The Complexity of Hardness Amplification and Derandomization
Emanuele Viola Harvard University Ph.D. Defense
May 2006
1 Randomness in Computation
Input Answer (error probability 1%)
• Useful throughout Computer Science – Cryptography – Learning Theory – Complexity Theory
• Question: Is Randomness necessary?
2 Derandomization
• Goal: remove randomness
• Why study derandomization?
• Breakthrough [R ‘04]: Connectivity in logarithmic space (SL = L)
• Breakthrough [AKS ‘02]: Primality in polynomial time (PRIMES 2 P) 3 Randomness vs. Time
• Goal: simulate randomized computation deterministically
• Trivial Derandomization: If A uses n random bits, enumerate all 2n possibilities
Probabilistic polynomial-time ï exponential time BPP ï Time(2poly(n) )
• Strong Belief: BPP = P ( Time(poly(n)) ) Complexity Assumptions ) BPP = P [BFNW,NW,IW,…] 4 Outline
• Overview of derandomization
• Derandomization of restricted models – Application: Hardness Amplification in NP – New derandomization
• Derandomization of general models – BPP vs. PH – Proof of Lower Bound
5 Constant-Depth Circuits • Probabilistic constant-depth circuit (BP AC0 )
V ^ ^ ^ ^ ^ ^ Depth V V V V V V V V
Input Random Bits
• Theorem [N ‘91]: BP AC0 ï Time(npolylog n) – Compare to BP P ï Time(2poly(n) )
6 Application: Avg-Case Hardness of NP
• Study hardness of NP on random instances – Natural question, essential for cryptography
• Currently cannot relate to P ≠ NP [FF,BT,V]
• Hardness amplification Definition: f : {0,1}n ! {0,1} is δ-hard if
for every efficient algorithm M : Prx[M(x) ≠ f(x)] ò δ
f Hardness f ’ Amplification .01-hard (1/2 - ε)-hard 7 Previous Results 0 • Yao’s XOR Lemma: f (x1,…, xn) := f(x1) â 3 â f(xn) f 0 ú (1/2 – 2-n)-hard, almost optimal
• Cannot use XOR in NP: f 2 NP ; f 0 2 NP
• Idea: f´(x ,…, x ) = C( f(x ),…, f(x ) ), C monotone 1 n 1 n 0 – e.g. f(x1) ^ ( f(x2) _ f(x3) ). f 2 NP ) f 2 NP
• Theorem [O’D]: There is C s.t. f 0 ú (1/2 – 1/n)-hard
• Barrier: No monotone C can do better! 8 Our Result on Hardness Amplification
• Theorem [HVV]: Amplification in NP up to ú 1/2 - 2-n – Matches the XOR Lemma
• Technique: Derandomize! n Intuitively, f´ := C( f(x1),…, f(xn), … … f(x2 ) ) f´ (1/2 – 1/2n )-hard by previous result
Problem: Input length = 2n f ’ Note C is constant-depth C n f(x1),…, f(xn), … … f(x2 ) Derandomize: input length ! n, keep hardness 9 Outline
• Overview of derandomization
• Derandomization of restricted models – Application: Hardness Amplification in NP – New derandomization
• Derandomization of general models – BPP vs. PH – Proof of Lower Bound
10 Previous Results
V • Recall Theorem [N]: ^ ^ ^ ^ ^ ^ BP AC0 ï Time(npolylog n) V V V V V V V V
• But AC0 is weak: Majority ∉ AC0 ƒ – Majority(x1,…,xn) := i xi > n/2 ? Maj • Theorem [LVW]: BP Maj AND ï Time(2nε) ^ ^ ^ ^ ^ ^
• Derandomize incomparable classes 11 Our New Derandomization • Theorem [V] : BP Maj AC0 ï Time(2nε) Derandomize Maj constant-depth circuits _ _ _ _ Maj with few Majority gates = ^ ^ Maj ^ ^ ^ ^
Input Random Bits
• Improves on [LVW]. Slower than [N] but richer richest probabilistic circuit class in Time(2nε)
• Techniques: Communication complexity + [BNS,HG,H,HM,CH] switching lemma 12 Outline
• Overview of derandomization
• Derandomization of restricted models – Application: Hardness Amplification in NP – New derandomization
• Derandomization of general models – BPP vs. PH – Proof of Lower Bound
13 BPP vs. POLY-TIME HIERARCHY • Probabilistic Polynomial Time (BPP): for every x, Pr [ M(x) errs ] ó 1%
• Strong belief: BPP = P [NW,BFNW,IW,…] Still open: BPP ï NP ?
• Theorem [SG,L; ‘83]: BPP ï Σ2 P
• Recall
NP = Σ1 P ! 9 y M(x,y) Σ2 P ! 9 y 8 z M(x,y,z)
14 The Problem we Study • More precisely [SG,L] give 2 BPTime(t) ï Σ2Time( t )
• Question[Rest of this Talk]: Is quadratic slow-down necessary?
