160 likes | 277 Views
Pseudorandom Generators and Typically-Correct Derandomization. Jeff Kinne , Dieter van Melkebeek University of Wisconsin-Madison Ronen Shaltiel University of Haifa. Overview. New approach based on PRGs simpler proofs, new results Difficulty of typically-correct derand?
E N D
Pseudorandom Generators andTypically-Correct Derandomization Jeff Kinne, Dieter van MelkebeekUniversity of Wisconsin-Madison Ronen Shaltiel University of Haifa
Overview • New approach based on PRGs • simpler proofs, new results • Difficulty of typically-correct derand? • Small # errors: implies circuit lower bounds • Large # errors: cannot be with relativizing techniques or arithmetization • Typically-Correct Derandomization • Allowed to make small # of errors Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
The Power of Randomness? • Is randomness more powerful for … • Time-Bounded Algs? • Interactive Proofs? • Space-Bounded Algs? BPP P Circuit Testing PRIMES AM Does BPP = P? NP Graph Non-Iso BPL L UndirectedSTCON Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Does BPP = P? • B(x) = Majρ(A(x, G(ρ)) decides L if G is PRG secure againstcircuits A(x, ∙) • [NW, IW, STV, SU, …]E ⊈ SIZE(2εn) ⇒ PRG G with ℓ = O(log n),computable in time 2O(ℓ) ⇒ BPP=P BPP lang L Randomized Machine A(x, r) x∈L x∉L reject accept reject accept G({0,1}ℓ) Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Difficulty of Proving BPP=P • Can we prove BPP=P without circuit lower bounds? • No: [KI] BPP ⊆ NSUBEXP ⇒ NEXP ⊈ P/poly or PERM ⊈ Arith-P/poly • Further: cannot prove BPP ⊆ NSUBEXP with relativizing techniques or arithmetization • What if we relax the goal? • [IW, …] “heuristic” derand if BPP≠ EXP • [GW, …] typically-correct derandomization Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Typically-Correct Derandomization • More efficient derandomizations? • Weaker (or no) hardness assumptions? • How to leverage ability to make errors? • Extractors [GW] • Seedless Extractors [Sha] • PRGs – this work • Randomized Algorithm A(x, r) computing lang L • B typically-correct for L: makes at most δ·2n errors Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Extract Randomness from Input [GW] • If(1)most r good for all x and (2) |r| < |x| • B(x) = A(x, x)makes few errors • Make error very small: B(x) = Majy(A(x, E(x,y))) • BPP: ifP hard-on-average for SIZESAT(nd)use PRG to Randomized Algorithm A(x, r) computing lang L Deterministic simulation B(x) = A(x, E(x)) Subsequent work: [vMS], [Zim], [Sha] Set of all r ≈ set of all x “good” r •x Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Extract Randomness from Input [Sha] • B(x) = A(x, E(x)), assume |r| ≤ |x| • If E seedless 2-Ω(|r|)-extractor for distributionsthen B typically-correct • Use PRG to get |r| ≤ |x| • BPP: if P very hard-on-average for SIZE(nd) Randomized Algorithm A(x, r) computing lang L Set of all r Set of all x, fixed good r A(x,r)=L(x) “good” r Unconditional results for AC0, streaming algs, … Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Pseudorandom Generator Approach • B(x) = A(x, E(x)) • G(x) = (x, E(x)) is ε-PRG for T ⇒ |Prx,r[A(x,r)≠L(x)] – Prx[A(G(x))≠L(x)]| ≤ ε ⇒ Prx[A(x,E(x))≠L(x)] ≤ ρ+ε Randomized Algorithm A(x, r) computing lang L All (x, r) pairs A(x,r)=L(x) Fixed x A(x,r)=L(x) Prr[A(x,r)≠L(x)] ≤ ρ ≤ 1/3 Prx,r[A(x,r)≠L(x)] ≤ ρ test T(x, r) G ε-PRG for test Tr’(x,r): A(x,r)≠A(x,r’) ⇒ Prx[A(x,E(x))≠L(x)] ≤ 3ρ+ε Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Pseudorandom Generator Approach • Can PRG’s be seed-extending? • Cryptographic – No! • Derandomization – Yes! [NW, STV, SU, …] • Compare to traditional use of PRG • B only runs G once – very efficient if G is • Compare to [GW], [Sha] • PRG is already enough! Randomized Algorithm A(x, r) computing lang L B(x) = A(G(x)), G is seed-extending PRG Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
New Typically-Correct Derand Results • BPP: P 1/nc-hard for SIZE(nd)⇒ B in P and within 1/nc of L • Similar conditional results for AM, BPL, … Randomized Algorithm A(x, r) computing lang L B(x) = A(x, NWH(x)) NWH based on hardness of H Weaker than [GW], [Sha] Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
New Typically-Correct Derand Results • AC0 with few symmetric gates: A uses o(log2n) symm gates, error ρ≤ 1/3 ⇒ B in AC0[sym] and within ρ+n-Ω(log n) of L • Other settings: multi-party comm, … Randomized Algorithm A(x, r) computing lang L B(x) = A(x, NWH(x))NWH based on hardness of H Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Comparison with [Sha] • All results of [Sha] by PRG approach E is a seedless 2-Ω(|r|)-extractor fordistributions ≈ {x | A(x, r) = A(x,r’)} [Sha] A(x, E(x)) typically-correct for L (x, E(x)) is a 2-Ω(|r|)-PRG for tests T(x,r): A(x,r) ≠ A(x,r’) Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Difficulty of Proving Typ-Cor Derand • Typically-correct derandomization without circuit lower bounds? • No for small error: If NTIME(2nε) computes circuit-testing with ≤ 2nε errors, then • NEXP ⊈ P/poly, or • Permanent ⊈ Arithmetic-P/poly • Large error: no for relativizing techniques or arithmetization [AW] • oracle A, low-deg ext à of A s.t. BPTIMEA(O(n)) is (1/2-2-Ω(n))-hard for NTIMEÃ(2n) Simpler proof for everywhere-correct setting Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Recap • New seed-extending PRG approach • Unconditional results in some settings! • But, for BPP: unconditional results difficult • Typically-Correct Derandomization • Allowed to make small # of errors Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Thanks! * Full paper and slides available from my website Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel