Using Nondeterminism to Amplify Hardness Emanuele Viola Joint work with: Alex Healy and Salil Vadhan Harvard University.

Slides:



Advertisements
Similar presentations
Hardness Amplification within NP against Deterministic Algorithms Parikshit Gopalan U Washington & MSR-SVC Venkatesan Guruswami U Washington & IAS.
Advertisements

On the Complexity of Parallel Hardness Amplification for One-Way Functions Chi-Jen Lu Academia Sinica, Taiwan.
Unconditional Weak derandomization of weak algorithms Explicit versions of Yao s lemma Ronen Shaltiel, University of Haifa :
PRG for Low Degree Polynomials from AG-Codes Gil Cohen Joint work with Amnon Ta-Shma.
Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.
Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.
Average-case Complexity Luca Trevisan UC Berkeley.
Derandomization & Cryptography Boaz Barak, Weizmann Shien Jin Ong, MIT Salil Vadhan, Harvard.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Talk for Topics course. Pseudo-Random Generators pseudo-random bits PRG seed Use a short “ seed ” of very few truly random bits to generate a long string.
Simple extractors for all min- entropies and a new pseudo- random generator Ronen Shaltiel Chris Umans.
Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.
The Unified Theory of Pseudorandomness Salil Vadhan Harvard University See also monograph-in-progress Pseudorandomness
Massive Online Teaching to Bounded Learners Brendan Juba (Harvard) Ryan Williams (Stanford)
CS151 Complexity Theory Lecture 8 April 22, 2004.
Circuit Complexity and Derandomization Tokyo Institute of Technology Akinori Kawachi.
A survey on derandomizing BPP and AM Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.
Hardness amplification proofs require majority Ronen Shaltiel University of Haifa Joint work with Emanuele Viola Columbia University June 2008.
Better Pseudorandom Generators from Milder Pseudorandom Restrictions Raghu Meka (IAS) Parikshit Gopalan, Omer Reingold (MSR-SVC) Luca Trevian (Stanford),
Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.
Time vs Randomness a GITCS presentation February 13, 2012.
Complexity 12-1 Complexity Andrei Bulatov Non-Deterministic Space.
Derandomization: New Results and Applications Emanuele Viola Harvard University March 2006.
On Uniform Amplification of Hardness in NP Luca Trevisan STOC 05 Paper Review Present by Hai Xu.
Arithmetic Hardness vs. Randomness Valentine Kabanets SFU.
CS151 Complexity Theory Lecture 8 April 22, 2015.
Hardness amplification proofs require majority Emanuele Viola Columbia University Work done at Harvard, IAS, and Columbia Joint work with Ronen Shaltiel.
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
Approximate List- Decoding and Uniform Hardness Amplification Russell Impagliazzo (UCSD) Ragesh Jaiswal (UCSD) Valentine Kabanets (SFU)
In a World of BPP=P Oded Goldreich Weizmann Institute of Science.
CS151 Complexity Theory Lecture 9 April 27, 2004.
1 On the Power of the Randomized Iterate Iftach Haitner, Danny Harnik, Omer Reingold.
If NP languages are hard on the worst-case then it is easy to find their hard instances Danny Gutfreund, Hebrew U. Ronen Shaltiel, Haifa U. Amnon Ta-Shma,
GOING DOWN HILL : EFFICIENCY IMPROVEMENTS IN CONSTRUCTING PSEUDORANDOM GENERATORS FROM ONE-WAY FUNCTIONS Iftach Haitner Omer Reingold Salil Vadhan.
