Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pseudorandomness when the odds are against you

Published byAubin Abel Paré Modified over 5 years ago

Similar presentations

Presentation on theme: "Pseudorandomness when the odds are against you"— Presentation transcript:

1 Pseudorandomness when the odds are against you
Sergei Artemenko, U. Haifa Russell Impagliazzo, UCSD Valentine Kabanets, SFU Ronen Shaltiel, U. Haifa

2 Hardness versus randomness [BM,Yao,NW,BFNW,IW,KvM,MV,SU]
Under Plausible hardness assumptions Hardness Assumption: b>0 and L∈E=DTIME(2O(n)) s.t. for every large enough n, size 2bn circuits fail to solve L on inputs of length n. [IW] Randomized algorithms can be efficiently derandomized. Conclusion: BPP=P, every randomized algorithm that: Runs in time T(n) Has constant success probability (can be two sided) Can be simulated in time poly(T(n)). Polynomial slowdown is sometimes a deal breaker!

3 Randomized exponential time algorithms for k-SAT
k-SAT solvers in literature run in time 𝑇 𝑘 𝑛 = 2 𝛼 𝑘 ⋅𝑛 for constant (0< 𝛼 𝑘 <1) s.t. lim 𝑘→∞ 𝛼 𝑘 =1 For k>3, best known algorithms are randomized [PPSZ]. Can we derandomize by hardness vs. randomness? Naïve approach ⇒ trivial time: poly 𝑇 𝑘 𝑛 = 2 𝑂 𝛼 𝑘 ⋅𝑛 > 2 𝑛 Goal: negligible slowdown: 𝑇 𝑘 𝑛 ⋅ 2 𝑜 𝑛 = 2 (𝛼 𝑘 +𝑜(1))⋅𝑛 We show: PPSZ can be efficiently derandomized with negligible slowdown under plausible assumptions. First use of hardness vs. randomness for NP-problems.

4 OPaP-algorithms: Paturi-Pudlak
Dfn: A randomized algorithm A(x,y) is 𝜖-OPaP for L if it runs in time 𝑡 𝑛 = 2 𝑜 𝑛 , and for every x: 𝑥∈𝐿⇒ Pr 𝑦 𝐴 𝑥,𝑦 =1 ≥ϵ 𝑥∉𝐿⇒ Pr 𝑦 𝐴 𝑥,𝑦 =1 =0 Paturi-Pudlak: Many k-SAT solvers (e.g. PPSZ) are based on OPaP algorithms with 𝜖 𝑘 𝑛 = 2 − 𝛼 𝑘 ⋅𝑛 . Constant error randomized algorithms obtained by running A, 1 𝜖 𝑘 𝑛 = 2 𝛼 𝑘 ⋅𝑛 times, yielding final running time: 𝑇 𝑘 𝑛 = 𝑡 𝑘 𝑛 ⋅ 2 𝛼 𝑘 ⋅𝑛 = 2 (𝛼 𝑘 +𝑜(1))⋅𝑛 . This work: Derandomize OPaP algorithms.

5 Result: Hardness versus randomness for OPaP algorithms
Standard assumption: Scaled, nonuniform EXP ≠ NP Implies AM=NP [MV,SU] Result: Hardness versus randomness for OPaP algorithms Under Plausible hardness assumptions Hardness Assumption: b>0 and L∈E=DTIME(2O(n)) s.t. for every large enough n, size 2bn circuits fail to solve L on inputs of length n. Best possible, in the sense that even the weaker goal of obtaining a randomized constant error alg takes the same time. nondeterministic circuits [IW] Our results Randomized algorithms can be efficiently derandomized. Conclusion: every randomized algorithm that: Runs in time T(n) Has constant success probability (can be two sided) Can be simulated in time poly(T(n)). one-sided error, success prob ≥𝜖(𝑛) 𝑝𝑜𝑙𝑦 𝑇 𝑛 𝜖 𝑛 𝑝𝑜𝑙𝑦( 𝑇 𝑛 𝜖 𝑛 ) For OPAP (e.g. PPSZ): time 2 𝑜 𝑛 /𝜖 𝑛 = 2 (𝛼 𝑘 +𝑜(1))⋅𝑛

