Presentation is loading. Please wait.

Presentation is loading. Please wait.

Time vs Randomness a GITCS presentation February 13, 2012.

Published bySharyl Payne Modified over 9 years ago

Similar presentations

Presentation on theme: "Time vs Randomness a GITCS presentation February 13, 2012."— Presentation transcript:

1 Time vs Randomness a GITCS presentation February 13, 2012

2 Complexity theory is like chemistry.

3 How powerful is time + randomization?

4 Some problems in BPP… Primality testing Polynomial identity testing Taking square roots modulo a prime Finding a generator of Z p * Constructing expander graphs

5 Some problems in BPP… Primality testing Polynomial identity testing Taking square roots modulo a prime Finding a generator of Z p * Constructing expander graphs These are all in P

6 Some problems in BPP… Primality testing Polynomial identity testing Taking square roots modulo a prime Finding a generator of Z p * Constructing expander graphs These are all in P (probably)

7 Randomness is unimportant. …as far as algorithms are concerned. Derandomization: Randomized algorithms can be replaced with an equivalent deterministic one. Polynomial Time + Randomization = Polynomial Time.

8 How to derandomize stuff. A x r Yes/No

9 How to derandomize stuff. B A x All r Yes/NoMAJORITY

10 How to derandomize stuff. G short random seed Long pseudorandom sequence

11 How to derandomize stuff. A better way: use a pseudorandom generator. Time: O(2 d ) calls to A If d = O(log n), then C runs in poly time! C A xYes/NoMAJORITY G All short seeds

12 To build a PRG from scratch, you must first invent a hard function…

13 The existence of a hard function is equivalent to Efficient pseudorandomness The Great Idea

14 Roadmap 1.Cryptographic origins 2.Towards derandomizing BPP 3.P=BPP from worst-case hardness 4.How to prove it 5.Recent developments and open questions 6.The Nisan-Wigderson generator

15 Cryptographic beginnings Randomness is (provably) necessary in cryptography. Independent, unbiased random bits are hard to get. Cryptographers started looking for ways to generate pseudorandomness. Traditional notions of pseudorandom sequences do not suffice!

16 Pseudorandom generator

17 Cryptographic PRGs A cryptographic PRG is a PRG G that fools all polytime algorithms and has polynomial stretch.

18 Cryptographic PRGs Shamir, Blum, Micali, Yao were the first to create cryptographic PRGs, but not unconditionally! These PRGs require the existence of one way functions (OWFs). – Stronger than P ≠ NP! [HILL99] proved cryptographic PRGs are equivalent to one way functions.

19 Roadmap 1.Cryptographic origins 2.Towards derandomizing BPP 3.P=BPP from worst case hardness 4.How to prove it 5.Recent developments and open questions 6.The Nisan-Wigderson generator

20 Towards P=BPP

21 Weaker assumptions, better results? Ideal situation: P ≠ EXP implies the existence of PRGs with O(log n) seed length (i.e. P = BPP)

22 Weaker assumptions, better results? Ideal situation: P ≠ EXP implies the existence of PRGs with O(log n) seed length (i.e. P = BPP) – This is unlikely 

23 The First Breakthrough 1994: The Nisan-Wigderson Pseudorandom Generator

24 Nisan-Wigderson PRG

25 An assumption about a larger class than NP, and so is weaker! The class of algorithms consists of circuits.

26 Nisan-Wigderson PRG

27

28 Even weaker assumptions? The assumption on EXP is quite strong. – This is an average-case hardness assumption. What’s the weakest possible assumption?

29 Even weaker assumptions?

30 Roadmap 1.Cryptographic origins 2.Towards derandomizing BPP 3.P=BPP from worst case hardness 4.How to prove it 5.Recent developments and open questions 6.The Nisan-Wigderson generator

31 The Second Breakthrough 1997: The Impagliazzo-Wigderson Pseudorandom Generator

32 Impagliazzo-Wigderson PRG

33 worst case hardaverage case hard NW94 PRG

34 Roadmap 1.Cryptographic origins 2.Towards derandomizing BPP 3.P=BPP from worst case hardness 4.How to prove it 5.Recent developments and open questions 6.The Nisan-Wigderson generator

35 Proving pseudorandomness

36 Proving hardness amplification worst-case hardness mild avg-case hardness constant avg-case hardness xTreme avg-case hardness small circuits fail on at least 1 input small circuits fail on 1/poly fraction of input small circuits fail on constant fraction of input small circuits fail on ½ - ε fraction of input

37 Proving hardness amplification

38 Roadmap 1.Cryptographic origins 2.Towards derandomizing BPP 3.P=BPP from worst case hardness 4.How to prove it 5.Recent developments and open questions 6.The Nisan-Wigderson generator

39 Can we derandomize BPP without proving circuit lower bounds? Rephrased: can we show P=BPP without creating pseudorandom generators? One might hope that there’s a shortcut!

40 Can we derandomize BPP without proving circuit lower bounds? In 2002 Kabanets and Impagliazzo showed that P = BPP implies either: – NEXP is not contained in P/poly OR – The Permanent is not in AlgP/poly Either way, showing P=BPP would mean you’ve done something doubly amazing!

41 Can we derandomize BPP without proving circuit lower bounds? Open question: does P=BPP imply exponential- size lower bounds on EXP? worst-case hardness of EXP PRGs P = BPP ?

42 The Pseudorandom Connection There’s a zoo of pseudorandom objects: – PRGs – Expander graphs – Randomness extractors – List decodable codes – Randomness samplers – and more! There is an almost-equivalence between these disparate objects.

43 The Pseudorandom Connection Open questions: Explain this unification. What are the optimal conversions between different objects? Is there a “most fundamental” pseudorandom object?

44 Break

45 Roadmap 1.Cryptographic origins 2.Towards derandomizing BPP 3.P=BPP from worst case hardness 4.How to prove it 5.Recent developments and open questions 6.The Nisan-Wigderson generator

Download ppt "Time vs Randomness a GITCS presentation February 13, 2012."

Similar presentations

Impagliazzos Worlds in Arithmetic Complexity: A Progress Report Scott Aaronson and Andrew Drucker MIT 100% QUANTUM-FREE TALK (FROM COWS NOT TREATED WITH.

Impagliazzos Worlds in Arithmetic Complexity: A Progress Report Scott Aaronson and Andrew Drucker MIT 100% QUANTUM-FREE TALK (FROM COWS NOT TREATED WITH.
Hardness Amplification within NP against Deterministic Algorithms Parikshit Gopalan U Washington & MSR-SVC Venkatesan Guruswami U Washington & IAS.

Hardness Amplification within NP against Deterministic Algorithms Parikshit Gopalan U Washington & MSR-SVC Venkatesan Guruswami U Washington & IAS.
On the Complexity of Parallel Hardness Amplification for One-Way Functions Chi-Jen Lu Academia Sinica, Taiwan.

On the Complexity of Parallel Hardness Amplification for One-Way Functions Chi-Jen Lu Academia Sinica, Taiwan.
Unconditional Weak derandomization of weak algorithms Explicit versions of Yao s lemma Ronen Shaltiel, University of Haifa :

Unconditional Weak derandomization of weak algorithms Explicit versions of Yao s lemma Ronen Shaltiel, University of Haifa :
Low-End Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Ronen Shaltiel, University of Haifa Chris Umans, Caltech.

Low-End Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Ronen Shaltiel, University of Haifa Chris Umans, Caltech.
PRG for Low Degree Polynomials from AG-Codes Gil Cohen Joint work with Amnon Ta-Shma.

PRG for Low Degree Polynomials from AG-Codes Gil Cohen Joint work with Amnon Ta-Shma.
An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?
Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.

Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.
Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.

Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.
Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.

Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.
Are lower bounds hard to prove? Michal Koucký Institute of Mathematics, Prague.

Are lower bounds hard to prove? Michal Koucký Institute of Mathematics, Prague.
Derandomization & Cryptography Boaz Barak, Weizmann Shien Jin Ong, MIT Salil Vadhan, Harvard.

Derandomization & Cryptography Boaz Barak, Weizmann Shien Jin Ong, MIT Salil Vadhan, Harvard.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Talk for Topics course. Pseudo-Random Generators pseudo-random bits PRG seed Use a short “ seed ” of very few truly random bits to generate a long string.

Talk for Topics course. Pseudo-Random Generators pseudo-random bits PRG seed Use a short “ seed ” of very few truly random bits to generate a long string.
Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.

Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.
The Unified Theory of Pseudorandomness Salil Vadhan Harvard University See also monograph-in-progress Pseudorandomness

The Unified Theory of Pseudorandomness Salil Vadhan Harvard University See also monograph-in-progress Pseudorandomness
CS151 Complexity Theory Lecture 8 April 22, 2004.

CS151 Complexity Theory Lecture 8 April 22, 2004.
Circuit Complexity and Derandomization Tokyo Institute of Technology Akinori Kawachi.

Circuit Complexity and Derandomization Tokyo Institute of Technology Akinori Kawachi.
A survey on derandomizing BPP and AM Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.

A survey on derandomizing BPP and AM Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.
Better Pseudorandom Generators from Milder Pseudorandom Restrictions Raghu Meka (IAS) Parikshit Gopalan, Omer Reingold (MSR-SVC) Luca Trevian (Stanford),

Better Pseudorandom Generators from Milder Pseudorandom Restrictions Raghu Meka (IAS) Parikshit Gopalan, Omer Reingold (MSR-SVC) Luca Trevian (Stanford),

Similar presentations

Ads by Google