Hardness amplification proofs require majority Ronen Shaltiel University of Haifa Joint work with Emanuele Viola Columbia University June 2008

Major goal of computational complexity theory Success with constant-depth circuits (1980’s) [Furst Saxe Sipser, Ajtai, Yao, Hastad, Razborov, Smolensky,…] Theorem[Razborov ’87] Majority not in AC 0 [©] Majority(x 1,…,x n ) := 1,  x i > n/2 AC 0 [©] = © = parity \/ = or /\ = and Circuit lower bounds V ©©© VVV /\ © © input

Lack of progress for general circuit models Theorem[Razborov Rudich] + [Naor Reingold]: Standard techniques cannot prove lower bounds for circuits that can compute Majority: No natural proofs of lower bounds for TC 0. (Constant depth circuits with majority gates). Natural proofs barrier

[Razborov Rudich] + [Naor Reingold] Majority Power of C Cannot prove lower bounds [RR] + [NR]

Stronger variant of lower bounds. Def: f : {0,1} n ! {0,1}  -hard for class C if every C 2 C : Pr x [f(x) ≠ C(x)] ¸  (  2 [0,1/2])   n  f is worst case hard. E.g. C = general circuits of size n log n, AC 0 [©],… Strong average-case hardness:  = 1/2 – 1/n  (1) Need for cryptography, pseudorandom generators [Nisan Wigderson,…] Average-case hardness

Major line of research (1982 – present) [Y,GL,L,BF,BFL,BFNW,I,GNW,FL,IW,IW,CPS,STV,TV,SU,T,O,V,T, HVV,SU,GK,IJK,IJKW,…] Yao’s XOR lemma: Enc(f)(x 1,…,x t ) := f(x 1 ) ©  © f(x t ) f is  -hard ) Enc(f) is (½–  )-hard. against C = general poly-size circuits (t = poly(log(1/  /  )). Hardness amplification Hardness amplification against C  -hard f for C Enc(f) (1/2-  )-hard for C

There are no lower bounds against strong classes, but what about week classes? Observation: Known hardness amplifications fail against any class C for which we have lower bounds. Example: Have f ∉ AC 0 [©]. Open f : (1/2-1/n)-hard for AC 0 [©] ? The problem we study

Our results + [Razborov Rudich] + [Naor Reingold] Majority Power of C Cannot prove lower bounds [RR] + [NR] Cannot prove hardness amplification [this work] “You can only amplify the hardness you don’t have” “Lose-lose” reach of “standard techniques”: Disclaimer: These are not impossibility results.

Our results Theorem [This work]: ( Black-box non-adaptive ) hardness amplification against class C requires Majority 2 C No black-box hardness amplification against AC 0 [©] because Majority not in AC 0 [©] Black-box amplification to (1/2-  )-hard requires C to compute majority on 1/  bits – tight

Outline Overview Formal statement of our results Significance of our results Proof

Proofs of Hardness Amplification Yao’s XOR lemma: Enc(f)(x 1,…,x t ) := f(x 1 ) ©  © f(x t ) f is  -hard ) Enc(f) is ( ½ –  )-hard. (t = poly(log(1/  /  )) against C = general poly-size circuits Proofs work by proving the contra-positive: Enc(f) is not ( ½ –  )-hard ) f is not  -hard. Proofs convert: –A circuit h that errs computing Enc(f) on ( ½ –  )-fraction of inputs –into a circuit g in C that errs computing f on  fraction of inputs. Black-box proofs are reductions converting h into g.

Black-box reductions Proofs convert: –A circuit h that errs computing Enc(f) on ( ½ –  )-fraction of inputs –into a circuit g in C that errs computing f on  fraction of inputs. Uniform reductions:  one poly-time circuit C s.t. ∀ f,h as above s.t. g(x)=C h (x) Captures most reductions in Complexity/Crypto. Non-uniform reductions: ∀ f,h as above  poly-size circuit C=C f,h s.t. g(x)=C h (x) Necessary for hardness amplification (Coding T). The reduction C h gets a poly-size “advice string” about f,h Often C is a PPM

The local list-decoding view [Sudan Trevisan Vadhan ’99] f = Enc(f) = h = (1/2– eerrors) C h (x) = f(x) (for 1-  x’s)    0 q queries encoding decoding LocalList- No unique decoding

Black-box hardness amplification Def. Black-box  !(1/2-  ) hardness amplific. against C ∀ f, h : Pr y [Enc(f)(y) ≠ h(y)] < 1/2-   circuit C 2 C : Pr x [f(x) ≠ C h (x)] <  Rationale: f  -hard ) Enc(f) (1/2-  )-hard (f  -hard for C if 8 C 2 C : Pr x [f(x) ≠ C(x)] ¸  ) Note: Enc is arbitrary (not necessarily black-box). Caveat: we can only handle non-adaptive oracle calls. Enc f : {0,1} k !{0,1} Enc(f) : {0,1} n !{0,1}

Our results (informal): Black box reductions for h.a. are “complex”. Theorem [this work]: Non-adaptive black-box  ≤  ! (1/2-  ) hardness amplification against a class C of poly-size circuits ) (1)  C 2 C computes majority on 1/  bits. (2)  C 2 C makes q = Ω(log(1/  )/  2 ) oracle queries. Both asymptotically tight (as there are matching upper bounds): (1) [Impagliazzo, Goldwasser Gutfreund Healy Kaufman Rothblum] (2) [Impagliazzo, Klivans Servedio]

Outline Overview Formal statement of our results Significance of our results Proof

Lack of hardness vs. randomness tradeoffs a- la [Nisan Wigderson] for some families of constant-depth circuits Loss in circuit size:  -hard for size s ) (1/2-  )-hard for size s¢  2 / log(1/  ) Our results somewhat explain

Direct product vs. Yao’s XOR Yao’s XOR lemma: Enc(f)(x 1,…,x t ) := f(x 1 ) ©  © f(x t ) 2 {0,1} Direct product lemma (non-Boolean) Enc(f)(x 1,…,x t ) := ( f(x 1 ), ,  f(x t ) ) 2 {0,1} t For general poly-size circuits Direct product, Yao XOR [Goldreich Levin] Yao’s XORrequires majority [this work] direct product does not [folklore, Impagliazzo Jaiswal Kabanets Wigderson] Also a difference in # of oracle queries needed.

