A New View on Worst-Case to Average-Case Reductions for NP Problems

  • Thomas Holenstein
  • Robin Künzler
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8591)


We study the result by Bogdanov and Trevisan (FOCS, 2003), who show that under reasonable assumptions, there is no non-adaptive reduction that bases the average-case hardness of an NP-problem on the worst-case complexity of an NP-complete problem. We replace the hiding and the heavy samples protocol in [BT03] by employing the histogram verification protocol of Haitner, Mahmoody and Xiao (CCC, 2010), which proves to be very useful in this context. Once the histogram is verified, our hiding protocol is directly public-coin, whereas the intuition behind the original protocol inherently relies on private coins.


Homomorphic Encryption Cryptographic Primitive Polynomial Hierarchy Uniform Random Sample Learning With Error 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AGGM06]
    Akavia, A., Goldreich, O., Goldwasser, S., Moshkovitz, D.: On basing one-way functions on np-hardness. In: Kleinberg, J.M. (ed.) STOC, pp. 701–710. ACM (2006), See also errata on author’s webpage:
  2. [AH91]
    Aiello, W., Håstad, J.: Statistical zero-knowledge languages can be recognized in two rounds. J. Comput. Syst. Sci. 42(3), 327–345 (1991)CrossRefzbMATHGoogle Scholar
  3. [Ajt96]
    Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: Miller, G.L. (ed.) STOC, pp. 99–108. ACM (1996)Google Scholar
  4. [BDCGL92]
    Ben-David, S., Chor, B., Goldreich, O., Luby, M.: On the theory of average case complexity. J. Comput. Syst. Sci. 44(2), 193–219 (1992)CrossRefzbMATHMathSciNetGoogle Scholar
  5. [BK95]
    Blum, M., Kannan, S.: Designing programs that check their work. J. ACM 42(1), 269–291 (1995)CrossRefzbMATHGoogle Scholar
  6. [BL13]
    Bogdanov, A., Lee, C.H.: Limits of provable security for homomorphic encryption. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 111–128. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. [BLP+13]
    Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: Classical hardness of learning with errors. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) STOC, pp. 575–584. ACM (2013)Google Scholar
  8. [BLR93]
    Blum, M., Luby, M., Rubinfeld, R.: Self-testing/correcting with applications to numerical problems. J. Comput. Syst. Sci. 47(3), 549–595 (1993)CrossRefzbMATHMathSciNetGoogle Scholar
  9. [Blu88]
    Blum, M.: Designing programs to check their work. Technical Report 88-09, ICSI (1988)Google Scholar
  10. [Bra83]
    Brassard, G.: Relativized cryptography. IEEE Transactions on Information Theory 29(6), 877–893 (1983)CrossRefzbMATHMathSciNetGoogle Scholar
  11. [BT06a]
    Bogdanov, A., Trevisan, L.: Average-case complexity. Foundations and Trends in Theoretical Computer Science 2(1) (2006)Google Scholar
  12. [BT06b]
    Bogdanov, A., Trevisan, L.: On worst-case to average-case reductions for NP problems. SIAM J. Comput. 36(4), 1119–1159 (2006)CrossRefzbMATHMathSciNetGoogle Scholar
  13. [DBL10]
    Proceedings of the 25th Annual IEEE Conference on Computational Complexity, CCC 2010, June 9-12. IEEE Computer Society (2010)Google Scholar
  14. [DH76]
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)CrossRefzbMATHMathSciNetGoogle Scholar
  15. [EY80]
    Even, S., Yacobi, Y.: Cryptocomplexity and NP-completeness. In: de Bakker, J.W., van Leeuwen, J. (eds.) ICALP 1980. LNCS, vol. 85, pp. 195–207. Springer, Heidelberg (1980)CrossRefGoogle Scholar
  16. [FF93]
    Feigenbaum, J., Fortnow, L.: Random-self-reducibility of complete sets. SIAM J. Comput. 22(5), 994–1005 (1993)CrossRefzbMATHMathSciNetGoogle Scholar
  17. [GG98]
    Goldreich, O., Goldwasser, S.: On the possibility of basing cryptography on the assumption that \(\text{P} \neq \textit{NP}\), Unpublished manuscript (1998)Google Scholar
