Abstract. Informally, an obfuscator O is an (ecient, probabilistic) \compiler" that take... more Abstract. Informally, an obfuscator O is an (ecient, probabilistic) \compiler" that takes as input a program (or circuit) P and produces a new program O(P) that has the same functionality as P yet is \unintel- ligible" in some sense. Obfuscators, if they exist, would have a wide vari- ety of cryptographic and complexity-theoretic applications, ranging from software protection to homomorphic,encryption to complexity-theoretic analogues of Rice’s theorem. Most of these applications are based on an interpretation of the \unintelligibility" condition in obfuscation as mean- ing that O(P) is a \virtual black box," in the sense that anything one can eciently compute given O(P), one could also eciently compute given oracle access to P. In this work, we initiate a theoretical investigation of obfuscation. Our main result is that, even under very weak formalizations of the above in- tuition, obfuscation is impossible. We prove this by constructing a family of functions F that are inherently unobfuscatable in the following sense: there is a property,: F! f0;1g such that (a) given any program that computes a function f 2F , the value (f) can be eciently computed, yet (b) given oracle access to a (randomly selected) function f 2F ,n o ecient,algorithm can compute,(f) much better than random,guessing. We extend our impossibility result in a number of ways, including even obfuscators that (a) are not necessarily computable in polynomial time, (b) only approximately preserve the functionality, and (c) only need to
... Ad-hoc macro denitions were used instead. THE BIT EXTRACTION PROBLEM OR t{RESILIENT FUNCTIONS... more ... Ad-hoc macro denitions were used instead. THE BIT EXTRACTION PROBLEM OR t{RESILIENT FUNCTIONS (Preliminary Version) ... and f x i : i 2 T g is a set of constants. A function f : f 0;1 g n 7! f 0;1 g m is said to be t -resilient if for every 3 Page 4. ...
ABSTRACT this paper only work if n is large." The algorithm in Theorem 4.15 needs much l... more ABSTRACT this paper only work if n is large." The algorithm in Theorem 4.15 needs much larger n than usual. 11 5 A Randomized Algorithm
We build on the recent progress regarding isomorphisms of complete sets that was reported in Agra... more We build on the recent progress regarding isomorphisms of complete sets that was reported in Agrawal et al. (1998). In that paper, it was shown that all sets that are complete under (non-uniform) AC isomorphic under isomorphisms computable and invertible via (non-uniform) circuits. One of the main tools in proving the isomorphism theorem in Agrawal et al. (1998) is a "Gap Theorem", showing that all sets complete under AC reductions are in fact already complete under NC reductions.
26th Annual Symposium on Foundations of Computer Science (sfcs 1985), 1985
... Ad-hoc macro denitions were used instead. THE BIT EXTRACTION PROBLEM OR t{RESILIENT FUNCTIONS... more ... Ad-hoc macro denitions were used instead. THE BIT EXTRACTION PROBLEM OR t{RESILIENT FUNCTIONS (Preliminary Version) ... and f x i : i 2 T g is a set of constants. A function f : f 0;1 g n 7! f 0;1 g m is said to be t -resilient if for every 3 Page 4. ...
Recurrent hepatitis B infection after orthotopic liver transplantation remains problematic despit... more Recurrent hepatitis B infection after orthotopic liver transplantation remains problematic despite prophylaxis with hepatitis B immune globulin (anti-HBs IgG). Recently, famciclovir (an oral nucleoside analog) has been shown to have potent antiviral activity against hepatitis B in vitro as well as in patients with chronic hepatitis B. We present two patients who developed recurrent hepatitis B after orthotopic liver transplantation and were treated with famciclovir, 500 mg t.i.d. Both patients subsequently responded with marked improvement in biochemical liver tests and histology, with subsequent loss of hepatitis B surface antigen. Famciclovir is a useful agent in the treatment of hepatitis B in the liver transplant recipient.
