Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pseudorandomness Emanuele Viola Columbia University April 2008.

Published byEthel Jones Modified over 9 years ago

Similar presentations

Presentation on theme: "Pseudorandomness Emanuele Viola Columbia University April 2008."— Presentation transcript:

1 Pseudorandomness Emanuele Viola Columbia University April 2008

2 The universe is computational Computation of increasing importance to many fields biologyphysics economics mathematics Goal: understand computation Computation

3 Uncomputability [Gödel, Turing, Church; 1930’s] NP-completenessP  NP ? [Cook, Levin, Karp; 1970’s] RandomnessP = RP ? […; today] Milestones

4 Key to understanding randomness Goal of Pseudorandomness: Construct objects that “look random” using little or no randomness Example: Random 10-digit number is prime with probab. 1/10 Challenge: Deterministic construction? Pseudorandomness

5 Algorithm design, Monte Carlo method Breakthrough [Reingold 2004] Connectivity in logarithmic space (SL = L) Breakthrough [Agrawal Kayal Saxena 2002] Primality in polynomial time (PRIMES  P) Originated from pseudorandomness Motivation for Pseudorandomness (1)

6 Cryptography Security  cipher looks random to eavesdropper Motivation for Pseudorandomness (2) [Shannon 1949; Goldwasser Micali 1984] Cipher 11010110101101000011101001 Buy oil

7 Surprise: “ P  NP  P = RP ” (1980’s-present) Hard problems exist  randomness does not help [Babai Fortnow Kabanets Impagliazzo Nisan Wigderson…] Idea: Hard problem  source of randomness Motivation for Pseudorandomness (3)

8 Outline Overview Motivation Pseudorandom generators Examples Circuits Polynomials Future directions

9 Efficient, deterministic Short seed s(n) << n Output “looks random” Pseudorandom generator [Blum Micali; Yao; Nisan Wigderson] Gen

10 “Looks random” to test T: {0,1} n  {0,1} Example: T = “Does pattern 1010 occur?” Definition of “looks random” T Acceptance probability p T Acceptance probability p  1% Gen

11 General: P = RP, cryptography, etc.. Conditional T = any algorithm Restricted: Also many applications. Unconditional T = Space bounded [Nisan, Reingold Trevisan Vadhan,…] Rectangles [Armoni Saks Wigderson Zhou, Lu] look at k bits [Chor Goldreich, Alon Babai Itai,…] Circuits [Nisan, Luby Velickovic Wigderson, V.] Polynomials [Naor Naor, Bogdanov V., V.] Classes of tests T restricted general

12 Test: Just look at 1 bit (but you don’t know which) Want: each output bit is random Question: Minimal seed length s? Toy example Gen 1 with probability 50%

13 Solution: Seed length s = 1 ! Solution to toy example Gen 0000000000000000000 Gen 1111111111111111111 1 with probability 50%

14 Test: Just look at 2 bits Want: every two output bits are random: Theorem[Carter Wegman ‘79,…] s = log n Idea: y-th output bit: Gen(x) y :=  i x i  y i  {0,1} |x|=|y|= log n Pairwise independence Gen 00, 01, 10, 11 with prob. 25%

15 Want: Cut in graph that maximizes edges crossing Random cut: C(v) = 0, 1 with prob. 1/2 E[ # edges crossing] =  (u,v) Prob[C(u)  C(v)] = |E|/2 Pairwise independent cut suffices!  deterministic algorithm (try 2 log n = n cuts) “The amazing power of pairwise independence” Application to MAXCUT [Chor Goldreich, Alon Babai Itai]

16 Outline Overview Motivation Pseudorandom generators Examples Circuits Polynomials Future directions

17 Theorem [Nisan ‘91]: Generator for constant-depth circuits with AND (/\), OR (V) gates Application to average-case “P vs NP” problem [Healy Vadhan V.; SIAM J. Comp. STOC special issue] Gen Previous results for circuits VVVVVVVV /\ V Depth

18 Theorem: Generator for constant-depth circuits with few Majority gates Richest circuit class for which pseudorandom generator is known Majority Our Results [V.; SIAM J. Comp., SIAM student paper prize 2006] Gen VVVVVVVV /\

19 Outline Overview Motivation Pseudorandom generators Examples Circuits Polynomials Future directions

20 Polynomials: degree d, n variables over F 2 = {0,1} E.g., p = x 1 + x 5 + x 7 degree d = 1 p = x 1  x 2 + x 3 degree d = 2 Test T = polynomial We focus on the degree of polynomial Polynomials Gen x 1  x 2 + x n

21 Previous results Theorem[Naor Naor ‘90]: Generator for linear polynomials, seed length s(n) = O(log n) Myriad applications: matrix multiplication, PCP’s Expander graphs: (sparse yet highly connected) For degree d  2, no progress for 15 years y = x + generator x  {0,1} n

22 Our results [Bogdanov V.; FOCS ’07 special issue] For degree d: Let L  {0,1} n look random to linear polynomials [NN] bit-wise XOR d independent copies of L: Generator := L 1 + … + L d Theorem: (I)Unconditionally: Looks random to degree d=2,3 (II)Under “Gowers inverse conjecture”: Any degree