• Motivation: Lower bounds Know NTime ≠ Time on some models [P+,F+,…] Technique: speed-up computation with quantifiers ≠ 2 To prove NTime BPTime cannot afford Σ2Time( t )
15 Approximate Majority • Input: R = 101111011011101011
• Task: Tell Pri [ Ri = 1] ò 99% from Pri [ Ri = 1] ó 1%
Do not care if Pri [ Ri = 1] ~ 50% (approximate)
• Model: Depth-3 circuit V
^ ^ ^ ^ ^ ^ Depth V V V V V V V V
R = 101111011011101011 16 The connection [FSS] M(x;u) 2 BPTime(t) R = 11011011101011 t |R| = 2 Ri = M(x;i) Compute M(x):
Tell Pru[M(x) = 1] ò 99% Compute Appr-Maj from Pru[M(x) = 1] ó 1% V BPTime(t) ï Σ Time(t’) 2 ^ ^ ^ ^ ^ ^ = 9 8 Time(t’) V V V V V V V V 3 f 3 101111011011101011 Running time t’ Bottom fan-in f = t’ / t – run M at most t’/t times 17 Our Results
• Theorem[V] : Small depth-3 circuits for Approximate Majority on N bits have bottom fan-in Ω(log N)
• Corollary: Quadratic slow-down necessary for relativizing techniques: A A 1.99 BPTime (t) ï Σ2Time (t )
5 • Theorem[DvM,V]: BPTime (t) ï Σ3Time (t Ç log t)
– Previous result [A]: BPTime (t) ï ΣO(1)Time( t )
• For time, the level is the third! 18 Outline
• Overview of derandomization
• Derandomization of restricted models – Application: Hardness Amplification in NP – New derandomization
• Derandomization of general models – BPP vs. PH – Proof of Lower Bound
19 Our Negative Result
• Theorem[V]: 2Nε-size depth-3 circuits for Approximate Majority on N bits have bottom fan-in f = Ω(log N)
• Recall: V ^ ^ ^ ^ ^ ^
V V V V V V V V 3 f 3 R = 101111011011101011 |R| = N
Tells R 2 YES := { R : Pri [ Ri = 1] ò 99% }
from R 2 NO := { R : Pri [ Ri = 1] ó 1% } 20 Proof • Circuit is OR of s V
depth-2 circuits C1 C2 C3 3 3 Cs
• By definition of OR :
R 2 YES ) some Ci (R) = 1 R 2 NO ) all Ci (R) = 0
• By averaging, fix C = Ci s.t. PrR 2 YES [C (x) = 1 ] ò 1/s 8 R 2 NO ) C (R) = 0
ó log N • Claim: Impossible if C has bottom fan-in ε 21 CNF Claim • Depth-2 circuit ) CNF ^
V V V V V (x1Vx2V:x3 ) ^ (:x4) ^ (x5Vx3)
x1 x2 x3 … xN bottom fan-in ) clause size
• Claim: All CNF C with clauses of size εÇlog N Nε Either PrR 2 YES [C (x) = 1 ] ó 1 / 2 or there is R 2 NO : C(x) = 1
• Note: Claim ) Theorem 22 Nε Either PrR 2 YES [C(x)=1]ó1/2 or 9 R 2 NO : C(x) = 1 Proof Outline
• Definition: S ï {x1,x2,…,xN} is a covering if every clause has a variable in S
E.g.: S = {x3,x4} C = (x1Vx2V:x3 ) ^ (:x4) ^ (x5Vx3)
• Proof idea: Consider smallest covering S
Nε Case |S| BIG : PrR 2 YES [C (x) = 1 ] ó 1 / 2
Case |S| tiny : Fix few variables and repeat
23 Nε Either PrR 2 YES [C(x)=1]ó1/2 or 9 R 2 NO : C(x) = 1 Case |S| BIG
δ δ • |S| ò N ) have N /(εÇlog N) disjoint clauses Γi – Can find Γi greedily
• PrR 2 YES [C(R) = 1] ó Pr [ 8 i, Γi(R) = 1 ]
= ∏i Pr[ Γi(R) = 1] (independence)
εlog N O(ε) ó ∏i (1 – 1/100 ) = ∏i (1 – 1/N )
= 1 – 1/NO(ε) |S| ó e-NΩ(1) ( ) 24 Nε Either PrR 2 YES [C(x)=1]ó1/2 or 9 R 2 NO : C(x) = 1 Case |S| tiny • |S| < Nδ ) Fix variables in S
– Maximize PrR 2 YES [C(x)=1]
• Note: S covering ) clauses shrink Example x3 £ 0 (x1Vx2Vx3 ) ^ (:x3) ^ (x5V:x4) (x1Vx2 ) ^ (x5) x4 £ 1
• Repeat Consider smallest covering S’, etc.
25 Nε Either PrR 2 YES [C(x)=1]ó1/2 or 9 R 2 NO : C(x) = 1 Finish up • Recall: Repeat ) shrink clauses So repeat at most εÇlog N times
• When you stop: Either smallest covering size ò Nδ Or C = 1 Fixed ó (εÇlog N) Nδ ü N vars. Set rest to 0 ) R 2 NO : C(R) = 1
Q.E.D. 26 Conclusion • Derandomization: powerful technique
• Restricted models: Constant-depth circuits (AC0) – Derandomization of AC0 [N] – Application: Hardness Amplification in NP [HVV] – Derandomization of AC0 with few Maj gates [V]
• General models: BPP vs. PH 2 – BPTime(t) ï Σ2Time( t ) [SG,L] 1.99 – BPTime (t) ï Σ2Time (t ) (w.r.t. oracle) [V] Lower Bound for Approximate Majority 27 Thank you!
28