1 / 21

A survey on derandomizing BPP and AM

A survey on derandomizing BPP and AM. Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U. message. message. Arthur-Merlin Games [BM].

lysa
Télécharger la présentation

A survey on derandomizing BPP and AM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A survey on derandomizing BPP and AM Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.

  2. message message Arthur-Merlin Games [BM] • Interactive games in which the all-powerful prover Merlin attempts to prove some statement to a probabilistic poly-time verifier. “xL” Merlin Arthur toss coins I accept

  3. message message Arthur-Merlin Games [BM] • Completeness: If the statement is true then Arthur accepts. • Soundness: If the statement is false then Pr[Arthur accepts]<½. “xL” Merlin Arthur toss coins I accept

  4. Arthur-Merlin Games [BM] • Completeness: If the statement is true then Arthur accepts. • Soundness: If the statement is false then Pr[Arthur accepts]<½. • The class AM: All languages L which have an Arthur-Merlin protocol. • Contains many interesting problems not known to be in NP.

  5. random permutation of Gb “The graph Gc was permuted” Example: Co-isomorphism of Graphs. • L={G1,G2: the labeled graphs G1,G2 are not isomorphic}. • L in coNP and is not known to be in NP. (G1,G2) L Merlin Arthur Randonly chooses: b {1,2} Decides which of the two graphs was permuted. Verifies that c=b.

  6. The big question: Does AM=NP? In other words: Can every Arthur-Merlin protocol be replaced with one in which Arthur is deterministic? Note that such a protocol is an NP proof.

  7. Derandomization: a brief overview • A paradigm that attempts to transform: • Probabilistic algorithms => deterministic algorithms. (P  BPP EXP NEXP). • Probabilistic protocols => deterministic protocols. (NP  AM EXP  NEXP). • We don’t know how to separate BPP and NEXP. • Can derandomize BPP and AM under natural complexity theoretic assumptions.

  8. Hardness versus Randomness Initiated by [BM,Yao,Shamir]. Assumption: hard functions exist. Conclusion: Derandomization. A lot of works: [BM82,Y82,HILL,NW88,BFNW93, I95,IW97,IW98,KvM99,STV99,ISW99,MV99, ISW00,SU01,U02,TV02]

  9. A quick survey Assumption: There exists a function in DTIME(2O(n)) which is hard for “small” circuits.

  10. Hardness versus Randomness Assumption: hard functions exist. Conclusion: Derandomization.

  11. Hardness versus Randomness Assumption: hard functions exist. Exists pseudo-random generator Conclusion: Derandomization.

  12. PRG pseudo-random bits seed Pseudo-random generators • A pseudo-random generator (PRG) is an algorithm that stretches a short string of truly random bits into a long string of pseudo-random bits. • Pseudo-random bits are indistinguishable from truly random bits for feasible algorithms. • For derandomizing AM: Feasible algorithms = nondeterministic circuits. • ??????????????

  13. Pseudo-random generators for nondeterministic circuits • Nondeterministic circuits can identify pseudo-random strings. • Given a long string, guess a short seed and check that PRG(seed)=long string. • Can distinguish between random strings and pseudo-random strings. • Assuming the circuit can run the PRG!! • The Nisan-Wigderson setup: The circuit cannot run the PRG!! • For example: The PRG runs in time n5 and fools (nondeterministic) circuits of size n3. • Sufficient for derandomization!!

  14. Hardness versus Randomness Assumption: hard functions exist. Exists pseudo-random generator Conclusion: Derandomization.

  15. random message message PRG’s for nondeterministic circuits derandomize AM • We can model the AM protocol as a nondeterministic circuit which gets the random coins as input. “xL” Merlin Arthur Hardwire input I accept

  16. PRG’s for nondeterministic circuits derandomize AM • We can model the AM protocol as a nondeterministic circuit which gets the random coins as input. “xL” Merlin Arthur Hardwire input input Nondeterministic guess random input Nondeterministic guess I accept

  17. PRG’s for nondeterministic circuits derandomize AM • We can model the AM protocol as a nondeterministic circuit which gets the random coins as input. • We can use pseudo-random bits instead of truly random bits. “xL” Merlin Arthur Hardwire input input Nondeterministic guess pseudo-random input Nondeterministic guess I accept

  18. PRG’s for nondeterministic circuits derandomize AM • We have an AM protocol in which Arthur acts deterministically. • (Arthur sends all pseudo-random strings and Merlin replies on each one.) • Deterministic protocol => NP proof. “xL” Merlin Arthur pseudo-random input Nondeterministic guess I accept

  19. A quick survey Assumption: There exists a function in DTIME(2O(n)) which is hard for “small” circuits.

  20. The Nisan-Wigderson setting • We’re given a function f which is: • Hard for small circuits. • Computable by uniform machines with “slightly” larger time. • Basic idea: • G(x)=x,f(x) • “f(x) looks random to a small circuit that sees x”. • Warning: no composition theorems. • Correctness proof of PRG can’t use it’s efficiency. • The PRG runs in time “slightly” larger than the size of the circuit.

  21. The rest • At this point I moved to the blackboard and covered: • The Nisan-Wigderson generator. (You can find a presentation (as well as an introduction to derandomization)on my homepage www.wisdom.weizmann.ac.il/~ronens under the title “derandomizing BPP”. This was written in 1998 so the part about hardness amplification is slightly outdated. However, the first chapter is still relevant and contains both the BMY and NW generators. • I also explained that PRGs for nondeterministic circuits (which derandomize AM) can be constructed using methods for constructing PRGs for deterministic circuits. This was pointed out by Klivans and van-Melekbeek and you can get the paper at http://www.cs.wisc.edu/~dieter/Research/r-gni.html.

More Related