P versus semi-NP?

Question

I am not sure to fully understand the interest of the P versus NP problem for cryptography. I get that it is important to have a problem which is hard to solve but easy to check. But it seems to me that for cryptography purposes, the problem always has a solution. So I was wondering if there is a relation between the P versus NP problem and a problem I would call P versus semi-NP (search) problem, semi-NP as in semi-algorithm?

Is there a relation between algorithm and semi-algorithm for NP problems or something similar?

score 3 · Answer 1 · answered Jul 29 '24 at 14:01

There is my interpretation of the $SemiNP$ and when a problem is within that set:

For a problem $P$ (which is guaranteed to have a solution), it is $SemiNP$ if there is, for the correct solution, there exists a polytime verifiable proof that the solution is correct.

(Note that this is somewhat different from $NP$, in that the answer to the problem isn't just 'True' or 'False', but also an actual value).

If this interpretation is correct, then we have $SemiNP$ being effective equivalent to problems within $NP \cap coNP$. That is, given a $SemiNP$ problem, we can find a problem in $NP \cap coNP$ that a polynomial Oracle queries will allow us to solve the SemiNP problem, and conversely, given a problem in $NP \cap coNP$, we can find a $SemiNP$ problem that allows us to solve the original $NP \cap coNP$ problem in a polynomial number of queries.

For the $SemiNP \rightarrow NP \cap coNP$ direction:

Given a $SemiNP$ problem $P$, let us define the problem $Q$ as "given the problem instance $x$, is bit $b$ of the solution a '1'.

This subproblem is in $NP \cap coNP$ (as we can nondeterministically find the solution, and then verify that bit $b$ is a '1' (for $NP$) or is not a '1' (for coNP). In addition, by solving a logarithmic number of these subproblems, we have solved the original problem.

(Careful readers would note that I implicitly assume that $P$ has a unique solution - I believe that can be worked around...)

For the $NP \cap coNP \rightarrow SemiNP$ direction:

Given a $NP \cap coNP$ problem $P$, let us define the problem $Q$ as 'is the solution to $P$ true or false?'

There always exists a solution to all problem instances in $Q$. In addition, there exists polytime verifiable proofs for problem instances in $Q$ (if the solution is true, we use the polytime verifiable proof for $P$ as a member of $NP$; if the solution is faluse, we use the polytime verifiable proof for $P$ as a member of $coNP$). And, given an Oracle that solves $Q$, that immediately gives us a solution for $P$.

score 2 · Answer 2 · answered Jul 29 '24 at 12:31

Your distinction is unclear. Even if the problem always has a solution, the combinatorial complexity explosion comes from the fact that the solution is one (or very few) among a huge number of possible solutions thus hard to find. In practice there is little distinction in terms of computational complexity between:

searching for a uniformly random key among $2^k$ possibilities, which takes on average $(2^k+1)/2=2^{k-1}(1+2^{-k})$ and worst case $2^{k}-1$ guesses
searching for a non-existent key among $2^k$ uniformly random possibilities. For example say the interface you use for checking your guess malfunctions, thus you fail to discover the unknown key. This also requires $2^k$ guesses.

For current day security requirements, take $k=128$ for example.

pcpthm · Accepted Answer · 2024-07-30T12:54:24.540

In computational complexity theory, the class of total function problems solvable in nondeterministic polynomial time is called TFNP. More formally, a binary relation $R(\cdot, \cdot)$ is in $\text{TFNP}$ if and only if:

For all $x$ and $y$, $R(x, y)$ can be decided by a deterministic Turing machine running in time $\mathrm{poly}(|x|)$.
For all $x$, there exists $y$ such that $R(x, y)$ holds.

TFNP contains the integer factoring problem. A version of the finite-field discrete logarithm problem where the input base is certified to be a generator also belongs to TFNP.

If we remove the totality condition, we get the complexity class FNP. Note that the definition includes partial, multi-valued functions despite the name "function." By definition, we have $\text{TFNP} \subseteq \text{FNP}$.

As $\text{FNP}$ is considered the functional version of NP, the functional version of P is called FP. A binary relation $R(\cdot, \cdot)$ is in FP if and only if a polynomial-time Turing machine $T$ exists such that:

If there exists $y$ such that $R(x, y)$, then $T(x)$ accepts and returns $T(x)$ such that $R(x, T(x))$ holds.
If no $y$ exists such that $R(x, y)$, then $T(x)$ rejects.

$\text{FNP}$ is considered the functional version of $\text{NP}$, and we have $\text{P} = \text{NP}$ if and only if $\text{FP} = \text{FNP}$. Likewise, $\text{TFNP}$ is considered the functional version of $\text{NP} \cap \text{co-NP}$. To see that, consider a total function $f(\cdot)$ for a problem $L \in \text{NP} \cap \text{co-NP}$:

$$ f(x) = \begin{cases} (0, z) & \text{if } x \in L \text{ and } z \text{ is a witness of that} \\ (1, z) & \text{if } x \notin L \text{ and } z \text{ is a witness of that} \end{cases} $$

As a binary relation $f(x) = y$, the language belongs to $\text{TFNP}$. Therefore, $\text{FP} = \text{TFNP}$ implies $\text{P} = \text{NP} \cap \text{co-NP}$. As for the reverse direction, if $\text{P} = \text{NP} \cap \text{co-NP}$, then a certain subset of TFNP representing proper functions (that is, a unique solution for each input) can be solved in polynomial time. This class doesn't have a popular name but called $\text{NPSV}_t$ in this CST.SE answer, and includes the integer factoring problem.

P versus semi-NP?

3 Answers3