Download presentation

Presentation is loading. Please wait.

Published byLilly Bundy Modified over 3 years ago

1
Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka

2
Two Major Challenges 1.Prove circuit lower bounds. – EXP does not have poly-size circuits. 2.Derandomize algorithms. Hardness vs. Randomness paradigm – (1) implies (2) [Nisan-Wigderson, BFNW,…] – Almost equivalent [Kabanets-Impagliazzo …]

3
Pseudorandom Generators PRG fools class F of functions if |Pr[f(U n )=1] - Pr[f(PRG(U d ))=1]| ε. Cryptography: e.g., F=BPTIME(n log n ). – Equivalent to one-way functions [HILL]. Derandomizing BPP: F=n c -size circuits. – Need unproven lower bound assumptions. What F, d without unproven assumptions? PRG pseudorandomrandom seed n d

4
Pseudorandom Generators PRG fools class F of functions if |Pr[f(U n )=1] - Pr[f(PRG(U d ))=1]| ε. PRG fooling {f | size M (f)s} with seed length s 1/c implies g in NP with size M (g)n c. Can we achieve converse: does g in P with size M (g)n c imply PRG with seed of length s 1/c ? Previous work gives nothing in this case. PRG pseudorandomrandom seed n d

5
New Results Construct such near optimal PRGs if lower bound is proved via shrinkage. Obtain following seed lengths to fool size s, error = 1/poly. – Formulas over {,,NOT}: s 1/3+o(1) – Formulas over arbitrary basis: s 1/2+o(1) – Read-once formulas over {,,NOT}: s.234… – Branching programs: s 1/2+o(1)

6
Previous Work Seed length (1-α)n fooling read-once formulas and read-once branching programs of width 2 αn, α>0 small enough constant. [Bogdanov, Papakonstantinou, Wan]. For ROBPs reading bits in known order, seed length O(log 2 n) [Nisan,…].

7
Random Restrictions Choose random restriction ρ, fraction p unset. E[size(f| ρ )] p size(f), size(formula)= # leaves. Whp size(f| ρ ) 2p size(f). Holds even if ρ chosen k-wise independently.

8
Shrinkage Exponent Random ρ, fraction p unset. Shrinkage Γ: E[size(f| ρ )] = O(p Γ s). Example: Formulas. – Formulas over arbitrary basis: Γ = 1. – Formulas over DM={,,NOT}: Γ = 2 [Subbotovskaya 61, …., Hastad 93] – Read-once formulas over DM: Γ = 3.27… [Paterson-Zwick 91, Hastad-Razborov-Yao 95] General circuits: Γ = 0.

9
Branching Programs Layered, ordered, read-once BPs needed for PRG for Space Size = # edges 2wn. Γ = 1: size of shrunken BP proportionally to |{unfixed vars}|. |{layered, ordered ROBPs}| w 2wn. We consider arbitrary BPs, reading bits in arbitrary order. n+1 layers width w 0 0 1 1 x1x1 x2x2 acc rej

10
PRGs from Shrinkage Random ρ, fraction p unset. Shrinkage Γ: E[size(f| ρ )] = O(p Γ s). Shrinkage Γ n Γ+1 /polylog(n) lower bounds [Andreev]. Main theorem: High probability shrinkage Γ wrt pseudorandom restrictions gives PRG with seed length s 1/(Γ+1) + o(1). Showing shrinkage wrt pseudorandom restrictions is nontrivial when Γ 1.

11
Outline Background on Randomness Extractors New Theorem about Old PRG New PRG Correctness Proof Pseudorandom Restrictions Conclusions

12
Weak Random Source […CG 85 Z 90] Random variable X on {0,1} r. General model: min-entropy Flat source: – Uniform on A, |A| 2 k. |A| 2 k {0,1} r

13
How Arise in PRGs Condition on information – E.g., TM configuration Uniform X in {0,1} r, f:{0,1} r {0,1} b. f regular: H (X|f(X) = a) = r - b. Any f: Pr a=f(X) [H (X|f(X) = a) r – b – Δ] 1-2 -Δ.

