The Complexity of Human Computation: A Concrete Model with an Application to Passwords

TL;DR

This paper introduces a formal model of human computation to analyze what humans can compute mentally, focusing on password generation and related cryptographic primitives, with a unique complexity measure suited for human limitations.

Contribution

It develops a rigorous model and measures of human computability, applying them to password creation, one-way functions, and pseudorandom generators, diverging from standard computational complexity.

Findings

Model captures human computation constraints effectively

Applied to humanly feasible password schemes and cryptographic primitives

Provides new insights into complexity limits of mental computation

Abstract

What can humans compute in their heads? We are thinking of a variety of Crypto Protocols, games like Sudoku, Crossword Puzzles, Speed Chess, and so on. The intent of this paper is to apply the ideas and methods of theoretical computer science to better understand what humans can compute in their heads. For example, can a person compute a function in their head so that an eavesdropper with a powerful computer --- who sees the responses to random input --- still cannot infer responses to new inputs? To address such questions, we propose a rigorous model of human computation and associated measures of complexity. We apply the model and measures first and foremost to the problem of (1) humanly computable password generation, and then consider related problems of (2) humanly computable "one-way functions" and (3) humanly computable "pseudorandom generators". The theory of Human Computability developed here plays by different rules than standard computability, and this takes some getting used to. For reasons to be made clear, the polynomial versus exponential time divide of modern computability theory is irrelevant to human computation. In human computability, the step-counts for both humans and computers must be more concrete. Specifically, we restrict the adversary to at most 10^24 (Avogadro number of) steps. An alternate view of this work is that it deals with the analysis of algorithms and counting steps for the case that inputs are small as opposed to the usual case of inputs large-in-the-limit.