• 沒有找到結果。

The Majority Vote Algorithm

N/A
N/A
Protected

Academic year: 2022

Share "The Majority Vote Algorithm"

Copied!
81
0
0

加載中.... (立即查看全文)

全文

(1)

Magic 3/4?

• The number 3/4 bounds the probability (ratio) of a right answer away from 1/2.

• Any constant strictly between 1/2 and 1 can be used without affecting the class BPP.

• In fact, as with RP,

1

2 + 1 q(n)

for any polynomial q(n) can replace 3/4.

• The next algorithm shows why.

(2)

The Majority Vote Algorithm

Suppose L is decided by N by majority (1/2) + .

1: for i = 1, 2, . . . , 2k + 1 do

2: Run N on input x;

3: end for

4: if “yes” is the majority answer then

5: “yes”;

6: else

7: “no”;

8: end if

(3)

Analysis

• By Corollary 77 (p. 604), the probability of a false answer is at most e−2k.

• By taking k =  2/2 , the error probability is at most 1/4.

• Even if  is any inverse polynomial, k remains a polynomial in n.

• The running time remains polynomial: 2k + 1 times N’s running time.

(4)

Aspects of BPP

• BPP is the most comprehensive yet plausible notion of efficient computation.

– If a problem is in BPP, we take it to mean that the problem can be solved efficiently.

– In this aspect, BPP has effectively replaced P.

• (RP ∪ coRP) ⊆ (NP ∪ coNP).

• (RP ∪ coRP) ⊆ BPP.

• Whether BPP ⊆ (NP ∪ coNP) is unknown.

• But it is unlikely that NP ⊆ BPP.a

(5)

coBPP

• The definition of BPP is symmetric: acceptance by clear majority and rejection by clear majority.

• An algorithm for L ∈ BPP becomes one for ¯L by reversing the answer.

• So ¯L ∈ BPP and BPP ⊆ coBPP.

• Similarly coBPP ⊆ BPP.

• Hence BPP = coBPP.

• This approach does not work for RP.a

aIt did not work for NP either.

(6)

BPP and coBPP

Ø\HVÙ ØQRÙ ØQRÙ Ø\HVÙ

(7)

“The Good, the Bad, and the Ugly”

P BPP ZPP

RP coRP

NP coNP

(8)

Circuit Complexity

• Circuit complexity is based on boolean circuits instead of Turing machines.

• A boolean circuit with n inputs computes a boolean function of n variables.

• Now, identify true/1 with “yes” and false/0 with “no.”

• Then a boolean circuit with n inputs accepts certain strings in { 0, 1 }n.

• To relate circuits with an arbitrary language, we need

(9)

Formal Definitions

• The size of a circuit is the number of gates in it.

• A family of circuits is an infinite sequence

C = (C0, C1, . . .) of boolean circuits, where Cn has n boolean inputs.

• For input x ∈ { 0, 1 }, C| x | outputs 1 if and only if x ∈ L.

• In other words,

Cn accepts L ∩ { 0, 1 }n.

(10)

Formal Definitions (concluded)

• L ⊆ { 0, 1 } has polynomial circuits if there is a family of circuits C such that:

– The size of Cn is at most p(n) for some fixed polynomial p.

– Cn accepts L ∩ { 0, 1 }n.

(11)

Exponential Circuits Suffice for All Languages

• Theorem 16 (p. 208) implies that there are languages that cannot be solved by circuits of size 2n/(2n).

• But surprisingly, circuits of size 2n+2 can solve all problems, decidable or otherwise!

(12)

Exponential Circuits Suffice for All Languages (continued)

Proposition 78 All decision problems (decidable or otherwise) can be solved by a circuit of size 2n+2.

• We will show that for any language L ⊆ { 0, 1 }, L ∩ { 0, 1 }n can be decided by a circuit of size 2n+2.

• Define boolean function f : { 0, 1 }n → { 0, 1 }, where

f (x1x2 · · · xn) =

⎧⎨

1 x1x2 · · · xn ∈ L, 0 x1x2 · · · xn ∈ L.

(13)

The Proof (concluded)

• Clearly, any circuit that implements f decides L ∩ { 0, 1 }n.

• Now,

f (x1x2 · · · xn) = (x1 ∧ f(1x2 · · · xn)) ∨ (¬x1 ∧ f(0x2 · · · xn)).

• The circuit size s(n) for f(x1x2 · · · xn) hence satisfies s(n) = 4 + 2s(n − 1)

with s(1) = 1.