23 Recent developments after [BV] Th. [Lovett] : The sum of 2 d generators for degree 1 looks random to degree d, unconditionally. –[BV] sums d copies Progress on “Gowers inverse conjecture”: Theorem [Green Tao] : True when |Field| > degree d –Proof uses techniques from [BV] Theorem [Green Tao], [Lovett Meshulam Samorodnitsky] : False when Field = {0,1}, degree = 4

24 Our latest result [V. CCC ‘08] Theorem: The sum of d generators for degree 1 looks random to polynomials of degree d. For every d and over any field. (Despite the Gowers inverse conjecture being false) Improves on both [Bogdanov V.] and [Lovett] Also simpler proof

25 Proof idea Induction: Assume for degree d, prove for degree-(d+1) p Inductive step:Case-analysis based on Bias(p) := | Prob uniform X [p(X)=1] – Prob X [p(X)=0] | Bias(p) small  Pseudorandom bias small use expander graph given by extra generator Bias(p) large  (1) self-correct: p close to degree-d polynomial This result used in [Green Tao] (2) apply induction

26 Pseudorandomness: Construct objects that “look random” using little or no randomness Applications to algorithms, cryptography, P vs NP Pseudorandom generators Constant-depth circuits [N,LVW, V] Recent developments for polynomials[BV,L,GT,LMS] Sum of d generators for degree 1  degree d [V] What we have seen

27 Outline Overview Motivation Pseudorandom generators Examples Circuits Polynomials Future directions

28 Pseudorandomness Open: Generator for polynomials of degree log n? Communication complexity Recent progress on long-standing problems [V. Wigderson, Sherstov, Lee Shraibman, David Pitassi V.] Computer science and economics Complexity of Nash Equilibria [Daskalakis Goldberg Papadimitriou, …] Mechanism design Future directions (1)

29 Finance Are markets random? Efficient market hypothesis [Bachelier 1900, Fama 1960,…] Raises algorithmic questions E.g. Zero-intelligence traders [Gode Sunder; 1993] Work in progress with Andrew Lo Future directions (2)

Download ppt "Pseudorandomness Emanuele Viola Columbia University April 2008."

Similar presentations

Pseudorandom Walks: Looking Random in The Long Run or All The Way? Omer Reingold Weizmann Institute.

Pseudorandom Walks: Looking Random in The Long Run or All The Way? Omer Reingold Weizmann Institute.
Impagliazzos Worlds in Arithmetic Complexity: A Progress Report Scott Aaronson and Andrew Drucker MIT 100% QUANTUM-FREE TALK (FROM COWS NOT TREATED WITH.

Impagliazzos Worlds in Arithmetic Complexity: A Progress Report Scott Aaronson and Andrew Drucker MIT 100% QUANTUM-FREE TALK (FROM COWS NOT TREATED WITH.
Parikshit Gopalan Georgia Institute of Technology Atlanta, Georgia, USA.

Parikshit Gopalan Georgia Institute of Technology Atlanta, Georgia, USA.
Hardness Amplification within NP against Deterministic Algorithms Parikshit Gopalan U Washington & MSR-SVC Venkatesan Guruswami U Washington & IAS.

Hardness Amplification within NP against Deterministic Algorithms Parikshit Gopalan U Washington & MSR-SVC Venkatesan Guruswami U Washington & IAS.
An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?
Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.

Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.
Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.

Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.
Average-case Complexity Luca Trevisan UC Berkeley.

Average-case Complexity Luca Trevisan UC Berkeley.
Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.

Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.
Are lower bounds hard to prove? Michal Koucký Institute of Mathematics, Prague.

Are lower bounds hard to prove? Michal Koucký Institute of Mathematics, Prague.
Extracting Randomness David Zuckerman University of Texas at Austin.

Extracting Randomness David Zuckerman University of Texas at Austin.
Statistical Zero-Knowledge Arguments for NP from Any One-Way Function Salil Vadhan Minh Nguyen Shien Jin Ong Harvard University.

Statistical Zero-Knowledge Arguments for NP from Any One-Way Function Salil Vadhan Minh Nguyen Shien Jin Ong Harvard University.
The Power of Randomness in Computation David Zuckerman University of Texas at Austin.

The Power of Randomness in Computation David Zuckerman University of Texas at Austin.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…

1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…
Talk for Topics course. Pseudo-Random Generators pseudo-random bits PRG seed Use a short “ seed ” of very few truly random bits to generate a long string.

Talk for Topics course. Pseudo-Random Generators pseudo-random bits PRG seed Use a short “ seed ” of very few truly random bits to generate a long string.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.
Complexity Theory Lecture 1 Lecturer: Moni Naor. Computational Complexity Theory Study the resources needed to solve computational problems –Computer.

Complexity Theory Lecture 1 Lecturer: Moni Naor. Computational Complexity Theory Study the resources needed to solve computational problems –Computer.
1 Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia.

1 Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia.

Similar presentations

Ads by Google