Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [complexity]

Complexity describes - in simple words - how hard (complex) it is to reach a specific goal; and under which conditions. In cryptography, this mostly ends up in using the complexity theory to analyze things. One of the main goals of complexity theory is to prove lower bounds on the resources (e.g. time and/or space) needed to solve a certain computational problem. Cryptography can therefore be seen as the complexity theory's main field of use.

Complexity describes - in simple words - how hard (complex) it is to reach a specific goal; and under which conditions. In cryptography, this mostly ends up in using the complexity theory to analyze things. One of the main goals of complexity theory is to prove lower bounds on the resources (e.g. time and/or space) needed to solve a certain computational problem. Cryptography can therefore be seen as the complexity theory's main field of use.

290 questions
31
votes
2 answers

What are standard cryptographic assumptions?

I am struggling to understand what is meant by "standard cryptographic assumption". The Wikipedia artice on the Goldwasser–Micali system (GM) reads "GM has the distinction of being the first probabilistic public-key encryption scheme which is…
3nondatur
  • 617
  • 6
  • 11
21
votes
1 answer

Quantum complexity of LWE

As per my understanding, LWE is quantum secure because there is no known quantum algorithm to solve LWE in polynomial time. Due to the reductions given by Regev et al., if there is any algorithm that solves LWE in polynomial time, it will imply that…
Rick
  • 1,305
  • 8
  • 17
20
votes
2 answers

Practical differences between circuits and turing machines for cryptography

In formal cryptography, we model algorithms (mostly our adversaries) as (Probabilistic) Turing Machines or as boolean circuits. In our lecture on formal cryptography, we learned that circuits are more powerful than turing machines, in the sense that…
malexmave
  • 1,461
  • 2
  • 14
  • 26
20
votes
1 answer

uniform vs. non-uniform PPT

I'm trying to understand PPT and in particular what the differences are in uniform and non-uniform PPT's. First, this is how I see it: A probabilistic polynomial-time (PPT) algorithm $A$ is an algorithm that runs in polynomial time but also has…
hsalin
  • 485
  • 1
  • 4
  • 7
18
votes
2 answers

What's the difference between polylogarithmic and logarithmic?

I can't imagine one that is not polylogarithmic but logarithmic. $O(\log N)$ satisfies both. What about $O(\log^{3}N)$, $O(\log^{100}N)$, and $O(\log^{10000}N)$ ? Let's say $N=10^{10}$
mallea
  • 1,715
  • 1
  • 12
  • 23
15
votes
2 answers

How reassuring is 64-bit (in)security?

In Feb 2017, CWI and Google announced SHAttered hash collision attack on SHA1, which took $2^{63.1}$ work estimated 6500 CPU years, to achieve. Therefore, 64-bit should be considered now an insecurity. However, that's on the cloud computers of one…
DannyNiu
  • 10,640
  • 2
  • 27
  • 64
14
votes
1 answer

What does "running in polynomial time" really mean?

I'm currently learning private-key cryptography. I've been able to see that perfect secrecy is achievable if no assumption is made about the computational power of the attacker. However, perfect secrecy is quite heavy to use, so we relax our…
Backslash36
  • 241
  • 2
  • 6
14
votes
3 answers

Why are only lattice problems used in cryptography?

There are thousands of NP-hard problems out there. Why have only lattice problems been applied to cryptography?
Little Nan
  • 239
  • 1
  • 3
13
votes
3 answers

What happens for factoring algorithms if P=NP?

If someone ever demonstrates that P=NP, will it give us a polynomial factoring algorithm, or will it only tell us that such an algorithm exists, but we still have to find it?
tyuil
  • 217
  • 2
  • 5
13
votes
2 answers

Is it possible to construct an encryption scheme for which breaking is NP complete but there nearly always exists an efficient breaking algorithm

The question stems from the fact that foundations of crypto states: suppose breaking an encryption scheme is NP-complete, then P != NP implies that this encryption is hard to break in the worst case, but does not rule out the possibility that it can…
z.karl
  • 445
  • 2
  • 9
12
votes
5 answers

Can you explain what an NP statement is when they refer to it in Zero knowledge proofs?

When I read about zero knowledge proof, I keep encountering the term NP-statement. I am aware of complexity classes but I am a little unclear on how it ties up to NP-statement. I came across the following here: C++ library for zkSNARKs A computation…
tatepairing
  • 323
  • 2
  • 7
11
votes
4 answers

What is the largest performed/possible bruteforce attack to date?

I've read that cracking 128-bit key is currently out of reach of all humanity. However, I can't seem to find any information on what scope of brute force attacks have been performed or are possible at the current time. Can someone provide some…
ThePiachu
  • 1,689
  • 2
  • 18
  • 26
10
votes
0 answers

Hardness of iterated squaring in Paillier group

The (computational) problem of iterated squaring (IS) in the RSA group is defined as follows, where $\leftarrow$ denotes sampling uniformly at random: Input: $(N,x,T)$, where $N$ is the RSA modulus, $x\leftarrow\mathbb{Z}_N^*$, and $T\in\mathbb{N}$…
ckamath
  • 5,488
  • 2
  • 25
  • 42
10
votes
3 answers

Discrete log problem, when we have many examples

Suppose I have many instances of the discrete log problem, all using the same unknown exponent. Is this problem easier than the standard discrete log problem? Oh, heck, I should be more precise. Let $p$ be a large prime, chosen to be large enough…
D.W.
  • 36,982
  • 13
  • 107
  • 196
10
votes
2 answers

Why is the complexity of RSA-1024 80 bit and not 86 bit?

Why is the complexity of RSA-1024 80 bit and not 86.76611925028119 bit? Here is the complexity for the GNFS (pulled from the linked Wikipedia article): $$\exp\left( \left(\sqrt[3]{\frac{64}{9}} + o(1)\right)(\ln n)^{\frac{1}{3}}(\ln \ln…
user129789
  • 455
  • 1
  • 5
  • 8
1
2 3
19 20