• Solve it to obtain s(n) = 5 × 2n−1 − 4 ≤ 2n+2.

(14)

The Circuit Complexity of P

Proposition 79 All languages in P have polynomial circuits.

• Let L ∈ P be decided by a TM in time p(n).

• By Corollary 34 (p. 312), there is a circuit with O(p(n)2) gates that accepts L ∩ { 0, 1 }n.

• The size of that circuit depends only on L and the length of the input.

• The size of that circuit is polynomial in n.

(15)

Polynomial Circuits vs. P

• Is the converse of Proposition 79 true?

– Do polynomial circuits accept only languages in P?

• No.

• Polynomial circuits can accept undecidable languages!

(16)

BPP’s Circuit Complexity: Adleman’s Theorem

Theorem 80 (Adleman, 1978) All languages in BPP have polynomial circuits.

• Our proof will be nonconstructive in that only the existence of the desired circuits is shown.

– Recall our proof of Theorem 16 (p. 208).

– Something exists if its probability of existence is nonzero.

• It is not known how to efficiently generate circuit Cn. – If the construction of Cn can be made efficient, then

(17)

The Proof

• Let L ∈ BPP be decided by a precise polynomial-time NTM N by clear majority.

• We shall prove that L has polynomial circuits C0, C1, . . ..

– These deterministic circuits do not err.

• Suppose N runs in time p(n), where p(n) is a polynomial.

• Let An = { a1, a2, . . . , am }, where ai ∈ { 0, 1 }p(n).

• Each ai ∈ An represents a sequence of nondeterministic choices (i.e., a computation path) for N .

• Pick m = 12(n + 1).

(18)

The Proof (continued)

• Let x be an input with | x | = n.

• Circuit Cn simulates N on x with all sequences of choices in An and then takes the majority of the m outcomes.a

– Note that each An yields a circuit.

• As N with ai is a polynomial-time deterministic TM, it can be simulated by polynomial circuits of size O(p(n)2).

– See the proof of Proposition 79 (p. 619).

aAs m is even, there may be no clear majority. Still, the probability

(19)

The Circuit

,2 ,

, ,

  

(20)

The Proof (continued)

• The size of Cn is therefore O(mp(n)2) = O(np(n)2).

– This is a polynomial.

• We now confirm the existence of an An making Cn correct on all n-bit inputs.

• Call ai bad if it leads N to an error (a false positive or a false negative) for x.

• Select An uniformly randomly.

(21)

The Proof (continued)

• For each x ∈ { 0, 1 }n, 1/4 of the computations of N are erroneous.

• Because the sequences in An are chosen randomly and independently, the expected number of bad ai’s is m/4.a

• Also note after fixing the input x, the circuit is a function of the random bits.

aSo the proof will not work for NP. Contributed by Mr. Ching-Hua Yu (D00921025) on December 11, 2012.

(22)

The Proof (continued)

• By the Chernoff bound (p. 599), the probability that the number of bad ai’s is m/2 or more is at most

e−m/12 < 2−(n+1).

• The error probability of using the majority rule is thus

< 2−(n+1) for each x ∈ { 0, 1 }n.

(23)

The Proof (continued)

• The probability that there is an x such that An results in an incorrect answer is

< 2n2−(n+1) = 2−1.

– Recall the union bound (Boole’s inequality):

prob[ A ∪ B ∪ · · · ] ≤ prob[ A ] + prob[ B ] + · · · .

• We just showed that at least half of them are correct.

• So with probability ≥ 0.5, a random An produces a correct Cn for all inputs of length n.

– Of course, verifying this fact may take a long time.

(24)

The Proof (concluded)

• Because this probability exceeds 0, an An that makes majority vote work for all inputs of length n exists.

• Hence a correct Cn exists.a

• We have used the probabilistic method popularized by Erd˝os.b

• This result answers the question on p. 530 with a “yes.”

aQuine (1948), “To be is to be the value of a bound variable.”

bA counting argument in the probabilistic language.

(25)

Leonard Adleman

a

(1945–)

aTuring Award (2002).

(26)

Paul Erd˝ os (1913–1996)

(27)

Cryptography

(28)

Whoever wishes to keep a secret must hide the fact that he possesses one.

— Johann Wolfgang von Goethe (1749–1832)

(29)

Cryptography

• Alice (A) wants to send a message to Bob (B) over a channel monitored by Eve (eavesdropper).

