The O(10) Commandments of TCS Theoretical Computer Science

Home , Avi Wigderson, Limits of computation

+ insights The O(10Structure) commandments in of TCS Theoretical Computer Science

Avi Wigderson IAS, Princeton

Mathematics Computer Science Statistics

Theoretical Social Computer Science Science

Biology Economics Physics

Machine Learning Pseudorandomness Machine Learning Pseudorandomness Machine Learning Pseudorandomness

PHYSICS BIOLOGY - Computational modeling - Algorithmic ECONOMICS techniques - Lower bounds - Colorful beads “THE UNREASONABLE EFFECTIVENESS OF MATHEMATICS- …

IN THE SCIENCES… TCS IS A WONDERFUL GIFT WHICH WE NEITHER UNDERSTAND NOR DESERVE” Wigner “THE REASONABLE EFFECTIVENESS OF TCS IN THE SCIENCESTHE PEACE … RISOOM SOMETHING WE DO UNDERSTAND” (AT LEAST FOR THE INFORMATION PROCESSES) Mathematics Computer Science Statistics

Randomness Learning CoreTheoretical TCS Theoretical Cryptography Social Structure, Computer Science ComputerInterconnectivity,Science Science Insights,… Optimization Quantum Computing Lower Communication bounds Complexity

Biology Economics Physics

Machine Learning Pseudorandomness Machine Learning Pseudorandomness Machine Learning Pseudorandomness

Cryptography Cryptography Core TCS Cryptography Core TCS Core TCS Coding TheoryCoding TheoryCoding Quantum Theory Quantum ComputingQuantum Sublinear Computing Interactive Sublinear Computing Algorithms ComputationInteractive AlgorithmsSublinear ComputationInteractive Algorithms Computation Unsolvable Computational problems Halting Chess / Go PSPACE Solvable Strategies NP ComputationQP is TSP Linear Integer everywhereProgramming NP-complete Factoring Theorem Sudoku Error Proving Map Correction Shortest Coloring FFT Path P Multiplication 1000s problems L Addition Few complexity classes Algorithms, Analysis, Reductions, Completeness Cryptographic problems: -Privacy Poker over Oblivious -Resilience telephone Computationcomputation is Joint Secret Private-key coin Communication flipping everywhereencryption Key One-way Public-key exchange Minicrypt Function encryption Zero- Digital Cryptomania knowledge Signatures Commitment Trap-door proofs Pseudorandom schemes Function generation

1000s problems Few complexity classes Algorithms, Analysis Reductions, Completeness High level Structure in

- Optimization problems

- Approximation problems

- Cryptographic problems

- Probabilistic algorithms

- Lower bounds Origins Birth of TCS

[Turing 1936]: “On computable numbers, with an application to the entscheidungsproblem”

Formal definition of computer & algorithm Turing Machine The amazing power of a good theory

- Seed of the computer revolution - The power of computing: Church-Turing Thesis - The limits on of algorithms

Technology Computer Revolution

A Turing machine is easy to implement ∧ Turing Machine

∨

Simple Local Science Church-Turing Thesis

Turing machine can emulate any computation!

Computation: every process which is a sequence of simple, local steps, on

Turing bits in computers Machine neurons in the brain atoms in matter cells in living tissue individuals in populations Simple Local … Math Theory A Turing machine is a formal model - basic step - basic memory unit

Can prove theorems: Turing - analyze algorithms Machine - prove limits

Simple Local Limits of computation Unsolvable Solvable CS [Turing]: Given a computer program, does it always halt? Logic[Turing]: Given a ’ statement, is it provable When? I m lateUS Math [Mattiasevich]: Given an equation, does it have integer solutions? Computational Biology [Conway]: Given Complexity A rule for an epidemic, Theory will it spread or die?

Structure in decision, search,optimization problems

+ crash course on complexity & Classical reductions

Easy and Hard Problems asymptotic complexity of functions

2-COL

Shortest path

Asymptotics + 2-SAT (x ∨x ) (x ∨x )… 2 4 5 n Worst case analysis

- Forward looking Multiplication 23x67 = ? - Reveal structure! poly(n) steps algorithm Robust EASY P – Polynomial time to model variants Easy and Hard Problems asymptotic complexity of functions 2-COL 3-COL

Shortest path Hamilton path

2-SAT (x2∨x4) (x5∨xn)… 3-SAT (x1∨x2∨x4)(x5∨x3∨xn)…

Multiplication 23x67 = ? Factoring 1541 = ? x ? poly(n) steps algorithm best known alg exp(n) steps

EASY P – Polynomial time HARD? we don’t know!

