Norms, XOR lemmas, and lower bounds for GF(2) polynomials and multiparty protocols Emanuele Viola, IAS (Work partially done during postdoc at Harvard) Joint work with Avi Wigderson June 2007

Computational model M –E.g. M = circuits, GF(2) polynomials, multiparty protocols Lower bound: 9 explicit f : {0,1} n ! {0,1} not in M? [This talk] Correlation bound: 9 explicit f : Cor(f,M) ·   ? Cor(f,M) := max p 2 M | E x [ (-1) f(x) + p(x) ] | 2 [0,1] –Want  =  (|x|) small Motivation: Correlation bound ) pseudorandom generator [Yao,Nisan Wigderson] lower bound for M’ ¾ M [Razborov, Hajnal et al.] Basic questions

XOR lemma Generic way to boost correlation bound f © k (x 1,…, x k ) := f(x 1 ) ©  © f(x k ) Hope: Cor(f © k,M) · Cor(f,M)  (k) Theorem [ Yao, Levin, Goldreich Nisan Wigderson, Impagliazzo,… ] XOR lemma for M = circuits

Problem with XOR lemma Proofs of the XOR lemma [Y,L,GNW,…] don’t work in any model M for which we have lower bounds! Conjecture[V]: Black-box proof of XOR lemma for M ) M closed under polynomially many majorities poly many majorities Power of M Cannot prove lower bounds [Razborov Rudich] Cannot prove XOR lemma [V]

Study two fundamental models 1) GF(2) polynomials 2) multiparty protocols Prove new XOR lemmas Improve or simplify correlation bounds Overview of our results

Use norm N(f) 2 [0,1] : (I) Cor(f,M) ¼ N(f) (II) N(f © k ) = N(f) k Proof of the XOR lemma: Cor(f © k,M) ¼ N(f © k ) = N(f) k ¼ Cor(f,M) k Q.e.d. Proof for circuits [L,GNW,…] different: “simulation” Main technique

Outline Overview GF(2) polynomials Multiparty protocols Direct product

P d := polynomials p : {0,1} n ! {0,1} of degree d E.g., p = x 1 + x 5 + x 7 d = 1 p = x 1 ¢ x 2 + x 3 d = 2 Recall correlation bound: Cor(f,P d ) ·  =  (n,d), 8 p 2 P d : | E x [e( f(x) + p(x) )] | ·  (e(X):=(-1) X ) Note: Fundamental barrier: d = log 2 n,  = 1/n ? GF(2) polynomials

Gowers norm Idea: Measure correlation with degree-d polynomials by checking if random (d+1)-th derivative vanishes –Other view: perform random parity check Derivative D y p(x) := p(x+y) + p(x) –E.g. D y (x 1 x 2 + x 3 ) = y 1 x 2 + x 1 y 2 + y 1 y 2 + y 3 –p degree d ) D y p(x) degree d-1 –Iterate: D y,y’ p(x) := D y ( D y’ p(x)) t-th Gowers norm of f : {0,1} n ! {0,1}: (t = d+1) U t (f) := E x,y 1,…,y t [e( D y 1,…,y t f(x) )] (e(X):=(-1) X ) Note: p degree d, U d+1 (p)=1, and U d+1 (f+p)=U d+1 (f)

Properties of norm U t (f) := E x,y 1,…,y t [e(D y 1,…,y t f(x))] (e(X):=(-1) X ) (I) U d+1 (f) ¼ Cor(f,P d ) : Lemma [Gowers, Green Tao] : Cor(f,P d ) · U d+1 (f) 1/2 d Lemma [Alon Kaufman Krivelevich Litsyn Ron] (Property testing) : Cor(f,P d ) · 1/2 ) U d+1 (f) ·  (d) (II) U(f © k ) = U(f) k –Follows from definition

XOR lemma for GF(2) polynomials (I) U d+1 (f) ¼ Cor(f,P d ) : Lemma [G, GT] : Cor(f,P d ) · U d+1 (f) 1/2 d Lemma [AKKLR]: Cor(f,P d ) · 1/2 ) U d+1 (f) ·  (d) (II) U(f © k ) = U(f) k Theorem[This work]: Cor(f,P d ) · 1/2 ) Cor(f © k,P d ) · exp(-k/2 O(d) ) Proof: Cor(f © k,P d ) · U d+1 (f © k ) 1/2 d = U d+1 (f) k/2 d · (1-2 -  (d) ) k/2 d Q.e.d.