• The protocol should be such that the message is known only to Alice and Bob.

• The art and science of keeping messages secure is cryptography.

Alice Eve -

Bob

(30)

Encryption and Decryption

• Alice and Bob agree on two algorithms E and D—the encryption and the decryption algorithms.

• Both E and D are known to the public in the analysis.

• Alice runs E and wants to send a message x to Bob.

• Bob operates D.

(31)

Encryption and Decryption (concluded)

• Privacy is assured in terms of two numbers e, d, the encryption and decryption keys.

• Alice sends y = E(e, x) to Bob, who then performs D(d, y) = x to recover x.

• x is called plaintext, and y is called ciphertext.a

aBoth “zero” and “cipher” come from the same Arab word.

(32)

Some Requirements

• D should be an inverse of E given e and d.

• D and E must both run in (probabilistic) polynomial time.

• Eve should not be able to recover x from y without knowing d.

– As D is public, d must be kept secret.

– e may or may not be a secret.

(33)

Degree of Security

• Perfect secrecy: After a ciphertext is intercepted by the enemy, the a posteriori probabilities of the plaintext that this ciphertext represents are identical to the a

priori probabilities of the same plaintext before the interception.

– The probability that plaintext P occurs is

independent of the ciphertext C being observed.

– So knowing C yields no advantage in recovering P.

(34)

Degree of Security (concluded)

• Such systems are said to be informationally secure.

• A system is computationally secure if breaking it is theoretically possible but computationally infeasible.

(35)

Conditions for Perfect Secrecy

a

• Consider a cryptosystem where:

– The space of ciphertext is as large as that of keys.

– Every plaintext has a nonzero probability of being used.

• It is perfectly secure if and only if the following hold.

– A key is chosen with uniform distribution.

– For each plaintext x and ciphertext y, there exists a unique key e such that E(e, x) = y.

aShannon (1949).

(36)

The One-Time Pad

a

1: Alice generates a random string r as long as x;

2: Alice sends r to Bob over a secret channel;

3: Alice sends x ⊕ r to Bob over a public channel;

4: Bob receives y;

5: Bob recovers x := y ⊕ r;

aMauborgne & Vernam (1917); Shannon (1949). It was allegedly used for the hotline between Russia and U.S.

(37)

Analysis

• The one-time pad uses e = d = r.

• This is said to be a private-key cryptosystem.

• Knowing x and knowing r are equivalent.

• Because r is random and private, the one-time pad achieves perfect secrecy.a

• The random bit string must be new for each round of communication.

• But the assumption of a private channel is problematic.

aSee p. 640.

(38)

Public-Key Cryptography

a

• Suppose only d is private to Bob, whereas e is public knowledge.

• Bob generates the (e, d) pair and publishes e.

• Anybody like Alice can send E(e, x) to Bob.

• Knowing d, Bob can recover x via D(d, E(e, x)) = x.

aDiffie & Hellman (1976).

(39)

Public-Key Cryptography (concluded)

• The assumptions are complexity-theoretic.

– It is computationally difficult to compute d from e.

– It is computationally difficult to compute x from y without knowing d.

(40)

Whitfield Diffie

a

(1944–)

aTuring Award (2016).

(41)

Martin Hellman

a

(1945–)

aTuring Award (2016).

(42)

Complexity Issues

• Given y and x, it is easy to verify whether E(e, x) = y.

• Hence one can always guess an x and verify.

• Cracking a public-key cryptosystem is thus in NP.

• A necessary condition for the existence of secure public-key cryptosystems is P = NP.

• But more is needed than P = NP.

• For instance, it is not sufficient that D is hard to compute in the worst case.

(43)

One-Way Functions

A function f is a one-way function if the following hold.a 1. f is one-to-one.

2. For all x ∈ Σ, | x |1/k ≤ |f(x)| ≤ | x |k for some k > 0.

• f is said to be honest.

3. f can be computed in polynomial time.

4. f−1 cannot be computed in polynomial time.

• Exhaustive search works, but it must be slow.

aDiffie & Hellman (1976); Boppana & Lagarias (1986); Grollmann &

Selman (1988); Ko (1985); Ko, Long, & Du (1986); Watanabe (1985);

Young (1983).

(44)

Existence of One-Way Functions (OWFs)

• Even if P = NP, there is no guarantee that one-way functions exist.

• No functions have been proved to be one-way.

• Is breaking glass a one-way function?

