Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa

Parallel repetition/direct product To what extent is it harder to solve many independent instances of the same problem compared to solving a single random instance? Asked in many computational models. This talk: 2-prover 1-round games.

Example: the setting of polynomial size circuits [GILRZ,Imp,IW,IJKW] For function f and integer n define: “parallel repetition of f” by f (n) (x 1, ,x n ) = (f(x 1 ), ,f(x n )). Parallel repetition/direct product theorem: 8 f If 8 poly-size circuit C, on random X, Pr[C(X)=f(X)]≤1- ². Then 8 poly-size circuit D, on random X 1, ,X n Pr[D(X 1, ,X n )=f (n) (X 1, ,X n )]≤ Application: Hardness amplification: “f mildly hard” ⇒ “ f (n) very hard”. Weakness: input length blows up by a factor of n. Derandomized parallel repetition: Generate (correlated) X 1, ,X n from few random bits by G(X’)=(X 1, ,X n ). Prove theorem for f G (x’)=f (n) (G(x’)). (1- ² ) n + little bit

Outline for this talk Starting point: There is a parallel repetition theorem for 2P1R games [Raz]. Goal: derandomized version. Our results: a derandomized version for the subfamily of “free games”.

2P1R Games A game G between two cooperating players. Referee samples x,y 2 {0,1} m according to a known distribution ¹ on pairs. First player receives “input” x and responds with “answer” a=a(x) 2 {0,1} L. Second player receives “input” y and responds with “answer” b=b(y) 2 {0,1} L. No communication between players. A strategy is a pair of functions (a( ¢ ),b( ¢ )). Players win if they satisfy a known predicate V(x,y,a,b). Val(G) = success probability in best strategy. Rand(G) = number of random bits tossed by referee. Free game: ¹ is the uniform distribution. (Rand(G)=2m).

Background and disclaimer 2P1R games capture the interaction between an honest verifier and cheating provers in a 2- prover 1-round multi-prover system. Important for PCP, Hardness of approximation. Important Disclaimer: Results in this talk are only for free games. The games that come up in PCP are not free.

Parallel repetition of 2P1R Games For a game G we define the parallel repetition game G n. 8 i 2 [n], referee independently samples (x i,y i ) according to the distribution ¹ of the initial game G. First player receives x 1, ,x n and responds with “answers” a 1 =a 1 (x 1, ,x n ), , a n =a n (x 1, ,x n ) 2 {0,1} L. Second player receives y 1, ,y n and responds with “answers” b 1 =b 1 (y 1, ,y n ), , b n =b n (y 1, ,y n ) 2 {0,1} L. Players win if they win all n games. Observations: Rand(G n ) = n ¢ Rand(G). If G is free then G n is free.

Parallel repetition theorem [Raz,Hol] Let G be a game with Val(G)≤1- ², for ² ≤½. How large should n be so that Val(G n )≤(1- ² ) t ? Naïve guess: n=t suffice. Wrong even for free games [For,Fei]. No function n(t, ² ) will do (even for free games) [FV]. n=O(t ¢ L/ ² C ) repetitions suffice for every game [Raz]. Dependence on L is optimal up to log factors [FV]. Dependence on ² : C=2 suffices [Hol], C=1 suffices for free games [BRRRS], C=1 necessary for general games [Raz]. Amplifcation from 1- ² to (1- ² ) t currently requires multiplying randomness complexity by n=O(t ¢ L/ ² C ). This work: derandomized parallel repetition for free games. Multiplies the randomness complexity by O(t) (in case L=O(m)). Marketing: In terms of randomness complexity, amplification for free games can be done at the correct rate! *certain restrictions apply.

Our results Let G be a free game with Val(G)≤1- ², for ² ≤½. Let E:{0,1} r £ [n] ! {0,1} m be a function. Define the (derandomized) game G E as follows: Referee chooses x’,y’ uniformly from {0,1} r. First player receives x’ and 8 i 2 [n], sets x i =E(x’,i). Second player receives y’ and 8 i 2 [n], sets y i =E(y’,i). The players play G n on x 1, , x n and y 1, ,y n. If E is a strong extractor (with suitable parameters) then Val(G E ) ≤ (1- ² ) t. Rand(G E ) = O(t(m+L)). For L=O(m), Rand(G E )=O(t) ¢ Rand(G). n=O(t(m+L)/ ² 2 ), (no cheats with # of repetitions).

