Pseudorandom Generators and Typically-Correct Derandomization - PowerPoint PPT Presentation

About This Presentation
Title:

Pseudorandom Generators and Typically-Correct Derandomization

Description:

Pseudorandom Generators and Typically-Correct Derandomization Jeff Kinne, Dieter van Melkebeek University of Wisconsin-Madison Ronen Shaltiel University of Haifa – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 17
Provided by: JeffK99
Learn more at: http://cs.indstate.edu
Category:

less

Transcript and Presenter's Notes

Title: Pseudorandom Generators and Typically-Correct Derandomization


1
Pseudorandom Generators andTypically-Correct
Derandomization
  • Jeff Kinne, Dieter van MelkebeekUniversity of
    Wisconsin-Madison
  • Ronen Shaltiel
  • University of Haifa

2
Overview
  • New approach based on PRGs
  • simpler proofs, new results
  • Difficulty of typically-correct derand?
  • Small errors implies circuit lower bounds
  • Large errors cannot be with relativizing
    techniques or arithmetization
  • Typically-Correct Derandomization
  • Allowed to make small of errors

3
The Power of Randomness?
  • Is randomness more powerful for
  • Time-Bounded Algs?
  • Interactive Proofs?
  • Space-Bounded Algs?

BPP
P
Circuit Testing
PRIMES
AM
NP
Does BPP P?
Graph Non-Iso
BPL
L
UndirectedSTCON
4
Does BPP P?
  • B(x) Maj?(A(x, G(?)) decides L if G is PRG
    secure against circuits A(x, )
  • NW, IW, STV, SU, E ? SIZE(2en) ? PRG G with l
    O(log n), computable in time 2O(l) ? BPPP

BPP lang L
Randomized Machine A(x, r)
x?L
x?L
reject
reject
accept
accept
G(0,1l)
5
Difficulty of Proving BPPP
  • Can we prove BPPP without circuit lower bounds?
  • No KI BPP ? NSUBEXP ? NEXP ?
    P/poly or PERM ? Arith-P/poly
  • Further cannot prove BPP ? NSUBEXP with
    relativizing techniques or arithmetization
  • What if we relax the goal?
  • IW, heuristic derand if BPP? EXP
  • GW, typically-correct derandomization

6
Typically-Correct Derandomization
  • More efficient derandomizations?
  • Weaker (or no) hardness assumptions?
  • How to leverage ability to make errors?
  • Extractors GW
  • Seedless Extractors Sha
  • PRGs this work
  • Randomized Algorithm A(x, r) computing lang L
  • B typically-correct for L makes at most d2n
    errors

7
Extract Randomness from Input GW
Randomized Algorithm A(x, r) computing lang
L Deterministic simulation B(x) A(x, E(x))
  • If (1) most r good for all x and (2) r lt x
  • B(x) A(x, x) makes few errors
  • Make error very small B(x) Majy(A(x, E(x,y)))
  • BPP if P hard-on-average for
    SIZESAT(nd) use PRG to

Subsequent work vMS, Zim, Sha
Set of all r set of all x
good r
x
8
Extract Randomness from Input Sha
Randomized Algorithm A(x, r) computing lang L
  • B(x) A(x, E(x)), assume r x
  • If E seedless 2-O(r)-extractor for
    distributions then B typically-correct
  • Use PRG to get r x
  • BPP if P very hard-on-average for SIZE(nd)
  • Set of all r
  • Set of all x, fixed good r

A(x,r)L(x)
good r
Unconditional results for AC0, streaming algs,
9
Pseudorandom Generator Approach
Randomized Algorithm A(x, r) computing lang L
  • B(x) A(x, E(x))
  • G(x) (x, E(x)) is e-PRG for T
  • ? Prx,rA(x,r)?L(x) PrxA(G(x))?L(x) e
  • ? PrxA(x,E(x))?L(x)
    ?e

All (x, r) pairs
A(x,r)L(x)
Fixed x
A(x,r)L(x)
PrrA(x,r)?L(x) ? 1/3
Prx,rA(x,r)?L(x) ?
test T(x, r)
G e-PRG for test Tr(x,r) A(x,r)?A(x,r) ?
PrxA(x,E(x))?L(x) 3?e
10
Pseudorandom Generator Approach
Randomized Algorithm A(x, r) computing lang
L B(x) A(G(x)), G is seed-extending PRG
  • Can PRGs be seed-extending?
  • Cryptographic No!
  • Derandomization Yes! NW, STV, SU,
  • Compare to traditional use of PRG
  • B only runs G once very efficient if G is
  • Compare to GW, Sha
  • PRG is already enough!

11
New Typically-Correct Derand Results
  • BPP
  • P 1/nc-hard for SIZE(nd) ?
  • B in P and within 1/nc of L
  • Similar conditional results for AM, BPL,

Randomized Algorithm A(x, r) computing lang
L B(x) A(x, NWH(x)) NWH based on hardness of H
Weaker than GW, Sha
12
New Typically-Correct Derand Results
  • AC0 with few symmetric gates
  • A uses o(log2n) symm gates, error ? 1/3
  • ? B in AC0sym and within ?n-O(log n) of L
  • Other settings multi-party comm,

Randomized Algorithm A(x, r) computing lang
L B(x) A(x, NWH(x))NWH based on hardness of H
13
Comparison with Sha
  • All results of Sha by PRG approach

E is a seedless 2-O(r)-extractor
fordistributions x A(x, r) A(x,r)
Sha
A(x, E(x)) typically-correct for L
(x, E(x)) is a 2-O(r)-PRG for tests T(x,r)
A(x,r) ? A(x,r)
14
Difficulty of Proving Typ-Cor Derand
  • Typically-correct derandomization without circuit
    lower bounds?
  • No for small error If NTIME(2ne) computes
    circuit-testing with 2ne errors, then
  • NEXP ? P/poly, or
  • Permanent ? Arithmetic-P/poly
  • Large error no for relativizing techniques or
    arithmetization AW
  • oracle A, low-deg ext à of A s.t. BPTIMEA(O(n))
    is (1/2-2-O(n))-hard for NTIMEÃ(2n)

Simpler proof for everywhere-correct setting
15
Recap
  • New seed-extending PRG approach
  • Unconditional results in some settings!
  • But, for BPP unconditional results difficult
  • Typically-Correct Derandomization
  • Allowed to make small of errors

16
  • Thanks!
  • Full paper and slides available from my website
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Pseudorandom Generators and Typically-Correct Derandomization" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!