Cryptographic limitations on learning Boolean formulae and finite automata

In this paper, we prove the intractability of learning several classes of Boolean functions in the distribution-free model (also called the Probably Approximately Correct or PAC model) of learning from examples. These results are representation independent, in that they hold regardless of the syntactic form in which the learner chooses to represent its hypotheses. Our methods reduce the problems of cracking a number of well-known public-key cryptosystems to the learning problems. We prove that a polynomial-time learning algorithm for Boolean formulae, deterministic finite automata or constant-depth threshold circuits would have dramatic consequences for cryptography and number theory. In particular, such an algorithm could be used to break the RSA cryptosystem, factor Blum integers (composite numbers equivalent to 3 modulo 4), and detect quadratic residues. The results hold even if the learning algorithm is only required to obtain a slight advantage in prediction over random guessing. The techniques used demonstrate an interesting duality between learning and cryptography. We also apply our results to obtain strong intractability results for approximating a generalization of graph coloring.

[1]  H. Chernoff A Measure of Asymptotic Efficiency for Tests of a Hypothesis Based on the sum of Observations , 1952 .

[2]  Alfred V. Aho,et al.  The Design and Analysis of Computer Algorithms , 1974 .

[3]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[4]  Gary L. Miller,et al.  On taking roots in finite fields , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[5]  E. Mark Gold,et al.  Complexity of Automaton Identification from Given Data , 1978, Inf. Control..

[6]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[7]  M. Garey Johnson: computers and intractability: a guide to the theory of np- completeness (freeman , 1979 .

[8]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[9]  Leslie G. Valiant,et al.  Fast probabilistic algorithms for hamiltonian circuits and matchings , 1977, STOC '77.

[10]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[11]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[12]  Avi Wigderson,et al.  A new approximate graph coloring algorithm , 1982, STOC '82.

[13]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[14]  Leslie G. Valiant,et al.  A theory of the learnable , 1984, STOC '84.

[15]  Uzi Vishkin,et al.  Constant Depth Reducibility , 1984, SIAM J. Comput..

[16]  Leslie G. Valiant,et al.  Learning Disjunction of Conjunctions , 1985, IJCAI.

[17]  Leonid A. Levin,et al.  One-way functions and pseudorandom generators , 1985, STOC '85.

[18]  David Haussler,et al.  Classifying learnable geometric concepts with the Vapnik-Chervonenkis dimension , 1986, STOC '86.

[19]  Stephen A. Cook,et al.  Log Depth Circuits for Division and Related Problems , 1986, SIAM J. Comput..

[20]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[21]  Evangelos Kranakis Primality and cryptography , 1986, Wiley-Teubner series in computer science.

[22]  Dana Angluin,et al.  Learning Regular Sets from Queries and Counterexamples , 1987, Inf. Comput..

[23]  Leslie G. Valiant,et al.  On the learnability of Boolean formulae , 1987, STOC.

[24]  David Haussler,et al.  Occam's Razor , 1987, Inf. Process. Lett..

[25]  Leslie G. Valiant,et al.  Functionality in neural nets , 1988, COLT '88.

[26]  Ronald L. Rivest,et al.  Training a 3-node neural network is NP-complete , 1988, COLT '88.

[27]  Leonard Pitt,et al.  Reductions among prediction problems: on the difficulty of predicting automata , 1988, [1988] Proceedings. Structure in Complexity Theory Third Annual Conference.

[28]  Oded Goldreich,et al.  RSA and Rabin Functions: Certain Parts are as Hard as the Whole , 1988, SIAM J. Comput..

[29]  D. Angluin Queries and Concept Learning , 1988 .

[30]  Umesh V. Vazirani,et al.  On the learnability of finite automata , 1988, Annual Conference Computational Learning Theory.

[31]  J. Stephen Judd,et al.  Learning in neural networks , 1988, COLT '88.

[32]  David Haussler,et al.  Predicting (0, 1)-functions on randomly drawn points , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[33]  Leslie G. Valiant,et al.  Computational limitations on learning from examples , 1988, JACM.

[34]  Leslie G. Valiant,et al.  A general lower bound on the number of examples needed for learning , 1988, COLT '88.

[35]  Alon Itai,et al.  Learnability by fixed distributions , 1988, COLT '88.

[36]  Tao Jiang,et al.  Learning regular languages from counterexamples , 1988, COLT '88.

[37]  David Haussler,et al.  Equivalence of models for polynomial learnability , 1988, COLT '88.

[38]  Noam Nisan,et al.  Constant depth circuits, Fourier transform, and learnability , 1989, 30th Annual Symposium on Foundations of Computer Science.

[39]  Avrim Blum,et al.  An O(n0.4)-approximation algorithm for 3-coloring , 1989, STOC '89.

[40]  Leonard Pitt,et al.  The minimum consistent DFA problem cannot be approximated within and polynomial , 1989, STOC '89.

[41]  Leonard Pitt,et al.  The minimum consistent DFA problem cannot be approximated within any polynomial , 1989, [1989] Proceedings. Structure in Complexity Theory Fourth Annual Conference.

[42]  David Haussler,et al.  Learnability and the Vapnik-Chervonenkis dimension , 1989, JACM.

[43]  Leonard Pitt,et al.  A polynomial-time algorithm for learning k-variable pattern languages from examples , 1989, COLT '89.

[44]  Dana Angluin,et al.  When won't membership queries help? , 1991, STOC '91.

[45]  J. Reif,et al.  On Threshold Circuits and Polynomial Computation , 1992, SIAM J. Comput..