Negligible function
For a similar term, please see negligible set. (disambiguation) In mathematics, a negligible function is a function [math]\displaystyle{ \mu:\mathbb{N}\to\mathbb{R} }[/math] such that for every positive integer c there exists an integer Nc such that for all x > Nc,
- [math]\displaystyle{ |\mu(x)|\lt \frac{1}{x^c}. }[/math]
Equivalently, we may also use the following definition. A function [math]\displaystyle{ \mu:\mathbb{N}\to\mathbb{R} }[/math] is negligible, if for every positive polynomial poly(·) there exists an integer Npoly > 0 such that for all x > Npoly
- [math]\displaystyle{ |\mu(x)|\lt \frac 1 {\operatorname{poly}(x)}. }[/math]
History
The concept of negligibility can find its trace back to sound models of analysis. Though the concepts of "continuity" and "infinitesimal" became important in mathematics during Newton and Leibniz's time (1680s), they were not well-defined until the late 1810s. The first reasonably rigorous definition of continuity in mathematical analysis was due to Bernard Bolzano, who wrote in 1817 the modern definition of continuity. Later Cauchy, Weierstrass and Heine also defined as follows (with all numbers in the real number domain [math]\displaystyle{ \mathbb{R} }[/math]):
- (Continuous function) A function [math]\displaystyle{ f:\mathbb{R}{\rightarrow}\mathbb{R} }[/math] is continuous at [math]\displaystyle{ x=x_0 }[/math] if for every [math]\displaystyle{ \varepsilon\gt 0 }[/math], there exists a positive number [math]\displaystyle{ \delta\gt 0 }[/math] such that [math]\displaystyle{ |x-x_0|\lt \delta }[/math] implies [math]\displaystyle{ |f(x)-f(x_0)|\lt \varepsilon. }[/math]
This classic definition of continuity can be transformed into the definition of negligibility in a few steps by changing parameters used in the definition. First, in the case [math]\displaystyle{ x_0=\infty }[/math] with [math]\displaystyle{ f(x_0)=0 }[/math], we must define the concept of "infinitesimal function":
- (Infinitesimal) A continuous function [math]\displaystyle{ \mu:\mathbb{R}\to\mathbb{R} }[/math] is infinitesimal (as [math]\displaystyle{ x }[/math] goes to infinity) if for every [math]\displaystyle{ \varepsilon\gt 0 }[/math] there exists [math]\displaystyle{ N_\varepsilon }[/math] such that for all [math]\displaystyle{ x\gt N_\varepsilon }[/math]
- [math]\displaystyle{ |\mu(x)|\lt \varepsilon\,. }[/math][citation needed]
Next, we replace [math]\displaystyle{ \varepsilon\gt 0 }[/math] by the functions [math]\displaystyle{ 1/x^c }[/math] where [math]\displaystyle{ c\gt 0 }[/math] or by [math]\displaystyle{ 1/\operatorname{poly}(x) }[/math] where [math]\displaystyle{ \operatorname{poly}(x) }[/math] is a positive polynomial. This leads to the definitions of negligible functions given at the top of this article. Since the constants [math]\displaystyle{ \varepsilon\gt 0 }[/math] can be expressed as [math]\displaystyle{ 1/\operatorname{poly}(x) }[/math] with a constant polynomial, this shows that infinitesimal functions are a superset of negligible functions.
Use in cryptography
In complexity-based modern cryptography, a security scheme is provably secure if the probability of security failure (e.g., inverting a one-way function, distinguishing cryptographically strong pseudorandom bits from truly random bits) is negligible in terms of the input [math]\displaystyle{ x }[/math] = cryptographic key length [math]\displaystyle{ n }[/math]. Hence comes the definition at the top of the page because key length [math]\displaystyle{ n }[/math] must be a natural number.
Nevertheless, the general notion of negligibility doesn't require that the input parameter [math]\displaystyle{ x }[/math] is the key length [math]\displaystyle{ n }[/math]. Indeed, [math]\displaystyle{ x }[/math] can be any predetermined system metric and corresponding mathematical analysis would illustrate some hidden analytical behaviors of the system.
