Structure in Complexity Theory pp 51-65 | Cite as

# One-way functions and circuit complexity

## Abstract

A finite function *f* is a mapping of {0,1}^{ n } into {0,1}^{ m }∪{#}, where “#” is a symbol to be thought of as “undefined.” A family of finite functions is said to be *one-way* (in a circuit complexity sense) if it can be computed with polynomial size circuits, but no family of inverses of these functions can be computed with polynomial size circuits. In this paper we show that (provided functions that are not one-to-one are allowed) one-way functions exist if and only if the satisfiability problem *SAT* does not have polynomial size circuits.

A family of functions *f*_{ i }(*x*) can be *checked* if some family of polynomial size circuits with inputs *x* and *y* can determine if *f*_{ i }(*x*)=*y*. A family of functions *f*_{ i }(*x*) can be *evaluated* if some family of polynomial size circuits with input *x* can compute *f*_{ i }(*x*). Can all families of total functions that can be checked also be evaluated? We show that this is true if and only if the nonuniform versions of the complexity classes *P* and *UP*∩*co-UP* are equal.

A family of functions *f*_{ i } is *one-way for constant depth circuits* if *f*_{ i } can be computed with unbounded fan-in circuits of polynomial size and constant depth, but every family of inverses *f* _{i} ^{−1} cannot. In this paper we give two provably one-way functions (in fact permutations) for constant depth circuits. The second example has the stronger property that no bit of its inverse can be computed in polynomial size and constant depth.

## Preview

Unable to display preview. Download preview PDF.

## 5. References

- [AM]L. Adleman and K. Manders, “Reducibility, randomness, and intractibility,”
*Proceedings of 9th ACM Symposium on Theory of Computing*, 1977, pp. 151–163.Google Scholar - [A]M. Ajtai, “Σ
_{1}^{1}-formulae on finite structures,”*Annals of Pure and Applied Logic*24, 1983, pp. 1–48.CrossRefGoogle Scholar - [AW]M. Ajtai and A. Wigderson, “Deterministic simulation of probabilistic constant depth circuits,”
*Proceedings of 26th IEEE Symposium on Foundations of Computer Science*, 1985, pp. 11–19.Google Scholar - [Ba]D. Barrington, personal communication, December 1985.Google Scholar
- [BMx]M. Blum and S. Micali, “How to generate cryptographically strong sequences of pseudo random bits,”
*SIAM Journal on Computing*13, 1984, pp. 850–864.CrossRefGoogle Scholar - [Br]G. Brassard, “Relativized cryptography,”
*IEEE Transactions on Information Theory*29, 1983, pp. 877–894.Google Scholar - [CSV]A. K. Chandra, L. Stockmeyer and U. Vishkin, “A complexity theory for unbounded fan-in parallelism,”
*Proceedings of 23rd IEEE Symposium on Foundations of Computer Science*, 1982, pp. 1–13.Google Scholar - [C]S. A. Cook, “The complexity of theorem proving procedures,”
*Proceedings of 3rd ACM Symposium on Theory of Computing*, 1971, pp. 151–158.Google Scholar - [FSS]M. Furst, J. B. Saxe and M. Sipser, “Parity, circuits, and the polynomial time hierarchy,”
*Mathematical Systems Theory*17, 1984, pp. 13–28.CrossRefGoogle Scholar - [GS]J. Grollman and A. L. Selman, “Complexity measures for public-key cryptosystems,”
*Proceedings of 25th IEEE Symposium on Foundations of Computer Science*, 1984, pp. 495–503.Google Scholar - [H1]J. Hastad, “Improved lower bounds for small depth circuits,” to appear in
*Proceedings of 18th ACM Symposium on Theory of Computing*, 1986.Google Scholar - [H2]
- [I]N. Immerman, “Languages which capture complexity classes,”
*Proceedings of 15th ACM Symposium on Theory of Computing*, 1983, pp. 347–354.Google Scholar - [KL]R. M. Karp and R. J. Lipton, “Turing machines that take advice,”
*L'Enseignment Mathematique*28, 1982, pp. 191–209. (preliminary version appeared in “Some connections between non-uniform and uniform complexity classes,”*Proceedings of 12th ACM Symposium on Theory of Computing*, 1980, pp. 302–309.)Google Scholar - [Le]L. A. Levin, “One-way functions and pseudorandom generators,”
*Proceedings of 17th ACM Symposium on Theory of Computing*, 1985, pp. 363–365.Google Scholar - [Lo]T. J. Long, “On
*γ*-reducibility versus polynomial time many-one reducibility,”*Proceedings of 11th ACM Symposium on Theory of Computing*, 1979, pp. 278–287.Google Scholar - [O]A. Odlyzko, “Discrete logarithms in finite fields and their cryptographic significance,” preprint.Google Scholar
- [Sa]J. E. Savage,
*The Complexity of Computing*, John Wiley and Sons, New York, NY, 1976.Google Scholar - [Se]A. Selman, “Remarks about natural self-reducible sets in
*NP*and complexity measures for public key cryptosystems,” preprint.Google Scholar - [V]L. Valiant, “Relative complexity of checking and evaluating,”
*Information Processing Letters*5, 1976, pp. 20–23.CrossRefGoogle Scholar - [Y1]A. C. Yao, “Theory and applications of trapdoor functions,”
*Proceedings of 23rd IEEE Symposium on Foundations of Computer Science*, 1982, pp. 80–91.Google Scholar - [Y2]A. C. Yao, “Separating the polynomial-time hierarchy by oracles,”
*Proceedings of 26th IEEE Symposium on Foundations of Computer Science*, 1985, pp. 1–10.Google Scholar