Abstract

This chapter explores a topic in the intersection of two fields to which Alan Turing has made fundamental contributions: the theory of computing and cryptography.

A main goal in cryptography is to prove the security of cryptographic schemes. This means that one wants to prove that the computational problem of breaking the scheme is infeasible, i.e., its solution requires an amount of computation beyond the reach of current and even foreseeable future technology. As cryptography is a mathematical science, one needs a (mathematical) definition of computation and of the complexity of computation. In modern cryptography, and more generally in theoretical computer science, the complexity of a problem is defined via the number of steps it takes for the best program on a universal Turing machine to solve the problem.

Unfortunately, for this general model of computation, no proofs of useful lower bounds on the complexity of a computational problem are known. However, if one considers a more restricted model of computation, which captures reasonable restrictions on the power of an algorithm, then very strong lower bounds can be proved. For example, one can prove an exponential lower bound on the complexity of computing discrete logarithms in a finite cyclic group, a key problem in cryptography, if one considers only so-called generic algorithms that cannot exploit the specific properties of the representation (as bit-strings) of the group elements.

Introduction

The task set to the authors of articles in this volume was to write about a topic of (general) scientific interest and related to Alan Turing's work. Here we present a topic in the intersection of computing theory and cryptography, two fields to which Turing has contributed significantly. The concrete technical goal of this chapter is to introduce the issue of provable security in cryptography. The article is partly based on Maurer (2005).

Computation and information are the two most fundamental concepts in computer science, much like mass, energy, time, and space are fundamental concepts in physics. Understanding these concepts continues to be a primary goal of research in theoretical computer science. As witnessed by Turing's work, many underlying questions are of as comparable intellectual depth to the fundamental questions in physics and mathematics, and are still far from being well understood.

Abstract

In his important 1939 paper, Alan Turing introduced novel notions such as ordinal logics and oracle machines. These could be interpreted as possible ingredients of an approach to model human mathematical understanding in a way that goes beyond the conventional ideas of formal systems of axioms and rules of procedure. A hope appears to have been that in this way one might circumvent the limitations to formal reasoning that are revealed by Gödel's incompleteness theorems. In line with such aims, an idea of a cautious oracle device is here introduced (differing, in intention, from related ideas put forward by others previously), which is supposed to give accurate answers to mathematical questions whenever it claims to have an answer, but which may sometimes confess to being unable to provide an answer and sometimes continues trying indefinitely without success. Despite such devices seeming to be somewhat closer to human mathematical capabilities than appears to be provided by a standard Turing machine, or Turing oracle machine, they are still limited by being subject to a Gödel-type diagonalization argument. Although leaving open the question of what actual physical processes might underlie human mathematical insight, these arguments appear to indicate a significant constraint on any such hypothetical process.

Turing's ordinal logics

In early September 1955, I attended a lecture given by Max Newman on the topic of ordinal logic. I found the lecture to be one of the most fascinating that I ever attended. Alan Turing had died only a little over a year earlier and this talk was dedicated to him, being essentially based on Turing's 1939 paper on this topic. Newman also started his lecture by providing, as Turing had done in his paper, an introduction to Church's λ -calculus. It has been said that the somewhat limited initial impact that Turing's 1939 paper had on the mathematical community at that time may have been partly due to his phrasing the paper in terms of the λ -calculus, which is hard to employ in an explicit way and makes the reading difficult. Nonetheless, one of the things that did strike me particularly about Newman's lecture was the extraordinary economy of concept exhibited by Church's calculus.

Introduction

We offer here some historical notes on the conceptual routes taken in the development of recursion theory over the last 60 years, and their possible significance for computational practice. These illustrate, incidentally, the vagaries to which mathematical ideas may be susceptible on the one hand, and – once keyed into a research program – their endless exploitation on the other.

At the hands primarily of mathematical logicians, the subject of effective computability, or recursion theory as it has come to be called (for historical reasons to be explained in the next section), has developed along several interrelated but conceptually distinctive lines. While this began with what were offered as analyses of the absolute limits of effective computability, the immediate primary aim was to establish negative results of the effective unsolvability of various problems in logic and mathematics. From this the subject turned to refined classifications of unsolvability for which a myriad of techniques were developed. The germinal step, conceptually, was provided by Turing's notion of computability relative to an ‘oracle’. At the hands of Post, this provided the beginning of the subject of degrees of unsolvability, which became a massive research program of great technical difficulty and combinatorial complexity. Less directly provided by Turing's notion, but implicit in it, were notions of uniform relative computability, which led to various important theories of recursive functionals. Finally the idea of computability has been relativized by extension, in various ways, to more or less arbitrary structures, leading to what has come to be called generalized recursion theory. Marching in under the banner of degree theory, these strands were to some extent woven together by the recursion theorists, but the trend has been to pull the subject of effective computability even farther away from questions of actual computation. The rise in recent years of computation theory as a subject with that as its primary concern forces a reconsideration of notions of computability theory both in theory and practice. Following the historical sections, I shall make the case for the primary significance for practice of the various notions of relative (rather than absolute) computability, but not of most methods or results obtained thereto in recursion theory.

