130 likes | 236 Vues
Pseudorandom Generators and Typically-Correct Derandomization. Jeff Kinne , Dieter van Melkebeek University of Wisconsin-Madison Ronen Shaltiel University of Haifa. The Power of Randomness?. Is randomness more powerful for … Time-Bounded Algs? Interactive Proofs? Space-Bounded Algs?.
E N D
Pseudorandom Generators andTypically-Correct Derandomization Jeff Kinne, Dieter van MelkebeekUniversity of Wisconsin-Madison Ronen Shaltiel University of Haifa
The Power of Randomness? • Is randomness more powerful for … • Time-Bounded Algs? • Interactive Proofs? • Space-Bounded Algs? • Weaker Derandomization • [IW] “heuristic” • [GW] “typically-correct” BPP P Circuit Testing PRIMES • Does BPP = P? • Yes, if pseudorandom generators • Yes, if E ⊈ SIZE(2εn)[NW, IW, STV, SU, …] • But, circuit lower bounds difficult, • [KI] BPP=P ⇒ circuit lower bounds Random strings AM NP reject accept Graph Non-Iso BPL L UndirectedSTCON Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Typically-Correct Derandomization • More efficient derandomizations? • Weaker (or no) hardness assumptions? • How to leverage ability to make errors? • Randomized Algorithm A(x, r) computing lang L • B typically-correct for L: makes at most δ·2n errors • Our Contributions • New PRG approach • Simpler proofs, new derandomizations • Difficulty of proving typ-correct derand of BPP Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Extract Randomness from Input [GW] • If(1)most r correct for all x and (2) |r| < |x| • B(x) = A(x, x)makes few errors • Make error very small: B(x) = Majy(A(x, E(x,y))) • BPP: ifP hard-on-average for SIZESAT(nd),use PRG tomake alg satisfy Randomized Algorithm A(x, r) computing lang L Deterministic simulation B(x) = A(x, E(x)) Subsequent work: [vMS], [Zim], [Sha] Set of all r ≈ set of all x “perfect” r •x Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Extract Randomness from Input [Sha] • Use PRG to get |r| < |x| • BPP: if P very hard-on-average for SIZE(nd) … • Unconditional results for AC0, streaming algs, … • Assume |r| < |x|, goal: Prx[A(x,E(x)) = L(x)] ≈ Prx,r[A(x,r) = L(x)] ≥1-ρ Randomized Algorithm A(x, r) computing lang L Deterministic simulation B(x) = A(x, E(x)) E is2-Ω(m)-extractor for {x | A(x,r) = L(x)}, fixed “good” r Σ“good”r∊{0,1}m Σr∊{0,1}m Prx[A(x,r) = L(x)] · Prx[E(x) = r | A(x,r) = L(x)] Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Pseudorandom Generator Approach Randomized Algorithm A(x, r) computing lang L Deterministic simulation B(x) = A(x, E(x)) • View (x, r) as single combined input • G a “seed-extending” function, G(x) = x, E(x) • Show: |Prx[A(G(x)) = L(x)] - Prx,r[A(x,r) = L(x)]| ≤ ε • Yes if: G is ε-PRG against tests T(x,r): T(x,r) = 1 iff A(x,r) = L(x) A(G(x)) Goal: Prx[A(x,E(x)) = L(x)] ≈ Prx,r[A(x,r) = L(x)] ≥ 1-ρ A(G(x)) Then B makes≤ ρ+ε errors Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Pseudorandom Generator Approach • Can PRG’s be seed-extending? • Cryptographic – No! • Derandomization – Yes! [NW, STV, SU, …] • Different use of PRG • B only runs G once – very efficient if G is • Compare to [GW], [Sha] (PRG + extractor) • PRG is already enough! Randomized Algorithm A(x, r) computing lang L B(x) = A(G(x)), G a seed-extending PRG Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
New Typically-Correct Derand Results • BPP: P is 1/nc-hard for SIZE(nd)⇒ B in poly time andB(x)=L(x) for all but 1/nc fraction of x • Similar conditional results for AM, BPL, … Randomized Algorithm A(x, r) computing lang L B(x) = A(x, NWH(x)) NWH based on hardness of H Weaker than [GW], [Sha] Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
New Typically-Correct Derand Results • AC0 with few symmetric gates: A uses o(log2n) symm gates, error ρ≤ 1/3 ⇒ B in AC0[sym] and within ρ+n-Ω(log n) of L • Other settings: multi-party comm, … Randomized Algorithm A(x, r) computing lang L B(x) = A(x, NWH(x))NWH based on hardness of H Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Comparison with [Sha] • ⇒ PRG approach can prove all of [Sha] E is a seedless 2-Ω(|r|)-extractor fordistributions ≈ {x | A(x, r) = L(x)} [Sha] A(x, E(x)) typically-correct for L (x, E(x)) is a 2-Ω(|r|)-PRG for tests T(x,r) = 1 iff A(x,r) = L(x) Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Difficulty of Proving Typ-Cor Derand • [KI]BPP ⊆ NSUBEXP ⇒ NEXP ⊈ P/poly or PERM ∉ Arith-P/poly • Typically-correct derandomization without circuit lower bounds? • No for small error: NSUBEXP computes BPP with ≤ 2nε errors • Large error: cannot do with relativizing techniques or arithmetization [AW] Simpler proof for everywhere-correct setting Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Recap • New seed-extending PRG approach • simpler proofs, weaker hardness conditions • Unconditional results in some settings! • But, for BPP: unconditional results difficult • Typically-Correct Derandomization • Allowed to make small # of errors Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel
Thanks! * Full paper and annotated slides available from my website Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel