If NP languages are hard on the worst-case, then it is easy to find their hard instances

Dan Gutfreund; Ronen Shaltiel; Amnon Ta-Shma

doi:10.1007/s00037-007-0235-8

If NP languages are hard on the worst-case, then it is easy to find their hard instances

Dan Gutfreund, Ronen Shaltiel, Amnon Ta-Shma

Department of Computer Science

Research output: Contribution to journal › Article › peer-review

Abstract

We prove that if NP ⊈ BPP, i.e., if SAT is worst-case hard, then for every probabilistic polynomial-time algorithm trying to decide SAT, there exists some polynomially samplable distribution that is hard for it. That is, the algorithm often errs on inputs from this distribution. This is the first worst-case to average-case reduction for NP of any kind. We stress however, that this does not mean that there exists one fixed samplable distribution that is hard for all probabilistic polynomial-time algorithms, which is a pre-requisite assumption needed for one-way functions and cryptography (even if not a sufficient assumption). Nevertheless, we do show that there is a fixed distribution on instances of NP-complete languages, that is samplable in quasi-polynomial time and is hard for all probabilistic polynomial-time algorithms (unless NP is easy in the worst case). Our results are based on the following lemma that may be of independent interest: Given the description of an efficient (probabilistic) algorithm that fails to solve SAT in the worst case, we can efficiently generate at most three Boolean formulae (of increasing lengths) such that the algorithm errs on at least one of them.

Original language	English
Pages (from-to)	412-441
Number of pages	30
Journal	Computational Complexity
Volume	16
Issue number	4
DOIs	https://doi.org/10.1007/s00037-007-0235-8
State	Published - Dec 2007

Bibliographical note

Funding Information:
Dan Gutfreund was supported in part by ONR grant N00014-04-1-0478. Most of this research was done while he was at the Hebrew University. Ro-nen Shaltiel did part of this research while staying at the Weizmann Institute and supported by the Koshland scholarship,and was also supported by Grant No. 2004329 from the United States-Israel Binational Science Foundation(BSF),Jerusalem,Israel. AmnonTa-shmawassupportedbytheIsrael Science Foundationgrant no. 217/0.

Keywords

Average-case complexity
Foundations of cryptography
Pseudo classes
Worst-case to average-case reductions

ASJC Scopus subject areas

Theoretical Computer Science
General Mathematics
Computational Theory and Mathematics
Computational Mathematics

Access to Document

10.1007/s00037-007-0235-8

Cite this

@article{7a18144bf62141abacfac01678ccc4ac,

title = "If NP languages are hard on the worst-case, then it is easy to find their hard instances",

abstract = "We prove that if NP ⊈ BPP, i.e., if SAT is worst-case hard, then for every probabilistic polynomial-time algorithm trying to decide SAT, there exists some polynomially samplable distribution that is hard for it. That is, the algorithm often errs on inputs from this distribution. This is the first worst-case to average-case reduction for NP of any kind. We stress however, that this does not mean that there exists one fixed samplable distribution that is hard for all probabilistic polynomial-time algorithms, which is a pre-requisite assumption needed for one-way functions and cryptography (even if not a sufficient assumption). Nevertheless, we do show that there is a fixed distribution on instances of NP-complete languages, that is samplable in quasi-polynomial time and is hard for all probabilistic polynomial-time algorithms (unless NP is easy in the worst case). Our results are based on the following lemma that may be of independent interest: Given the description of an efficient (probabilistic) algorithm that fails to solve SAT in the worst case, we can efficiently generate at most three Boolean formulae (of increasing lengths) such that the algorithm errs on at least one of them.",

keywords = "Average-case complexity, Foundations of cryptography, Pseudo classes, Worst-case to average-case reductions",