The Power and Weakness of Randomness (when you are short on time) Avi Wigderson School of Mathematics Institute for Advanced Study.
Pseudorandomness Emanuele Viola Columbia University April 2008.
Why Extractors? … Extractors, and the closely related “Dispersers”, exhibit some of the most “random-like” properties of explicitly constructed combinatorial.
On Constructing Parallel Pseudorandom Generators from One-Way Functions Emanuele Viola Harvard University June 2005.
XOR lemmas & Direct Product thms - Many proofs Avi Wigderson IAS, Princeton ’82 Yao ’87 Levin ‘89 Goldreich-Levin ’95 Impagliazzo ‘95 Goldreich-Nisan-Wigderson.
Using Nondeterminism to Amplify Hardness Emanuele Viola Joint work with: Alex Healy and Salil Vadhan Harvard University.
On approximate majority and probabilistic time Emanuele Viola Institute for advanced study Work done during Ph.D. at Harvard University June 2007.
On Constructing Parallel Pseudorandom Generators from One-Way Functions Emanuele Viola Harvard University June 2005.
Polynomials Emanuele Viola Columbia University work partially done at IAS and Harvard University December 2007.
Umans Complexity Theory Lectures Lecture 17: Natural Proofs.
Norms, XOR lemmas, and lower bounds for GF(2) polynomials and multiparty protocols Emanuele Viola, IAS (Work partially done during postdoc at Harvard)
CS151 Complexity Theory Lecture 16 May 20, The outer verifier Theorem: NP  PCP[log n, polylog n] Proof (first steps): –define: Polynomial Constraint.
RANDOMNESS VS. MEMORY: Prospects and Barriers Omer Reingold, Microsoft Research and Weizmann With insights courtesy of Moni Naor, Ran Raz, Luca Trevisan,
Pseudorandom Bits for Constant-Depth Circuits with Few Arbitrary Symmetric Gates Emanuele Viola Harvard University June 2005.
List Decoding Using the XOR Lemma Luca Trevisan U.C. Berkeley.
Hardness amplification proofs require majority Emanuele Viola Columbia University Work also done at Harvard and IAS Joint work with Ronen Shaltiel University.
Pseudo-random generators Talk for Amnon ’ s seminar.
Error-Correcting Codes and Pseudorandom Projections Luca Trevisan U.C. Berkeley.
Almost SL=L, and Near-Perfect Derandomization Oded Goldreich The Weizmann Institute Avi Wigderson IAS, Princeton Hebrew University.
Pseudorandomness: New Results and Applications Emanuele Viola IAS April 2007.
Umans Complexity Theory Lectures Lecture 9b: Pseudo-Random Generators (PRGs) for BPP: - Hardness vs. randomness - Nisan-Wigderson (NW) Pseudo- Random Generator.
Complexity Theory and Explicit Constructions of Ramsey Graphs Rahul Santhanam University of Edinburgh.
Cryptography Lecture 5 Arpita Patra © Arpita Patra.
Derandomization & Cryptography
Algorithms vs. Circuit Lower Bounds
Pseudorandomness when the odds are against you
Pseudorandom bits for polynomials
An average-case lower bound against ACC0
Pseudo-derandomizing learning and approximation
Indistinguishability by adaptive procedures with advice, and lower bounds on hardness amplification proofs Aryeh Grinberg, U. Haifa Ronen.
Emanuele Viola Harvard University June 2005
On Derandomizing Algorithms that Err Extremely Rarely
Oracle Separation of BQP and PH
On Probabilistic Time versus Alternating Time
Emanuele Viola Harvard University October 2005
Pseudorandomness: New Results and Applications
Presentation transcript:

Using Nondeterminism to Amplify Hardness Emanuele Viola Joint work with: Alex Healy and Salil Vadhan Harvard University

Average-Case Hardness of NP Study hardness of NP on random instances –Natural question, essential for cryptography One Goal: relate worst-case & avg-case hardness –Done for #P, PSPACE, EXP... [L89, BF90, BFL91,...] –New techniques needed for NP [FF91, BT03, V03, V04] This Talk: hardness amplification –Relate mild avg-case & strong avg-case hardness

Hardness Amplification Def: f : {0,1} n ! {0,1} is  -hard for size s if 8 circuit C of size s Pr x [C(x)  f(x)] ¸  Hardness Amplification e.g., -hard for size s e.g., -hard for size ¼ s where  =  (n´) ff 0f 0

Standard Hardness Amplification Yao’s XOR Lemma: f : {0,1} n ! {0,1}  -hard for size s = s(n) ) f 0 (x 1,..., x k ) = f(x 1 ) ©... © f(x k ) k = n ) n´ = n 2 and f 0 : {0,1} n' ! {0,1} ¼ Optimal, but cannot use in NP: f 2 NP ; f 0 2 NP

O’Donnell’s Amplification in NP Idea: f´(x 1,..., x k ) = C(f(x 1 ),..., f(x k )), C monotone e.g. f(x 1 ) Æ ( f(x 2 ) Ç f(x 3 ) ). Then f´ 2 NP if f 2 NP Theorem [O’Donnell `02]: 9 balanced f 2 NP (1/poly(n))-hard for size n  (1) ) 9 f´ 2 NP -hard for size (n´)  (1) Barrier: No such construction can amplify above

Thm: 9 balanced f 2 NP (1/poly(n))-hard for size s(n) ) 9 f´ 2 NP ¼ -hard for size ¼ Examples: –s(n) = n  (1) ) hardness –s(n) = 2 n  (1) ) hardness –s(n) = 2  (n) ) hardness Our Main Result

Approach Obs: Hardness of f´(x 1,..., x k ) = C(f(x 1 ),..., f(x k )) limited by Idea 1: Derandomization [I95, IW97] for “pseudorandom” generator G, so E.g. if then hope f´ -hard Q: Why does this still amplify hardness? –We exhibit unconditional G s.t. this works f´(  ) = C(f(x 1 ),..., f(x k )), where (x 1,...,x k ) = G(  )

Approach (cont.) Q: How to compute f´2 NP when k = (n´)  (1) ? Idea 2: Nondeterminism –Use C s.t. C(f(x 1 ),..., f(x k )) can be computed nondeterministically looking at only log(k) f(x i )’s. –So f´2 NP even when k = 2 n’ f´(  ) = C(f(x 1 ),..., f(x k )), where (x 1,...,x k ) = G(  )

Outline Trevisan’s (2003) proof of O’Donnell’s theorem Identify properties of G that suffice & find such G Describe C ensuring f´ 2 NP Negative results: balanced f and nondeterminism necessary f´(  )=C(f(x 1 ),..., f(x k )), where (x 1,...,x k )=G(  )

Notation f : {0,1} n ! {0,1}  -hard for size s (e.g.  =.01, s = 2  (n) ) f´(x 1,..., x k ) := C(f(x 1 ),..., f(x k )) for appropriate monotone C Aim: Show f´ has hardness ¼ 1/2 - 1/k for size s´ = k = s  (1)

Step 1: Hardcore Lemma [Imp95] f  -hard ) indistinguishable from F w/ coin-flip on 2  frac. of inputs 0 1 coin-flip 2  frac. 01 ¼ f F Formally: no circuit of size s ´ can distinguish (x,f(x)) from (x,F(x)) for random x w/ advantage > 1/s ´

Step 2: Info-theoretic hardness 0 1 coin-flip 2  frac. 01 ¼ f F (x,f(x)) ´ (x,F(x)) ) (x 1,....,x k,f(x 1 ),...,f(x k )) ´ (x 1,...,x k,F(x 1 ),...,F(x k )) ) Hardness of C(f(x 1 ),...,f(x k )) for size s´ ¼ hardness of C(F(x 1 ),...,F(x k )) for size s´ ¸ hardness of C(F(x 1 ),...,F(x k )) for size 1 uses independence

Step 3: Noise Sensitivity 0 1 coin-flip 2  frac. 01 ¼ f F Info-theoretic hardness of C(F(x 1 ),...,F(x k )) depends only on C and  ! Hardness ¼ NoiseSens  [C] where  i = 1 independently with probability  uses independence

Step 4: Choosing C There is monotone C : {0,1} k ! {0,1} ) C(f(x 1 ),..., f(x k )) has hardness ¼ 1/2 - 1/k The barrier [KKL88]: 8 monotone C : {0, 1} k ! {0, 1},

Outline Trevisan’s (2003) proof of O’Donnell’s theorem Identify properties of G that suffice & find such G Describe C ensuring f´ 2 NP Negative results: balanced f and nondeterminism necessary f´(  )=C(f(x 1 ),..., f(x k )), where (x 1,...,x k )=G(  )

Step 2: Info-theoretic hardness 0 1 coin-flip 2  frac. 01 ¼ f F (x,f(x)) ´ (x,F(x)) ) (x 1,....,x k,f(x 1 ),...,f(x k )) ´ (x 1,...,x k,F(x 1 ),...,F(x k )) ) Hardness of C(f(x 1 ),...,f(x k )) for size s´ ¼ hardness of C(F(x 1 ),...,F(x k )) for size s´ ¸ hardness of C(F(x 1 ),...,F(x k )) for size 1 uses independence

Preserving Indistinguishability (x,f(x)) ´ (x,F(x)) ) (x 1,....,x k,f(x 1 ),...,f(x k )) ´ (x 1,...,x k,F(x 1 ),...,F(x k )) Want: G to be indistinguishability-preserving: (x,f(x)) ´ (x,F(x)) ) ( ,f(x 1 ),...,f(x k )) ´ ( ,F(x 1 ),...,F(x k )) where (x 1,...,x k )=G(  ) Achieved via combinatorial designs [Nis91,NW94].

Step 3: Noise Sensitivity 0 1 coin-flip 2  frac. 01 ¼ f F Info-theoretic hardness of C(F(x 1 ),...,F(x k )) depends only on C and  ! Hardness ¼ NoiseSens  [C] where  i = 1 independently with probability  uses independence

0 1 coin-flip r 2  frac. 01 ¼ f F Fooling Noise Sensitivity

Want: Show 9 randomized constant-depth circuit s.t. 8 x 1,...,x k Use existence of unconditional G against constant- depth circuits [Nis90] Fooling Noise Sensitivity ¼

C  x 1 x x k F... C FFF FF A has constant depth and size(A) = poly(2 n,k) (using C constant depth and size(C) = poly(k)) A Want:

Nisan’s Pseudorandom Generator Want Pr[A(x 1,..., x k ) = 1] ¼ Pr[A(G(  )) = 1] Theorem [Nis91]: There is G : {0,1} log O(1) N ! {0,1} N such that above holds for every A of size N and constant depth Recall size(A) = poly(2 n,k) ) Input length of Nisan’s generator is poly(n), even for k = 2 n

Completing Derandomization Let G(  1,  2 ) = G ind-pres (  1 ) © G const-depth (  2 ) f´(  )=C(f(x 1 ),..., f(x k )), where (x 1,...,x k )=G(  ) Thm: f´ has hardness ¼ 1/2 - 1/k for size s´ = k = s  (1) n´ = O(n 2 ) (w/PRG vs space [Nis91]) ) hardness

Outline Trevisan’s (2003) proof of O’Donnell’s theorem Identify properties of G that suffice & find such G Describe C ensuring f´ 2 NP Negative results: balanced f and nondeterminism necessary f´(  )=C(f(x 1 ),..., f(x k )), where (x 1,...,x k )=G(  )

The Structure of C C = TRIBES MONOTONE DNF [BL90] Claim: If f 2 NP then f´ 2 NP even for k = 2 n´ Proof: To compute f´(  ): –Guess a clause, say (f(x i+1 ) Æ... Æ f(x i+b )) –Check if clause is true

Thm: 9 balanced f 2 NP (1/poly(n))-hard for size s(n) ) 9 f´ 2 NP ¼ -hard for size ¼ Examples: –s(n) = n  (1) ) hardness –s(n) = 2 n  (1) ) hardness –s(n) = 2  (n) ) hardness Our Main Result

Balanced Functions Both our results and O’Donnell’s need balanced f 2 NP. That is: Theorem: Any monotone “black-box” hardness amplification cannot amplify beyond Proof Idea: –“Black-box” hardness amplification ) error correcting code [I02,TV02,V03,T03] –Good monotone codes only exist for balanced messages [Kruskal-Katona]

Nondeterminism is Necessary Use of nondeterminism is likely to be necessary Theorem: There is no deterministic, monotone “black-box” hardness amplification that amplifies beyond Our amplification is nondeterministic, monotone, black-box, and amplifies up to

Conclusion O’Donnell’s hardness amplification in NP: –Amplifies up to –No construction of same form does better Our result: amplify up to Two new techniques: 1.Derandomization G fools noise sensitivity 2.Nondeterminism k = n  (1) Only obstacle to hardness is PRG with logarithmic seed length for space or const-depth

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.