[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: There's a hole in your crypto...
On Mon, 7 Aug 1995, Futplex wrote:
> No crypto/privacy relevance, delete or flame now....
> Nathan writes:
> > This is why the "not a Turing machine" assertion that the "Professor" is
> > important. We know that Turing machine is undecidable, so if we want to
> > limit behavior, we can't have one. BUT---we don't know that being a
> > Turing machine is equivalent to having "unpredictable" behavior.
> > Furthermore, a "proof" of the "not a Turing machine" assertion is going
> > to have to be done by--you guessed it--a computer. And this computer is
> > running a program which definitely IS a Turing machine, if it is capable
> > of "proving" that other (suitably non-trivial) programs are not Turing
> > machines.
> I think this is a bit misguided. The Turing machine (TM) is an extremely general
> abstract model of computation. The gargantuan hunk of code that runs the
> Space Shuttle can be viewed as a Turing machine, as can a "Hello world" program
> written in Visual BASIC. So, there's not really a question about whether or
> not we're talking about Turing machines (unless perhaps you want to discuss
> quantum theorem provers and QTMs :)
If a statement is vacuous, it needs refining :-). If I were to state
that "Program X is not a Turing Machine", I would be stating that program
X does not model all Turing machines throught its input. It is the ability
of some Turing machines to model all Turing machines through their input
that makes them undecidable.
> Now, Rice's Theorem says that all non-trivial properties of TMs are undecidable.
> If I pick a "non-trivial" property, I can't conceivably build a TM ("write a
> program", if you like) that, upon input of the specification of an arbitrary TM,
> can tell whether or not that TM exhibits the property I picked. This does not
> mean that I can't decide whether some particular TMs have that property or not --
> I can. I just can't write down a procedure that handles the general case.
The problem here is that it is the interesting cases with which we are
concerned. If someone wants to write a computer program to "verify" my
proof of the RSA algorithm, fine. But I have to be convinced that there
program does what they claim before I care. And since their program
takes mathematical theorems as input, it is already demonstrating
near-Turing ( :-P) behavior.
> Also, this theorem clearly hinges on the meaning of "trivial". From what I've
> seen, a very strict interpretation is largely appropriate; nearly everything
> except the least exciting of trivial low-level properties of TMs seems to come
> out to be "non-trivial" in this regard. The proof of the theorem is more
> precise about this, naturally, but I've found this useful as a working
> colloquial definition.
I'll buy that.