Most of the results in the previous chapters concern spaces of random graphs of order n as n → ∞: even our inequalities were claimed to hold only ‘if n is sufficiently large’. Nevertheless, asymptotic results are often applied for rather small values of n, so the question arises as to how good these approximations are when n is not too large. The main aim of this chapter is to reproduce some of the tables concerning graphs of fairly small order, given by Bollobás and Thomason (1985). These tables are still far beyond the bound for which exact calculations are possible; for exact tables concerning graphs of small order (mostly general graphs of order at most 14 and trees of order at most 27), the reader should consult, among others, Bussemaker et al. (1976), Quintas, Stehlik and Yarmish (1979), Quintas, Schiano and Yarmish (1980), Brown et al. (1981) and Halberstam and Quintas (1982, 1984). For the use of information about small subgraphs see, among others, Frank and Frisch (1971), Frank (1977, 1979a, b), Frank and Harary (1980a, b), Gordon and Leonis (1976) and Quintas and Yarmish (1981).

Connectivity

We know from Theorem 7.3 that if c ∈ ℝ is a constant, p =(log + c)/n and M = ⌊(n/2)(log n + c)⌋, then limn→∞P(Gp is connected) = limn→∞P(GM is connected) = 1 − e−e−c.

This first volume contains only material on the basic tools of modern cryptography, that is, one-way functions, pseudorandomness, and zero-knowledge proofs. These basic tools are used in the construction of the basic applications (to be covered in the second volume). The latter will cover encryption, signatures, and general cryptographic protocols. In this appendix we provide brief summaries of the treatments of these basic applications.

Encryption: Brief Summary

Both private-key and public-key encryption schemes consist of three efficient algorithms: key generation, encryption, and decryption. The difference between the two types of schemes is reflected in the definition of security: The security of a public-key encryption scheme should also hold when the adversary is given the encryption key, whereas that is not required for private-key encryption schemes. Thus, public-key encryption schemes allow each user to broadcast its encryption key, so that any other user can send it encrypted messages (without needing to first agree on a private encryption key with the receiver). Next we present definitions of security for private-key encryption schemes. The public-key analogies can be easily derived by considering adversaries that get the encryption key as additional input. (For private-key encryption schemes, we can assume, without loss of generality, that the encryption key is identical to the decryption key.)

Definitions

For simplicity, we consider only the encryption of a single message; however, this message can be longer than the key (which rules out information-theoretic secrecy [200]). We present two equivalent definitions of security.

In this chapter we define and study one-way functions. One-way functions capture our notion of “useful” computational difficulty and serve as a basis for most of the results presented in this book. Loosely speaking, a one-way function is a function that is easy to evaluate but hard to invert (in an average-case sense). (See the illustration in Figure 2.1.) In particular, we define strong and weak one-way functions and prove that the existence of weak one-way functions implies the existence of strong ones. The proof provides a good example of a reducibility argument, which is a strong type of “reduction” used to establish most of the results in the area. Furthermore, the proof provides a simple example of a case where a computational statement is much harder to prove than its “information-theoretic analogue.”

In addition, we define hard-core predicates and prove that every one-way function has a hard-core predicate. Hard-core predicates will play an important role in almost all subsequent chapters (the chapter on signature scheme being the exception).

Organization. In Section 2.1 we motivate the definition of one-way functions by arguing informally that it is implicit in various natural cryptographic primitives. The basic definitions are given in Section 2.2, and in Section 2.3 we show that weak one-way functions can be used to construct strong ones. A more efficient construction (for certain restricted cases) is postponed to Section 2.6.

Cryptography is concerned with the construction of schemes that should be able to withstand any abuse. Such schemes are constructed so as to maintain a desired functionality, even under malicious attempts aimed at making them deviate from their prescribed functionality.

The design of cryptographic schemes is a very difficult task. One cannot rely on intuitions regarding the typical state of the environment in which a system will operate. For sure, an adversary attacking the system will try to manipulate the environment into untypical states. Nor can one be content with countermeasures designed to withstand specific attacks, because the adversary (who will act after the design of the system has been completed) will try to attack the schemes in ways that typically will be different from the ones the designer envisioned. Although the validity of the foregoing assertions seems self-evident, still some people hope that, in practice, ignoring these tautologies will not result in actual damage. Experience shows that such hopes are rarely met; cryptographic schemes based on make-believe are broken, typically sooner rather than later.

In view of the foregoing, we believe that it makes little sense to make assumptions regarding the specific strategy that an adversary may use. The only assumptions that can be justified refer to the computational abilities of the adversary.

In this chapter we briefly discuss the goals of cryptography (Section 1.1). In particular, we discuss the basic problems of secure encryption, digital signatures, and fault-tolerant protocols. These problems lead to the notions of pseudorandom generators and zero-knowledge proofs, which are discussed as well.

Our approach to cryptography is based on computational complexity. Hence, this introductory chapter also contains a section presenting the computational models used throughout the book (Section 1.3). Likewise, this chapter contains a section presenting some elementary background from probability theory that is used extensively in the book (Section 1.2).

Finally, we motivate the rigorous approach employed throughout this book and discuss some of its aspects (Section 1.4).

