# Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.

## Presentation on theme: "Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka."— Presentation transcript:

Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka

Two Major Challenges 1.Prove circuit lower bounds. – EXP does not have poly-size circuits. 2.Derandomize algorithms. Hardness vs. Randomness paradigm – (1) implies (2) [Nisan-Wigderson, BFNW,…] – Almost equivalent [Kabanets-Impagliazzo …]

Pseudorandom Generators PRG fools class F of functions if |Pr[f(U n )=1] - Pr[f(PRG(U d ))=1]| ε. Cryptography: e.g., F=BPTIME(n log n ). – Equivalent to one-way functions [HILL]. Derandomizing BPP: F=n c -size circuits. – Need unproven lower bound assumptions. What F, d without unproven assumptions? PRG pseudorandomrandom seed n d

Pseudorandom Generators PRG fools class F of functions if |Pr[f(U n )=1] - Pr[f(PRG(U d ))=1]| ε. PRG fooling {f | size M (f)s} with seed length s 1/c implies g in NP with size M (g)n c. Can we achieve converse: does g in P with size M (g)n c imply PRG with seed of length s 1/c ? Previous work gives nothing in this case. PRG pseudorandomrandom seed n d

New Results Construct such near optimal PRGs if lower bound is proved via shrinkage. Obtain following seed lengths to fool size s, error = 1/poly. – Formulas over {,,NOT}: s 1/3+o(1) – Formulas over arbitrary basis: s 1/2+o(1) – Read-once formulas over {,,NOT}: s.234… – Branching programs: s 1/2+o(1)

Previous Work Seed length (1-α)n fooling read-once formulas and read-once branching programs of width 2 αn, α>0 small enough constant. [Bogdanov, Papakonstantinou, Wan]. For ROBPs reading bits in known order, seed length O(log 2 n) [Nisan,…].

Random Restrictions Choose random restriction ρ, fraction p unset. E[size(f| ρ )] p size(f), size(formula)= # leaves. Whp size(f| ρ ) 2p size(f). Holds even if ρ chosen k-wise independently.

Shrinkage Exponent Random ρ, fraction p unset. Shrinkage Γ: E[size(f| ρ )] = O(p Γ s). Example: Formulas. – Formulas over arbitrary basis: Γ = 1. – Formulas over DM={,,NOT}: Γ = 2 [Subbotovskaya 61, …., Hastad 93] – Read-once formulas over DM: Γ = 3.27… [Paterson-Zwick 91, Hastad-Razborov-Yao 95] General circuits: Γ = 0.

Branching Programs Layered, ordered, read-once BPs needed for PRG for Space Size = # edges 2wn. Γ = 1: size of shrunken BP proportionally to |{unfixed vars}|. |{layered, ordered ROBPs}| w 2wn. We consider arbitrary BPs, reading bits in arbitrary order. n+1 layers width w 0 0 1 1 x1x1 x2x2 acc rej

PRGs from Shrinkage Random ρ, fraction p unset. Shrinkage Γ: E[size(f| ρ )] = O(p Γ s). Shrinkage Γ n Γ+1 /polylog(n) lower bounds [Andreev]. Main theorem: High probability shrinkage Γ wrt pseudorandom restrictions gives PRG with seed length s 1/(Γ+1) + o(1). Showing shrinkage wrt pseudorandom restrictions is nontrivial when Γ 1.

Outline Background on Randomness Extractors New Theorem about Old PRG New PRG Correctness Proof Pseudorandom Restrictions Conclusions

Weak Random Source […CG 85 Z 90] Random variable X on {0,1} r. General model: min-entropy Flat source: – Uniform on A, |A| 2 k. |A| 2 k {0,1} r

How Arise in PRGs Condition on information – E.g., TM configuration Uniform X in {0,1} r, f:{0,1} r {0,1} b. f regular: H (X|f(X) = a) = r - b. Any f: Pr a=f(X) [H (X|f(X) = a) r – b – Δ] 1-2 -Δ.

Randomness Extractor [Nisan-Z 93,…, Guruswami-Umans-Vadhan 07] Ext r bits m =.99k bits statistical error d=O(log (r/ε)) random bit seed Y

Extractor-Based PRG for Read-Once Branching Programs [Nisan-Z 93] Basic PRG: G(x, y 1,…, y t )=Ext(x,y 1 )…Ext(x,y t ) Parameters: r = |x| = 2n d = |y i | = O(log n) t = m = |Ext(x,y i )| = n

PRG for Ordered Read-Once BPs G(x, y 1,…, y t )=Ext(x,y 1 )…Ext(x,y t ) Condition on v reached after reading up to Ext(X,Y i-1 ). Whp H (X|reach v) |x| – log w - Δ. Hence Ext(X,Y i ) uniform. n+1 layers width w 0 0 1 1 z1z1 z2z2 acc rej v

New: Same PRG works if bits read in any order z 1,z 2,…,z m can appear anywhere. Still, after fixing all z i, i>m, restricted function is a ROBP on z 1,z 2,…,z m read in the same order as original ROBP. n+1 layers width w 0 0 1 1 z 41 z 26 acc rej

New: Works if bits read in any order PRG: G(x, y 1,…, y t )=Ext(x,y 1 )…Ext(x,y t ). D=distribution of PRG output, U=Unif({0,1} n ). Suppose |Pr[f(D)=1] – Pr[f(U)=1]| > δ. Let Z i =Ext(X,Y i ), U i =Unif({0,1} m ). Hybrid argument. Let D i = (U 1,…,U i,Z i+1,…,Z t ). D 0 =D, D t =U. Exists i: |Pr[f(D i )=1] – Pr[f(D i-1 =1)]| > δ/t. Changing Z i =Ext(X,Y i ) to U i changes Pr[accept].

New: Works if bits read in any order Exists i: |Pr[f(D i )=1] – Pr[f(D i-1 =1)]| > δ/t. Changing Z i =Ext(X,Y i ) to U i changes Pr[accept]. Consider ρ = (Z 1,…,Z i-1,**…*,U i+1,…,U t ) Then g = f| ρ is a ROBP on m bits. f(D i )=g(Z i ), f(D i-1 )=g(U i ). Goal: whp g(Z i ) g(U i ). Only w 2wm possibilities for g. Whp, H (X|G=g) r – 2mw log w - Δ. Conditioned on any such g, Ext(X,Y i ) U i.

General Branching Programs Even PRG for unordered ROBPs is new – Our seed length is O((wn) log n) – Previous was (1-α)n [Bogdanov, Papakonstantinou, Wan] – Known order: O(log 2 n) [Nisan,…]. What if not read once? – Some variables could be read many times. – Pseudorandomly permute variables before construction. – Gives seed length size(f) ½+o(1). What about formulas? General reduction?

General PRG Construction Assume have pseudorandom restrictions which give shrinkage Γ whp. ρ 1 = 0 1 * 1 1 0 1 1 * 0 0 1 0 * 0 1 0 0 1 1 1 ρ 2 = 0 0 1 0 1 0 * 0 1 1 0 1 * 0 1 1 0 * * 1 0 … ρ t = * 0 1 0 1 1 * 1 * 0 0 1 0 0 0 1 * 0 1 1 1 Set t=c(log n)/p so whp all columns have *.

General PRG Construction ρ 1 = 0 1 * 1 1 0 1 1 * 0 0 1 0 * 0 1 0 0 1 1 1 ρ 2 = 0 0 1 0 1 0 * 0 1 1 0 1 * 0 1 1 0 * * 1 0 … ρ t = * 0 1 0 1 1 * 1 * 0 0 1 0 0 0 1 * 0 1 1 1 Choose X, Y 1,…,Y t randomly. Replace *s in i th row with Ext(X,Y i ). PRG output = XOR of resulting strings.

Correctness Proof D=distribution of PRG output, U=uniform. Suppose |Pr[f(D)=1] – Pr[f(U=1)]| > δ. Let Z i =Ext(X,Y i ). Hybrid argument. Change Z 1,…,Z i to U 1,…,U i to get D i. D t U: Whp *s cover all columns. Exists i: |Pr[f(D i )=1] – Pr[f(D i-1 =1)]| > δ/t. Changing Z i to U i changes Pr[f accepts].

Correctness Proof Exists i: changing Z i =Ext(X,Y i ) to U i changes Pr[f accepts]. Fix everything but ρ=ρ i, Z i, U i. Let v = i th row. Let f i (v) = f(v+w), w = XOR of rows except i th. Let g = f i | ρ, so g(v| A ) = f i (v), A = *s of ρ. f(D i )=g(Z i ), f(D i-1 )=g(U i ). Goal: whp g(Z i ) g(U i ). E=event that size(g) s=cp Γ size(f i ). Pr[E] 1-ε. Conditioned on E, g describable by b s log s bits. Whp, H (X|E,G=g) r – b - Δ. Whp conditioned on E and G=g, Ext(X,Y i ) U i.

Improving the PRG To get nearly optimal output length for Γ > 1, replace *s with G k-wise (Ext(X,Y i )).

Pseudorandom Restrictions Need pseudorandom restrictions that yield shrinkage. BPs and formulas over arbitrary basis: – clog n wise independence suffices. – Deal with heavy variables separately. Formulas over {,,NOT}, incl. read-once: – More work. – Hastad and Hastad-Razborov-Yao as black boxes. – They only guarantee shrinkage in expectation for truly random restrictions.

Proof Idea Decompose formula: O(n/k) subformulas of size k=n o(1). Use k 2 -wise independence. Goal: p n -1/(Γ+1). Too small here. Instead, shrink by q k -.1 and iterate.

Unrestrictable inputs Many subformulas have inputs that must = *. Does shrinkage for random restrictions imply shrinkage when some inputs must = *? Further decomposition: each subformula has 2 such inputs. h such inputs increase size by 2 h. – For each setting of variables have subformula. – Combine with selector formula.

Read-Once Formulas Need different trick for read-once formula. g small but unlikely to shrink to nothing. * * gg

Dependencies Read-once case: k-wise independence. Read-t case: Consider independent sets in dependency graph on subformulas. General case: tricky dependencies.

Conclusions New, extractor-based PRG based on shrinkage. Without improving lower bounds, essentially best possible PRGs for: – Formulas over {,,NOT}: s 1/3+o(1) seed length. – Formulas over arbitrary basis: s 1/2+o(1) – Read-once formulas over {,,NOT}: s.234… – Branching programs: s 1/2+o(1)

Open Questions Better PRGs for unordered ROBPs? – Can we recurse somehow? – Subsequent work: Reingold-Steinke-Vadhan give O(log 2 n) seed for unordered permutation ROBPs. PRGs from other lower bound techniques? – Subsequent work: Trevisan-Xue on PRGs for AC0. Improve lower bounds? – Our PRG gives alternate function f: formula-size(f) n 3-o(1), matching Hastad/Andreev. – Subsequent: average-case lower bound of n 3-o(1) [Komargodski-Raz-Tal] (improving [Komargodski-Raz])

Thank you!

Download ppt "Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka."

Similar presentations