# Direct Product : Decoding & Testing, with Applications Russell Impagliazzo (IAS & UCSD) Ragesh Jaiswal (Columbia) Valentine Kabanets (SFU) Avi Wigderson.

## Presentation on theme: "Direct Product : Decoding & Testing, with Applications Russell Impagliazzo (IAS & UCSD) Ragesh Jaiswal (Columbia) Valentine Kabanets (SFU) Avi Wigderson."— Presentation transcript:

Direct Product : Decoding & Testing, with Applications Russell Impagliazzo (IAS & UCSD) Ragesh Jaiswal (Columbia) Valentine Kabanets (SFU) Avi Wigderson (IAS)

Direct-Product (DP) Function For f: U R, its k-wise DP function is f k : U k R k where: f k ( x 1, …, x k ) = ( f(x 1 ), …, f(x k ) )

Applications of Direct Product Cryptography Derandomization Error-Correcting Codes

Hardness Amplification f g Hard functionHarder function Hardness on average

(Nonuniform) Hardness on Average f s A function f is called δ -hard for size s, if any circuit of size s fails to compute f on at least δ fraction of the inputs. 2 n {0,1} n

Amplification using Repetition Intuition: If, given a random x, it is hard to compute f(x), then given k independent random x 1,…, x k, it is MUCH HARDER to compute f(x 1 ),…, f(x k ). 1. Sequential repetition: Given an algorithm A, ask for ( A(x 1 ), …, A(x k ) ) = ( f(x 1 ),…, f(x k ) ) 2. Parallel repetition: Given an algorithm A, ask for A(x 1,…, x k ) = ( f(x 1 ),…, f(x k ) ) Is problem easier if given all k instances at once ???

Direct Product Theorem [Yao82, Levin87, GNW95, Imp95, IW97,…] Suppose: f is at least -hard for size s. Then: f k is at least (1 - )-hard for size s = s*poly(, ), where (1- ) k e - k 2 n {0,1} n 2 n {0,1} nk

DP Theorem: Constructive Proof [Yao82, Levin87, GNW95, Imp95, IW97,…] Given: a circuit C (of size s = s*poly(, )) that -computes f k for > (1- ) k e - k Construct: a circuit C (of size s) that (1- )-computes f. 2 n {0,1} nk 2 n {0,1} n

Need for List Decoding Given: a circuit C, there may be at least L = 1/ different functions f 1, …, f L such that C -computes f i k for each i = 1, …, L. (Partition the inputs into 1/ blocks of size, and define C to agree with f i k on block i. ) Need to allow constructing a list of circuits !

(Generic) DP Decoding r1r1 X rkrk C X b1b1 bbkbk if enough b i = f(r i ), then output b b Repeat O(1/ 2 ) times, and take Majority Need (1/ 2 ) correct values f(r i ). [IW97,…]: Use non-uniform advice ! [IJK06]: Use C to generate advice ! [IJKW08]: Check C for consistency (on intersecting k-sets). Trust consistent answers !

Our Algorithm [IJKW08] Preprocessing: Randomly pick a k-set S 1 =(B 1,A) (with |A| = k/2 ). B1B1 B2B2 A S1S1 S2S2 Algo: On input x, pick a random S 2 = (B 2, A), with x 2 B 2. If C( S 1 ) A = C( S 2 ) A, then output C( S 2 ) x, else re- sample S 2 (repeat for < poly (1/ ² ) iterations ). x Thm: With prob ( ² ) over (B 1, A), Algo (1- ) computes f.

Proof Ideas

Flowers, cores, petals Flower: determined by S=(A,B) Core: A Core values: α =C(A,B) A Consistent petals: { (A,B) | C(A,B) A = α } [IJKW08]: Flower analysis B B4B4 AA B2B2 B3B3 B1B1 B5B5

Structure (Decoding) There are many ( ² /2) large ( ² /2) flowers such that: For almost all consistent petals of the flower, C ¼ f k B B4B4 AA B2B2 B3B3 B1B1 B5B5 Assume: C ² -agrees with f k Decode: g(x) = PLURALITY { C( S ) x } petals S : x 2 S

Soundness Amplification f g Mildly sound proof More sound proof Proof = Oracle (think PCP)

Graph CSP Graph: G = (V, E) Alphabet: Σ (constant size) Edge constraints: Á e : Σ 2 {0, 1} (for all e 2 E ) Question: f: V Σ satisfying all Á e ? PCP Theorem [AS, ALMSS] For a constant 0< δ <1, it is NP-hard to distinguish between satisfiable graph CSPs and δ -unsatisfiable ones (where every f: V Σ violates > δ fraction of edge constraints).

Graph CSP Graph: G = (V, E) Alphabet: Σ (constant size) Edge constraints: Á e : Σ 2 {0, 1} (for all e 2 E ) Question: f: V Σ satisfying all Á e ? PCP Theorem [AS, ALMSS] For a constant 0< δ <1, it is NP-hard to distinguish between satisfiable graph CSPs and δ -unsatisfiable ones. PCP Proof: f: V Σ Verifier: Accept if f satisfies a random edge Q1Q1 Q2Q2 # queries: 2 soundness: 1 - δ (perfect completeness)

Decreasing soundness by repetition sequential repetition : proof f: V Σ soundness : 1- δ (1- δ) k X # queries: 2k parallel repetition : proof F: V k Σ k # queries : 2 X soundness: ? Q1Q1 Q2Q2 Q3Q3 Q4Q4 Q k-1 QkQk Q1Q1 Q2Q2

Decreasing soundness by repetition sequential repetition : proof f: V Σ soundness : 1- δ (1- δ) k X # queries: 2k parallel repetition : proof F: V k Σ k # queries : 2 X soundness: ? Q1Q1 Q2Q2 Q3Q3 Q4Q4 Q k-1 QkQk Q1Q1 Q2Q2 Wish: F = f k for some f: V Σ. Then soundness is (1-δ) k !!!

How ? 1. DP-test: Make ( 2 ? ) queries to F, to verify that F = f k, for some f : V Σ. 2. Make 2 parallel-repetition queries to F & verify that all k constraints are satisfied proof F: V k Σ k

How ? 1. DP-test: Make ( 2 ? ) queries to F, to verify that F = f k, for some f : V Σ. Wish: If DP-Test accepts F with prob ², then F = f k. False! The best can hope: F = f k on ¼ ² of inputs. Is it enough ??? Not clear ! Also: want to have only 2 queries TOTAL (including parallel repetition queries) ! proof F: V k Σ k

Direct-Product Testing Given an oracle C : U k R k Test makes some queries to C, and (1) Accepts if C = f k. (2) Rejects if C is far away from any f k (2) If Test accepts C with high probability, then C must be close to some f k. - Want to minimize number of queries to C. - Want to handle small acceptance probability - Hope the DP Test will be useful for PCPs …

DP Testing History Given an oracle C : U k R k, is C ¼ g k ? #queries acc. prob. Goldreich-Safra 00 20.99 Dinur-Reingold 06 2.99 Dinur-Goldenberg 08 2 1/k α Dinur-Goldenberg 08 2 1/k New 3 exp(-k α ) New* 2 1/k α * Derandomization / *

Consistency tests

V-Test [GS00,FK00,DR06,DG08] Randomly pick two k-sets S 1 =(B 1,A) and S 2 =(A,B 2 ) (with |A| = k 1/2 ). B1B1 B2B2 A S1S1 S2S2 Accept if C( S 1 ) A = C( S 2 ) A

V-Test Analysis Theorem [DG08]: If V-Test accepts with probability ² > 1/k, then there is g : U R s.t. C ¼ g k on at least ² fraction of k-sets. When ² < 1/k, the V-Test does not work.

Z-Test Randomly pick k-sets S 1 =(B 1,A 1 ), S 2 =(A 1,B 2 ), S 3 =(B 2,A 2 ) ( |A 1 | = |A 2 | = m = k 1/2 ). B1B1 B2B2 A1A1 A2A2 S1S1 S2S2 S3S3 Accept if C( S 1 ) A 1 = C( S 2 ) A 1 and C( S 2 ) B 2 = C( S 3 ) B 2

Z-Test Analysis Theorem (main result): If Z-Test accepts with prob ² > exp(-k ), then there is g : U R s.t. C ¼ g k on at least ² fraction of k-sets. Also: - analyze the V-Test, re-proving [DG08] (simpler proof); - analyze derandomized V-Test and Z-Test

Proof Ideas

Flowers, cores, petals Flower: determined by S=(A,B) Core: A Core values: α =C(A,B) A Consistent petals: Cons = { (A,B) | C(A,B) A = α } [IJKW08]: Flower analysis B B4B4 AA B2B2 B3B3 B1B1 B5B5

V-Test ) Structure (Testing) There are many ( ² /2) large ( ² /2) flowers such that: On the petals of the flower, V-test accepts almost certainly ( 1-poly( ² ) ). [ harmony ] B B4B4 AA B2B2 B3B3 B1B1 B5B5 E C(A, B 1 ) E ¼ C(A, B 2 ) E, with |E| = |A| Assume: V-Test accepts with prob ²

V-Test: Harmony For random B 1 = (E,D 1 ) and B 2 = (E,D 2 ) (|E|=|A|) Pr [B 1 2 Cons & B 2 2 Cons & C(A, B 1 ) E C(A, B 2 ) E ] < ² 4 << ² B D2D2 D1D1 A E Proof: Symmetry between A and E (few errors in AuE ) Chernoff: ² ¼ exp(- k α ) E A Intuition: Restricted to Cons, an approx V-Test on E accepts almost surely: Unique Decode!