Perspective (and disclaimers) We get “correct rate”: Rand(G E )=O(t) ¢ Rand(G). In other setups (e.g. poly-size circuits) derandomization beats the correct rate [GILRZ,Imp,IW,IJKW]. We could hope for Rand(G E )=O(t) + Rand(G). [FK] rule out such derandomization (or even beating the correct rate) for general games. It is open whether one can achieve Rand(G E )=O(t) ¢ Rand(G) for general games. Example of [FK] is for “constant degree” games. It is open whether one can beat the correct rate for free games.

High level idea of the proof We observe that a lemma used in [Raz] can be improved using extractors.

Lemma from Raz’s parallel repetition theorem Let Z=(Z 1, ,Z n ) be i.i.d. random variables where each Z i is uniform over {0,1} m. Let W be an event such that Pr[Z 2 W] ≥ 2 -a. Assume that n ≥ a/ ² 2. Then for a uniformly chosen i 2 [n], (Z i |W) and Z i are ² –close in statistical distance. More formally Exp i à [n] [DIST( (Z i |W) ; Z i )] ≤ ² “Let Z be the uniform on r=n ¢ m bits and assume that a bits of information about Z are revealed. Then for a random i, (Z i |W) is (close to) uniform.” Useful in other settings.

Randomness extractors Daddy, how do computers get random bits?

Definition of strong extractors A function E:{0,1} r £ [n] ! {0,1} m is a strong (k, ² )-extractor if for every distribution X with min-entropy* ≥k, for a random i 2 [n], (i,E(X,i)) is ² –close to uniform. Equivalently, Exp i à [n] [DIST( E(X,i) ; U m )] ≤ ² * Dfn: X has min-entropy ≥k if for every x 2 {0,1} r, Pr[X=x] ≤ 2 -k

Raz’s lemma is an extractor construction by E(Z,i)=Z i Let Z=(Z 1, ,Z n ) be i.i.d. random variables where each Z i is uniform over {0,1} m. Let W be an event such that Pr[Z 2 W] ≥ 2 -a. Assume that n ≥ a/ ² 2. Then for a uniformly chosen i 2 [n], (Z i |W) and Z i are ² –close in statistical distance. More formally Exp i à [n] [DIST( (Z i |W) ; Z i )] ≤ ² Interpretation: Z is the uniform on r=n ¢ m bits. The distribution X=(Z|W) has min-entropy ≥ r-a = n ¢ m-a. For E(Z,i)=Z i we have that for random i, E(X,i) is ¼ uniform. Lemma ⇒ function E is a strong (r-a, ² )-extractor. This is not a good extractor in terms of “entropy loss”! Main idea: Replace E with a better extractor! ⇒ entropy: n ¢ m-a >> m, output: m Using better extractors we can generate Z=(Z 1, ,Z n ) with similar properties from r = O(m + a + log(1/ ² )) random bits Rather than r = O(m ¢ a / ² 2 ).

Generating Z=(Z 1, ,Z n ) using few random bits Let E:{0,1} r £ [n] ! {0,1} m be a strong (r-a, ² )-extractor. Exists for r=m+a+O(log(1/ ² )) << m ¢ a/ ² 2. Choose a uniform Z’ 2 {0,1} r. Define Z=(Z 1, ,Z n ) by Z i =E(Z’,i). This gives the behavior of the lemma, specifically: Let W be an event such that Pr[Z 2 W] ≥ 2 -a. Then Exp i à [n] [DIST( (Z i |W) ; Z i )] ≤ ². Suffices to adapt Raz’s proof (for free games). In the proof the lemma is applied with a=O((m+L)t). Sample space Z’ ! (Z 1, ,Z n ) is also an “averaging sampler” [Zuc]. Necessary for derandomization. The use of this sample space here seems different (and may help in other settings).

Conclusion 8 2P1R free game G with Val(G)≤1- ² we define a derandomized G E with: Val(G E ) ≤ (1- ² ) t. For L=O(m), Rand(G E )=O(t) ¢ Rand(G). [PRW]: Parallel repetition theorem for communication games“. In the paper: derandomized version for free games. Open problem: Show derandomized parallel repetition theorems for general 2P1R games. The extractor approach makes sense for general games. Analysis may require additional properties of the extractor.

Thank You