For every k, we construct an oraclc relative to which secret agreement can be done in k passes, b... more For every k, we construct an oraclc relative to which secret agreement can be done in k passes, but not in k-1. In particular, for k=3, we get an oracle relative to which secret agreement is possible, but relative to which trapdoor functions do not exist. Thus, unlike the case of private cryptosystems, there is no black box reduction from a k-pass system to a k-1 pass system. Our construction is natural— suggesting that real-world protocols could trade higher interaction costs for an assumption strictly weaker than the existence of trapdoor functions. Finding a complexity theoretic assumption necessary and sufficient for public cryptosystems to exist is one of the important open questions of cryptography. Our results make clear the possibility that this question is impossible to answer because it contains a false hidden assumption: the existence of a 2-pass public cryptosystem follows from the existence of a k-pass system. The question should really be a family of questions: given k find an assumption equivalent to the existence of a k-pass public cryptosystem.
This is the final part of a 2-part column on the future of computational complexity theory. The g... more This is the final part of a 2-part column on the future of computational complexity theory. The grounds rules were that the contributors had no restrictions (except a 1-page limit). For readers interested in more formal reports, in addition to the two URLs mentioned in the previous issue (ftp://ftp.cs.washington.edu/tr/1996/O3/UW-CSE-96-O3-O3.PS.Z and http://theory.lcs.mit.edu/-oded/toc-sp.html) I would also point to the recent "Strategic Directions"
As more expanded-criteria organ donors are used to bridge the widening gap between organ supply a... more As more expanded-criteria organ donors are used to bridge the widening gap between organ supply and demand, non-heart-beating (NHB) donors will become increasingly important. The purpose of this study was to analyze renal transplant outcomes using this source of cadaveric (CAD) organs and compare the results with heart-beating organ sources. Data from 98,698 adult CAD renal transplant recipients and 34,531 living donor renal transplant recipients registered in the U. S. Renal Data System database between January 1993 and June 2000 were analyzed. Kaplan-Meier survival curves were used to compare graft and patient survival rates between NHB, CAD, and living donor transplant recipients. Cox proportional hazards models were used to identify risk factors for NHB donor recipients, while adjusting for potential confounding variables. Recipients of NHB donor organs experienced nearly twice the incidence of delayed graft function (DGF) compared with heart-beating donors (42.4% vs. 23.3%, res...
Abstract. Informally, an obfuscator O is an (ecient, probabilistic) \compiler" that take... more Abstract. Informally, an obfuscator O is an (ecient, probabilistic) \compiler" that takes as input a program (or circuit) P and produces a new program O(P) that has the same functionality as P yet is \unintel- ligible" in some sense. Obfuscators, if they exist, would have a wide vari- ety of cryptographic and complexity-theoretic applications, ranging from software protection to homomorphic,encryption to complexity-theoretic analogues of Rice’s theorem. Most of these applications are based on an interpretation of the \unintelligibility" condition in obfuscation as mean- ing that O(P) is a \virtual black box," in the sense that anything one can eciently compute given O(P), one could also eciently compute given oracle access to P. In this work, we initiate a theoretical investigation of obfuscation. Our main result is that, even under very weak formalizations of the above in- tuition, obfuscation is impossible. We prove this by constructing a family of functions F that are inherently unobfuscatable in the following sense: there is a property,: F! f0;1g such that (a) given any program that computes a function f 2F , the value (f) can be eciently computed, yet (b) given oracle access to a (randomly selected) function f 2F ,n o ecient,algorithm can compute,(f) much better than random,guessing. We extend our impossibility result in a number of ways, including even obfuscators that (a) are not necessarily computable in polynomial time, (b) only approximately preserve the functionality, and (c) only need to
... Ad-hoc macro denitions were used instead. THE BIT EXTRACTION PROBLEM OR t{RESILIENT FUNCTIONS... more ... Ad-hoc macro denitions were used instead. THE BIT EXTRACTION PROBLEM OR t{RESILIENT FUNCTIONS (Preliminary Version) ... and f x i : i 2 T g is a set of constants. A function f : f 0;1 g n 7! f 0;1 g m is said to be t -resilient if for every 3 Page 4. ...
