Hardness amplification proofs require majority Ronen Shaltiel University of Haifa Joint work with...
-
Upload
gwendoline-fox -
Category
Documents
-
view
216 -
download
1
Transcript of Hardness amplification proofs require majority Ronen Shaltiel University of Haifa Joint work with...
Hardness amplification proofs require majority
Ronen ShaltielUniversity of Haifa
Joint work with
Emanuele ViolaColumbia University
June 2008
• Major goal of computational complexity theory
• Success with constant-depth circuits (1980’s)[Furst Saxe Sipser, Ajtai, Yao, Hastad, Razborov, Smolensky,…]
• Theorem[Razborov ’87] Majority not in AC0[©]
Majority(x1,…,xn) := 1 , xi > n/2
AC0[©] =© =
parity \/ = or
/\ = and
Circuit lower bounds
V © © © V V V
/\ /\ /\ /\ © /\
©
input
• Lack of progress for general circuit models
• Theorem[Razborov Rudich] + [Naor Reingold]:
Standard techniques cannot prove lower bounds for circuits that can compute Majority:
• No natural proofs of lower bounds for TC0. (Constant depth circuits with majority gates).
Natural proofs barrier
[Razborov Rudich] + [Naor Reingold]
Majority
Powerof CCannot prove
lower bounds[RR] + [NR]
• Stronger variant of lower bounds.
• Def: f : {0,1}n ! {0,1} -hard for class C if
every C 2 C : Prx[f(x) ≠ C(x)] ¸ ( 2 [0,1/2])
n f is worst case hard.
• E.g. C = general circuits of size nlog n, AC0[©],…
• Strong average-case hardness: = 1/2 – 1/n(1)
Need for cryptography, pseudorandom generators[Nisan Wigderson,…]
Average-case hardness
•
• Major line of research (1982 – present)[Y,GL,L,BF,BFL,BFNW,I,GNW,FL,IW,IW,CPS,STV,TV,SU,T,O,V,T,HVV,SU,GK,IJK,IJKW,…]
• Yao’s XOR lemma: Enc(f)(x1,…,xt) := f(x1) ©© f(xt)
f is -hard ) Enc(f) is (½–)-hard. against C = general poly-size circuits
(t = poly(log(1//)) .
Hardness amplificationHardness
amplificationagainst C
-hard ffor C
Enc(f) (1/2-)-hardfor C
• There are no lower bounds against strong classes, but what about week classes?
• Observation: Known hardness amplifications fail against any
class C for which we have lower bounds.
• Example: Have f ∉ AC0[©]. Open f : (1/2-1/n)-hard for AC0[©] ?
The problem we study
Our results + [Razborov Rudich] + [Naor Reingold]
Majority
Powerof CCannot prove
lower bounds[RR] + [NR]
Cannot provehardness amplification[this work]
“You can only amplify the hardness you don’t have”
“Lose-lose” reach of “standard techniques”:
Disclaimer: These are not impossibility
results.
Our results• Theorem [This work]: (Black-box non-adaptive)
hardness amplification against class C requires Majority 2 C
• No black-box hardness amplification against
AC0[©] because Majority not in AC0[©]
• Black-box amplification to (1/2-)-hard requires
C to compute majority on 1/ bits – tight
Outline
• Overview
• Formal statement of our results
• Significance of our results
• Proof
Proofs of Hardness Amplification• Yao’s XOR lemma: Enc(f)(x1,…,xt) := f(x1) ©© f(xt)
f is -hard ) Enc(f) is (½–)-hard. (t = poly(log(1//))
against C = general poly-size circuits
• Proofs work by proving the contra-positive:
Enc(f) is not (½–)-hard ) f is not -hard.
• Proofs convert:– A circuit h that errs computing Enc(f) on (½–)-fraction of inputs
– into a circuit g in C that errs computing f on fraction of inputs.
• Black-box proofs are reductions converting h into g.
Black-box reductions• Proofs convert:
– A circuit h that errs computing Enc(f) on (½–)-fraction of inputs
– into a circuit g in C that errs computing f on fraction of inputs.
