Title: Pseudorandom Generators and Typically-Correct Derandomization
1Pseudorandom Generators andTypically-Correct
Derandomization
- Jeff Kinne, Dieter van MelkebeekUniversity of
Wisconsin-Madison - Ronen Shaltiel
- University of Haifa
2Overview
- New approach based on PRGs
- simpler proofs, new results
- Difficulty of typically-correct derand?
- Small errors implies circuit lower bounds
- Large errors cannot be with relativizing
techniques or arithmetization
- Typically-Correct Derandomization
- Allowed to make small of errors
3The Power of Randomness?
- Is randomness more powerful for
- Time-Bounded Algs?
- Interactive Proofs?
- Space-Bounded Algs?
BPP
P
Circuit Testing
PRIMES
AM
NP
Does BPP P?
Graph Non-Iso
BPL
L
UndirectedSTCON
4Does BPP P?
- B(x) Maj?(A(x, G(?)) decides L if G is PRG
secure against circuits A(x, ) - NW, IW, STV, SU, E ? SIZE(2en) ? PRG G with l
O(log n), computable in time 2O(l) ? BPPP
BPP lang L
Randomized Machine A(x, r)
x?L
x?L
reject
reject
accept
accept
G(0,1l)
5Difficulty of Proving BPPP
- Can we prove BPPP without circuit lower bounds?
- No KI BPP ? NSUBEXP ? NEXP ?
P/poly or PERM ? Arith-P/poly - Further cannot prove BPP ? NSUBEXP with
relativizing techniques or arithmetization - What if we relax the goal?
- IW, heuristic derand if BPP? EXP
- GW, typically-correct derandomization
6Typically-Correct Derandomization
- More efficient derandomizations?
- Weaker (or no) hardness assumptions?
- How to leverage ability to make errors?
- Extractors GW
- Seedless Extractors Sha
- PRGs this work
- Randomized Algorithm A(x, r) computing lang L
- B typically-correct for L makes at most d2n
errors
7Extract Randomness from Input GW
Randomized Algorithm A(x, r) computing lang
L Deterministic simulation B(x) A(x, E(x))
- If (1) most r good for all x and (2) r lt x
- B(x) A(x, x) makes few errors
- Make error very small B(x) Majy(A(x, E(x,y)))
- BPP if P hard-on-average for
SIZESAT(nd) use PRG to
Subsequent work vMS, Zim, Sha
Set of all r set of all x
good r
x
8Extract Randomness from Input Sha
Randomized Algorithm A(x, r) computing lang L
- B(x) A(x, E(x)), assume r x
- If E seedless 2-O(r)-extractor for
distributions then B typically-correct - Use PRG to get r x
- BPP if P very hard-on-average for SIZE(nd)
- Set of all x, fixed good r
A(x,r)L(x)
good r
Unconditional results for AC0, streaming algs,
9Pseudorandom Generator Approach
Randomized Algorithm A(x, r) computing lang L
- B(x) A(x, E(x))
- G(x) (x, E(x)) is e-PRG for T
- ? Prx,rA(x,r)?L(x) PrxA(G(x))?L(x) e
- ? PrxA(x,E(x))?L(x)
?e
All (x, r) pairs
A(x,r)L(x)
Fixed x
A(x,r)L(x)
PrrA(x,r)?L(x) ? 1/3
Prx,rA(x,r)?L(x) ?
test T(x, r)
G e-PRG for test Tr(x,r) A(x,r)?A(x,r) ?
PrxA(x,E(x))?L(x) 3?e
10Pseudorandom Generator Approach
Randomized Algorithm A(x, r) computing lang
L B(x) A(G(x)), G is seed-extending PRG
- Can PRGs be seed-extending?
- Cryptographic No!
- Derandomization Yes! NW, STV, SU,
- Compare to traditional use of PRG
- B only runs G once very efficient if G is
- Compare to GW, Sha
- PRG is already enough!
11New Typically-Correct Derand Results
- BPP
- P 1/nc-hard for SIZE(nd) ?
- B in P and within 1/nc of L
- Similar conditional results for AM, BPL,
Randomized Algorithm A(x, r) computing lang
L B(x) A(x, NWH(x)) NWH based on hardness of H
Weaker than GW, Sha
12New Typically-Correct Derand Results
- AC0 with few symmetric gates
- A uses o(log2n) symm gates, error ? 1/3
- ? B in AC0sym and within ?n-O(log n) of L
- Other settings multi-party comm,
Randomized Algorithm A(x, r) computing lang
L B(x) A(x, NWH(x))NWH based on hardness of H
13Comparison with Sha
- All results of Sha by PRG approach
E is a seedless 2-O(r)-extractor
fordistributions x A(x, r) A(x,r)
Sha
A(x, E(x)) typically-correct for L
(x, E(x)) is a 2-O(r)-PRG for tests T(x,r)
A(x,r) ? A(x,r)
14Difficulty of Proving Typ-Cor Derand
- Typically-correct derandomization without circuit
lower bounds? - No for small error If NTIME(2ne) computes
circuit-testing with 2ne errors, then - NEXP ? P/poly, or
- Permanent ? Arithmetic-P/poly
- Large error no for relativizing techniques or
arithmetization AW - oracle A, low-deg ext à of A s.t. BPTIMEA(O(n))
is (1/2-2-O(n))-hard for NTIMEÃ(2n)
Simpler proof for everywhere-correct setting
15Recap
- New seed-extending PRG approach
- Unconditional results in some settings!
- But, for BPP unconditional results difficult
- Typically-Correct Derandomization
- Allowed to make small of errors
16- Thanks!
- Full paper and slides available from my website