Outline Overview Formal statement of our results Significance of our results Proof

Recall Theorem: non-adaptive black-box  ! (1/2-  ) hardness amplification against a class C of poly-size circuits ) (1)  C 2 C computes majority on 1/  bits. (2)  C 2 C makes q ¸ log(1/  )/  2 oracle queries. We show hypot.)  C 2 C tells Noise 1/2 from 1/2 –  (D) | Pr[C(N 1/2,…,N 1/2 )=1] - Pr[C(N 1/2- ,…,N 1/2-  )=1] | >1-  (1) ( (D) + “best way to distinguish is majority” [Sudan]. (2) ( (D) + “tigthness of Chernoff bound” qq

Warm-up: uniform reduction Want: non-uniform reductions (8 f,h 9 C) For every f,h : Pr y [Enc(f)(y) ≠ h(y)] < 1/2-  there is circuit C 2 C : Pr x [f(x) ≠ C h (x)] <  Warm-up: uniform reductions (9 C 8 f,h ) There is circuit C 2 C : For every f, h : Pr y [Enc(f)(y) ≠ h(y)] < 1/2-  Pr x [f(x) ≠ C h (x)] < 

Proof in uniform case Let F : {0,1} k ! {0,1}, X 2 {0,1} k be random Consider C(X) with oracle access to H(y) = Enc(F)(y) © N(y) N(y) ~ N 1/2 ) C Enc( F ) © N (X) = C N (X) ≠ F(X) w.p ½. C has no information about F N(y) ~ N 1/2-  ) C Enc( F ) © N (X) = F(X) w.p. 1- . H=Enc(F) © N is (1/2-  )-close to Enc(F) To tell z ~ Noise 1/2 from z ~ Noise 1/2 – , |z| = q Run C(X); answer i-th query y i with Enc(F)(y i ) © z i Compare answer to F(X) (which is hardwired).  Q.e.d.

Proof outline in non-uniform case Non-uniform: C depends on F and H (8 f,h 9 C) New proof technique 1) Fix C to C’ that works for many f,h Condition F’ := (F | C=C’), H’ := (H | C=C’) 2) Information-theoretic lemma Enc(F’)©N’ (y 1,…,y q ) ¼ Enc(F)©N (y 1,…,y q ) If all y i 2 “good” set G µ {0,1} n Can argue as for uniform case if all y i 2 G 3) Deal with queries y i not in G

Fixing C Choose F : {0,1} k ! {0,1} uniform, N(y) ~ N 1/2-  Enc(F)©N is (1/2-  )-close to Enc(F). We have (8f,h9C) With probability 1 over F,H there is C 2 C : Pr X [ C Enc(F) © N (X) ≠ F(X) ] <  ) there is C’ 2 C : with probability 1/|C| over F,H Pr X [ C’ Enc(F) © N (X) ≠ F(X) ] <  Note: C = all circuits of size poly(k), 1/|C| = 2 -poly(k)

The information-theoretic lemma Lemma Let V 1,…,V t i.i.d., V 1 ’,…,V t ’ := (V 1,…,V t | E) E noticeable ) there is large good set G µ [t] : for every i 1,…,i q 2 G : (V’ i 1,…,V’ i q ) ¼ (V i 1,…,V i q ) as long as q is small. Proof: E noticeable ) H(V 1 ’,…,V t ’) large ) H(V’ i |V’ 1,…,V’ i -1 ) large for many i (2 G) Closeness [ (V i 1,…,V i q ),(V’ i 1,…,V’ i q ) ] ¸ H(V’ i 1,…,V’ i q ) ¸ H(V’ i q | V’ 1,…,V’ i q -1 ) + … + H(V’ i 1 | V’ 1,…,V’ i 1 -1 ) large Q.e.d. Similar to [Edmonds Rudich Impagliazzo Sgall, Raz]

Applying the lemma V y = N(y) ~ Noise 1/2-  E := { H : Pr X [C’ Enc(F) © N (X) ≠ F(X)] <  }, Pr[E]¸ 1/|C| H’ = N | E = C’ Enc(F’) © N’ (x) ¼ C’ Enc(F) © N (x) All queries in G ) proof for uniform case goes thru  0 Gq queries

Handling bad queries Problem: C(x) may query bad y 2 {0,1} n not in G Idea: Fix bad query. Queries either in G or fixed ) proof for uniform case goes thru Delicate argument: Fixing bad query H(y) may create new bad queries Instead fix heavy queries: asked by C(x) for many x’s Gain because new bad queries are light, affect few x’s Must verify that there are few added bad queries.

Theorem[This work] Black-box hardness amplification against class C requires Majority 2 C Reach of standard techniques in circuit complexity [This work] + [Razborov Rudich], [Naor Reingold] “Can amplify hardness, cannot prove lower bound” New proof technique to handle non-uniform reductions Open problems Adaptivity? [GutfreundRothblum08] handle adaptive reductions in the case of “low nonuniformity” (small list sizes). 1/3-pseudorandom from 1/3-hard requires majority? Conclusion