  18. [Gol97]
    Goldreich, O.: Notes on levin’s theory of average-case complexity. Electronic Colloquium on Computational Complexity (ECCC) 4(58) (1997)Google Scholar
  19. [GS86]
    Goldwasser, S., Sipser, M.: Private coins versus public coins in interactive proof systems. In: Hartmanis, J. (ed.) STOC, pp. 59–68. ACM (1986)Google Scholar
  20. [GSTS07]
    Gutfreund, D., Shaltiel, R., Ta-Shma, A.: If NP languages are hard on the worst-case, then it is easy to find their hard instances. Computational Complexity 16(4), 412–441 (2007)CrossRefzbMATHMathSciNetGoogle Scholar
  21. [GTS07]
    Gutfreund, D., Ta-Shma, A.: Worst-case to average-case reductions revisited. In: Charikar, M., Jansen, K., Reingold, O., Rolim, J.D.P. (eds.) APPROX and RANDOM 2007. LNCS, vol. 4627, pp. 569–583. Springer, Heidelberg (2007)Google Scholar
  22. [HMX10]
    Haitner, I., Mahmoody, M., Xiao, D.: A new sampling protocol and applications to basing cryptographic primitives on the hardness of NP. In: IEEE Conference on Computational Complexity [DBLP10], pp. 76–87Google Scholar
  23. [IL90]
    Impagliazzo, R., Levin, L.A.: No better ways to generate hard NP instances than picking uniformly at random. In: FOCS, pp. 812–821. IEEE Computer Society (1990)Google Scholar
  24. [Imp95]
    Impagliazzo, R.: A personal view of average-case complexity. In: Structure in Complexity Theory Conference, pp. 134–147. IEEE Computer Society (1995)Google Scholar
  25. [Imp11]
    Impagliazzo, R.: Relativized separations of worst-case and average-case complexities for NP. In: IEEE Conference on Computational Complexity, pp. 104–114. IEEE Computer Society (2011)Google Scholar
  26. [Lem79]
    Lempel, A.: Cryptology in transition. ACM Comput. Surv. 11(4), 285–303 (1979)CrossRefzbMATHGoogle Scholar
  27. [LM09]
    Lyubashevsky, V., Micciancio, D.: On bounded distance decoding, unique shortest vectors, and the minimum distance problem. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 577–594. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  28. [Mic04]
    Micciancio, D.: Almost perfect lattices, the covering radius problem, and applications to Ajtai’s connection factor. SIAM J. Comput. 34(1), 118–169 (2004)CrossRefzbMATHMathSciNetGoogle Scholar
  29. [MR07]
    Micciancio, D., Regev, O.: Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007)CrossRefzbMATHMathSciNetGoogle Scholar
  30. [MX10]
    Mahmoody, M., Xiao, D.: On the power of randomized reductions and the checkability of sat. In: IEEE Conference on Computational Complexity [DBL10], pp. 64–75Google Scholar
  31. [Pei09]
    Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem: Extended abstract. In: Mitzenmacher, M. (ed.) STOC, pp. 333–342. ACM (2009)Google Scholar
  32. [Reg09]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6) (2009)Google Scholar
  33. [Reg10]
    Regev, O.: The learning with errors problem (invited survey). In: IEEE Conference on Computational Complexity [DBL10], pp. 191–204 (2010)Google Scholar
  34. [Rub90]
    Rubinfeld, R.: A mathematical theory of self-checking, self-testing and self-correcting programs. PhD thesis. UC Berkeley (1990)Google Scholar
  35. [STV01]
    Sudan, M., Trevisan, L., Vadhan, S.P.: Pseudorandom generators without the xor lemma. J. Comput. Syst. Sci. 62(2), 236–266 (2001)CrossRefzbMATHMathSciNetGoogle Scholar
  36. [Wat12]
    Watson, T.: Relativized worlds without worst-case to average-case reductions for NP. TOCT 4(3), 8 (2012)CrossRefGoogle Scholar
  37. [Yap83]
    Yap, C.-K.: Some consequences of non-uniform conditions on uniform classes. Theor. Comput. Sci. 26, 287–300 (1983)CrossRefzbMATHMathSciNetGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Thomas Holenstein
    • 1
  • Robin Künzler
    • 1
  1. 1.Department of Computer ScienceETH ZurichZurichSwitzerland

Personalised recommendations