Delete comment from: Computational Complexity
Jeremy writes:
There's also the possibility that P=NP, but the exponent is large.
An O(n^3) encryption method which requires Omega(n^30) to crack is secure. Such, encrypting a credit card would take 2 minutes instead of 2 seconds, but so what. PKE would be fine.
--
In my mind, the issue is this. We don't have good reason to believe the Church Turing Thesis respects the exponent -- it is not tight up to constants, and we can easily find "reasonable" abstract models of computation which can only simulate eachother up to polynomial factors. If P = NP but the exponent is large, for the RAM model say, we wouldn't really have any security guarantee at all. Someone would need to demonstrate conclusively that Chuch Turing holds for substantially more than that exponent, or else we would not be able to rule out that some other bizarre computational medium could actually implement the algorithm in say, near linear time. Such an algorithm would mark the start of a new hardware race, where manufacturers try to build computers specifically tuned to running this algorithm, possibly using massively distributed nets, possibly using DNA computers, who knows.
It seems it would essentially turn the problem from being a theory problem to being an engineering problem, and the only way to prove a meaningful lower bound / security guarantee would be to argue for a tighter church turing thesis.
Aug 31, 2010, 2:45:04 AM
Posted to Cryptography if P = NP