14
Randomness Extractor [Nisan-Z 93,…, Guruswami-Umans-Vadhan 07] Ext r bits m =.99k bits statistical error d=O(log (r/ε)) random bit seed Y

15
Extractor-Based PRG for Read-Once Branching Programs [Nisan-Z 93] Basic PRG: G(x, y 1,…, y t )=Ext(x,y 1 )…Ext(x,y t ) Parameters: r = |x| = 2n d = |y i | = O(log n) t = m = |Ext(x,y i )| = n

16
PRG for Ordered Read-Once BPs G(x, y 1,…, y t )=Ext(x,y 1 )…Ext(x,y t ) Condition on v reached after reading up to Ext(X,Y i-1 ). Whp H (X|reach v) |x| – log w - Δ. Hence Ext(X,Y i ) uniform. n+1 layers width w 0 0 1 1 z1z1 z2z2 acc rej v

17
New: Same PRG works if bits read in any order z 1,z 2,…,z m can appear anywhere. Still, after fixing all z i, i>m, restricted function is a ROBP on z 1,z 2,…,z m read in the same order as original ROBP. n+1 layers width w 0 0 1 1 z 41 z 26 acc rej

18
New: Works if bits read in any order PRG: G(x, y 1,…, y t )=Ext(x,y 1 )…Ext(x,y t ). D=distribution of PRG output, U=Unif({0,1} n ). Suppose |Pr[f(D)=1] – Pr[f(U)=1]| > δ. Let Z i =Ext(X,Y i ), U i =Unif({0,1} m ). Hybrid argument. Let D i = (U 1,…,U i,Z i+1,…,Z t ). D 0 =D, D t =U. Exists i: |Pr[f(D i )=1] – Pr[f(D i-1 =1)]| > δ/t. Changing Z i =Ext(X,Y i ) to U i changes Pr[accept].

19
New: Works if bits read in any order Exists i: |Pr[f(D i )=1] – Pr[f(D i-1 =1)]| > δ/t. Changing Z i =Ext(X,Y i ) to U i changes Pr[accept]. Consider ρ = (Z 1,…,Z i-1,**…*,U i+1,…,U t ) Then g = f| ρ is a ROBP on m bits. f(D i )=g(Z i ), f(D i-1 )=g(U i ). Goal: whp g(Z i ) g(U i ). Only w 2wm possibilities for g. Whp, H (X|G=g) r – 2mw log w - Δ. Conditioned on any such g, Ext(X,Y i ) U i.

20
General Branching Programs Even PRG for unordered ROBPs is new – Our seed length is O((wn) log n) – Previous was (1-α)n [Bogdanov, Papakonstantinou, Wan] – Known order: O(log 2 n) [Nisan,…]. What if not read once? – Some variables could be read many times. – Pseudorandomly permute variables before construction. – Gives seed length size(f) ½+o(1). What about formulas? General reduction?

21
General PRG Construction Assume have pseudorandom restrictions which give shrinkage Γ whp. ρ 1 = 0 1 * 1 1 0 1 1 * 0 0 1 0 * 0 1 0 0 1 1 1 ρ 2 = 0 0 1 0 1 0 * 0 1 1 0 1 * 0 1 1 0 * * 1 0 … ρ t = * 0 1 0 1 1 * 1 * 0 0 1 0 0 0 1 * 0 1 1 1 Set t=c(log n)/p so whp all columns have *.

22
General PRG Construction ρ 1 = 0 1 * 1 1 0 1 1 * 0 0 1 0 * 0 1 0 0 1 1 1 ρ 2 = 0 0 1 0 1 0 * 0 1 1 0 1 * 0 1 1 0 * * 1 0 … ρ t = * 0 1 0 1 1 * 1 * 0 0 1 0 0 0 1 * 0 1 1 1 Choose X, Y 1,…,Y t randomly. Replace *s in i th row with Ext(X,Y i ). PRG output = XOR of resulting strings.