Uniform reductions:
one poly-time circuit C s.t.
∀ f,h as above
s.t. g(x)=Ch(x)
Captures most reductions in Complexity/Crypto.
Non-uniform reductions:
∀ f,h as above
poly-size circuit C=Cf,h
s.t. g(x)=Ch(x)
Necessary for hardness amplification (Coding T).
The reduction Ch gets a poly-size “advice string”
about f,h
Often C is a PPM
The local list-decoding view[Sudan Trevisan Vadhan ’99]
f =
Enc(f) =
h =
(1/2–errors)
Ch(x) = f(x) (for 1- x’s)
0 1 0 1 0 1 0 1 0 1 0 1
0 1 1 1 0 1 0 0 1 0 1 1 0 0 0 1 0 1 1 0 00 0 0 0 0 1 1 0 1 1 1 1 1 0 0 0 1 0 1 0 0
q queries
encoding
decoding
LocalList-
No unique
decoding
Black-box hardness amplification• Def. Black-box !(1/2-) hardness amplific. against C
∀ f, h : Pry[Enc(f)(y) ≠ h(y)] < 1/2-
circuit C 2 C : Prx[f(x) ≠ Ch(x)] <
• Rationale: f -hard ) Enc(f) (1/2-)-hard
(f -hard for C if 8 C 2 C : Prx[f(x) ≠ C(x)] ¸ )
• Note: Enc is arbitrary (not necessarily black-box). Caveat: we can only handle non-adaptive oracle calls.
Encf : {0,1}k!{0,1} Enc(f) : {0,1}n!{0,1}
Our results (informal): Black box reductions for h.a. are “complex”.
• Theorem [this work]: Non-adaptive black-box
≤ ! (1/2-) hardness amplification
against a class C of poly-size circuits )
(1) C 2 C computes majority on 1/ bits.
(2) C 2 C makes q = Ω(log(1/)/2) oracle queries.
• Both asymptotically tight (as there are matching
upper bounds):
(1) [Impagliazzo, Goldwasser Gutfreund Healy Kaufman Rothblum]
(2) [Impagliazzo, Klivans Servedio]
Outline
• Overview
• Formal statement of our results
• Significance of our results
• Proof
• Lack of hardness vs. randomness tradeoffs a-la [Nisan Wigderson] for some families of constant-depth circuits
• Loss in circuit size: -hard for size s
) (1/2-)-hard for size s¢2 / log(1/)
Our results somewhat explain
Direct product vs. Yao’s XOR
• Yao’s XOR lemma:
Enc(f)(x1,…,xt) := f(x1) © © f(xt) 2 {0,1}
• Direct product lemma (non-Boolean)
Enc(f)(x1,…,xt) := ( f(x1) ,,f(xt) ) 2 {0,1}t
• For general poly-size circuits Direct product , Yao XOR [Goldreich Levin]
• Yao’s XOR requires majority [this work]direct product does not [folklore, Impagliazzo Jaiswal
Kabanets Wigderson]
• Also a difference in # of oracle queries needed.
Outline
• Overview
• Formal statement of our results
• Significance of our results
• Proof
Proof• Recall Theorem: non-adaptive black-box
≤ ! (1/2-) hardness amplification against
a class C of poly-size circuits )
(1) C 2 C computes majority on 1/ bits.
(2) C 2 C makes q ¸ log(1/)/2 oracle queries.
• We show hypot.) C 2 C tells Noise 1/2 from 1/2 –
(D) | Pr[C(N1/2,…,N1/2)=1] - Pr[C(N1/2-,…,N1/2-)=1] | >1-
• (1) ( (D) + “best way to distinguish is majority” [Sudan].
