XOR lemmas & Direct Product thms - Many proofs Avi Wigderson IAS, Princeton ’82 Yao ’87 Levin ‘89 Goldreich-Levin ’95 Impagliazzo ‘95 Goldreich-Nisan-Wigderson ’97 Impagliazzo-Wigderson ‘99 Sudan-Trevisan-Vadhan ’03 Trevisan ’06 Impagliazzo-Jaiswal-Kabanets ‘07 Impagliazzo-Jaiswal-Kabanets-Wigderson

Hardness Amplification f: U  {0,1} (e.g U={0,1} n ), C (complexity) class of functions suc(f,C) = max c  C Pr x  U [c(x)=f(x)] Assume suc(f,C) ≤ 1-δ. How can we make f harder? Compute f on k independent copies! XOR: f  k : U k  {0,1} f  k (x 1, x 2, …, x k ) = f(x 1 )  f(x 2 )  …  f(x k ) XOR Lemma: suc(f  k,C’) ≤ ½+ε Direct Product: f (k) : U k  {0,1} k f (k) (x 1, x 2, …, x k ) = (f(x 1 ), f(x 2 ), …, f(x k )) Direct Product Theorem: suc(f (k),C’) ≤ ε Information theory intuition Prob guessing f(X) ≤ 1-δ Prob guessing XOR = ½+(1-2δ) k Prob guessing all = (1-δ) k Hope: ε = exp(-δk)

XOR vs. Direct Product XOR Lemma: suc(f,C) ≤ 1-δ  suc(f  k,C’) ≤ ½+ε DP Theorem: suc(f,C) ≤ 1-δ  suc(f (k),C’) ≤ ε Morally, the two conclusions are equivalent!Thm[Goldreich-Levin] suc(f (k),C’’) ≤ ε 2  suc(f (  2k),C’) ≤ ε C’’ = Majority  C’ [Majority of poly(k,1/ε,1/δ) circuits from C’] Thm[Viola-Wigderson] suc(f  k,C’’) ≤ ½+ε  suc(f (3k),C’) ≤ ε- exp(-k) C’’ = Parity  C’

Proof #1 [Levin, Goldreich-Nisan-Wigderson] DP Theorem: suc(f,C) ≤ 1-δ  suc(f (k),C’) ≤ ε DP Theorem: suc(f (k),C’) ≥ ε  suc(f,C) ≥ 1-δ Given c’ such that for random x=(x 1, x 2, …, x k ) ε = (1-δ/2) k ≤ Pr[c’(x 1, x 2, …, x k ) = (f(x 1 ), f(x 2 ), …, f(x k ))] = = Π i Pr[c’(x) i = f(x i ) | E i ] where E i = ∧ j<i c’(x) i = f(x i ) Observe: for all i, Pr[E i ] ≥ ε for some i Pr[c’(x) i = f(x i ) | E i ] ≥1-δ/2 For z  U Let x(z,i) be a random x with z replacing x i c repeats t=(log 2/δ)/ε times: on input z simulate c’(x(z,i)). If E i holds then output c’(x(z,i)) i else output “fail”. Observe: Pr[“fail”] ≤ δ/2 Pr[c(z)≠f(z) | not “fail”] ≤ δ/2 c uses tk values of f (nonuniform). |c| ~ t|c’|. C = Or  C’

Coding theory view [Impagliazzo, Trevisan] DP Theorem: suc(f,C) ≤ 1-δ  suc(f (k),C’) ≤ ε DP Theorem: suc(f (k),C’) ≥ ε  suc(f,C) ≥ 1-δ Encoding Message f (k)  f Noise  (≤1-ε errors) c’  c (≤δ errors) Decoding Local decoding: c = A f,c’ A is an efficient (prob) algorithm List decoding: c  {c 1, c 2, … c t } = A f,c’ t ≥ 1/ε [Rudich] DP code: lousy rate, pathetic distance, large alphabet But we must understand it! Focus on list size & rate

Proof #2 [Impagliazzo] DP Theorem: suc(f,C) ≤ 1-δ  suc(f (k),C’) ≤ ε DP Theorem: suc(f (k),C’) ≥ ε  suc(f,C) ≥ 1-δ Hard-core set Theorem: Assume suc(f,C) ≤ 1-δ. Then there exists a subset H  U, |H| > δ|U|, such that suc H (f,C’) ≤ ½+ε, where C= Majority  C’. Corollary: Assume suc(f,C) ≤ 1-δ. Then there exists a distribution f H on functions which is ε-indistingushable to circuits in C’. f H (x)=$ if x  H and f H (x)=f(x) otherwise. Then suc(f (k),C’) ≤ suc(f H (k),C’) + kε ≤ exp(-δk) + exp(-δk) + kε hybrid Chernoff