23
Correctness Proof D=distribution of PRG output, U=uniform. Suppose |Pr[f(D)=1] – Pr[f(U=1)]| > δ. Let Z i =Ext(X,Y i ). Hybrid argument. Change Z 1,…,Z i to U 1,…,U i to get D i. D t U: Whp *s cover all columns. Exists i: |Pr[f(D i )=1] – Pr[f(D i-1 =1)]| > δ/t. Changing Z i to U i changes Pr[f accepts].

24
Correctness Proof Exists i: changing Z i =Ext(X,Y i ) to U i changes Pr[f accepts]. Fix everything but ρ=ρ i, Z i, U i. Let v = i th row. Let f i (v) = f(v+w), w = XOR of rows except i th. Let g = f i | ρ, so g(v| A ) = f i (v), A = *s of ρ. f(D i )=g(Z i ), f(D i-1 )=g(U i ). Goal: whp g(Z i ) g(U i ). E=event that size(g) s=cp Γ size(f i ). Pr[E] 1-ε. Conditioned on E, g describable by b s log s bits. Whp, H (X|E,G=g) r – b - Δ. Whp conditioned on E and G=g, Ext(X,Y i ) U i.

25
Improving the PRG To get nearly optimal output length for Γ > 1, replace *s with G k-wise (Ext(X,Y i )).

26
Pseudorandom Restrictions Need pseudorandom restrictions that yield shrinkage. BPs and formulas over arbitrary basis: – clog n wise independence suffices. – Deal with heavy variables separately. Formulas over {,,NOT}, incl. read-once: – More work. – Hastad and Hastad-Razborov-Yao as black boxes. – They only guarantee shrinkage in expectation for truly random restrictions.

27
Proof Idea Decompose formula: O(n/k) subformulas of size k=n o(1). Use k 2 -wise independence. Goal: p n -1/(Γ+1). Too small here. Instead, shrink by q k -.1 and iterate.

28
Unrestrictable inputs Many subformulas have inputs that must = *. Does shrinkage for random restrictions imply shrinkage when some inputs must = *? Further decomposition: each subformula has 2 such inputs. h such inputs increase size by 2 h. – For each setting of variables have subformula. – Combine with selector formula.

29
Read-Once Formulas Need different trick for read-once formula. g small but unlikely to shrink to nothing. * * gg

30
Dependencies Read-once case: k-wise independence. Read-t case: Consider independent sets in dependency graph on subformulas. General case: tricky dependencies.

31
Conclusions New, extractor-based PRG based on shrinkage. Without improving lower bounds, essentially best possible PRGs for: – Formulas over {,,NOT}: s 1/3+o(1) seed length. – Formulas over arbitrary basis: s 1/2+o(1) – Read-once formulas over {,,NOT}: s.234… – Branching programs: s 1/2+o(1)

32
Open Questions Better PRGs for unordered ROBPs? – Can we recurse somehow? – Subsequent work: Reingold-Steinke-Vadhan give O(log 2 n) seed for unordered permutation ROBPs. PRGs from other lower bound techniques? – Subsequent work: Trevisan-Xue on PRGs for AC0. Improve lower bounds? – Our PRG gives alternate function f: formula-size(f) n 3-o(1), matching Hastad/Andreev. – Subsequent: average-case lower bound of n 3-o(1) [Komargodski-Raz-Tal] (improving [Komargodski-Raz])

33
Thank you!

Similar presentations

OK

Talk for Topics course. Pseudo-Random Generators pseudo-random bits PRG seed Use a short “ seed ” of very few truly random bits to generate a long string.

Talk for Topics course. Pseudo-Random Generators pseudo-random bits PRG seed Use a short “ seed ” of very few truly random bits to generate a long string.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Download ppt on query processing and optimization Ppt on work and energy class 9th Ppt on book one minute manager Ppt on film industry bollywood Ppt on earth moon and sun Ppt on field study 1 Ppt on email etiquettes presentation software Ppt on nitrogen cycle and nitrogen fixation by legumes Ppt on perimeter and area for class 4 Ppt on edge detection tutorial