1993-05-12 - Re: The Halting Problem

Header Data

From: Marc.Ringuette@GS80.SP.CS.CMU.EDU
To: cypherpunks@toad.com
Message Hash: 338ceec9f99e17bfeed7f626bb151c45a38e8d4c59b91751ced4e0796b03a107
Message ID: <9305122216.AA16730@toad.com>
Reply To: N/A
UTC Datetime: 1993-05-12 22:16:57 UTC
Raw Date: Wed, 12 May 93 15:16:57 PDT

Raw message

From: Marc.Ringuette@GS80.SP.CS.CMU.EDU
Date: Wed, 12 May 93 15:16:57 PDT
To: cypherpunks@toad.com
Subject: Re: The Halting Problem
Message-ID: <9305122216.AA16730@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


peb> It occurred to me that determining whether a set of random bytes is
peb> actually a crypto message could be reduced to the halting problem.

I think I can prove this can't be done for most kinds of messages.

For a wide range of cases we can know trivially that decryption is in NP.
The line of reasoning is this:  one definition of the class NP is the class
of all problems whose solutions can be verified in polynomial time.  So for
any encryption method which allows the recipient to verify in polynomial time
that his decryption is the only possible intended message, we know that the
decryption problem is in NP.

These conditions are met in the following cases:
   - Conventional public key encryption
   - Any cryptosystem with a short key and a space of allowable messages
     which is sparse enough that there's a low probability of two messages
     corresponding to the same ciphertext.  This includes most cases in
     which a digital signature or CRC is added to the end of a message.


-- Marc Ringuette (mnr@cs.cmu.edu)





Thread