# Algebrization: A New Barrier in Complexity Theory

## Presentation on theme: "Algebrization: A New Barrier in Complexity Theory"— Presentation transcript:

Algebrization: A New Barrier in Complexity Theory
P=BPP PNP Scott Aaronson (MIT) Avi Wigderson (IAS) NEXPP/poly NPSIZE(n) 4xyw-12yz+17xyzw-2x-2y-2z-2w IP=PSPACE MIP=NEXP NEXPP/polyNEXP=MA RG=EXP 13xw-44xz+x-7y+ -15xyz+43xy-5x PPSIZE(n) PPP/polyPP=MA PromiseMASIZE(n) MAEXPP/poly

What To Call It? SCOTT & AVI A NEW KIND OF ORACLE
Algebraic Relativization? Algevitization? Algevization? Algebraicization? Algebraization? Algebrization?

Any proof of PNP will have to defeat two terrifying monsters…
ARITHMETIZATION DIAGONALIZATION Any proof of PNP will have to defeat two terrifying monsters… A Relativization [Baker-Gill-Solovay 1975] Natural Proofs [Razborov-Rudich 1993] PNP Furthermore, even our best weapons seem to work against one monster but not the other…

Vinodchandran’s Proof:
Yet within the last decade, we’ve seen circuit lower bounds that overcome both barriers [Buhrman-Fortnow-Thierauf 1998]: MAEXP  P/poly Furthermore, this separation doesn’t relativize [Vinodchandran 2004]: PP  SIZE(nk) for every fixed k [A. 2006]: Vinodchandran’s result is non-relativizing Vinodchandran’s Proof: PP  P/poly  We’re done PP  P/poly  P#P = MA [LFKN]  P#P = PP  2P  PP [Toda]  PP  SIZE(nk) [Kannan] Non-Relativizing Non-Naturalizing [Santhanam 2007]: PromiseMA  SIZE(nk) for fixed k

Bottom Line: Relativization and natural proofs, even taken together, are no longer insuperable barriers to circuit lower bounds Obvious Question [Santhanam 2007]: Is there a third barrier? This Talk: Unfortunately, yes. “Algebrization”: A generalization of relativization where the simulating machine gets access not only to an oracle A, but also a low-degree extension Ã of A over a finite field or ring We show: Almost all known techniques in complexity theory algebrize Any proof of PNP—or even P=RP or NEXPP/poly—will require non-algebrizing techniques

Algebrizing Relativizing Naturalizing
[Your result here] [LFKN], [Shamir], [BFL], [BFT], [Vinodchandran], [Santhanam], [IKW], … [GMW?] Relativizing Naturalizing [Toda], [Impagliazzo-Wigderson], [Valiant-Vazirani], [Kannan], hundreds more [Furst-Saxe-Sipser], [Razborov-Smolensky], [Raz], dozens more

Outline A New Kind of Relativization
Why Existing Results Algebrize Example: coNPIP The Need for Non-Algebrizing Techniques …to prove PNP …to prove P=RP Connections to Communication Complexity O(N log N) MA-protocol for Inner Product Conclusions and Open Problems

Outline A New Kind of Relativization
Why Existing Results Algebrize Example: coNPIP The Need for Non-Algebrizing Techniques …to prove PNP …to prove P=RP Connections to Communication Complexity O(N log N) MA-protocol for Inner Product Conclusions and Open Problems

First, the old kind of relativization…
x1 x2 x3 A x4 An oracle is basically just a Boolean function A that we can insert into a circuit as a “black box” Given a complexity class C, CA is the class of problems solvable by a C machine with oracle access to A The inclusion CD relativizes if CADA for all oracles A CA[poly]: Polynomial-size queries to A only CA[exp]: Exponential-size queries also allowed

To prove an oracle separation between C and D means to construct an A such that CADA.
In designing A, we get to be arbitrarily devious—toggling each bit independently. Example: Suppose a P machine is looking for an x{0,1}n such that A(x)=1. Then we can wait to see which x’s the machine queries, set A(x)=0 for all of them, and set A(x)=1 for some x that wasn’t queried. This idea (plus diagonalization over all P machines) was used by [Baker-Gill-Solovay] to create an A such that PANPA.

Now for the “new” relativization
An extension of a Boolean function A:{0,1}n{0,1} is an integer-valued polynomial Ã:ZnZ that agrees with A on all 2n Boolean points. Given a set of Boolean functions A={An} (one for each input size n), we’ll be interested in sets of polynomials Ã={Ãn} with the following properties: (i) Ãn is an extension of An for every n. (ii) deg(Ãn)  cn for some constant c. (iii) size(Ãn(x))  p(size(x)) for some polynomial p, where Note: Can also consider extensions over finite fields instead of the integers. Will tell you when this distinction matters.

A complexity class inclusion CD algebrizes if CADÃ for all oracles A and all extensions Ã of A.
Proving CD requires non-algebrizing techniques if there exist A,Ã such that CADÃ. A separation CD algebrizes if CÃDA for all A,Ã. Proving CD requires non-algebrizing techniques if there exist A,Ã such that CÃDA. Notice we’ve defined things so that every relativizing result is also algebrizing. Why not require CÃDÃ? Because we don’t know how to prove things like PSPACEÃIPÃ!

Related Work Low-degree oracles have been studied before for various reasons [Fortnow94] defined a class O of oracles such that IPA=PSPACEA for all AO Since he wanted the same oracle A on both sides, he had to define A recursively (take a low-degree extension, then reinterpret as a Boolean function, then take another low-degree extension, etc.) He didn’t consider algebraic oracle separations (indeed, proving separations in his model seems much harder than in ours)

Outline A New Kind of Relativization
Why Existing Results Algebrize Example: coNPIP The Need for Non-Algebrizing Techniques …to prove PNP …to prove P=RP Connections to Communication Complexity O(N log N) MA-protocol for Inner Product Conclusions and Open Problems

Why coNPIP Algebrizes
Recall the usual coNPIP proof of [LFKN]: Bullshit! The only time Arthur ever has to evaluate the polynomial p directly is in the very last round—when he checks that p(r1,…,rn) equals what Merlin said it does, for some r1,…,rn chosen randomly in the previous rounds.

 A g x y How was the polynomial p produced?
By starting from a Boolean circuit, then multiplying together terms that enforce “correct propagation” at each gate: A(x,y)g + (1-A(x,y))(1-g) Ã(x,y)g + (1-Ã(x,y))(1-g) xyg + (1-xy)(1-g) x y g A Arthur and Merlin then reinterpret p not as a Boolean function, but as a polynomial over some larger field. But what if the circuit contained oracle gates? Then how could Arthur evaluate p over the larger field? He’d almost need oracle access to a low-degree extension Ã of A. Hey, wait…

Other Results That Algebrize
PSPACEA[poly]  IPÃ [Shamir] NEXPA[poly]  MIPÃ [BFL] EXPA[poly]  RGÃ (RG = Refereed Games) [FK] PPÃ  PÃ/poly  PPA  MAÃ [LFKN] NEXPÃ[poly]  PÃ/poly  NEXPA[poly]  MAÃ [IKW] MAEXPÃ[exp]  PA/poly [BFT] PPÃ  SIZEA(n) [Vinodchandran] PromiseMAÃ  SIZEA(n) [Santhanam]  OWF secure against PÃ  NPA  ZKIPÃ [GMW]

Outline A New Kind of Relativization
Why Existing Results Algebrize Example: coNPIP The Need for Non-Algebrizing Techniques …to prove PNP …to prove P=RP Connections to Communication Complexity O(N log N) MA-protocol for Inner Product Conclusions and Open Problems

Proving PNP Will Require Non-Algebrizing Techniques
Theorem: There exists an oracle A, and an extension Ã, such that NPÃPA. Proof: Let A be a PSPACE-complete language, and let Ã be the unique multilinear extension of A. Then Ã is also PSPACE-complete [BFL]. Hence NPÃ = PA = PSPACE.

Harder Example: Proving P=RP Will Require Non-Algebrizing Techniques (hence P=NP as well)
Theorem: There exist A,Ã such that RPAPÃ. What’s the difficulty here, compared to “standard” oracle separation theorems? Since Ã is a low-degree polynomial, we don’t have the freedom to toggle each Ã(x) independently. I.e. the algorithm we’re fighting is no longer looking for a needle in a haystack—it can also look in the haystack’s low-degree extension! We will defeat it anyway.

Theorem: Let F be a field, and let YFn be the set of points queried by the algorithm. Then there exists a polynomial p:FnF, of degree at most 2n, such that (i) p(y)=0 for all yY. (ii) p(z)=1 for at least 2n-|Y| Boolean points z. (iii) p(z)=0 for the remaining Boolean points. 1 Y

Proof: Given a Boolean point z, let z be the unique multilinear polynomial that’s 1 at z and 0 at all other Boolean points. Then we can express any multilinear polynomial r as A standard diagonalization argument now yields the separation between P and RP we wanted—at least in the case of finite fields. Requiring r(y)=0 for all yY yields |Y| linear equations in 2n unknowns. Hence there exists a solution r such that r(z)0 for at least 2n-|Y| Boolean points z. We now set In the integers case, we can no longer use Gaussian elimination to construct r. However, we (i.e. Avi) found a clever way around this problem using Chinese remaindering and Hensel lifting, provided every query y satisfies size(y)=O(poly(n)).

Other Oracle Results We Can Prove By Building “Designer Polynomials”
A,Ã : NPA  coNPÃ A,Ã : NPA  BPPÃ (only for finite fields, not integers) A,Ã : NEXPÃ  PA/poly A,Ã : NPÃ  SIZEA(n) By contrast, MAEXP  P/poly and PromiseMA  SIZE(n) algebrize! Since MAEXP and MA are “just above” NEXP and NP respectively (indeed equal to them under derandomization assumptions), we seem to get a precise explanation for why progress on non-relativizing circuit lower bounds stopped where it did.

Outline A New Kind of Relativization
Why Existing Results Algebrize Example: coNPIP The Need for Non-Algebrizing Techniques …to prove PNP …to prove P=RP Connections to Communication Complexity O(N log N) MA-protocol for Inner Product Conclusions and Open Problems

From Algebraic Query Algorithms to Communication Protocols
A(000)=1 A(001)=0 A(010)=0 A(011)=1 A(100)=0 A(101)=0 A(110)=1 A(111)=1 A0 A1 Truth table of a Boolean function A Alice and Bob’s Goal: Compute some property of the function A:{0,1}n{0,1}, using minimal communication. Let Ã:FnF be the unique multilinear extension of A over a finite field F. Theorem: If a problem can be solved using T queries to Ã, then it can also be solved using O(Tnlog|F|) bits of communication between Alice and Bob.

This argument works just as well in the randomized world, the nondeterministic world, the quantum world… Proof: Given any point yFn, we can write Also works with integer extensions (we didn’t have to use a finite field). The protocol is now as follows: y1 (O(nlog|F|) bits) Ã1(y1) (O(log|F|) bits) Theorem: If a problem can be solved using T queries to Ã, then it can also be solved using O(Tnlog|F|) bits of communication between Alice and Bob. y2 (O(nlog|F|) bits)

Advantage of this approach: Ã is just the multilinear extension of A!
The Harvest: Separations in Communication Complexity Imply Algebraic Oracle Separations (2n) randomized lower bound for Disjointness [KS 1987] [Razborov 1990]  A,Ã : NPA  BPPÃ (2n/2) quantum lower bound for Disjointness [Razborov 2002]  A,Ã : NPA  BQPÃ (2n/2) lower bound on MA-protocols for Disjointness [Klauck 2003]  A,Ã : coNPA  MAÃ Exponential separation between classical and quantum communication complexities [Raz 1999]  A,Ã : BQPA  BPPÃ Exponential separation between MA and QMA communication complexities [Raz-Shpilka 2004]  A,Ã : QMAA  MAÃ Advantage of this approach: Ã is just the multilinear extension of A! Disadvantage: The functions achieving the separations are more contrived (e.g. Disjointness instead of OR).

“Hardest” communication predicate?
Can also go the other way: use algebrization to get new communication protocols Recall that [Klauck 2003] showed Disjointness requires total communication (N) (where N=2n), even with a Merlin around to prove Alice and Bob’s sets are disjoint. “Obvious” Conjecture: Klauck’s lower bound can be improved to (N). The obvious conjecture is false! We give an MA-protocol for Disjointness (and indeed Inner Product) with total communication cost O(N log N). “Hardest” communication predicate?

O(N log N) MA-protocol for Inner Product
A:[N][N]{0,1} B:[N][N]{0,1} Claimed value S’ for S rRF Alice and Bob’s Goal: Compute First step: Let F be a finite field with |F|[N,2N]. Extend A and B to degree-(N-1) polynomials Now let If Merlin is honest, then But how to check S’=S? If S’S, then

Outline A New Kind of Relativization
Why Existing Results Algebrize Example: coNPIP The Need for Non-Algebrizing Techniques …to prove PNP …to prove P=RP Connections to Communication Complexity O(N log N) MA-protocol for Inner Product Conclusions and Open Problems

Conclusions Arithmetization had a great run.
It led to IP=PSPACE, the PCP Theorem, non-relativizing circuit lower bounds… Yet we showed it’s fundamentally unable to resolve barrier problems like P vs. NP, or even P vs. BPP or NEXP vs. P/poly. Why? It “doesn’t pry open the black-box wide enough.” I.e. it uses a polynomial-size Boolean circuit to produce a low-degree polynomial, which it then evaluates as a black box. It doesn’t exploit the small size of the circuit in any “deeper” way. To reach this conclusion, we introduced a new model of algebraic query complexity, which has independent applications (e.g. to communication complexity) and lots of nooks and crannies to explore in its own right.

Open Problems Develop non-algebrizing techniques!
Do there exist A,Ã such that coNPA  AMÃ? Can we improve PSPACEA[poly]  IPÃ to PSPACEÃ[poly] = IPÃ? Is MAEXPÃ[poly]  PA/poly? Can our query complexity lower bound for integer extensions be generalized to queries of unbounded size? Do algebraic query complexity lower bounds ever imply communication complexity lower bounds? How far can we generalize our results to arbitrary error-correcting codes (not just low-degree extensions)? Can we construct “pseudorandom low-degree polynomials”?

Similar presentations