Our correlation bound for Mod 3 Mod 3(x 1,…,x n ) := 1 iff 3 |  i x i Theorem [Bourgain ‘05]: Cor(Mod 3,P d ) · exp(-n/8 d ) Theorem [This work]: Cor(Mod 3,P d ) · exp(-n/4 d ) New proof (formalize over ): Cor((x 1 ) © n mod 3,P d ) · U d+1 ((x 1 ) © n mod 3) 1/2 d = U d+1 (x 1 mod 3) n/2 d = exp(-n/4 d ) Q.e.d.

Outline Overview GF(2) polynomials Multiparty protocols Direct product

d parties wish to compute f : X 1 £ X 2 … £ X d ! {0,1} Party i knows all inputs except x i (on forehead) Cost of protocol = communication Applications to nearly every area of computer science –Circuit/proof complexity, PRGs, TM’s, branching programs…  d,c := d-party protocols communicating c bits Multiparty protocols [Yao,Chandra Furst Lipton] X1X1 X2X2 X3X3

Multiparty norm [Babai Nisan Szegedy,Chung Tetali,Raz] [This work]: coherent view like GF(2) polynomials  © d := each party sends one bit, output is XOR –Note: P d-1 µ  © d µ  d,d [Hastad Goldmann] d-party norm of f, captures correlation with  © d R d (f) := E X 0,X 1 [e(  b 2 { 0,1 } d f(X b ) )] (e(X):=(-1) X ) where X 0 = (x 1 0,…,x d 0 ), X 1 = (x 1 1,…,x d 1 ), X b = (x 1 b 1,…,x d b d ) (Perform random parity check) Note: p 2  © d, R d (p)=1, and R d (f+p)=R d (f)

XOR lemma for protocols (I) R d (f) ¼ Cor(f,  d,c ) : Lemma[BNS,CT,R]: Cor(f,  d,c ) · 2 c ¢ Cor(f,  © d ) Lemma[BNS,CT,R]: Cor(f,  © d ) · R d (f) 1/2 d Lemma[This work]: Cor(f,  © d ) ¸ R d (f) (II) R d (f © k ) = R d (f) k Theorem[This work]: Cor(f,  © d ) ·  ) Cor(f © k,  d,c ) · 2 c ¢  k/2 d 2-party case already known [Shaltiel]

Outline Overview GF(2) polynomials Multiparty protocols Direct product

Want to compute f k (x 1,…,x k ) := (f(x 1 ),…,f(x k )) 2 {0,1} k Suc(f,M) := max p 2 M |Pr[f k ( x 1,…,x k )  p( x 1,…,x k )]| Lemma[This work]: Suc(f k,M) · Cor(f © k,M) –Easy converse of [Goldreich Levin]; works whenever © 2 M –Simplifies result from [Impagliazzo Wigderson ‘97] XOR lemmas for P d,  d,c ) direct products [Parnafes Raz Wigderson] direct product for 2-party –Parameters incomparable

Study two fundamental models: –1) GF(2) polynomials –2) multiparty protocols Prove new XOR lemmas, correlation bounds, direct products Via norm N : (I) Cor(f,M) ¼ N(f), (II) N(f © k ) = N(f) k –Powerful technique: new PRGs for GF(2) polynomials [BV] Questions: Are XOR lemmas tight? –[This work] “Ideal” XOR lemma  )  2 for 2-party false Bounds for (log n)-degree polynomials? Conclusion

Thank you!