The reciprocal-of-polynomial formulation is used for the same reason that computational boundedness is defined as polynomial running time: it has mathematical closure properties that make it tractable in the asymptotic setting (see #Closure properties). For example, if an attack succeeds in violating a security condition only with negligible probability, and the attack is repeated a polynomial number of times, the success probability of the overall attack still remains negligible.
In practice one might want to have more concrete functions bounding the adversary's success probability and to choose the security parameter large enough that this probability is smaller than some threshold, say 2−128.
Closure properties
One of the reasons that negligible functions are used in foundations of complexity-theoretic cryptography is that they obey closure properties.[1] Specifically,
- If [math]\displaystyle{ f,g:\mathbb{N}\to\mathbb{R} }[/math] are negligible, then the function [math]\displaystyle{ x\mapsto f(x)+g(x) }[/math] is negligible.
- If [math]\displaystyle{ f:\mathbb{N}\to\mathbb{R} }[/math] is negligible and [math]\displaystyle{ p }[/math] is any real polynomial, then the function [math]\displaystyle{ x\mapsto p(x)\cdot f(x) }[/math] is negligible.
Conversely, if [math]\displaystyle{ f:\mathbb{N}\to\mathbb{R} }[/math] is not negligible, then neither is [math]\displaystyle{ x\mapsto f(x)/p(x) }[/math] for any real polynomial [math]\displaystyle{ p }[/math].
Examples
- [math]\displaystyle{ n \mapsto a^{-n} }[/math] is negligible for any [math]\displaystyle{ a\geq 2 }[/math].
- [math]\displaystyle{ f(n) = 3^{-\sqrt{n}} }[/math] is negligible.
- [math]\displaystyle{ f(n) = n^{-\log n} }[/math] is negligible.
- [math]\displaystyle{ f(n) = (\log n)^{-\log n} }[/math] is negligible.
- [math]\displaystyle{ f(n) = 2^{-c \log n} }[/math] is not negligible, for positive [math]\displaystyle{ c }[/math].
Assume [math]\displaystyle{ n \gt 0 }[/math], we take the limit as [math]\displaystyle{ n \to \infty }[/math]:
Negligible:
- [math]\displaystyle{ f(n) = 1/x^{n/2} }[/math]
- [math]\displaystyle{ f(n) = 1/x^{\log{(n^k)}} }[/math] for [math]\displaystyle{ k \geq 1 }[/math]
- [math]\displaystyle{ f(n) = 1/x^{({\log{n})}^k} }[/math] for [math]\displaystyle{ k \geq 1 }[/math]
- [math]\displaystyle{ f(n) = 1/x^{\sqrt{n}} }[/math]
Non-negligible:
- [math]\displaystyle{ f(n) = \frac{1}{n^{\frac{1}{n}}} }[/math]
- [math]\displaystyle{ f(n) = \frac{1}{x^{n(\log{n})}} }[/math]
See also
- Negligible set
- Colombeau algebra
- Nonstandard numbers
- Gromov's theorem on groups of polynomial growth
- Non-standard calculus
References
- ↑ Katz, Johnathan (6 November 2014). Introduction to modern cryptography. Lindell, Yehuda (Second ed.). Boca Raton. ISBN 9781466570269. OCLC 893721520.
- Goldreich, Oded (2001). Foundations of Cryptography: Volume 1, Basic Tools. Cambridge University Press. ISBN 0-521-79172-3. http://www.wisdom.weizmann.ac.il/~oded/frag.html.
- Sipser, Michael (1997). "Section 10.6.3: One-way functions". Introduction to the Theory of Computation. PWS Publishing. pp. 374–376. ISBN 0-534-94728-X. https://archive.org/details/introductiontoth00sips/page/374.
- Papadimitriou, Christos (1993). "Section 12.1: One-way functions". Computational Complexity (1st ed.). Addison Wesley. pp. 279–298. ISBN 0-201-53082-1. https://archive.org/details/computationalcom00papa.
- Colombeau, Jean François (1984). New Generalized Functions and Multiplication of Distributions. Mathematics Studies 84, North Holland. ISBN 0-444-86830-5.
- Bellare, Mihir (1997). "A Note on Negligible Functions". Journal of Cryptology (Dept. of Computer Science & Engineering University of California at San Diego) 15: 2002.
Original source: https://en.wikipedia.org/wiki/Negligible function.
Read more |