V-Test ) Structure (Testing) There are many ( ² /2) large ( ² /2) flowers such that: On the petals of the flower, V-test accepts almost certainly ( 1-poly( ² ) ). B B4B4 AA B2B2 B3B3 B1B1 B5B5 Assume: V-Test accepts with prob ² Main Lemma: For g(x) = PLURALITY { C( S ) x } C(S) ¼ g k (S) for almost all (1- ² ) petals S. petals S : x 2 S

Decoding vs. Testing

Decoding Testing There are many large flowers such that: Almost all pairs of intersecting petals are consistent Assume: V-Test accepts with prob ² Conclude: C(S) ¼ g k (S) for almost all petals S of the flower. There are many large flowers such that: For almost all petals S of the flower, C ¼ f k Assume: C ² -agrees with f k Define: g(x) = PLURALITY { C( S ) x } petals S : x 2 S Conclude: g(x) = f(x) for almost inputs x.

Back to DP Testing

Local DP structure Field of flowers (A i,B i ) Each with its own Local DP function g i Global g? B2B2 AA BiBi AA B AA B3B3 AA B1B1 AA

Is there global DP function g ? Yes, if ² > 1/k a [DG08] [we re-prove it] ( can glue together many flowers ) No, if ² < 1/k [DG08] But, using Z-Test, we get ² = exp( - k a ) !

Counterexample [DG] For every x 2 U pick a random g x : U R For every k-subset S pick a random x(S) 2 S Define C(S) = g x(S) (S) C(S 1 ) A =C(S 2 ) A iff x(S 1 )=x(S 2 ) V-test passes with high prob: ² = Pr[C(S 1 ) A =C(S 2 ) A ] ~ m/k 2 No global g if ² < 1/k 2 B1B1 B2B2 A S1S1 S2S2

Back to PCPs

2-PCP Amplification History f: V Σ, F : V k Σ k |V|=N, t = log |Σ| soundness Raz 98 exp( - δ 3 k/t) Holenstein 07 ( t essential [FV] ) Rao 08 exp( - δ 2 k ) ( δ 2 essential [Raz]) Feige-Kilian 00 1/k α NEW exp ( - δ k 1/2 ) Parallel repetition Projection games Mix N Match

Our PCP Construction

A New 2-Query PCP (similar to [FK]) For a regular CSP graph G = (V, E), the PCP proof: C E : E k ( Σ 2 ) k Accept if (1) C E (Q 1 ) and C E (Q 2 ) agree on common vertices, and (2) all edge constraints are satisfied Q1Q1 Q2Q2

The 2-query PCP Theorem Theorem: If CSP is δ – unsatisfiable, then no C E is accepted with probability > exp ( - δ k 1/2 ). ( perfect completeness preserved ) Corollary: A 2-query PCP over Σ k, of size n k, perfect completeness, and soundness exp(- k 1/2 ). Q1Q1 Q2Q2

PCP Analysis Edge proof C E Vertex proof C 1. V-test analysis: - get Local DP g for the flower Q 1 - Q 2 is in the same flower - C E (Q 2 ) = g k (Q 2 ) 2. g violates > δ edges (original soundness). 3. Q 2 has δ violated edges (Chernoff) w.r.t. g k 4. C E violates some edges of Q 2, so Test rejects. Q1Q1 Q2Q2

Derandomization

Derandomized DP Test Derandomized DP: f k (S), for linear subspaces S (as in [IJKW08] ). Theorem (Derandomized V-Test): If derandomized V-Test accepts C with probability ² > poly(1/k), then there is a function g : U R such that C (S) ¼ g k (S) on poly( ² ) of subspaces S. Corollary: Polynomial rate testable code.

Summary Direct Product Testing: 3 queries & exponentially small acceptance probability Derandomized DP Testing: 2 queries & polynomially small acceptance probability ( derandomized V-Test of [DG08] ) PCP: 2-Prover parallel k-repetition for restricted games, with exponential in k 1/2 decrease in soundness

Open Questions Better dependence on k in our Parallel Repetition Theorem : exp ( -δk ) ? Derandomized 2-Query PCP : Obtaining / improving [Moshkovitz-Raz08, Dinur-Harsha09] using similar techniques.

Download ppt "Direct Product : Decoding & Testing, with Applications Russell Impagliazzo (IAS & UCSD) Ragesh Jaiswal (Columbia) Valentine Kabanets (SFU) Avi Wigderson."

Similar presentations