Alan Turing's exploits in code-breaking, philosophy, artificial intelligence and the foundations of computer science are by now well known to many. Less well known is that Turing was also interested in number theory, in particular the distribution of prime numbers and the Riemann hypothesis. These interests culminated in two programs that he implemented on the Manchester Mark 1 (see Figure 3.1), the first stored-program digital computer, during its 18 months of operation in 1949–1950. Turing's efforts in this area were modest, and one should be careful not to overstate their influence. However, one cannot help but see in these investigations the beginning of the field of computational number theory, bearing a close resemblance to active problems in the field today despite a gap of 60 years. We can also perceive, in hindsight, some striking connections to Turing's other areas of interests, in ways that might have seemed far-fetched in his day. This chapter will attempt to explain the two problems in detail, including their early history, Turing's contributions, some developments since the 1950s, and speculation for the future.

Prime numbers

People have been interested in prime numbers since at least the ancient Greeks. Euclid recorded a proof that there are infinitely many of them around 300 BC (Narkiewicz, 2000, §1.1.2). His proof, still one of the most elegant in all mathematics, can be expressed as an algorithm:

1. Write down some prime numbers.

2. Multiply them together and add 1; call the result n.

3. Find a prime factor of n.

For instance, if we know that 2, 5 and 11 are all prime then, applying the algorithm with these numbers, we get n = 2× 5× 11+1 = 111, which is divisible by the prime 3. By an earlier theorem in Euclid's Elements, the number n computed in step (2) must have a prime factor (and in fact it can be factored uniquely into a product of primes by the Fundamental Theorem of Arithmetic), so step (3) is always possible. On the other hand, from the way that Euclid constructs the number n, the prime factor found in step (3) cannot be any prime written down in step (1). Thus, no list of primes can be complete, i.e. there are infinitely many of them.

Introduction

Elucidating the mechanisms underlying the formation of structure and form is one of the great challenges in developmental biology. From an initial, seemingly spatially uniform mass of cells, emerge the spectacular patterns that characterise the animal kingdom – butterfly wing patterns, animal coat markings, skeletal structures, skin organs, horns etc. (Figure 9.1). Although genes obviously play a key role, the study of genetics alone does not tell us why certain genes are switched on or off in specific places and how the properties they impart to cells result in the highly coordinated emergence of pattern and form. Modern genomics has revealed remarkable molecular similarity among different animal species. Specifically, biological diversity typically emerges from differences in regulatory DNA rather than detailed protein coding sequences. This implicit universality highlights that many aspects of animal development can be understood from studies of exemplar species such as fruit flies and zebrafish while also motivating theoretical studies to explore and understand the underlying common mechanisms beyond a simply descriptive level.

However, when Alan Turing wrote his seminal paper, ‘The chemical basis of morphogenesis’ (Turing, 1952), such observations were many decades away. At that time biology was following a very traditional classification route of list-making activities. Indeed, there was very little theory regarding development other than D'Arcy Thompson's classic 1917 work (see Thompson, 1992, for the abridged version) exploring how biological forms arose, though even this was still very much at the descriptive rather than the mechanistic level.

Undeterred, Turing started exploring the question of how developmental systems might undertake symmetry-breaking and thus create and amplify structure from seeming uniformity. For example, if one looks at a cross-section of a tree trunk, it has circular symmetry which is broken when a branch starts to grow outwards. Turing proposed an underlying mechanism explaining how asymmetric structure could emerge dynamically, without innate hardwiring. In particular, he described how a symmetric pattern, for instance of a growth hormone, could break up so that more hormone was concentrated on one part of the circle, thus inducing extra growth there.

In order to achieve such behaviour Turing came up with a truly ingenious theory. He considered a system of chemicals reacting with each other and assumed that in the well-mixed case (no spatial heterogeneities) this system exhibited an equilibrium (steady) state which was stable.