You are on page 1of 3

Disclaimer: I am not an expert in the field of mathematics.

I am writing this paper to the best of my knowledge, but there is the possibility that some information may be wrong or misleading. In the case of this, I apologize. If anybody is curious to learn more, I recommend seeking out those that know more. Do not take this as the final word on the subject.

In the field of network and computer security, most information is practical in nature. Particular vulnerabilities, their potential misuses, ways to prevent and fix them, so on and so forth. Almost everything that one needs to know in the field of security does not have to rely on mathematical theory or hypothetical science. It's a field of know-how and experience. With the right combination of studying and hands-on knowledge, anybody can learn computer security. Yet, this does not mean we can dismiss the underlying mathematics of what goes on. In particular, there is the large influence of polynomial problems versus non-deterministic polynomial problems(P vs. NP). First, I will explain the difference between the two. I'm sure that all you readers love algebra(one can only hope). Regardless of how you feel, I'm sure you can recognize these basic formulas: x2 3y2 + y – 2 y5 – y + z y = ax2 + bx + c Fear aside, these are equations that can be said to be a polynomial problems. In simple terms, a polynomial is an equation with variables and coefficients that only deal with addition, subtraction, multiplication, and non-negative integer exponents. This might seem like heavy math here, but this is some of the most simple algebra out there. Sure, the polynomial itself can become quite complex(for example: y = 13b11x8 + 7t2e3x5 – n9x2 + 58), but the pattern of a polynomial is constant and easy. The math required to figure out one polynomial applies to them all(most of the time). So, what is the difference between P and NP? Funny enough, it comes down to the complexity of the problem that needs solving. Those familiar with big O notation should be able to determine the values that each of the above equations have. In order, they are O(x2), O(y2), O(y5), O(x2), and O(x8). Notice a pattern? Big O notation was a way for computer scientists to determine how long(with a worst case scenario) it would take to solve a particular problem with computation. Taking the largest exponential value of the indeterminate(the one variable that is a constant), we get a good rough estimate. For anybody who doesn't know, I recommend reading up on big O notation, as it is a great measuring stick for the complexity of algorithms.

With big O notation, we can show that many problems can become complex fast. We even excluded the possibility for O(2x) or O(logx) which are more complex than polynomial problems. In relative terms, a polynomial problem is easy to solve. These problems are P(I know, it took a while). Problems that can be verified in polynomial time are NP. Verification means that when the computer is given potential values of the variables, it can tell the user whether it is correct or not. P problems are a subset of NP, meaning that all P problems are verifiable in polynomial time. So, why is this important? Why know about P vs NP if we only need to know about the practical information? The biggest reason(besides 'I want to') is that P vs NP is an unsolved problem. We say P vs NP because we don't know if all NP problems are P problems. In other words, does P=NP or does P≠NP? Either answer would have a huge effect on the future of mathematics and computation. Figure 1 below shows the difference(For the purposes of this, don't worry about NPHard and NP-Complete). It would affect how we conduct research into economics, artificial intelligence, multimedia processing, game theory, and, most relevant to computer security,


Figure 1. Chart showing the relationship between P and NP given its possible outcomes

“How would it affect cryptography?”, I hear you say? Why should either answer change anything? For now, let us assume that P = NP. If this is true, then almost every algorithm used for cryptography is useless. Almost any system we would come up with would have an algorithm that would undo the cryptography completely, regardless of how strong the password is. If you can undo the algorithm itself, an attacker would not have to worry about the password used, but the cryptographic system that is used. If we discover the opposite, that is P ≠ NP, than the change would be less noticeable. There would be many options that allow for user to securely encrypt, without worrying about the actual method of encrypting itself. It would mean that researchers would focus more on password acquisition techniques than algorithmic deconstruction. In short, it reduces the attack surface on cryptography itself. Similar changes would happen to many different fields, of which we can speculate for the most part. Yet, the problem of P vs NP has long reaching effects, and is one of the most sought after problem in mathematics. It was named one of seven Millennial Problems, which all offer a million dollar prize for solving. Only one has been solved, with six more left to be determined. There is a good chance that P vs NP will not be solved for quite some time. Yet, it is interesting to ponder, and a good conversation topic to have over drinks(unless that's just me).