author = "Dan Gutfreund and Ronen Shaltiel and Amnon Ta-Shma",

note = "Funding Information: Dan Gutfreund was supported in part by ONR grant N00014-04-1-0478. Most of this research was done while he was at the Hebrew University. Ro-nen Shaltiel did part of this research while staying at the Weizmann Institute and supported by the Koshland scholarship,and was also supported by Grant No. 2004329 from the United States-Israel Binational Science Foundation(BSF),Jerusalem,Israel. AmnonTa-shmawassupportedbytheIsrael Science Foundationgrant no. 217/0.",

year = "2007",

month = dec,

doi = "10.1007/s00037-007-0235-8",

language = "English",

volume = "16",

pages = "412--441",

journal = "Computational Complexity",

issn = "1016-3328",

publisher = "Birkhauser Verlag Basel",

number = "4",

}

TY - JOUR

T1 - If NP languages are hard on the worst-case, then it is easy to find their hard instances

AU - Gutfreund, Dan

AU - Shaltiel, Ronen

AU - Ta-Shma, Amnon

N1 - Funding Information: Dan Gutfreund was supported in part by ONR grant N00014-04-1-0478. Most of this research was done while he was at the Hebrew University. Ro-nen Shaltiel did part of this research while staying at the Weizmann Institute and supported by the Koshland scholarship,and was also supported by Grant No. 2004329 from the United States-Israel Binational Science Foundation(BSF),Jerusalem,Israel. AmnonTa-shmawassupportedbytheIsrael Science Foundationgrant no. 217/0.

PY - 2007/12

Y1 - 2007/12

N2 - We prove that if NP ⊈ BPP, i.e., if SAT is worst-case hard, then for every probabilistic polynomial-time algorithm trying to decide SAT, there exists some polynomially samplable distribution that is hard for it. That is, the algorithm often errs on inputs from this distribution. This is the first worst-case to average-case reduction for NP of any kind. We stress however, that this does not mean that there exists one fixed samplable distribution that is hard for all probabilistic polynomial-time algorithms, which is a pre-requisite assumption needed for one-way functions and cryptography (even if not a sufficient assumption). Nevertheless, we do show that there is a fixed distribution on instances of NP-complete languages, that is samplable in quasi-polynomial time and is hard for all probabilistic polynomial-time algorithms (unless NP is easy in the worst case). Our results are based on the following lemma that may be of independent interest: Given the description of an efficient (probabilistic) algorithm that fails to solve SAT in the worst case, we can efficiently generate at most three Boolean formulae (of increasing lengths) such that the algorithm errs on at least one of them.

AB - We prove that if NP ⊈ BPP, i.e., if SAT is worst-case hard, then for every probabilistic polynomial-time algorithm trying to decide SAT, there exists some polynomially samplable distribution that is hard for it. That is, the algorithm often errs on inputs from this distribution. This is the first worst-case to average-case reduction for NP of any kind. We stress however, that this does not mean that there exists one fixed samplable distribution that is hard for all probabilistic polynomial-time algorithms, which is a pre-requisite assumption needed for one-way functions and cryptography (even if not a sufficient assumption). Nevertheless, we do show that there is a fixed distribution on instances of NP-complete languages, that is samplable in quasi-polynomial time and is hard for all probabilistic polynomial-time algorithms (unless NP is easy in the worst case). Our results are based on the following lemma that may be of independent interest: Given the description of an efficient (probabilistic) algorithm that fails to solve SAT in the worst case, we can efficiently generate at most three Boolean formulae (of increasing lengths) such that the algorithm errs on at least one of them.

KW - Average-case complexity

KW - Foundations of cryptography

KW - Pseudo classes

KW - Worst-case to average-case reductions

UR - http://www.scopus.com/inward/record.url?scp=38749124068&partnerID=8YFLogxK

U2 - 10.1007/s00037-007-0235-8

DO - 10.1007/s00037-007-0235-8

M3 - Article

AN - SCOPUS:38749124068

SN - 1016-3328

VL - 16

SP - 412

EP - 441

JO - Computational Complexity

JF - Computational Complexity

IS - 4

ER -

If NP languages are hard on the worst-case, then it is easy to find their hard instances

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this