(2) ( (D) + “tigthness of Chernoff bound”
q q
Warm-up: uniform reduction
• Want: non-uniform reductions (8 f,h 9 C)
For every f ,h : Pry[Enc(f)(y) ≠ h(y)] < 1/2-
there is circuit C 2 C : Prx[f(x) ≠ Ch(x)] <
• Warm-up: uniform reductions (9 C 8 f,h )
There is circuit C 2 C :
For every f, h : Pry[Enc(f)(y) ≠ h(y)] < 1/2-
Prx[f(x) ≠ Ch(x)] <
Proof in uniform case• Let F : {0,1}k ! {0,1}, X 2 {0,1}k be random
Consider C(X) with oracle access to
H(y) = Enc(F)(y) © N(y)
N(y) ~ N1/2 ) CEnc(F) © N(X) = CN(X) ≠ F(X) w.p ½.C has no information about F
N(y) ~ N1/2- ) CEnc(F) © N(X) = F(X) w.p. 1- .H=Enc(F) © N is (1/2-)-close to Enc(F)
• To tell z ~ Noise 1/2 from z ~ Noise 1/2 – , |z| = q
Run C(X); answer i-th query yi with Enc(F)(yi) © ziCompare answer to F(X) (which is hardwired).Q.e.d.
Proof outline in non-uniform case• Non-uniform: C depends on F and H (8 f,h 9 C)
• New proof technique
1) Fix C to C’ that works for many f,h Condition F’ := (F | C=C’), H’ := (H | C=C’)
2) Information-theoretic lemma
Enc(F’)©N’ (y1,…,yq) ¼ Enc(F)©N (y1,…,yq)
If all yi 2 “good” set G µ {0,1}n
Can argue as for uniform case if all yi 2 G
3) Deal with queries yi not in G
Fixing C
• Choose F : {0,1}k ! {0,1} uniform, N(y) ~ N1/2-
• Enc(F)©N is (1/2-)-close to Enc(F). We have (8f,h9C)
With probability 1 over F,H there is C 2 C :
PrX[CEnc(F) © N(X) ≠ F(X)] <
• ) there is C’ 2 C : with probability 1/|C| over F,H
PrX[C’ Enc(F) © N (X) ≠ F(X)] <
• Note: C = all circuits of size poly(k), 1/|C| = 2-poly(k)
The information-theoretic lemma• Lemma
Let V1,…,Vt i.i.d., V1’,…,Vt’ := (V1,…,Vt | E)
E noticeable ) there is large good set G µ [t] :
for every i1,…,iq 2 G : (V’i1,…,V’iq) ¼ (Vi1,…,Viq
) as long as q is small.
• Proof: E noticeable ) H(V1’,…,Vt’) large
) H(V’i |V’1,…,V’i -1) large for many i (2 G)
Closeness[(Vi1,…,Viq
),(V’i1,…,V’iq)] ¸ H(V’i1,…,V’iq)
¸ H(V’iq | V’1,…,V’iq -1) + … + H(V’i1 | V’1 ,…,V’i1-1) large
Q.e.d.
• Similar to [Edmonds Rudich Impagliazzo Sgall, Raz]
Applying the lemma
• Vy = N(y) ~ Noise 1/2-
• E := { H : PrX[C’ Enc(F) © N(X) ≠ F(X)] < }, Pr[E]¸ 1/|C|
H’ = N | E =
C’ Enc(F’) © N’ (x) ¼ C’ Enc(F) © N (x)
• All queries in G ) proof for uniform case goes thru
0 1 1 1 0 1 0 0 1 0 1 1 0 0 0 1 0 1 1 0 0 Gq queries
Handling bad queries
• Problem: C(x) may query bad y 2 {0,1}n not in G
• Idea: Fix bad query. Queries either in G or fixed )proof for uniform case goes thru
• Delicate argument:
Fixing bad query H(y) may create new bad queries
Instead fix heavy queries: asked by C(x) for many x’s
Gain because new bad queries are light, affect few x’s Must verify that there are few added bad queries.
• Theorem[This work] Black-box hardness amplification against class C requires Majority 2 C
• Reach of standard techniques in circuit complexity[This work] + [Razborov Rudich], [Naor Reingold]
“Can amplify hardness , cannot prove lower bound”
• New proof technique to handle non-uniform reductions
• Open problemsAdaptivity?
[GutfreundRothblum08] handle adaptive reductions in the case of “low nonuniformity” (small list sizes).1/3-pseudorandom from 1/3-hard requires majority?
Conclusion