Proof #2 [Impagliazzo] DP Theorem: suc(f,C) ≤ 1-δ  suc(f (k),C’) ≤ ε DP Theorem: suc(f (k),C’) ≥ ε  suc(f,C) ≥ 1-δ Hard-core set Theorem: Assume suc(f,C) ≤ 1-δ. Then there exists a subset H  U, |H| > δ|U|, such that suc H (f,C’) ≤ ½+ε, where C= Majority  C’. Corollary: Sufficient to prove suc(f (k),C’) ≥ ε  suc H (f,C’) ≥ ½+ε for every such H. Claim: Assume ε>1/δk, Pr[c’(x) = (f(x 1 ), f(x 2 ), …, f(x k ))] > ε. Then for every such H there exist i,j  [k], predicate g Pr H [f(x i )=g(c’(x) i,c’(x) j, f(x j ))] ≥ ½+ε (try first H=U) Bad news: ε is very suboptimal Good news: Analysis works for pairwise independent x 1,x 2, …, x k

Derandomization [Impagliazzo] DP Theorem: suc(f (k),C’) ≥ ε  suc(f,C) ≥ 1-δ A “generator” G:{0,1} s  U k fools the DP theorem (with k,ε,δ) if suc(f (k) G,C’) ≥ ε  suc(f,C) ≥ 1-δ Theorem [Impagliazzo]: A t-wise independent generator fools the DP theorem with ε = (1/δk) t Corollary: Polynomial rate code for t=O(1).

Proof #3 [Impagliazzo-Wigderson] DP Theorem: suc(f,C) ≤ 1-δ  suc(f (k),C’) ≤ ε DP Theorem: suc(f (k),C’) ≥ ε  suc(f,C) ≥ 1-δ Corollary to HC Theorem: Sufficient to prove suc(f (k),C’) ≥ ε  suc H (f,C’) ≥ ½+ε for every H  U, |H|> δ|U|. Claim: Assume Pr[c’(x) = (f(x 1 ), f(x 2 ), …, f(x k ))] ≥ ε. Then for every such H there exist i  [k], predicate g such that Pr H [f(x i )=g(c’(x) -i,, f(x -i ))] ≥ ½+ε-exp(-δk). Theorem: For k=n=log |U|, δ =1/3, there is an efficient generator with seed O(n) for ε = exp(-n). Corollary: Polynomial rate code with optimal ε. Corollary: E requires exp( Ω (n)) circuits  BPP=P.

Proof #3 [Impagliazzo-Wigderson] Claim: Assume Pr[c’(x) = (f(x 1 ), f(x 2 ), …, f(x k ))] ≥ ε. Then for every such H there exist i  [k], predicate g such that Pr H [f(x i )=g(c’(x) -i,, f(x) -i )] ≥ ½+ε-exp(-δk). Focus on H=U. B i = c’(x) i  f(x i ) B=(B 1,B 2, …, B k ). q m = Pr[wt(B) =m]. q 0 ≥ ε. Task: For random i, guess B i from B -i Claim: The exists a (prob) g s.t. p=Pr[g(B -i )=B i ] ≥ ½+ε-2 -k/3. Proof: Let w=wt(B -i ). g(B -i )=0 with prob. 2 -w, and $ otherwise. Let m=wt(B). Then p-½ = Σ m q m [ ((k-m)/k)2 -m - (m/k)2 -m+1 ] = = Σ m q m ((k-3m)/k)2 -m ≥ ε-2 -k/3 For H, i random s.t. x i  H. Same g yields p ≥ ½+ε-2 -k/3 Derandomization: Generate x -i from x i : “hitting” H, “know” f(x) -i

Proof #4 [Impagliazzo-Jaiswal-Kabanets-Wigderson] Uniform DP Theorem: suc(f (k),C’) ≥ ε  suc(f,C) ≥ 1-δ via a PPT algorithm A, s.t. A(C’)=C. It is best to think of C’ as taking k-subsets (as opposed to k- vectors) of inputs. Thus, the assumption is that for a random subset B of k inputs, Pr[C’(B) = f (k) (B)] ≥ ε A picks a random k-subset B 0, and a random (k/2)-subset S of B 0, and let r=C’(B 0 )| S (r is the set of answers C’ gives on S). The circuit C, on input x, will try 100(log 1/δ)/ε times the following till the first success (if no success, output default): Pick a random k-set B containing S and x. If C’(B)| S =r then output C’(B)| x Claim: Pr[C(x) = f(x)] ≥ 1-δ for ε = exp(-δk). Proof: Symmetry arguments. Derandomization: polynomial rate code, k= √ n, ε = exp(- √ n)