P Polynomial – Possible, Practical, Pheasable E Exponential – Extremely hard, Eempossible Easy and Hard Problems asymptotic complexity of functions 2-COL 3-COL

Shortest path Hamilton path

2-SAT (x2∨x4) (x5∨xn)… 3-SAT (x1∨x2∨x4)(x5∨x3∨xn)…

Multiplication 23x67 = ? Factoring 1541 = ? x ?

poly(n) steps algorithm best known alg exp(n) steps

EASY P – Polynomial time HARD? we don’t know!

Thm: If 3-COL is Easy then Factoring & 3-SAT are Easy Something unites all problems we have seen so far Computational notion of proof! EXP Solutions can be Computationeasily checked is Multiplication Everything we can 2-SAT hopeeverywhere to solve Short Path 2-COL Long ? 3-SAT Solutions can Path = NP P be easily found 3-COL Everything we Integer Can solve Factoring Miracle! One problem captures whole class! NP-complete problems [Cook, Levin’71] 3-SAT easy è P=NP [Karp‘72]: 3-COL easy è 3-SAT easy 21 problems, network, logic, scheduling… [‘00] Thousands across math & sciences If one is easy, all are. A universal phenomena If one is hard, all are. Why prove NP-completeness results? Programmers/CS – Hardness certificate Mathematicians – Structural nastiness Scientists – Model validation / sanity check NP-complete problems that “nature solves”

Biology: Minimum energy Physics: Minimum Protein Folding surface area Foam

Possibilities: model is wrong or inputs are special or P=NP

Use P≠NP as a Add nature to laptop law of nature! Random, Quantum,… Why are there so many? [Cook, Levin’71] 3-SAT easy çè P=NP [Karp ‘72]:If 3-COL easy then 3-SAT easy Locality of efficient algorithm computation formula graph h → T F x ∨ y satisfying ↔ legal assignment coloring y x Claim: In every legal 3-coloring, z = x ∨ y

Many structures encode computation z OR-gadget NP Integer ComputationFactoring is Multiplication Dark Hardest 2-SAT everywhereMatter? Shortest complete NP- Path 2-COL 3-SAT Long Dichotomy? Path Protein P Easiest Folding 3-COL

Glue – polynomial-time algs polynomial- Correct resolution time algs Refine Structure in approximation problems

(+ sophisticated reductions) The mystery of approximation 1970s: Essentially all optimization problems are either in P or are NP-complete Hard problems don’t go away… How well can we approximate the optimum? 3-SAT: ≤ 8/7 Set Cover: ≤ log n TSP: ≤ 3/2 3-COL: ≤ n.4 Vertex Cover: ≤ 2 Clique: ≤ n/log2n

Are these good? Do better? Theory??

[Hastad’01] 8/7-ε is NP-complete for 3-SAT 2010 2000 1990 1980 1970

3-SAT is 8/7-ε hard

3-SAT is Decade 1.01 hard 2 Decades

Interconnectivity of core TCS NP 3-SAT is hard Fourier analysis, Concentration Game inequalities Theory

3-SAT is Influences 8/7-ε hard in Boolean Distributed Computing functions

3-SAT is Decade 1.01 hard

Interconnectivity of core TCS NP 3-SAT is hard

3-SAT is IP = Interactive Proofs 8/7-ε hard 2IP = 2-prover InteractiveInterconnectivity Proofs PCP = Probabilisticallyof coreCheckable TCS Proofs

3-SAT is 1.01 hard

Probabilistic PCP PCP= NP Optimization Interactive [AS,ALMSS] Approx Proof systems Algorithms 2IP 2IP = NEXP IP =IPPSPACE NP 3-SAT [BFL] [LFKN,S] is hard

Arithmetization Program Cryptography Checking Zero-knowledge The last decade [Khot] Conjecture By 2000s: Exact approx Linear ratios for many problems equations 3-SAT = 8/7 are hard Decade 3-XOR = 2 Set Cover = log n [Raghavendra ‘08] … … A single, universal Where do these algorithm achieves 3-SAT is numbers come from? optimal approx ratio 8/7-ε hard for all constraint 3-SAT is satisfaction problems 1.01 hard

