- Answer the problems on the exam pages.
- There are five short problems, for ten points each, and three
long problems for 25 points each. Attempt all the short problems
and
*only two*of the long ones -- the maximum score is thus 100. If you attempt all three long problems I will take the scores of the best two. Actual scale was A = 84, B = 56. - No books, notes, calculators, or collaboration.

Q1: 10 points Q2: 10 points Q3: 10 points Q4: 10 points Q5: 10 points Q6: 25 points Q7: 25 points Q8: 25 points Total: max 100 points

**Question 1 (10):**An**oblivious Turing machine**has an input tape and k worktapes for some constant k. It has the property that the positions of the head on each tape depend on the input*size*, not on the input contents. That is, there are functions p_{I}(n,t), p_{1}(n,t), ..., p_{k}(n,t) such that p_{j}(n,t), for example, gives the position of tape j's head after t steps on any input of size n.Define OBL-P to be the set of languages A such that A = L(M) for some oblivious Turing machine with a polynomial time bound. Prove carefully that OBL-P = P. (This result is in the book, of course, but you must present it rather than quote it!) (Notes added during exam: You

*may*use without proof the result that a k-tape TM may be simulated by a one-tape TM with polynomial time overhead. "P" is defined in terms of multitape TM's.)**Question 2 (10):**The language CKT-SAT is defined to be all pairs (C, x) where C is a boolean circuit of fan-in at most 2, C has n + m inputs, x is a string of length n, and there exists a string y of length m such that C(x, y) = 1. Prove that CKT-SAT is NP-complete. You may assume the NP-completeness of languages proven to be NP-complete in Chapter 2 or its exercises, but of course not the NP-completeness of CKT-SAT itself which is proved in Chapter 6. (Note added during exam: C is part of the input (C, x).)**Question 3 (10):**Let A be any language in the class L = DSPACE(log n). Prove that A ∈ AC^{1}, meaning that there is a log-space uniform circuit family {C_{n}} deciding A, where the circuit C_{n}has size n^{O(1)}, depth O(log n), and unbounded fan-in. Argue the log-space uniformity of the circuit family carefully, making clear that you understand the definition.**Question 4 (10):**Let p be an odd prime number and let {h_{a}: a ∈ Z_{p}} be a family of hash functions from Z_{p}to itself, defined by the rule h_{a}(b) = a + b where the addition is taken modulo p. Is this a family of pairwise independent hash functions? Prove your answer. (Note added during exam: Z_{p}= GF(p) = "the integers modulo p", and p is fixed for the problem.)**Question 5 (10):**Consider a quantum register of three qubits, so that a state of the register is a quantum superposition of the eight pure states |000>, |001>, ..., |111>. A**Toffoli gate**is a quantum operation that takes each pure state |abc> to the pure state |abd>, where d = c ⊕ (a ∧ b).Prove that the Toffoli gate is a valid quantum operation because its matrix is

**unitary**(i.e., it satisfies the rule AA^{T}= I where A^{T}is the transpose of A). (Hint: Find the inverse of the operation and argue from there. You can solve this problem with or without working with any specific 8 by 8 matrices.)What is the result of applying a Toffoli gate to a register with state that is the sum, over all a, b, and c in {0,1}, of (1/√8)|abc>? What is the probability of observing each pure state if this register is observed after the Toffoli gate is applied?

What is the result of applying a Toffoli gate to a register with state (1/2)(|000> + |011> + |101> + |110>)? What is the probability of observing each pure state if this register is observed after the Toffoli gate is applied?

**Question 6 (25):**This problem involves a hierarchy theorem for alternating time. We assume throughout that f and g are time-constructible functions, with f(n) ≥ n and g(n) ≥ n, and that alternating machines have random access to their input.- (a,5) Briefly justify the claims that ATIME(f) ⊆ DSPACE(f)
and that DSPACE(f) ⊆ ATIME(f
^{2}). (These are two of the four parts of the Alternation Theorem.) - (b,5) Use the facts from (a), and the Space Hierarchy Theorem, to
prove that if f = o(g), then ATIME(f) is strictly contained in
ATIME(g
^{2}). - (c,10) Prove that with f and g as defined above, if ATIME(n) = ATIME(g), then ATIME(f) = ATIME(g º f). (Recall that (g º f)(n) is defined to be g(f(n)).)
- (d,5) Use parts (b) and (c) to argue that for any constant
ε > 0, ATIME(n) is strictly contained in
ATIME(n
^{1 + ε}).

- (a,5) Briefly justify the claims that ATIME(f) ⊆ DSPACE(f)
and that DSPACE(f) ⊆ ATIME(f
**Question 7 (25):**These questions all involve the complexity class BPP. Recall that a language A is in BPP if there exists a poly-time probabilistic Turing machine M such that if x ∈ A, Pr[M(x) = 1] ≥ 2/3, and if x ∉ A, Pr[M(x) = 1] ≤ 1/3.- (a,5) Explain why BPP is contained within alternating polynomial time.
(Note added during exam: You may
*not*use the Sipser-Gacs theorem (that BPP ⊆ Σ_{2}^{p}) without proof.) - (b,10) Explain why if A is any language in BPP, there exists a
circuit family {C
_{n}} deciding A, where the size of C_{n}is n^{O(1)}. (Note that this family is not necessarily a uniform family. - (c,5) Argue that if NP = BPP, then the polynomial hierarchy collapses. (You may combine a known result with part (b).)
- (d,5) Secure pseudorandom generators are defined in Question 8 below.
Prove that if a secure PRG exists with stretch 2
^{n}, then P = BPP.

- (a,5) Explain why BPP is contained within alternating polynomial time.
(Note added during exam: You may
**Question 8 (25):**Recall that a**pseudorandom generator**or**PRG**is a function taking strings of length n to strings of length s(n), where s(n) is a function called the**stretch**and s(n) > n for all n. A PRG is said to be**secure**if for any probabilistic poly-time function A, the probability that A(x) = 1, for a string x of length s(n) generated from a uniformly chosen seed of length n, differs from the probability that A(y) = 1, for a uniformly chosen random y of length s(n), by a negligible function of n.- (a,5) Prove that no secure PRG can exist if P = NP.
- (b,10) Let the encryption scheme E be defined so that for any key
k, a binary string of length n, and any plaintext string x of length L(n),
E
_{k}= x ⊕ G(k) where G is a secure PRG of stretch L(n). Prove that no probabilistic poly-time algorithm can use E_{k}(x) to predict any bit of x with much greater than 1/2 probability. Specifically, prove that if A is any such function, the probability (over a uniform random choice of k and any choices made by A) that A(E_{k}(x)) = (i,b) and x_{i}= b is at most 1/2 + ε(n), where ε is a negligible function. - (c,10) As in part (b), define E to be the encryption scheme defined
from a secure PRG G of stretch L(n). Let x
_{0}, the**chosen plaintext**, be some fixed string of length L(n). Also assume that L(n) ≥ 2n.A

**chosen plaintext attacker**for this scheme is a probabilistic poly-time algorithm A such that if a string y is equal to E_{k}(x_{0}) for*some*key k Pr[A(y) = 1] is at least n^{-c}for some constant c, and Pr[A(y) = 1] < ε(n) if there is no such k.Show that there cannot exist such a chosen plaintext attacer for E. (Hint: Given a hypothetical attacker A, construct a probabilistic poly-time machine B that operates on the pseudorandom or random one-time pads, and use the assumed security of G.) (Note added during exam: You may quote results from HW #8 without proof.)

Last modified 19 May 2010