Download
1 / 17
170 likes | 269 Views
Pseudorandom Generators, Typically-Correct Derandomization, and Circuit Lower Bounds. Jeff Kinne , Dieter van Melkebeek University of Wisconsin-Madison Ronen Shaltiel University of Haifa. The Power of Randomness?. Is randomness more powerful for … Polynomial-time Algorithms?.
E N D
Pseudorandom Generators,Typically-Correct Derandomization, and Circuit Lower Bounds Jeff Kinne, Dieter van MelkebeekUniversity of Wisconsin-Madison Ronen Shaltiel University of Haifa
The Power of Randomness? • Is randomness more powerful for … • Polynomial-time Algorithms? • Weaker Derandomization • [IW] “heuristic” • [GW]“typically-correct” BPP P Circuit Testing PRIMES • Does BPP = P? • Yes, if pseudorandom generators • Yes, if circuit lower bounds[NW, IW, …] • Not without circuit lower bounds[KI] Random strings reject accept Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Typically-Correct Derandomization • More efficient derandomizations? • Weaker (or no) hardness assumptions? • How to leverage ability to make errors? Randomized Algorithm A(x, r) computing L Typically-correct: B(x) = L(x) except for ≤ε·2n x’s • Our Contributions • New approach based on PRGs • Simpler proofs, new derandomizations • Implies circuit lower bounds Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Previous Approaches to Typically-Correct Derandomization Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Goldreich and Wigderson • If(1) |r| < |x| and (2)most r correct for all x • B(x) = A(x, x)makes few mistakes • Make error very small: B(x) = Majy(A(x, E(x,y))) • BPP: hardness assumption ⇒ PRG ⇒ A satisfies Randomized Algorithm A(x, r) computing L Deterministic simulation B(x) = A(x, E(x)) Subsequent work: [vMS], [Zim], [Sha] Set of all r ≈ set of all x “perfect” r •x Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
E is 2-Ω(m)-extractor for {x | A(x,r) = L(x)}, fixed r • Use PRG to get |r| < |x| • BPP: hardness assumption ⇒ seedless extractor • Unconditional results for AC0, streaming algs, … Shaltiel • Goal: Prx[A(x,E(x)) = L(x)] ≈ Prx,r[A(x,r) = L(x)] ≥1-ρ Left hand side:Σr∊{0,1}mPrx[A(x,r) = L(x)]·Prx[E(x) = r | A(x,r) = L(x)] Right hand side:Σr∊{0,1}mPrx[A(x,r) = L(x)]·Prx[Um = r | A(x,r) = L(x)] Randomized Algorithm A(x, r) computing L Deterministic simulation B(x) = A(x, E(x)) ≈ 2-m Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Pseudorandom Generator Approach to Typically-Correct Derandomization Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Pseudorandom Generator Approach Randomized Algorithm A(x, r) computing L Deterministic simulation B(x) = A(x, E(x)) • E pseudorandom even with seed revealed • G a “seed-extending” PRG, G(x) = x, E(x) = A(G(x)) Goal: Prx[A(G(x)) = L(x)] ≈ Prx,r[A(x, r) = L(x)] ≥ 1-ρ G is pseudorandom against test that checks if A(x, r) = L(x) Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Pseudorandom Generator Approach • Can PRG’s be seed-extending? • Cryptographic – No! • Derandomization – Yes! [NW, …] • Different use of PRG • B only runs G once, only need poly stretch • Compare to [GW], [Sha] (PRG + extractor) • PRG is already enough! Randomized Algorithm A(x, r) computing L B(x) = A(G(x)), G a seed-extending PRG Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
New Results • New conditional typically-correct derandomizations • New unconditional typically-correct derandomizations Randomized Algorithm A(x, r) computing L Deterministic simulation: B(x) = A(x, NWH(x)) NWH based on hardness of H Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
New Conditional Results • Deterministic polynomial-time simulations of BPP • Similar conditional results for AM, BPL, … # mistakes Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
New Unconditional Results • AC0 with few symmetric gates: A uses o(log2n) sym gates, error ρ≤ 1/3 ⇒ B in AC0[sym] and B(x) = L(x) for all but ρ+n-ω(1) fraction of x • Other settings: multi-party communication Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
PRGs More General than [Sha] • ⇒ PRG approach can prove all of [Sha] E is a seedless 2-Ω(|r|)-extractor fordistributions ≈ {x | A(x, r) = L(x)} [Sha] A(x, E(x)) = L(x) for all but ≈ ρ fraction of x (x, E(x)) is a 2-Ω(|r|)-PRG for tests that check if A(x,r)=L(x) Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Typically-Correct Derandomizationof BPP Implies Circuit Lower Bounds Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Difficulty of Proving Typ-Cor Derand • [KI]BPP ⊆ NSUBEXP ⇒ NEXP ⊈ P/poly or PERM ∉ Arith-P/poly • Does typically-correct derandomization of BPP imply circuit lower bounds? • Yes for small error: NSUBEXP computes BPP with ≤ 2nε errors • Large error: relativizing techniques and arithmetization alone cannot settle Error rate of [GW] Simpler proof for everywhere-correct setting Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Recap • New seed-extending PRG approach • simpler proofs, weaker hardness conditions • unconditional results in some settings! • BPP setting: implies circuit lower bounds, ... Typically-Correct Derandomization: allowed to make small # of mistakes Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Thanks! * Full paper and annotated slides available from my website Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