(45)

Candidates of One-Way Functions

• Modular exponentiation f(x) = gx mod p, where g is a primitive root of p.

– Discrete logarithm is hard.a

• The RSAb function f (x) = xe mod pq for an odd e relatively prime to φ(pq).

– Breaking the RSA function is hard.

aConjectured to be 2n for some  > 0 in both the worst-case sense and average sense. Doable in time nO(log n) for finite fields of small char- acteristic (Barbulescu, et al., 2013). It is in NP in some sense (Grollmann

& Selman, 1988).

bRivest, Shamir, & Adleman (1978).

(46)

Candidates of One-Way Functions (concluded)

• Modular squaring f(x) = x2 mod pq.

– Determining if a number with a Jacobi symbol 1 is a quadratic residue is hard—the quadratic

residuacity assumption (QRA).a

– Breaking it is as hard as factorization when p ≡ q ≡ 3 mod 4.b

aDue to Gauss.

bRabin (1979).

(47)

The Secret-Key Agreement Problem

• Exchanging messages securely using a private-key cryptosystem requires Alice and Bob have the same key.a

– An example is the r in the one-time pad.b

• How can they agree on the same secret key when the channel is insecure?

• This is called the secret-key agreement problem.

• It was solved by Diffie and Hellman (1976) using one-way functions.

aSee p. 642.

bSee p. 641.

(48)

The Diffie-Hellman Secret-Key Agreement Protocol

1: Alice and Bob agree on a large prime p and a primitive root g of p; {p and g are public.}

2: Alice chooses a large number a at random;

3: Alice computes α = ga mod p;

4: Bob chooses a large number b at random;

5: Bob computes β = gb mod p;

6: Alice sends α to Bob, and Bob sends β to Alice;

7: Alice computes her key βa mod p;

8: Bob computes his key αb mod p;

(49)

Analysis

• The keys computed by Alice and Bob are identical as βa = gba = gab = αb mod p.

• To compute the common key from p, g, α, β is known as the Diffie-Hellman problem.

• It is conjectured to be hard.a

• If discrete logarithm is easy, then one can solve the Diffie-Hellman problem.

– Because a and b can then be obtained by Eve.

• But the other direction is still open.

aThis is the computational Diffie-Hellman assumption (CDH).

(50)

The RSA Function

• Let p, q be two distinct primes.

• The RSA function is xe mod pq for an odd e relatively prime to φ(pq).

– By Lemma 58 (p. 480),

φ(pq) = pq



1 1 p

 

1 1 q



= pq − p − q + 1. (15)

• As gcd(e, φ(pq)) = 1, there is a d such that ed ≡ 1 mod φ(pq),

which can be found by the Euclidean algorithm.a

(51)

A Public-Key Cryptosystem Based on RSA

• Bob generates p and q.

• Bob publishes pq and the encryption key e, a number relatively prime to φ(pq).

– The encryption function is

y = xe mod pq.

– Bob calculates φ(pq) by Eq. (15) (p. 655).

– Bob then calculates d such that ed = 1 + kφ(pq) for some k ∈ Z.

(52)

A Public-Key Cryptosystem Based on RSA (continued)

• The decryption function is

yd mod pq.

• It works because

yd = xed = x1+kφ(pq) = x mod pq

by the Fermat-Euler theorem when gcd(x, pq) = 1 (p. 489).

(53)

A Public-Key Cryptosystem Based on RSA (continued)

• What if x is not relatively prime to pq?a

• As φ(pq) = (p − 1)(q − 1),

ed = 1 + k(p − 1)(q − 1).

• Say x ≡ 0 mod p.

• Then

yd ≡ xed ≡ 0 ≡ x mod p.

aOf course, one would be unlucky here.

(54)

A Public-Key Cryptosystem Based on RSA (continued)

• On the other hand, either x ≡ 0 mod q or x ≡ 0 mod q.

• If x ≡ 0 mod q, then

yd ≡ xed ≡ xed−1x ≡ xk(p−1)(q−1)x 

xq−1k(p−1) x

≡ x mod q.

by Fermat’s “little” theorem (p. 487).

• If x ≡ 0 mod q, then

yd ≡ xed ≡ 0 ≡ x mod q.

(55)

A Public-Key Cryptosystem Based on RSA (concluded)

• By the Chinese remainder theorem (p. 486), yd ≡ xed ≡ 0 ≡ x mod pq, even when x is not relatively prime to p.

• When x is not relatively prime to q, the same conclusion holds.

(56)

The “Security” of the RSA Function

• Factoring pq or calculating d from (e, pq) seems hard.a

• Breaking the last bit of RSA is as hard as breaking the RSA.b

• Recommended RSA key sizes:c – 1024 bits up to 2010.

– 2048 bits up to 2030.

– 3072 bits up to 2031 and beyond.

aSee also p. 485.

bAlexi, Chor, Goldreich, & Schnorr (1988).

c

(57)

The “Security” of the RSA Function (continued)

• Recall that problem A is “harder than” problem B if solving A results in solving B.

– Factorization is “harder than” breaking the RSA.

– It is not hard to show that calculating Euler’s phi functiona is “harder than” breaking the RSA.

– Factorization is “harder than” calculating Euler’s phi function (see Lemma 58 on p. 480).

– So factorization is harder than calculating Euler’s phi function, which is harder than breaking the RSA.

aWhen the input is not factorized!

(58)

The “Security” of the RSA Function (concluded)

• Factorization cannot be NP-hard unless NP = coNP.a

• So breaking the RSA is unlikely to imply P = NP.

• But numbers can be factorized efficiently by quantum computers.b

• RSA was alleged to have received 10 million US dollars from the government to promote unsecure p and q.c

aBrassard (1979).

bShor (1994).

cMenn (2013).

(59)

Adi Shamir, Ron Rivest, and Leonard Adleman

(60)

Ron Rivest

a

(1947–)

(61)

Adi Shamir

a

(1952–)

aTuring Award (2002).

(62)

A Parallel History

• Diffie and Hellman’s solution to the secret-key

agreement problem led to public-key cryptography.

• In 1973, the RSA public-key cryptosystem was invented in Britain before the Diffie-Hellman secret-key

agreement scheme.a

aEllis, Cocks, and Williamson of the Communications Electronics Se- curity Group of the British Government Communications Head Quarters (GCHQ).

(63)

Is a forged signature the same sort of thing as a genuine signature, or is it a different sort of thing?

— Gilbert Ryle (1900–1976), The Concept of Mind (1949)

“Katherine, I gave him the code.

He verified the code.”

“But did you verify him?”

— The Numbers Station (2013)

(64)

Digital Signatures

a

• Alice wants to send Bob a signed document x.

• The signature must unmistakably identifies the sender.

• Both Alice and Bob have public and private keys eAlice, eBob, dAlice, dBob.

• Every cryptosystem guarantees D(d, E(e, x)) = x.

• Assume the cryptosystem also satisfies the commutative property

E(e, D(d, x)) = D(d, E(e, x)). (16) – E.g., the RSA system satisfies it as (xd)e = (xe)d.

(65)

Digital Signatures Based on Public-Key Systems

• Alice signs x as

(x, D(dAlice, x)).

• Bob receives (x, y) and verifies the signature by checking E(eAlice, y) = E(eAlice, D(dAlice, x)) = x

based on Eq. (16).

• The claim of authenticity is founded on the difficulty of inverting EAlice without knowing the key dAlice.

(66)

Blind Signatures

a

• There are applications where the document author (Alice) and the signer (Bob) are different parties.

• Sender privacy: We do not want Bob to see the document.

– Anonymous electronic voting systems, digital cash schemes, anonymous payments, etc.

• Idea: The document is blinded by Alice before it is signed by Bob.

• The resulting blind signature can be publicly verified against the original, unblinded document x as before.

(67)

Blind Signatures Based on RSA

Blinding by Alice:

1: Pick r ∈ Zn randomly;

2: Send x = xre mod n to Bob; {x is blinded by re.}

• Note that r → re mod n is a one-to-one correspondence.

• Hence re mod n is a random number, too.

• As a result, x is random and leaks no information.

(68)

Blind Signatures Based on RSA (continued)

Signing by Bob with his private decryption key d:

1: Send the blinded signature s = (x)d mod n to Alice;

(69)

Blind Signatures Based on RSA (continued)

The RSA signature of Alice:

1: Alice obtains the signature s = sr−1 mod n;

• This works because

s ≡ sr−1 ≡ (x)dr−1 ≡ (xre)dr−1 ≡ xdred−1 ≡ xd mod n by the properties of the RSA function.

• Note that only Alice knows r.

(70)

Blind Signatures Based on RSA (concluded)

• Anyone can verify the document was signed by Bob by checking with Bob’s encryption key e the following:

se ≡ x mod n.