Teaching Tip. Parts of Section 1.4 may be more suitable for the last lecture (i.e., as part of the concluding remarks) than for the first one (i.e., as part of the introductory remarks). This refers specifically to Sections 1.4.2 and 1.4.3.

Cryptography: Main Topics

Historically, the term “cryptography” has been associated with the problem of designing and analyzing encryption schemes (i.e., schemes that provide secret communication over insecure communication media). However, since the 1970s, problems such as constructing unforgeable digital signatures and designing fault-tolerant protocols have also been considered as falling within the domain of cryptography. In fact, cryptography can be viewed as concerned with the design of any system that needs to withstand malicious attempts to abuse it.

In this chapter we discuss pseudorandom generators. Loosely speaking, these are efficient deterministic programs that expand short, randomly selected seeds into much longer “pseudorandom” bit sequences (see illustration in Figure 3.1). Pseudorandom sequences are defined as computationally indistinguishable from truly random sequences by efficient algorithms. Hence the notion of computational indistinguishability (i.e., indistinguishability by efficient procedures) plays a pivotal role in our discussion. Furthermore, the notion of computational indistinguishability plays a key role also in subsequent chapters, in particular in the discussions of secure encryption, zero-knowledge proofs, and cryptographic protocols.

The theory of pseudorandomness is also applied to functions, resulting in the notion of pseudorandom functions, which is a useful tool for many cryptographic applications.

In addition to definitions of pseudorandom distributions, pseudorandom generators, and pseudorandom functions, this chapter contains constructions of pseudorandom generators (and pseudorandom functions) based on various types of one-way functions. In particular, very simple and efficient pseudorandom generators are constructed based on the existence of one-way permutations. We highlight the hybrid technique, which plays a central role in many of the proofs. (For the first use and further discussion of this technique, see Section 3.2.3.)

Organization. Basic discussions, definitions, and constructions of pseudorandom generators appear in Sections 3.1–3.4: We start with a motivating discussion (Section 3.1), proceed with a general definition of computational indistinguishability (Section 3.2) next present and discuss definitions of pseudorandom generators (Section 3.3), and finally present some simple constructions (Section 3.4). More general constructions are discussed in Section 3.5.

Abstract

This tribute consists of an appreciation from 1996, some further thoughts, and a list of Nash-Williams' publications.

An appreciation written on his retirement in 1996

I arrived in Aberdeen in 1965 to start my academic career as an assistant lecturer. I had become interested in graph theory and in particular in a series of papers with such resonant titles as

So it is with pleasure that I am writing this appreciation of Professor Nash-Williams in the Quincentennial Year of the University of Aberdeen.

In 1967, after some ten years at Aberdeen, Nash-Williams moved to the University of Waterloo, returning to Aberdeen as Professor of Mathematics in 1972. In 1975 he took up a Professorship of Mathematics at the University of Reading where he joined a flourishing group of combinatorialists which included Richard Rado (then recently retired), David Day kin and Anthony Hilton. He has remained at Reading ever since, apart from a year in West Virginia and frequent visits to Waterloo.

It is not my intention to give a full appreciation of Nash-Williams' contribution to graph theory. How could I? This will, I hope, be done elsewhere with a complete edition of his papers. I shall content myself with a few random remarks on his work.

Abstract

A list colouring of a graph is a colouring in which each vertex υ receives a colour from a prescribed list L(υ) of colours. This paper about list colourings can be thought of as being divided into two parts. The first part, comprising Sections 1, 2 and 6, is about proper colourings, in which adjacent vertices must receive different colours. It is a survey of known conjectures and results with few proofs, although Section 6 discusses several different methods of proof. Section 1 is intended as a first introduction to the concept of list colouring, and Section 2 discusses conjectures and results, mainly about graphs for which “ch = X”. The other part of the paper, comprising Sections 3, 4 and 5, is about improper or defective colourings, in which a vertex is allowed to have some neighbours with the same colour as itself, but not too many. Although still written mainly as a survey, this part of the paper contains a number of new proofs and new conjectures. Section 3 is about subcontractions, and includes conjectures broadly similar to Hadwiger's conjecture. Section 4 is about planar and related graphs. Section 5 is also about planar and related graphs, but this time with additional constraints imposed on the lists.

Abstract

Let Ω be a finite set and let G be a permutation group acting on Ω. The permutation group G partitions Ω into orbits. This survey focuses on three related computational problems, each of which is defined with respect to a particular input set I. The problems, given an input (Ω, G) ϵ I, are (1) count the orbits (exactly), (2) approximately count the orbits, and (3) choose an orbit uniformly at random. The goal is to quantify the computational difficulty of the problems. In particular, we would like to know for which input sets I the problems are tractable.

Introduction

Let Ω be a finite set and let G be a permutation group acting on Ω. The permutation group G partitions Ω into orbits: Two elements of Ω are in the same orbit if and only if there is a permutation in G which maps one element to the other. This survey focuses on three related computational problems, each of which is defined with respect to a particular input set I:

1. Given an input (Ω, G) ϵ I, count the orbits.

2. Given an input (Ω, G) ϵ I, approximately count the orbits.

3. Given an input (Ω, G) ϵ I, choose an orbit uniformly at random.

The goal is to quantify the computational difficulty of the problems. In particular, we would like to know for which input sets I the problems are tractable.

Many interesting orbit-counting problems come from the setting of “Polya theory”.