1 / 16

Pseudorandom Generators and Typically-Correct Derandomization

Pseudorandom Generators and Typically-Correct Derandomization. Jeff Kinne , Dieter van Melkebeek University of Wisconsin-Madison Ronen Shaltiel University of Haifa. Overview. New approach based on PRGs simpler proofs, new results Difficulty of typically-correct derand?

dale-higgins
Download Presentation

Pseudorandom Generators and Typically-Correct Derandomization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pseudorandom Generators andTypically-Correct Derandomization Jeff Kinne, Dieter van MelkebeekUniversity of Wisconsin-Madison Ronen Shaltiel University of Haifa

  2. Overview • New approach based on PRGs • simpler proofs, new results • Difficulty of typically-correct derand? • Small # errors: implies circuit lower bounds • Large # errors: cannot be with relativizing techniques or arithmetization • Typically-Correct Derandomization • Allowed to make small # of errors Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  3. The Power of Randomness? • Is randomness more powerful for … • Time-Bounded Algs? • Interactive Proofs? • Space-Bounded Algs? BPP P Circuit Testing PRIMES AM Does BPP = P? NP Graph Non-Iso BPL L UndirectedSTCON Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  4. Does BPP = P? • B(x) = Majρ(A(x, G(ρ)) decides L if G is PRG secure againstcircuits A(x, ∙) • [NW, IW, STV, SU, …]E ⊈ SIZE(2εn) ⇒ PRG G with ℓ = O(log n),computable in time 2O(ℓ) ⇒ BPP=P BPP lang L Randomized Machine A(x, r) x∈L x∉L reject accept reject accept G({0,1}ℓ) Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  5. Difficulty of Proving BPP=P • Can we prove BPP=P without circuit lower bounds? • No: [KI] BPP ⊆ NSUBEXP ⇒ NEXP ⊈ P/poly or PERM ⊈ Arith-P/poly • Further: cannot prove BPP ⊆ NSUBEXP with relativizing techniques or arithmetization • What if we relax the goal? • [IW, …] “heuristic” derand if BPP≠ EXP • [GW, …] typically-correct derandomization Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  6. Typically-Correct Derandomization • More efficient derandomizations? • Weaker (or no) hardness assumptions? • How to leverage ability to make errors? • Extractors [GW] • Seedless Extractors [Sha] • PRGs – this work • Randomized Algorithm A(x, r) computing lang L • B typically-correct for L: makes at most δ·2n errors Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  7. Extract Randomness from Input [GW] • If(1)most r good for all x and (2) |r| < |x| • B(x) = A(x, x)makes few errors • Make error very small: B(x) = Majy(A(x, E(x,y))) • BPP: ifP hard-on-average for SIZESAT(nd)use PRG to Randomized Algorithm A(x, r) computing lang L Deterministic simulation B(x) = A(x, E(x)) Subsequent work: [vMS], [Zim], [Sha] Set of all r ≈ set of all x “good” r •x Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  8. Extract Randomness from Input [Sha] • B(x) = A(x, E(x)), assume |r| ≤ |x| • If E seedless 2-Ω(|r|)-extractor for distributionsthen B typically-correct • Use PRG to get |r| ≤ |x| • BPP: if P very hard-on-average for SIZE(nd) Randomized Algorithm A(x, r) computing lang L Set of all r Set of all x, fixed good r A(x,r)=L(x) “good” r Unconditional results for AC0, streaming algs, … Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  9. Pseudorandom Generator Approach • B(x) = A(x, E(x)) • G(x) = (x, E(x)) is ε-PRG for T ⇒ |Prx,r[A(x,r)≠L(x)] – Prx[A(G(x))≠L(x)]| ≤ ε ⇒ Prx[A(x,E(x))≠L(x)] ≤ ρ+ε Randomized Algorithm A(x, r) computing lang L All (x, r) pairs A(x,r)=L(x) Fixed x A(x,r)=L(x) Prr[A(x,r)≠L(x)] ≤ ρ ≤ 1/3 Prx,r[A(x,r)≠L(x)] ≤ ρ test T(x, r) G ε-PRG for test Tr’(x,r): A(x,r)≠A(x,r’) ⇒ Prx[A(x,E(x))≠L(x)] ≤ 3ρ+ε Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  10. Pseudorandom Generator Approach • Can PRG’s be seed-extending? • Cryptographic – No! • Derandomization – Yes! [NW, STV, SU, …] • Compare to traditional use of PRG • B only runs G once – very efficient if G is • Compare to [GW], [Sha] • PRG is already enough! Randomized Algorithm A(x, r) computing lang L B(x) = A(G(x)), G is seed-extending PRG Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  11. New Typically-Correct Derand Results • BPP: P 1/nc-hard for SIZE(nd)⇒ B in P and within 1/nc of L • Similar conditional results for AM, BPL, … Randomized Algorithm A(x, r) computing lang L B(x) = A(x, NWH(x)) NWH based on hardness of H Weaker than [GW], [Sha] Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  12. New Typically-Correct Derand Results • AC0 with few symmetric gates: A uses o(log2n) symm gates, error ρ≤ 1/3 ⇒ B in AC0[sym] and within ρ+n-Ω(log n) of L • Other settings: multi-party comm, … Randomized Algorithm A(x, r) computing lang L B(x) = A(x, NWH(x))NWH based on hardness of H Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  13. Comparison with [Sha] • All results of [Sha] by PRG approach E is a seedless 2-Ω(|r|)-extractor fordistributions ≈ {x | A(x, r) = A(x,r’)} [Sha] A(x, E(x)) typically-correct for L (x, E(x)) is a 2-Ω(|r|)-PRG for tests T(x,r): A(x,r) ≠ A(x,r’) Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  14. Difficulty of Proving Typ-Cor Derand • Typically-correct derandomization without circuit lower bounds? • No for small error: If NTIME(2nε) computes circuit-testing with ≤ 2nε errors, then • NEXP ⊈ P/poly, or • Permanent ⊈ Arithmetic-P/poly • Large error: no for relativizing techniques or arithmetization [AW] • oracle A, low-deg ext à of A s.t. BPTIMEA(O(n)) is (1/2-2-Ω(n))-hard for NTIMEÃ(2n) Simpler proof for everywhere-correct setting Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  15. Recap • New seed-extending PRG approach • Unconditional results in some settings! • But, for BPP: unconditional results difficult • Typically-Correct Derandomization • Allowed to make small # of errors Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

  16. Thanks! * Full paper and slides available from my website Pseudorandom Generators and Typically-Correct Derandomization Kinne, Van Melkebeek, Shaltiel

More Related