal":{"name":"23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122563974","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We address the question of program size of of perfect and universal hash functions. We prove matching upper and lower bounds (up to constant factors) on program size. Furthermore, we show that minimum or nearly minimum size programs can be found efficiently. In addition, these (near) minimum size programs have time complexity at most O(log* N) where N is the size of the universe in the case of perfect hashing, and time complexity 0(1) in the case of universal hashing. Thus for universal hashing programs of minimal size and minimal time complexity have been found.
{"title":"On the program size of perfect and universal hash functions","authors":"K. Mehlhorn","doi":"10.1109/SFCS.1982.80","DOIUrl":"https://doi.org/10.1109/SFCS.1982.80","url":null,"abstract":"We address the question of program size of of perfect and universal hash functions. We prove matching upper and lower bounds (up to constant factors) on program size. Furthermore, we show that minimum or nearly minimum size programs can be found efficiently. In addition, these (near) minimum size programs have time complexity at most O(log* N) where N is the size of the universe in the case of perfect hashing, and time complexity 0(1) in the case of universal hashing. Thus for universal hashing programs of minimal size and minimal time complexity have been found.","PeriodicalId":127919,"journal":{"name":"23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125894151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A complexity theory for unbounded fan-in parallelism is developed where the complexity measure is the simultaneous measure (number of processors, parallel time). Two models of unbounded fan-in parallelism are (1) parallel random access machines that allow simultaneous reading from or writing to the same common memory location, and (2) circuits containing AND's, OR's and NOT's with no bound placed on the fan-in of gates. It is shown that these models can simulate one another with the number of processors preserved to within a polynomial and parallel time preserved to within a constant factor. Reducibilities that preserve the measure in this sense are defined and several reducibilities and equivalences among problems are given. New upper bounds on the (unbounded fan-in) circuit complexity of symmetric Boolean functions are proved.
{"title":"A complexity theory for unbounded fan-in parallelism","authors":"A. K. Chandra, L. Stockmeyer, U. Vishkin","doi":"10.1109/SFCS.1982.3","DOIUrl":"https://doi.org/10.1109/SFCS.1982.3","url":null,"abstract":"A complexity theory for unbounded fan-in parallelism is developed where the complexity measure is the simultaneous measure (number of processors, parallel time). Two models of unbounded fan-in parallelism are (1) parallel random access machines that allow simultaneous reading from or writing to the same common memory location, and (2) circuits containing AND's, OR's and NOT's with no bound placed on the fan-in of gates. It is shown that these models can simulate one another with the number of processors preserved to within a polynomial and parallel time preserved to within a constant factor. Reducibilities that preserve the measure in this sense are defined and several reducibilities and equivalences among problems are given. New upper bounds on the (unbounded fan-in) circuit complexity of symmetric Boolean functions are proved.","PeriodicalId":127919,"journal":{"name":"23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116843299","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we propose a notion of fairness for transition systems and a logic for proving properties under the fairness assumption corresponding to this notion. We consider that the concept of fairness which is useful is "fair reachability" of a given set of states P in a system, i.e. reachability of states of P when considering only the computations such that if, during their execution, reaching states of P is possible infinitely often, then states of P are visited infinitely often. This definition of fairness suggests the introduction of a branching time logic FCL, the temporal operators of which express, for a given set of states P, the modalities "it is possible that P" and "it is inevitable that P" by considering fair reachability of P. The main result is that, given a transition system S and a formula f of FCL expressing some property of S under the assumption of fairness, there exists a formula f′ belonging to a branching time logic CL such that : f is valid for S in FCL iff f′ is valid for S in CL. This result shows that proving a property under the assumption of fairness is equivalent to proving some other property without this assumption and that the study of FCL can be made via the "unfair" logic CL, easier to study and for which several results already exist.
{"title":"A temporal logic to deal with fairness in transition systems","authors":"J. Queille, J. Sifakis","doi":"10.1109/SFCS.1982.57","DOIUrl":"https://doi.org/10.1109/SFCS.1982.57","url":null,"abstract":"In this paper, we propose a notion of fairness for transition systems and a logic for proving properties under the fairness assumption corresponding to this notion. We consider that the concept of fairness which is useful is \"fair reachability\" of a given set of states P in a system, i.e. reachability of states of P when considering only the computations such that if, during their execution, reaching states of P is possible infinitely often, then states of P are visited infinitely often. This definition of fairness suggests the introduction of a branching time logic FCL, the temporal operators of which express, for a given set of states P, the modalities \"it is possible that P\" and \"it is inevitable that P\" by considering fair reachability of P. The main result is that, given a transition system S and a formula f of FCL expressing some property of S under the assumption of fairness, there exists a formula f′ belonging to a branching time logic CL such that : f is valid for S in FCL iff f′ is valid for S in CL. This result shows that proving a property under the assumption of fairness is equivalent to proving some other property without this assumption and that the study of FCL can be made via the \"unfair\" logic CL, easier to study and for which several results already exist.","PeriodicalId":127919,"journal":{"name":"23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)","volume":"21 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116683371","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Suppose it is known that {X0, X1,...,Xn} is produced by a pseudo-random number generator of the form Xi+1 = aXi + b mod m, but a, b, and m are unknown. Can one efficiently predict the remainder of the sequence with knowledge of only a few elements from that sequence? This question is answered in the affirmative and an algorithm is given.