• But Bob does not know s is related to x (thus Alice).

(71)

Probabilistic Encryption

a

• A deterministic cryptosystem can be broken if the

plaintext has a distribution that favors the “easy” cases.

• The ability to forge signatures on even a vanishingly small fraction of strings of some length is a security weakness if those strings were the probable ones!

• A scheme may also “leak” partial information.

– Parity of the plaintext, e.g.

• The first solution to the problems of skewed distribution and partial information was based on the QRA.

aGoldwasser & Micali (1982). This paper “laid the framework for modern cryptography” (2013).

(72)

Shafi Goldwasser

a

(1958–)

aTuring Award (2013).

(73)

Silvio Micali

a

(1954–)

aTuring Award (2013).

(74)

Goldwasser and Micali

(75)

A Useful Lemma

Lemma 81 Let n = pq be a product of two distinct primes.

Then a number y ∈ Zn is a quadratic residue modulo n if and only if (y | p) = (y | q) = 1.

• The “only if” part:

– Let x be a solution to x2 = y mod pq.

– Then x2 = y mod p and x2 = y mod q also hold.

– Hence y is a quadratic modulo p and a quadratic residue modulo q.

(76)

The Proof (concluded)

• The “if” part:

– Let a21 = y mod p and a22 = y mod q.

– Solve

x = a1 mod p, x = a2 mod q,

for x with the Chinese remainder theorem (p. 486).

– As x2 = y mod p, x2 = y mod q, and gcd(p, q) = 1, we must have x2 = y mod pq.

(77)

The Jacobi Symbol and Quadratic Residuacity Test

• The Legendre symbol can be used as a test for quadratic residuacity by Lemma 68 (p. 554).

• Lemma 81 (p. 680) says this is not the case with the Jacobi symbol in general.

• Suppose n = pq is a product of two distinct primes.

• A number y ∈ Zn with Jacobi symbol (y | pq) = 1 is a quadratic nonresidue modulo n when

(y | p) = (y | q) = −1, because (y | pq) = (y | p)(y | q).

(78)

The Setup

• Bob publishes n = pq, a product of two distinct primes, and a quadratic nonresidue y with Jacobi symbol 1.

• Bob keeps secret the factorization of n.

• Alice wants to send bit string b1b2 · · · bk to Bob.

• Alice encrypts the bits by choosing a random quadratic residue modulo n if bi is 1 and a random quadratic

nonresidue (with Jacobi symbol 1) otherwise.

• So a sequence of residues and nonresidues are sent.

• Knowing the factorization of n, Bob can efficiently test

(79)

The Protocol for Alice

1: for i = 1, 2, . . . , k do

2: Pick r ∈ Zn randomly;

3: if bi = 1 then

4: Send r2 mod n; {Jacobi symbol is 1.}

5: else

6: Send r2y mod n; {Jacobi symbol is still 1.}

7: end if

8: end for

(80)

The Protocol for Bob

1: for i = 1, 2, . . . , k do

2: Receive r;

3: if (r| p) = 1 and (r | q) = 1 then

4: bi := 1;

5: else

6: bi := 0;

7: end if

8: end for

(81)

Semantic Security

• This encryption scheme is probabilistic.

• There are a large number of different encryptions of a given message.

• One is chosen at random by the sender to represent the message.

– Encryption is a one-to-many mapping.

• This scheme is both polynomially secure and semantically secure.

參考文獻

相關文件

• Adding restrictions on the allowable solutions (the solution space) may make a problem harder, equally hard, or easier.. • It is

• Adding restrictions on the allowable solutions (the solution space) may make a problem harder, equally hard, or easier.. • It is

• Adding restrictions on the allowable solutions (the solution space) may make a problem harder, equally hard, or easier.. • It is

Sometimes called integer linear programming (ILP), in which the objective function and the constraints (other than the integer constraints) are linear.. Note that integer programming

Now, nearly all of the current flows through wire S since it has a much lower resistance than the light bulb. The light bulb does not glow because the current flowing through it

Then, it is easy to see that there are 9 problems for which the iterative numbers of the algorithm using ψ α,θ,p in the case of θ = 1 and p = 3 are less than the one of the

Courtesy: Ned Wright’s Cosmology Page Burles, Nolette &amp; Turner, 1999?. Total Mass Density

It is well known that the Fréchet derivative of a Fréchet differentiable function, the Clarke generalized Jacobian of a locally Lipschitz continuous function, the