6 Derandomization 101 Let 𝐶: 0,1 𝑛 → 0,1 be a circuit. 𝐺: 0,1 𝑟 → 0,1 n is 𝜖-PRG for C if | Pr 𝐶 𝐺 𝑈 𝑟 =1 − Pr 𝐶 𝑈 𝑛 =1 | ≤𝜖 𝜖-HSG for C if Pr 𝐶 𝑈 𝑛 =1 >𝜖⇒∃𝑠:𝐶 𝐺 𝑠 =1. PRGs/HSGs for linear circuits ⇒ deterministic simulation of rand algs. Deterministic time = 2 𝑟 ⋅𝑇𝑖𝑚𝑒 𝐺 ⋅𝑇𝑖𝑚𝑒(𝐴𝑙𝑔). To handle algs with small success prob/large error: Short seed, preferably 𝑟≈ log 1 /𝜖 so that 2 𝑟 =1/𝜖. Efficient generators, 𝑇𝑖𝑚𝑒 𝐺 = poly(n) = 𝑜 1 𝜖 . Can we construct such PRGs/HSGs? Under what assumptions?

7 Nondeterministic circuits Deterministic circuits Hardness for
PH-circuits Nondeterministic circuits Deterministic circuits Hardness for seed: O(log n) [IW97] 𝐵𝑃𝑇𝐼𝑀 𝐸 1/4 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸(𝑝𝑜𝑙𝑦(𝑇)) ¼-PRG time poly(n) This work. seed: 𝑂( log 𝑛)+1⋅log 1 𝜖 𝑅𝑇𝐼𝑀 𝐸 𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 ) Impossible* [SV08,AS11] 𝜖-HSG Impossible* [AASY15] 𝜖-PRG ½ vs ½+𝜖 PRG 𝐵𝑃𝑇𝐼𝑀 𝐸 𝜖,2𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 2 ) 𝜖 vs 2𝜖 derandomization Hardness vs. Σ 3 -circuits. seed: 𝑂 log 𝑛+ log 1 𝜖 2 𝜖 vs 2𝜖 Hardness vs. Σ 6 -circuits. seed: ℓ+𝑂 log 𝑛+ log 1 𝜖 2 PRG for circuits that output ℓ bits *Impossible for black box reductions. Thm: 𝜖-HSG ⇔ ¼-HSG for nondeterministic circuits that use log 1 𝜖 nondeterministic bits. Corrolary: 𝜖-HSG ⇒ hardness for nondeterministic circuits that use few nondeterministic bits.

8 Nondeterministic circuits Deterministic circuits Hardness for
PH-circuits Nondeterministic circuits Deterministic circuits Hardness for seed: O(log n) [IW97] 𝐵𝑃𝑇𝐼𝑀 𝐸 1/4 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸(𝑝𝑜𝑙𝑦(𝑇)) ¼-PRG time poly(n) This work. seed: 𝑂( log 𝑛)+1⋅log 1 𝜖 𝑅𝑇𝐼𝑀 𝐸 𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 ) Impossible* [SV08,AS11] 𝜖-HSG Impossible* [AASY15] 𝜖-PRG ½ vs ½+𝜖 PRG 𝐵𝑃𝑇𝐼𝑀 𝐸 𝜖,2𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 2 ) 𝜖 vs 2𝜖 derandomization Hardness vs. Σ 3 -circuits. seed: 𝑂 log 𝑛+ log 1 𝜖 2 𝜖 vs 2𝜖 Hardness vs. Σ 6 -circuits. seed: ℓ+𝑂 log 𝑛+ log 1 𝜖 2 PRG for circuits that output ℓ bits *Impossible for black box reductions.

9 A 𝛼 1 vs 𝛼 2 PRG is a 𝐺: 0,1 𝑟 → 0,1 n s.t. for every small circuit C:
PH-circuits Nondeterministic circuits Deterministic circuits Hardness for seed: O(log n) [IW97] 𝐵𝑃𝑇𝐼𝑀 𝐸 1/4 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸(𝑝𝑜𝑙𝑦(𝑇)) ¼-PRG time poly(n) This work. seed: 𝑂( log 𝑛)+1⋅log 1 𝜖 𝑅𝑇𝐼𝑀 𝐸 𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 ) Impossible* [SV08,AS11] 𝜖-HSG Impossible* [AASY15] 𝜖-PRG ½ vs ½+𝜖 PRG 𝐵𝑃𝑇𝐼𝑀 𝐸 𝜖,2𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 2 ) 𝜖 vs 2𝜖 derandomization Hardness vs. Σ 3 -circuits. seed: 𝑂 log 𝑛+ log 1 𝜖 2 𝜖 vs 2𝜖 Hardness vs. Σ 6 -circuits. seed: ℓ+𝑂 log 𝑛+ log 1 𝜖 2 PRG for circuits that output ℓ bits *Impossible for black box reductions. A 𝛼 1 vs 𝛼 2 PRG is a 𝐺: 0,1 𝑟 → 0,1 n s.t. for every small circuit C: Pr 𝐶 𝑈 𝑛 =1 ≤ 𝛼 1 ⇒ Pr 𝐶 𝐺 𝑈 𝑟 =1 ≤ 𝛼 2 . 𝜖-PRG is 𝛼 vs 𝛼+𝜖 PRG for every 𝛼. Can we get PRGs/Derandomization for small 𝛼,𝜖?

10 A 𝛼 1 vs 𝛼 2 PRG is a 𝐺: 0,1 𝑟 → 0,1 n s.t. for every small circuit C:
PH-circuits Nondeterministic circuits Deterministic circuits Hardness for seed: O(log n) [IW97] 𝐵𝑃𝑇𝐼𝑀 𝐸 1/4 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸(𝑝𝑜𝑙𝑦(𝑇)) ¼-PRG time poly(n) This work. seed: 𝑂( log 𝑛)+1⋅log 1 𝜖 𝑅𝑇𝐼𝑀 𝐸 𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 ) Impossible* [SV08,AS11] 𝜖-HSG Impossible* [AASY15] 𝜖-PRG ½ vs ½+𝜖 PRG 𝐵𝑃𝑇𝐼𝑀 𝐸 𝜖,2𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 2 ) 𝜖 vs 2𝜖 derandomization Hardness vs. Σ 3 -circuits. seed: 𝑂 log 𝑛+ log 1 𝜖 2 𝜖 vs 2𝜖 Hardness vs. Σ 6 -circuits. seed: ℓ+𝑂 log 𝑛+ log 1 𝜖 2 PRG for circuits that output ℓ bits A 𝛼 1 vs 𝛼 2 PRG is a 𝐺: 0,1 𝑟 → 0,1 n s.t. for every small circuit C: Pr 𝐶 𝑈 𝑛 =1 ≤ 𝛼 1 ⇒ Pr 𝐶 𝐺 𝑈 𝑟 =1 ≤ 𝛼 2 . 𝜖-PRG is 𝛼 vs 𝛼+𝜖 PRG for every 𝛼. Can we get PRGs/Derandomization for small 𝛼,𝜖?

11 A 𝛼 1 vs 𝛼 2 PRG is a 𝐺: 0,1 𝑟 → 0,1 n s.t. for every small circuit C:
PH-circuits Nondeterministic circuits Deterministic circuits Hardness for seed: O(log n) [IW97] 𝐵𝑃𝑇𝐼𝑀 𝐸 1/4 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸(𝑝𝑜𝑙𝑦(𝑇)) ¼-PRG time poly(n) This work. seed: 𝑂( log 𝑛)+1⋅log 1 𝜖 𝑅𝑇𝐼𝑀 𝐸 𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 ) Impossible* [SV08,AS11] 𝜖-HSG Impossible* [AASY15] 𝜖-PRG ½ vs ½+𝜖 PRG 𝐵𝑃𝑇𝐼𝑀 𝐸 𝜖,2𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 2 ) 𝜖 vs 2𝜖 derandomization Hardness vs. Σ 3 -circuits. seed: 𝑂 log 𝑛+ log 1 𝜖 2 𝜖 vs 2𝜖 Hardness vs. Σ 6 -circuits. seed: ℓ+𝑂 log 𝑛+ log 1 𝜖 2 PRG for circuits that output ℓ bits A 𝛼 1 vs 𝛼 2 PRG is a 𝐺: 0,1 𝑟 → 0,1 n s.t. for every small circuit C: Pr 𝐶 𝑈 𝑛 =1 ≤ 𝛼 1 ⇒ Pr 𝐶 𝐺 𝑈 𝑟 =1 ≤ 𝛼 2 . 𝜖-PRG is 𝛼 vs 𝛼+𝜖 PRG for every 𝛼.

12 Nondeterministic circuits Deterministic circuits Hardness for
PH-circuits Nondeterministic circuits Deterministic circuits Hardness for seed: O(log n) [IW97] 𝐵𝑃𝑇𝐼𝑀 𝐸 1/4 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸(𝑝𝑜𝑙𝑦(𝑇)) ¼-PRG time poly(n) This work. seed: 𝑂( log 𝑛)+1⋅log 1 𝜖 𝑅𝑇𝐼𝑀 𝐸 𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 ) Impossible* [SV08,AS11] 𝜖-HSG Impossible* [AASY15] 𝜖-PRG ½ vs ½+𝜖 PRG 𝐵𝑃𝑇𝐼𝑀 𝐸 𝜖,2𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 2 ) 𝜖 vs 2𝜖 derandomization Hardness vs. Σ 3 -circuits. seed: 𝑂 log 𝑛+ log 1 𝜖 2 𝜖 vs 2𝜖 Hardness vs. Σ 6 -circuits. seed: ℓ+𝑂 log 𝑛+ log 1 𝜖 2 nb-PRG for circuits that output ℓ bits

13 A 𝛼 1 vs 𝛼 2 nb-PRG [DI06,AS14,AASY15] is a 𝐺: 0,1 𝑟 → 0,1 n s.t.
for every small circuit 𝐶: 0,1 𝑛 → 0,1 ℓ , and any function 𝐷: 0,1 ℓ →{0,1} Pr 𝐷(𝐶 𝑈 𝑛 )=1 ≤ 𝛼 1 ⇒ Pr 𝐷(𝐶 𝐺 𝑈 𝑟 )=1 ≤ 𝛼 2 . PH-circuits Nondeterministic circuits Deterministic circuits Hardness for seed: O(log n) [IW97] 𝐵𝑃𝑇𝐼𝑀 𝐸 1/4 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸(𝑝𝑜𝑙𝑦(𝑇)) ¼-PRG time poly(n) This work. seed: 𝑂( log 𝑛)+1⋅log 1 𝜖 𝑅𝑇𝐼𝑀 𝐸 𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 ) Impossible* [SV08,AS11] 𝜖-HSG Impossible* [AASY15] 𝜖-PRG ½ vs ½+𝜖 PRG 𝐵𝑃𝑇𝐼𝑀 𝐸 𝜖,2𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 2 ) 𝜖 vs 2𝜖 derandomization Hardness vs. Σ 3 -circuits. seed: 𝑂 log 𝑛+ log 1 𝜖 2 𝜖 vs 2𝜖 Hardness vs. Σ 6 -circuits. seed: ℓ+𝑂 log 𝑛+ log 1 𝜖 2 nb-PRG for circuits that output ℓ bits PH-circuits Nondeterministic circuits Deterministic circuits Hardness for seed: O(log n) [IW97] 𝐵𝑃𝑇𝐼𝑀 𝐸 1/4 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸(𝑝𝑜𝑙𝑦(𝑇)) ¼-PRG time poly(n) This work. seed: 𝑂( log 𝑛)+1⋅log 1 𝜖 𝑅𝑇𝐼𝑀 𝐸 𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 ) Impossible* [SV08,AS11] 𝜖-HSG Impossible* [AASY15] 𝜖-PRG ½ vs ½+𝜖 PRG 𝐵𝑃𝑇𝐼𝑀 𝐸 𝜖,2𝜖 𝑇 ⊆𝐷𝑇𝐼𝑀𝐸( 𝑝𝑜𝑙𝑦 𝑇 𝜖 2 ) 𝜖 vs 2𝜖 derandomization Hardness vs. Σ 3 -circuits. seed: 𝑂 log 𝑛+ log 1 𝜖 2 𝜖 vs 2𝜖 Hardness vs. Σ 6 -circuits. seed: ℓ+𝑂 log 𝑛+ log 1 𝜖 2 PRG for circuits that output ℓ bits

14 A construction of 𝜖-HSGs with seed r=𝑂( log 𝑛)+ log (1 /𝜖)
Proof: Nondet. Reduction: Hardness Assumption for nondeterministic circuits G’ is not an 𝜖-HSG ∃small circuit 𝐶: 0,1 𝑛 →{0,1} Pr 𝐶 𝑈 𝑛 =1 ≥𝜖, yet: ∀ 𝑠 1 , 𝑠 2 :C G ′ s 1 , s 2 =0. Let 𝐷 𝑧 ≔∃ 𝑠 2 : 𝐶(ℎ 𝑧 ( 𝑠 2 ))=1. Small nondeterministic circuit. ∀ 𝑠 1 :𝐷 𝐺 𝑠 1 =0. 2-wise ⇒ Pr 𝐷 𝑈 2𝑛 =1 ≥ 1 2 ⇒ D ¼-distinguishes G. ∎ [IW97,KvM99,MV99,SU01] ¼-HSG 𝐺: 0,1 𝑂( log 𝑛) → 0,1 2𝑛 for nondeterministic circuits computable in time poly(n) 𝐺 ′ ( 𝑠 1 , 𝑠 2 )= ℎ 𝐺 𝑠 𝑠 2 where: ℎ: 0,1 log⁡(1/𝜖) → 0,1 𝑛 is from wise independent family

15 A construction of 𝜖 vs 2𝜖 PRG High level idea: Follow NW
Construction: Encode truth table of f to get truth table of g. Reduction: sublinear time local list decoding algorithm Hardness assumption Hardness Amplification 𝑓→𝑔 𝑓 worst case hard ⇒𝑔 average-case hard G(x)=(x,g(x)) PRG with one bit stretch Nisan-Wigderson Generator Need to tailor details To our setup PRG with large stretch Impossible for black box PH reductions [AASY15]. Following [FL96,TV00,AASY15] we use: approximate counting and uniform sampling of NP witnesses [St83,JVV86,BGP00] to give a PH reduction with time 𝑝𝑜𝑙𝑦 𝑛 =𝑜( 1 𝜖 ) ⇒ 𝜖 vs 2𝜖 PRG.

16 Hardness Assumption for PH-circuits
A construction of 𝜖 vs 2𝜖 PRG with one bit stretch (inspired by [TV00,AASY15]) Construction: Proof by PH-Reduction: Given x: sampling w ∈ 𝑅 𝑧: 𝑇 𝑥 𝑧 =1 can be done by PH-circuits [JVV,BGP]. Uniform sampling of NP witnesses. 𝑇 𝑥 is a PH-circuit by [S,JVV]: approximate counting in PH. This is where we use 𝜖 vs 2𝜖 rather than ½ vs ½+𝜖. G is not an 𝜖 vs 2𝜖 PRG ∃small circuit 𝐶 Pr 𝐶 𝑋,𝑌, 𝑈 =1 ≤𝜖, yet Pr⁡[𝐶 𝑋,𝑌,𝐸 𝑓(𝑋),𝑌 =1 ≥2𝜖 Let 𝑇 𝑥 𝑧 ≔1 iff Pr 𝐶 𝑥,𝑌, 𝑈 =1 Pr 𝐶 𝑥,𝑌, 𝑈 =1 ≤𝜖, and Pr⁡[𝐶 𝑥,𝑌, 𝐸(𝑧,𝑌)=1 ≥2𝜖 For good x: 𝑇 𝑥 𝑓 𝑥 =1. Ext ⇒ 𝑇 𝑥 accepts very few z’s. Given x: w ∈ 𝑅 𝑧: 𝑇 𝑥 𝑧 =1 is with noticeable prob. f(x). Hardness Assumption for PH-circuits s.t. for noticable fraction of x’s x [TV00] x x 𝑓: 0,1 𝑛 → 0,1 𝑛 ′ :=Ω(𝑛) that is extremely hard on average circuits succeed w.p ≤ 2 − 𝑛 ′ /3 “Goldereich-Levin” “Code concatenation” 𝑔 𝑥,𝑦 =𝐸 𝑓 𝑥 ,𝑦 , where: E is a strong seeded extractor that outputs one bit 𝐺 𝑥,𝑦 = 𝑥,𝑦,𝑔 𝑥,𝑦

17 Conclusion and Open problems
Conditional Derandomization/HSGs/PRGs for low-error regime. Power and limitations of PH-reductions. Open problems: Derandomization of general SAT-solvers. More applications of 𝜖 vs 2𝜖 PRGs/nb-PRGs. Minimal assumptions for 𝜖 vs 2𝜖 PRGs/nb-PRGs. That’s it…

18 That’s it…

19 Goal: Reduce randomness complexity of sampling procedures [DI06].
Given: poly-size circuit C:{0,1}n ! {0,1}𝑙 s.t. C(Un) is “desired dist.” P on {0,1}𝑙. (think: n=𝑙e for some e>1). Design C’:{0,1}r ! {0,1}𝑙 r << n. C’(Ur) statistically-close to P=C(Un). Goal r ≈ 𝑙, (best possible). Small statistical error 𝜖. C’ is of poly-size. 𝑙 P C Un n 𝑙 ≈P C’ Ur r

20 non-boolean PRGs nb-PRGs [DI06]
nb-PRG: G:{0,1}r ! {0,1}n, ²–fools C:{0,1}n ! {0,1}𝑙 if C(G(Ur)) ²–close to C(Un) in stat. dist. In boolean case (𝑙=1):  |Pr[C(G(Ur))=1) – Pr[C(Un)=1]| ≤ ² nb-PRGs generalize (standard) PRGs. C’(Ur)=C(G(Ur)) is ²–close to P=C(Un). Indeed r<<n. Application dictates: for C of size nc, to get efficient C’: ⇒ Can allow G time nb for b>c. (NW-setting). ≈P C C’ pseudorandom G Ur

21 Previous work and our results on nb-PRGs
A 𝛼 1 vs 𝛼 2 nb-PRG is a 𝐺: 0,1 𝑟 → 0,1 n s.t. for every small circuit 𝐶: 0,1 𝑛 → 0,1 ℓ , and any function 𝐷: 0,1 ℓ →{0,1} Pr 𝐷(𝐶 𝑈 𝑛 )=1 ≤ 𝛼 1 ⇒ Pr 𝐷(𝐶 𝐺 𝑈 𝑟 )=1 ≤ 𝛼 2 . PH-circuits Nondeterministic circuits Deterministic circuits Hardness for [AS14] Hardness vs. Σ 2 -circuits. seed: 𝑂 ℓ+ log 𝑛 [AASY15] 1 𝑛 𝑐 − nb-PRG Impossible* [AASY15] 𝜖-nb-PRG This work. Hardness vs. Σ 6 -circuits. seed: ℓ+𝑂 log 𝑛+ log 1 𝜖 2 Impossible* [SV08,AS11] 𝜖 vs 2𝜖 nb-PRG for circuits that output ℓ bits There are also constructions based on incompressibility assumptions [DI06].

22 𝜖 vs 2𝜖 nb-PRGs (following [AASY15])
A random 𝑡= 𝑛 𝑂(𝑐) −wise independent function ℎ 𝑠 : 0,1 𝑟 → 0,1 𝑛 :s← 0,1 𝑛 𝑂 𝑐 is w.h.p. an 𝜖 vs 2𝜖 nb-PRG, for 𝑟=ℓ+𝑂(log 𝑛 𝜖 ). Checking whether a given function ℎ 𝑠 is such a PRG is in Σ 3 𝑃 . (This is where 𝜖 vs 2𝜖 comes up). Let 𝐺: 0,1 𝑟′ → 0,1 𝑡= 𝑛 𝑂(𝑐) be an 𝜖 vs 2𝜖 PRG for Σ 3 -circuits. For a random seed 𝑠∈ 0,1 𝑟′ , 𝐺′ ⋅ = ℎ 𝐺(𝑠) (⋅) is with prob 1−𝜖, a 𝜖 vs 2𝜖 PRG. Let 𝐺′: 0,1 𝑟+𝑟′ → 0,1 𝑚 be 𝐺′ 𝑥,𝑠 = ℎ 𝐺(𝑠) (𝑥) then f is a 𝜖 vs 3𝜖 PRG.

Download ppt "Pseudorandomness when the odds are against you"

Similar presentations

On the Complexity of Parallel Hardness Amplification for One-Way Functions Chi-Jen Lu Academia Sinica, Taiwan.

On the Complexity of Parallel Hardness Amplification for One-Way Functions Chi-Jen Lu Academia Sinica, Taiwan.
Unconditional Weak derandomization of weak algorithms Explicit versions of Yao s lemma Ronen Shaltiel, University of Haifa :

Unconditional Weak derandomization of weak algorithms Explicit versions of Yao s lemma Ronen Shaltiel, University of Haifa :
Low-End Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Ronen Shaltiel, University of Haifa Chris Umans, Caltech.

Low-End Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Ronen Shaltiel, University of Haifa Chris Umans, Caltech.
An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?
Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.

Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.
Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.

Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.
Models of Computation Prepared by John Reif, Ph.D. Distinguished Professor of Computer Science Duke University Analysis of Algorithms Week 1, Lecture 2.

Models of Computation Prepared by John Reif, Ph.D. Distinguished Professor of Computer Science Duke University Analysis of Algorithms Week 1, Lecture 2.
Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.

Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.
Direct Product : Decoding & Testing, with Applications Russell Impagliazzo (IAS & UCSD) Ragesh Jaiswal (Columbia) Valentine Kabanets (SFU) Avi Wigderson.

Direct Product : Decoding & Testing, with Applications Russell Impagliazzo (IAS & UCSD) Ragesh Jaiswal (Columbia) Valentine Kabanets (SFU) Avi Wigderson.
Average-case Complexity Luca Trevisan UC Berkeley.

Average-case Complexity Luca Trevisan UC Berkeley.
Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.

Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.
Derandomization & Cryptography Boaz Barak, Weizmann Shien Jin Ong, MIT Salil Vadhan, Harvard.

Derandomization & Cryptography Boaz Barak, Weizmann Shien Jin Ong, MIT Salil Vadhan, Harvard.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Talk for Topics course. Pseudo-Random Generators pseudo-random bits PRG seed Use a short “ seed ” of very few truly random bits to generate a long string.

Talk for Topics course. Pseudo-Random Generators pseudo-random bits PRG seed Use a short “ seed ” of very few truly random bits to generate a long string.
Simple extractors for all min- entropies and a new pseudo- random generator Ronen Shaltiel Chris Umans.

Simple extractors for all min- entropies and a new pseudo- random generator Ronen Shaltiel Chris Umans.
Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.

Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Pseudorandomness for Approximate Counting and Sampling Ronen Shaltiel University of Haifa Chris Umans Caltech.

Pseudorandomness for Approximate Counting and Sampling Ronen Shaltiel University of Haifa Chris Umans Caltech.
Circuit Complexity and Derandomization Tokyo Institute of Technology Akinori Kawachi.

Circuit Complexity and Derandomization Tokyo Institute of Technology Akinori Kawachi.
A survey on derandomizing BPP and AM Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.

A survey on derandomizing BPP and AM Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.

Similar presentations

Ads by Google