{"title":"Inferring a sequence generated by a linear congruence","authors":"Joan B. Plumstead","doi":"10.1109/SFCS.1982.73","DOIUrl":"https://doi.org/10.1109/SFCS.1982.73","url":null,"abstract":"Suppose it is known that {X<sub>0</sub>, X<sub>1</sub>,...,X<sub>n</sub>} is produced by a pseudo-random number generator of the form X<sub>i+1</sub> = aX<sub>i</sub> + b mod m, but a, b, and m are unknown. Can one efficiently predict the remainder of the sequence with knowledge of only a few elements from that sequence? This question is answered in the affirmative and an algorithm is given.","PeriodicalId":127919,"journal":{"name":"23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114335439","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we show that any channel routing problem of density d involving two-terminal nets can always be solved in the knock-knee mode in a channel of width equal the density d with three conducting layers. An algorithm is described which produces a layout of n nets with the following properties: (i) it has minimal width d; (ii) it can be realized with three layers; (iii) it has at most 3n vias; (iv) any two wires share at most four grid points.
{"title":"Three layers are enough","authors":"F. Preparata, W. Lipski","doi":"10.1109/SFCS.1982.47","DOIUrl":"https://doi.org/10.1109/SFCS.1982.47","url":null,"abstract":"In this paper we show that any channel routing problem of density d involving two-terminal nets can always be solved in the knock-knee mode in a channel of width equal the density d with three conducting layers. An algorithm is described which produces a layout of n nets with the following properties: (i) it has minimal width d; (ii) it can be realized with three layers; (iii) it has at most 3n vias; (iv) any two wires share at most four grid points.","PeriodicalId":127919,"journal":{"name":"23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126552157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Let P be a simple polygon with N vertices, each being assigned a weight ∈ {0,1}, and let C, the weight of P, be the added weight of all vertices. We prove that it is possible, in O(N) time, to find two vertices a,b in P, such that the segment ab lies entirely inside the polygon P and partitions it into two polygons, each with a weight not exceeding 2C/3. This computation assumes that all the vertices have been sorted along some axis, which can be done in O(Nlog N) time. We use this result to derive a number of efficient divide-and-conquer algorithms for: 1. Triangulating an N-gon in O(Nlog N) time. 2. Decomposing an N-gon into (few) convex pieces in O(Nlog N) time. 3. Given an O(Nlog N) preprocessing, computing the shortest distance between two arbitrary points inside an N-gon (i.e., the internal distance), in O(N) time. 4. Computing the longest internal path in an N-gon in O(N2) time. In all cases, the algorithms achieve significant improvements over previously known methods, either by displaying better performance or by gaining in simplicity. In particular, the best algorithms for Problems 2,3,4, known so far, performed respectively in O(N2), O(N2), and O(N4) time.
{"title":"A theorem on polygon cutting with applications","authors":"B. Chazelle","doi":"10.1109/SFCS.1982.58","DOIUrl":"https://doi.org/10.1109/SFCS.1982.58","url":null,"abstract":"Let P be a simple polygon with N vertices, each being assigned a weight ∈ {0,1}, and let C, the weight of P, be the added weight of all vertices. We prove that it is possible, in O(N) time, to find two vertices a,b in P, such that the segment ab lies entirely inside the polygon P and partitions it into two polygons, each with a weight not exceeding 2C/3. This computation assumes that all the vertices have been sorted along some axis, which can be done in O(Nlog N) time. We use this result to derive a number of efficient divide-and-conquer algorithms for: 1. Triangulating an N-gon in O(Nlog N) time. 2. Decomposing an N-gon into (few) convex pieces in O(Nlog N) time. 3. Given an O(Nlog N) preprocessing, computing the shortest distance between two arbitrary points inside an N-gon (i.e., the internal distance), in O(N) time. 4. Computing the longest internal path in an N-gon in O(N2) time. In all cases, the algorithms achieve significant improvements over previously known methods, either by displaying better performance or by gaining in simplicity. In particular, the best algorithms for Problems 2,3,4, known so far, performed respectively in O(N2), O(N2), and O(N4) time.","PeriodicalId":127919,"journal":{"name":"23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1982-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128977132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: