1 / 13

Pseudorandom Generators and Typically-Correct Derandomization

Pseudorandom Generators and Typically-Correct Derandomization. Jeff Kinne , Dieter van Melkebeek University of Wisconsin-Madison Ronen Shaltiel University of Haifa. The Power of Randomness?. Is randomness more powerful for … Time-Bounded Algs? Interactive Proofs? Space-Bounded Algs?.

liko
Télécharger la présentation

Pseudorandom Generators and Typically-Correct Derandomization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Pseudorandom Generators andTypically-Correct Derandomization Jeff Kinne, Dieter van MelkebeekUniversity of Wisconsin-Madison Ronen Shaltiel University of Haifa

  2. The Power of Randomness? • Is randomness more powerful for … • Time-Bounded Algs? • Interactive Proofs? • Space-Bounded Algs? • Weaker Derandomization • [IW] “heuristic” • [GW] “typically-correct” BPP P Circuit Testing PRIMES • Does BPP = P? • Yes, if pseudorandom generators • Yes, if E ⊈ SIZE(2εn)[NW, IW, STV, SU, …] • But, circuit lower bounds difficult, • [KI] BPP=P ⇒ circuit lower bounds Random strings AM NP reject accept Graph Non-Iso BPL L UndirectedSTCON Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  3. Typically-Correct Derandomization • More efficient derandomizations? • Weaker (or no) hardness assumptions? • How to leverage ability to make errors? • Randomized Algorithm A(x, r) computing lang L • B typically-correct for L: makes at most δ·2n errors • Our Contributions • New PRG approach • Simpler proofs, new derandomizations • Difficulty of proving typ-correct derand of BPP Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  4. Extract Randomness from Input [GW] • If(1)most r correct for all x and (2) |r| < |x| • B(x) = A(x, x)makes few errors • Make error very small: B(x) = Majy(A(x, E(x,y))) • BPP: ifP hard-on-average for SIZESAT(nd),use PRG tomake alg satisfy Randomized Algorithm A(x, r) computing lang L Deterministic simulation B(x) = A(x, E(x)) Subsequent work: [vMS], [Zim], [Sha] Set of all r ≈ set of all x “perfect” r •x Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  5. Extract Randomness from Input [Sha] • Use PRG to get |r| < |x| • BPP: if P very hard-on-average for SIZE(nd) … • Unconditional results for AC0, streaming algs, … • Assume |r| < |x|, goal: Prx[A(x,E(x)) = L(x)] ≈ Prx,r[A(x,r) = L(x)] ≥1-ρ Randomized Algorithm A(x, r) computing lang L Deterministic simulation B(x) = A(x, E(x)) E is2-Ω(m)-extractor for {x | A(x,r) = L(x)}, fixed “good” r Σ“good”r∊{0,1}m Σr∊{0,1}m Prx[A(x,r) = L(x)] · Prx[E(x) = r | A(x,r) = L(x)] Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  6. Pseudorandom Generator Approach Randomized Algorithm A(x, r) computing lang L Deterministic simulation B(x) = A(x, E(x)) • View (x, r) as single combined input • G a “seed-extending” function, G(x) = x, E(x) • Show: |Prx[A(G(x)) = L(x)] - Prx,r[A(x,r) = L(x)]| ≤ ε • Yes if: G is ε-PRG against tests T(x,r): T(x,r) = 1 iff A(x,r) = L(x) A(G(x)) Goal: Prx[A(x,E(x)) = L(x)] ≈ Prx,r[A(x,r) = L(x)] ≥ 1-ρ A(G(x)) Then B makes≤ ρ+ε errors Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  7. Pseudorandom Generator Approach • Can PRG’s be seed-extending? • Cryptographic – No! • Derandomization – Yes! [NW, STV, SU, …] • Different use of PRG • B only runs G once – very efficient if G is • Compare to [GW], [Sha] (PRG + extractor) • PRG is already enough! Randomized Algorithm A(x, r) computing lang L B(x) = A(G(x)), G a seed-extending PRG Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  8. New Typically-Correct Derand Results • BPP: P is 1/nc-hard for SIZE(nd)⇒ B in poly time andB(x)=L(x) for all but 1/nc fraction of x • Similar conditional results for AM, BPL, … Randomized Algorithm A(x, r) computing lang L B(x) = A(x, NWH(x)) NWH based on hardness of H Weaker than [GW], [Sha] Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  9. New Typically-Correct Derand Results • AC0 with few symmetric gates: A uses o(log2n) symm gates, error ρ≤ 1/3 ⇒ B in AC0[sym] and within ρ+n-Ω(log n) of L • Other settings: multi-party comm, … Randomized Algorithm A(x, r) computing lang L B(x) = A(x, NWH(x))NWH based on hardness of H Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  10. Comparison with [Sha] • ⇒ PRG approach can prove all of [Sha] E is a seedless 2-Ω(|r|)-extractor fordistributions ≈ {x | A(x, r) = L(x)} [Sha] A(x, E(x)) typically-correct for L (x, E(x)) is a 2-Ω(|r|)-PRG for tests T(x,r) = 1 iff A(x,r) = L(x) Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  11. Difficulty of Proving Typ-Cor Derand • [KI]BPP ⊆ NSUBEXP ⇒ NEXP ⊈ P/poly or PERM ∉ Arith-P/poly • Typically-correct derandomization without circuit lower bounds? • No for small error: NSUBEXP computes BPP with ≤ 2nε errors • Large error: cannot do with relativizing techniques or arithmetization [AW] Simpler proof for everywhere-correct setting Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  12. Recap • New seed-extending PRG approach • simpler proofs, weaker hardness conditions • Unconditional results in some settings! • But, for BPP: unconditional results difficult • Typically-Correct Derandomization • Allowed to make small # of errors Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  13. Thanks! * Full paper and annotated slides available from my website Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

More Related