Algebrization: A New Barrier in Complexity Theory P=BPP PNP Scott Aaronson (MIT) Avi Wigderson (IAS) NEXPP/poly NPSIZE(n) 4xyw-12yz+17xyzw-2x-2y-2z-2w IP=PSPACE MIP=NEXP NEXPP/polyNEXP=MA 13xw-44xz+x-7y+ -15xyz+43xy-5x PPSIZE(n) PPP/polyPP=MA PromiseMASIZE(n) MAEXPP/poly

What To Call It? SCOTT & AVI A NEW KIND OF ORACLE Algebraic Relativization? Algevitization? Algevization? Algebraicization? Algebraization? Algebrization?

Any proof of PNP will have to defeat two terrifying monsters… ARITHMETIZATION DIAGONALIZATION Any proof of PNP will have to defeat two terrifying monsters… A Relativization [Baker-Gill-Solovay 1975] Natural Proofs [Razborov-Rudich 1993] PNP Furthermore, even our best weapons seem to work against one monster but not the other…

Vinodchandran’s Proof: Yet within the last decade, we’ve seen circuit lower bounds that overcome both barriers [Buhrman-Fortnow-Thierauf 1998]: MAEXP  P/poly Furthermore, this separation doesn’t relativize [Vinodchandran 2004]: PP  SIZE(nk) for every fixed k [A. 2006]: Vinodchandran’s result is non-relativizing Vinodchandran’s Proof: PP  P/poly  We’re done PP  P/poly  P#P = MA [LFKN]  P#P = PP  2P  PP [Toda]  PP  SIZE(nk) [Kannan] Non-Relativizing Non-Naturalizing [Santhanam 2007]: PromiseMA  SIZE(nk) for fixed k

Bottom Line: Relativization and natural proofs, even taken together, are no longer insuperable barriers to circuit lower bounds Obvious Question [Santhanam 2007]: Is there a third barrier? This Talk: Unfortunately, yes. “Algebrization”: A generalization of relativization where the simulating machine gets access not only to an oracle A, but also a low-degree extension à of A over a finite field or ring We show: Almost all known techniques in complexity theory algebrize Any proof of PNP—or even P=RP or NEXPP/poly—will require non-algebrizing techniques

Algebrizing Relativizing Naturalizing [Your result here] [BFT], [Vinodchandran], [Santhanam], … [GMW?] Relativizing Naturalizing [Toda], [Impagliazzo-Wigderson], [Valiant-Vazirani], [Kannan], hundreds more [Furst-Saxe-Sipser], [Razborov-Smolensky], [Raz], dozens more

Definitions The inclusion CD relativizes if CADA for all oracles A CA[poly]: Polynomial-size queries to A only CA[exp]: Exponential-size queries also allowed Given an oracle A={An} with An:{0,1}n{0,1}, an extension à of A is a collection of polynomials Ãn:ZnZ satisfying: (i) Ãn(x)=An(x) for all Boolean x{0,1}n, (ii) deg(Ãn)=O(n), (iii) size(Ãn(x))  p(size(x)) for some polynomial p, where Note: Can also consider extensions over finite fields instead of the integers. Will tell you when this distinction matters.

A complexity class inclusion CD algebrizes if CADà for all oracles A and all extensions à of A Proving CD requires non-algebrizing techniques if there exist A,à such that CADà A separation CD algebrizes if CÃDA for all A,à Proving CD requires non-algebrizing techniques if there exist A,à such that CÃDA Notice we’ve defined things so that every relativizing result is also algebrizing.

Related Work Low-degree oracles have been studied before for various reasons (recently by [JKRS07]) [Fortnow94] defined a class O of oracles such that IPA=PSPACEA for all AO Since he wanted the same oracle A on both sides, he had to define A recursively (take a low-degree extension, then reinterpret as a Boolean function, then take another low-degree extension, etc.) Proving separations in his model seems extremely hard

Why coNPIP Algebrizes Recall the usual coNPIP proof of [LFKN]: Bullshit! The only time Arthur ever has to evaluate the polynomial p directly is in the very last round—when he checks that p(r1,…,rn) equals what Merlin said it does, for some r1,…,rn chosen randomly in the previous rounds.

 A g x y How was the polynomial p produced? By starting from a Boolean circuit, then multiplying together terms that enforce “correct propagation” at each gate: A(x,y)g + (1-A(x,y))(1-g) Ã(x,y)g + (1-Ã(x,y))(1-g) xyg + (1-xy)(1-g)  x y g A Arthur and Merlin then reinterpret p not as a Boolean function, but as a polynomial over some larger field. But what if the circuit contained oracle gates? Then how could Arthur evaluate p over the larger field? He’d almost need oracle access to a low-degree extension à of A. Hey, wait…

Other Results That Algebrize PSPACEA[poly]  IPÃ [Shamir] NEXPA[poly]  MIPÃ [BFL] PPÃ  PÃ/poly  PPA  MAÃ [LFKN] NEXPÃ[poly]  PÃ/poly  NEXPA[poly]  MAÃ [IKW] MAEXPÃ[exp]  PA/poly [BFT] PPÃ  SIZEA(n) [Vinodchandran] PromiseMAÃ  SIZEA(n) [Santhanam]  OWF secure against PÃ  NPA  CZKÃ [GMW]

Proving PNP Will Require Non-Algebrizing Techniques Theorem: There exists an oracle A, and an extension Ã, such that NPÃPA. Proof: Let A be a PSPACE-complete language, and let à be the unique multilinear extension of A. Then à is also PSPACE-complete [BFL]. Hence NPà = PA = PSPACE. By the same argument, PNP can’t even be proved with “double-algebrizing” or “triple-algebrizing” techniques…

Harder Example: Proving P=RP Will Require Non-Algebrizing Techniques (hence P=NP as well) Theorem: There exist A,à such that RPAPÃ. What’s the difficulty here, compared to “standard” oracle separation theorems? Since à is a low-degree polynomial, we don’t have the freedom to toggle each Ã(x) independently. I.e. the algorithm we’re fighting is no longer looking for a needle in a haystack—it can also look in the haystack’s low-degree extension! We will defeat it anyway.

Theorem: Let F be a field, and let YFn be the set of points queried by the algorithm. Then there exists a polynomial p:FnF, of degree at most 2n, such that (i) p(y)=0 for all yY. (ii) p(z)=1 for at least 2n-|Y| Boolean points z. (iii) p(z)=0 for the remaining Boolean points. 1 Y

Proof: Given a Boolean point z, let z be the unique multilinear polynomial that’s 1 at z and 0 at all other Boolean points. Then we can express any multilinear polynomial r as A standard diagonalization argument now yields the separation between P and RP we wanted—at least in the case of finite fields. Requiring r(y)=0 for all yY yields |Y| linear equations in 2n unknowns. Hence there exists a solution r such that r(z)0 for at least 2n-|Y| Boolean points z. We now set In the integers case, we can no longer use Gaussian elimination to construct r. However, we (i.e. Avi) found a clever way around this problem using Chinese remaindering and Hensel lifting, provided every query y satisfies size(y)=O(poly(n)).

Other Oracle Results We Can Prove By Building “Designer Polynomials” A,Ã : NPA  coNPÃ A,Ã : NPA  BPPÃ (only for finite fields, not integers) A,Ã : NEXPÃ[exp]  PA/poly A,Ã : NPÃ  SIZEA(n) By contrast, MAEXP  P/poly and PromiseMA  SIZE(n) algebrize! We seem to get a precise explanation for why progress on non-relativizing circuit lower bounds stopped where it did

From Algebraic Query Algorithms to Communication Protocols A(000)=1 A(001)=0 A(010)=0 A(011)=1 A(100)=0 A(101)=0 A(110)=1 A(111)=1 A0 A1 Truth table of a Boolean function A Alice and Bob’s Goal: Compute some property of the function A:{0,1}n{0,1}, using minimal communication Let Ã:FnF be the unique multilinear extension of A over a finite field F Theorem: If a problem can be solved using T queries to Ã, then it can also be solved using O(Tnlog|F|) bits of communication between Alice and Bob

This argument works just as well in the randomized world, the nondeterministic world, the quantum world… Proof: Given any point yFn, we can write Also works with integer extensions (we didn’t have to use a finite field). The protocol is now as follows: Ã(y1)=Ã0(y1)+Ã1(y1) y1 (O(nlog|F|) bits) Ã1(y1) (O(log|F|) bits) Theorem: If a problem can be solved using T queries to Ã, then it can also be solved using O(Tnlog|F|) bits of communication between Alice and Bob y2 (O(nlog|F|) bits)

The Harvest: Separations in Communication Complexity Imply Algebraic Oracle Separations (2n) randomized lower bound for Disjointness [KS 1987] [Razborov 1990]  A,Ã : NPA  BPPÃ (2n/2) quantum lower bound for Disjointness [Razborov 2002]  A,Ã : NPA  BQPÃ (2n/2) lower bound on MA-protocols for Disjointness [Klauck 2003]  A,Ã : coNPA  MAÃ Exponential separation between classical and quantum communication complexities [Raz 1999]  A,Ã : BQPA  BPPÃ Exponential separation between MA and QMA communication complexities [Raz-Shpilka 2004]  A,Ã : QMAA  MAÃ Advantages of this approach: Ã is just the multilinear extension of A! Works automatically with integer extensions Disadvantage: The functions achieving the separations are more contrived (e.g. Disjointness instead of OR).

“Hardest” communication predicate? Can also go the other way: algebrization-inspired communication protocols [Klauck 2003]: Disjointness requires (N) communication, even if there’s a Merlin to prove Alice and Bob’s sets are disjoint “Obvious” Conjecture: Klauck’s lower bound can be improved to (N) This conjecture is false! We give an MA-protocol for Disjointness (and indeed Inner Product) with total communication cost O(N log N) “Hardest” communication predicate?

O(N log N) MA-protocol for Inner Product A:[N][N]{0,1} B:[N][N]{0,1} Claimed value S’ for S rRF Alice and Bob’s Goal: Compute First step: Let F be a finite field with |F|[N,2N]. Extend A and B to degree-(N-1) polynomials Now let If Merlin is honest, then But how to check S’=S? If S’S, then

Conclusions Arithmetization had a great run. It led to IP=PSPACE, the PCP Theorem, non-relativizing circuit lower bounds… Yet we showed it’s fundamentally unable to resolve barrier problems like P vs. NP, or even P vs. BPP or NEXP vs. P/poly. Why? It “doesn’t pry open the black-box wide enough.” I.e. it uses a polynomial-size Boolean circuit to produce a low-degree polynomial, which it then evaluates as a black box. It doesn’t exploit the small size of the circuit in any “deeper” way. To reach this conclusion, we introduced a new model of algebraic query complexity, which has independent applications (e.g. to communication complexity) and lots of nooks and crannies to explore in its own right.

Open Problems Develop non-algebrizing techniques! Do there exist A,Ã such that coNPA  AMÃ? Improve PSPACEA[poly]  IPÃ to PSPACEÃ[poly] = IPÃ The power of “double algebrization” Integer queries of unbounded size Algebraic query lower bounds  communication lower bounds? Generalize to arbitrary error-correcting codes (not just low-degree extensions)? Test if a low-degree extension came from a small circuit?