Convex programming Analysis, Geometry complete NP algorithm 3-SAT Is hard Structure in cryptographic problems Complexity-based Cryptography Predated the Internet & E-commerce Enabled the Internet & E-commerce

- Parties can only solve easy problems - Factoring is hard Asymptotic view Easy allows setting parameters p,q p⋅q Information Theory Impossible vs. Complexity Theory Secret communication Diffie-Hellman, Merkle ‘76 Public-key encryption Rivest-Shamir-Adleman ‘77 E-commerce security Goldwasser-Micali ‘81

I want to purchase “War and Peace”. My credit card number is

EA EB E B ( 1111 2222 3333 4444 ) you E New reduction! C New standard

[DH,M,RSA] Efficient recovery of x from EB(x)

[GM] Efficient distinguishing EB(x) random è Factoring is easy Thm: Factoring hard è secret communication Ask the impossible What else can be done?

- Digital signatures Different settings & - Secret exchange privacy constraints - Oblivious Transfer - Commitments Different reductions to Factoring - Digital cash - Coin Flipping [GMR ’85]- Zero-Knowledge proofs - ………

- Everything!! A unified reduction

(in 2 steps)

Eliminating bad guys

Bad Malicious Fault- guys behavior tolerance

Zero-Knowledge GMW ‘86 New, Compiler complete primitive

Good Honest Privacy / guys But curious Secrecy Dealing with good guys Elections for honest players winner 0 Democrats g Si = 1 Republicans … S1 S2 Si … Sn Elections: g = Majority

- All players learn g(S1,S2,…,Sn) - No subset learns anything more Yao ’86 Oblivious computation GMW ‘87 with secret inputs

1 g(inputs) ∧ 1 V

a b 0 1 Alice Bob V V AND -

0 complete 0 1

V V problem V V

Locality 0 1 1 Secret communication is universal in the complexity-theoretic model

[Yao ‘86, GMW ’87]:

Every task can be performed* privately & securely

*if at most 1/2 of the players misbehave. Secret communication is universal in the information-theoretic model

s2 s3 Analogy! si secret P P3 s1 2 s4

Private P4 P1 Channels [BenOr-Goldwasser-Wigderson ‘90]: Every task can be performed* privately&securely

*if at most 1/3 of the players misbehave. Structure in randomness The power of randomness

- ======Primality Testing Agrawal-Kayal-Saxena’06 - Approximating the volume of convex bodies - Computing large Fourier coefficients - Testing polynomial identities - Factoring polynomials over finite fields - Approximating satisfiability of DNFs - …… Have probabilistic algorithms of polynomial time Best known deterministic algs are exponential

Is this power real?? Where is the perfect randomness coming from??

The Weakness of randomness

Approximating the volume Have probabilistic algorithms Computing large Fourier coefficients of polynomial time Testing polynomial identities Factoring polynomials over finite fields Best known deterministic algs Approximating satisfiability of DNFs …… are exponential

Is this power real?? Where is the perfect randomness coming from??

Only imperfect randomness in the world Thm[B,SV,NZ,……,GUV] Imperfect randomness suffices! Randomness Extraction theory

The world is deterministic Thm[BM,Y,……NW,IW] “P ≠ NP” suffices!! Hardness vs. Randomness

Lower bounds? Introspection – why we fail - To prove general lower bounds, e.g. P ≠ NP

60’s Time hierarchy via Diagonalization 70’s [BGS] Relativizing arguments fail 80’s Circuits lb’s via Approx Method, Rand. Rest. 90’s [RR] Natural proofs fail (*unless factoring easy) 00’s Circuit lb’s via Interactive Proofs 10’s [AW] Algebrizating arguments fails

- To prove avg case, learning, crypto…hardness Black-box methods fail All lead to new results: - Proof complexity lower bounds Introspection - Independence of P vs. NP ? is good! - White-box algorithms and protocols Open P = NP? Can creativity be automated ?

P = BPP? Does randomness help ?

P = BQP? Does quantumness help ?

Is factoring hard? Is Internet security real?

Is multiplication harder than addition? TCS education challenges Algorithms are the language of the future

K-12 education: major addition to math - Efficiency is basic human instinct - More fun – algorithmic problems in games, puzzles,… - Foster improvement & encouragement - Highlight conceptual and intellectual sides

Undergrad, Grad: increase numbers - Growing draw on TCS experts outside the field - Growing need at the core

General public: Make Turing a household name Thanks!