Emanuele Viola Harvard University October 2005 Pseudorandom Bits for Low Complexity Classes: New Results and Applications Emanuele Viola Harvard University October 2005

Pseudorandom Generator (PRG) [BM,Y,NW] Efficiently Computable Big Stretch s(n) À n ( e.g. s(n) = n(1) ) Fools small circuits: 8 small C PrX, |X| = s(n)[C(X) = 1] ¼ Pr, || = n [C(PRG(s)) = 1] PRG

Do PRG Exist? PRG ) derandomization: BP ¢ P ( EXP [Y,NW,…] PRG , circuit lower bounds: EXP  P/poly [NW,BFNW,STV,SU,…] Open Problem: PRG exist? This Talk: study restricted PRG Only fool constant-depth circuits We know lower bounds for constant-depth circuits

PRG that fools constant-depth circuits As before, but only fools small constant-depth circuit C PrX, |X| = s(n)[C(X) = 1] ¼ Pr, || = n [C(PRG(s)) = 1] Depth x1 :x1 x2 . . . . :xs PRG

Previous Results [N’91] PRG : {0,1}n ! {0,1}s(n) s(n) = 2n , fools AC0 = ) BP ¢ AC0 µ Time(npolylog n), more in [NW,HVV,V] [LVW’93] PRG : {0,1}n ! {0,1}s(n) s(n) = n log n, fools SYM ○ AND = SYM = arbitrary symmetric gate E.g., SYM = PARITY, MAJORITY Æ Ç Ç Ç Ç Ç Ç Æ Æ Æ Æ Æ Æ Æ Æ x1 :x1 x2 . . . . . :xs SYM Æ Æ Æ Æ Æ Æ x1 :x1 x2 . . . . :xs

Our Results x1 :x1 x2 . . . . :xs Theorem[V] : PRG : {0,1}n ! {0,1}s(n) with s(n) = n log n fools AC0 with log2n SYM = Improves on [LVW93] Fools richer class than [N91] but worse stretch BP ¢ (AC0 with few SYM) µ SUB-EXP ( EXP Currently richest BP ¢ class one can derandomize SYM SYM Ç Ç Ç Ç SYM Æ Æ Æ Æ Æ Æ x1 :x1 x2 . . . . :xs

The Pseudorandom Generator [NW] style Input = 1101010101110110101110 Output = 101010 …........1 ……….....1010100 f = © = PARITY [RW] f ©  Æ Æ   © © © © x1 . . . . . . . . . . . . . xn

Outline Why previous results/techniques do not suffice For PRG need new average-case lower bound for AC0 with few SYM Proof sketch of average-case lower bound Other results: BPP vs. PH

Known Lower Bounds x1 :x1 x2 . . . . :xs Recall AC0 with log2n SYM = [H,BNS,HG,RW,HM,CH]: f 2 P that requires AC0 circuits with log2n SYM of size nlog n Often, lower bound ) PRG. But NOT this time! SYM SYM Ç Ç Ç Ç SYM Æ Æ Æ Æ Æ Æ x1 :x1 x2 . . . . :xs

Standard Approach To construct PRG that fools C (e.g. AC0 with few SYM) h hard for C f hard on average for C PRG that fools C [NW] [BFNW,STV,SU,…] Def. f : {0,1}n ! {0,1} average-case hard for C if 8 small C 2 C Prx[C(x)  f(x)] ¸ ½ - n- (1)

Standard Approach Fails To construct PRG that fools C (e.g. AC0 with few SYM) h hard for C f hard on average for C PRG that fools C Proving correctness 9 C 2 C C = h 9 C 2 C comp. f on average 9 C 2 C breaks PRG Problem: requires C w TC0. Is TC0 w NEXP? [RR] Conjecture [V]: Black-box construction ) C w TC0

Our vs. Previous Lower Bounds C = AC0 with few SYM h hard for C f hard on average for C PRG that fools C [H,BNS,HG,RW,HM,CH] not average-case hard Theorem[V]: There is f 2 P s.t. 8 AC0 circuit C of size nlog n with log2n SYM Prx[C(x)  f(x)] ¸ ½ - n-log n

Tools Random restrictions  [FSS,H,…]  : {x1, x2,…, xs} ! {0,1,*} C| subcircuit on *’s Multiparty communication complexity [CFL] Thm[BNS]: Gen. Inner Product (GIP) = has high communication complexity ©  Æ Æ x1 . . . . . . . xn

Proof Sketch © Thm[V]: f = GIP ○ PARITY = is average-case hard for small AC0 circuits with few SYM Proof sketch: C small AC0 circuit with few SYM. W.h.p. over random restriction  : E1: GIP ○ PARITY| ¼ GIP ) high comm. complexity E1 ( each bottom PARITY has * E2: C| computable with low comm. complexity E1 and E2 ) C|(x)  GIP(x) Q.E.D.  Æ Æ   © © © © x1 . . . . . . . . . . .. . . . . xn

Conclusion Theorem[V]: PRG : {0,1}n ! {0,1}s(n) with s(n) = n log n fools AC0 with log2n SYM Improves [LVW93], fools richer class than [N91] Currently richest BP ¢ class one can derandomize Obtained from average-case hardness result Conj.: PRG from worst-case hardness ) C w TC0 Open problems: (log2n) SYM? EXP average-case hard for GF(2) poly of deg. log n ?

C| low communication complexity Lemma [V]: C small AC0 circuit w/ log2n SYM W.h.p. over  2 Rp , C| low comm. complexity Lemma[HG+HM]: Above holds for 1 SYM

More SYM gates Lemma: C small AC0 circuit with log2n SYM W.h.p. over  2 Rp , C| low comm. complexity Proof: Consider following protocol SYM3 SYM2 Ç Ç Ç Ç SYM1 Æ Æ Æ Æ Æ Æ x1 :x1 x2 . . . . . . :xs

More SYM gates  Lemma: C small AC0 circuit with log2n SYM W.h.p. over  2 Rp , C| low comm. complexity Proof: Previous lemma ) low communication complexity SYM3 SYM2 Ç Ç Ç Ç SYM1 Æ Æ Æ Æ Æ Æ  x1 :x1 x2 . . . . . . :xs

More SYM gates  Lemma: C small AC0 circuit with log2n SYM W.h.p. over  2 Rp , C| low comm. complexity Proof: Parties compute value of SYM gate SYM3 SYM2 Ç Ç Ç Ç 1 Æ Æ Æ Æ Æ Æ  x1 :x1 x2 . . . . . . :xs

More SYM gates  Lemma: C small AC0 circuit with log2n SYM W.h.p. over  2 Rp , C| low comm. complexity Proof: Previous lemma ) low communication complexity SYM3 SYM2 Ç Ç Ç Ç 1 Æ Æ Æ Æ Æ Æ  x1 :x1 x2 . . . . . . :xs

More SYM gates  Lemma: C small AC0 circuit with log2n SYM W.h.p. over  2 Rp , C| low comm. complexity Proof: Parties compute value of SYM gate SYM3 Ç Ç Ç Ç 1 Æ Æ Æ Æ Æ Æ  x1 :x1 x2 . . . . . . :xs

More SYM gates  Lemma: C small AC0 circuit with log2n SYM W.h.p. over  2 Rp , C| low comm. complexity Proof: Previous lemma ) low communication complexity SYM3 Ç Ç Ç Ç 1 Æ Æ Æ Æ Æ Æ  x1 :x1 x2 . . . . . . :xs

More SYM gates  Lemma: C small AC0 circuit with log2n SYM W.h.p. over  2 Rp , C| low comm. complexity Proof: Parties compute value of SYM gate 1 Ç Ç Ç Ç 1 Æ Æ Æ Æ Æ Æ Æ  x1 :x1 x2 . . . . . . :xs

More SYM gates Lemma: C small AC0 circuit with log2n SYM W.h.p. over  2 Rp , C| low comm. complexity Proof: Total communication = communication for 1 SYM X number of SYM Q.E.D. Union bound over 2#SYM circuits limits # SYM. Open Problem: Better analysis?

New Results: BPP vs. PH New paper [V] applies PRGs to study BPP vs. PH Theorem[G,L]: BPTime(n) µ S2Time(n2) Theorem [V]: BPTime A (n) µ S2Time A (n1.9) BPTime (n) µ S3Time (n ¢ polylog n) Uses [N’92] PRG Improves [LVW93], fools richer class than [N91] Currently richest BP ¢ class one can derandomize Obtained from average-case hardness result Conj.: PRG from worst-case hardness ) C ¶ TC0 Open problems: (log2n) SYM? EXP average-case hard for GF(2) poly of deg. log n ?

Conclusion Theorem[V]: PRG : {0,1}n ! {0,1}s(n) with s(n) = n log n fools AC0 with log2n SYM Improves [LVW93], fools richer class than [N91] Currently richest BP ¢ class one can derandomize Obtained from average-case hardness result Conj.: PRG from worst-case hardness ) C w TC0 Other Results: BPP vs. PH BPTime (n) µ S3Time (n ¢ polylog n), using [N’92] PRG

Multiparty Communication Complexity ``Number on the forehead’’ model [CFL] k-parties want to compute f(x) x partitioned in k blocks ! i-th party knows all x but xi Communication = broadcast Generalized Inner Product. GIP(x) = Lemma[BNS]: Low communication complexity protocol P ) Prx[P(x)  GIP(x)] ¸ ½ - n-log n Discrepancy, [CT,R] x1 x2  xk © n Æ Æ k k x1 . . . . . . . . . . xnk

C| low communication complexity Restriction [FSS,…]  map variables to {0,1,*} Rp = uniform distribution, Pr[(xi) = *] = p C| subcircuit. New input bits = * Lemma: C small AC0 circuit with log2n SYM W.h.p. over  2 Rp , C| low comm. complexity First prove 1 SYM, then log2n SYM

1 SYM gate =  Lemma: C small AC0 circuit with 1 SYM W.h.p. over  2 Rp , C| low comm. complexity Proof: [H] [HG] SYM ○ ANDk-1 low comm. complexity 8 AND 9 party that can compute it (fan-in < k = # blocks) Parties broadcast # AND = 1 Communication = k ¢ log(size of circuit) Q.E.D. SYM SYM Ç Ç Ç Ç Ç Ç = Æ Æ Æ Æ Æ Æ k-1 k-1 Æ Æ Æ Æ Æ Æ Æ Æ  x1 x2  xk

Summary of Lemmas Lemma[BNS]: Low communication complexity protocol P ) Prx[P(x)  GIP(x)] ¸ ½ - n-log n Lemma: C small AC0 circuit with log2n SYM W.h.p. over  2 Rp , C| low comm. complexity Want Theorem: There is f 2 P s.t. 8 AC0 circuit C of size nlog n with log2n SYM gates Prx[C(x)  f(x)] ¸ ½ - n-log n

= Pry[P(y)  GIP(y)] (1 - n-log n) ¸ ( ½ - n-log n) © Proof: f = GIP ○ PARITY = C small AC0 circuit with log2n SYM Random Input x = random  + random y for the * E1: f | ¼ GIP ) high comm. complexity E1 ( each bottom PARITY has * E2: C| low comm. complexity Prx[C(x)  f (x)] ¸ Pr, y[C|(y)  f|(y) | E1, E2] Pr[E1, E2] = Pry[P(y)  GIP(y)] (1 - n-log n) ¸ ( ½ - n-log n) Q.E.D.  Æ Æ   © © © © x1 . . . . . . . . . . .. . . . . xn

Conclusion Theorem[This Work]: PRG : {0,1}n ! {0,1}s(n) with s(n) = n log n fools AC0 with log2n SYM Improves [LVW93], fools richer class than [N91] Currently richest BP ¢ class one can derandomize Obtained from average-case hard function Conj.: PRG from worst-case hardness ) EXP  TC0 Open problems: (log2n) SYM? EXP average-case hard for GF(2) poly of deg. log n ?

Proof Sketch Tools: Random restrictions  [FSS,H,…]  : {x1, x2,…, xs} ! {0,1,*} , C| subcircuit on *’s Communication complexity bound for GIP [BNS] Theorem[This Work]: GIP ○ PARITY is average-case hard for small AC0 circuits with few SYM Proof sketch: C small AC0 circuit with few SYM. W.h.p. over random restriction  : E1: GIP ○ PARITY| ¼ GIP ) high comm. complexity E2: C| computable with low comm. complexity E1 and E2 ) C|(x)  GIP(x) Q.E.D.