In mathematics, a negligible function is a function such that for every positive integer c there exists an integer Nc such that for all x > Nc,

Equivalently, we may also use the following definition. A function is negligible, if for every positive polynomial poly(·) there exists an integer Npoly > 0 such that for all x > Npoly

History

edit

The concept of negligibility can find its trace back to sound models of analysis. Though the concepts of "continuity" and "infinitesimal" became important in mathematics during Newton and Leibniz's time (1680s), they were not well-defined until the late 1810s. The first reasonably rigorous definition of continuity in mathematical analysis was due to Bernard Bolzano, who wrote in 1817 the modern definition of continuity. Later Cauchy, Weierstrass and Heine also defined as follows (with all numbers in the real number domain  ):

(Continuous function) A function   is continuous at   if for every  , there exists a positive number   such that   implies  

This classic definition of continuity can be transformed into the definition of negligibility in a few steps by changing parameters used in the definition. First, in the case   with  , we must define the concept of "infinitesimal function":

(Infinitesimal) A continuous function   is infinitesimal (as   goes to infinity) if for every   there exists   such that for all  
 [citation needed]

Next, we replace   by the functions   where   or by   where   is a positive polynomial. This leads to the definitions of negligible functions given at the top of this article. Since the constants   can be expressed as   with a constant polynomial, this shows that infinitesimal functions are a superset of negligible functions.

Use in cryptography

edit

In complexity-based modern cryptography, a security scheme is provably secure if the probability of security failure (e.g., inverting a one-way function, distinguishing cryptographically strong pseudorandom bits from truly random bits) is negligible in terms of the input   = cryptographic key length  . Hence comes the definition at the top of the page because key length   must be a natural number.

Nevertheless, the general notion of negligibility doesn't require that the input parameter   is the key length  . Indeed,   can be any predetermined system metric and corresponding mathematical analysis would illustrate some hidden analytical behaviors of the system.

The reciprocal-of-polynomial formulation is used for the same reason that computational boundedness is defined as polynomial running time: it has mathematical closure properties that make it tractable in the asymptotic setting (see #Closure properties). For example, if an attack succeeds in violating a security condition only with negligible probability, and the attack is repeated a polynomial number of times, the success probability of the overall attack still remains negligible.

In practice one might want to have more concrete functions bounding the adversary's success probability and to choose the security parameter large enough that this probability is smaller than some threshold, say 2−128.

Closure properties

edit

One of the reasons that negligible functions are used in foundations of complexity-theoretic cryptography is that they obey closure properties.[1] Specifically,

  1. If   are negligible, then the function   is negligible.
  2. If   is negligible and   is any real polynomial, then the function   is negligible.

Conversely, if   is not negligible, then neither is   for any real polynomial  .

Examples

edit
  •   is negligible for any  :
  Step: This is an exponential decay function where   is a constant greater than or equal to 2. As  ,   very quickly, making it negligible.
  •   is negligible:
  Step: This function has exponential decay with a base of 3, but the exponent grows slower than   (only at  ). As  ,  , so it’s still negligible but decays slower than  .
  •   is negligible:
  Step: In this case,   represents a polynomial decay, with the exponent growing negatively due to  . Since the decay rate increases with  , the function goes to 0 faster than polynomial functions like   for any constant  , making it negligible.
  •   is negligible:
  Step: This function decays as the logarithm of   raised to a negative exponent  , which leads to a fast approach to 0 as  . The decay here is faster than inverse logarithmic or polynomial rates, making it negligible.
  •   is not negligible, for positive  :
  Step: We can rewrite this as  , which is a polynomial decay rather than an exponential one. Since   is positive,   as  , but it doesn’t decay as quickly as true exponential functions with respect to  , making it non-negligible.

Assume  , we take the limit as  :

Negligible:

  •  :
  Step: This function decays exponentially with base   raised to the power of  . As  ,   quickly, making it negligible.
  •   for  :
  Step: We can simplify   as  , which decays faster than any polynomial. As  , the function approaches zero and is considered negligible for any   and  .
  •   for  :
  Step: The decay is determined by the base   raised to the power of  . Since   grows with  , this function approaches zero faster than polynomial decay, making it negligible.
  •  :
  Step: Here,   decays exponentially with a base of   raised to  . As  ,   quickly, so it’s considered negligible.

Non-negligible:

  •  :
  Step: Since   as  , this function decays very slowly, failing to approach zero quickly enough to be considered negligible.
  •  :
  Step: With an exponential base and exponent  , this function would approach zero very rapidly, suggesting negligibility.

See also

edit

References

edit
  1. ^ Katz, Johnathan (6 November 2014). Introduction to modern cryptography. Lindell, Yehuda (Second ed.). Boca Raton. ISBN 9781466570269. OCLC 893721520.{{cite book}}: CS1 maint: location missing publisher (link)