ABSTRACT this paper only work if n is large." The algorithm in Theorem 4.15 needs much l... more ABSTRACT this paper only work if n is large." The algorithm in Theorem 4.15 needs much larger n than usual. 11 5 A Randomized Algorithm
We build on the recent progress regarding isomorphisms of complete sets that was reported in Agra... more We build on the recent progress regarding isomorphisms of complete sets that was reported in Agrawal et al. (1998). In that paper, it was shown that all sets that are complete under (non-uniform) AC isomorphic under isomorphisms computable and invertible via (non-uniform) circuits. One of the main tools in proving the isomorphism theorem in Agrawal et al. (1998) is a "Gap Theorem", showing that all sets complete under AC reductions are in fact already complete under NC reductions.
26th Annual Symposium on Foundations of Computer Science (sfcs 1985), 1985
... Ad-hoc macro denitions were used instead. THE BIT EXTRACTION PROBLEM OR t{RESILIENT FUNCTIONS... more ... Ad-hoc macro denitions were used instead. THE BIT EXTRACTION PROBLEM OR t{RESILIENT FUNCTIONS (Preliminary Version) ... and f x i : i 2 T g is a set of constants. A function f : f 0;1 g n 7! f 0;1 g m is said to be t -resilient if for every 3 Page 4. ...
Recurrent hepatitis B infection after orthotopic liver transplantation remains problematic despit... more Recurrent hepatitis B infection after orthotopic liver transplantation remains problematic despite prophylaxis with hepatitis B immune globulin (anti-HBs IgG). Recently, famciclovir (an oral nucleoside analog) has been shown to have potent antiviral activity against hepatitis B in vitro as well as in patients with chronic hepatitis B. We present two patients who developed recurrent hepatitis B after orthotopic liver transplantation and were treated with famciclovir, 500 mg t.i.d. Both patients subsequently responded with marked improvement in biochemical liver tests and histology, with subsequent loss of hepatitis B surface antigen. Famciclovir is a useful agent in the treatment of hepatitis B in the liver transplant recipient.
For every k, we construct an oraclc relative to which secret agreement can be done in k passes, b... more For every k, we construct an oraclc relative to which secret agreement can be done in k passes, but not in k-1. In particular, for k=3, we get an oracle relative to which secret agreement is possible, but relative to which trapdoor functions do not exist. Thus, unlike the case of private cryptosystems, there is no black box reduction from a k-pass system to a k-1 pass system. Our construction is natural— suggesting that real-world protocols could trade higher interaction costs for an assumption strictly weaker than the existence of trapdoor functions. Finding a complexity theoretic assumption necessary and sufficient for public cryptosystems to exist is one of the important open questions of cryptography. Our results make clear the possibility that this question is impossible to answer because it contains a false hidden assumption: the existence of a 2-pass public cryptosystem follows from the existence of a k-pass system. The question should really be a family of questions: given k find an assumption equivalent to the existence of a k-pass public cryptosystem.
This is the final part of a 2-part column on the future of computational complexity theory. The g... more This is the final part of a 2-part column on the future of computational complexity theory. The grounds rules were that the contributors had no restrictions (except a 1-page limit). For readers interested in more formal reports, in addition to the two URLs mentioned in the previous issue (ftp://ftp.cs.washington.edu/tr/1996/O3/UW-CSE-96-O3-O3.PS.Z and http://theory.lcs.mit.edu/-oded/toc-sp.html) I would also point to the recent "Strategic Directions"
As more expanded-criteria organ donors are used to bridge the widening gap between organ supply a... more As more expanded-criteria organ donors are used to bridge the widening gap between organ supply and demand, non-heart-beating (NHB) donors will become increasingly important. The purpose of this study was to analyze renal transplant outcomes using this source of cadaveric (CAD) organs and compare the results with heart-beating organ sources. Data from 98,698 adult CAD renal transplant recipients and 34,531 living donor renal transplant recipients registered in the U. S. Renal Data System database between January 1993 and June 2000 were analyzed. Kaplan-Meier survival curves were used to compare graft and patient survival rates between NHB, CAD, and living donor transplant recipients. Cox proportional hazards models were used to identify risk factors for NHB donor recipients, while adjusting for potential confounding variables. Recipients of NHB donor organs experienced nearly twice the incidence of delayed graft function (DGF) compared with heart-beating donors (42.4% vs. 23.3%, res...
Uploads
Papers