Algebrization: A New Barrier in Complexity Theory Scott Aaronson (MIT) Avi Wigderson (IAS) 4xyw-12yz+17xyzw-2x-2y-2z-2w IP=PSPACE MA EXP P/poly MIP=NEXP.
Post on 02-Jan-2016
216 Views
Preview:
Transcript
Algebrization: A New Barrier in Complexity Theory
Scott Aaronson (MIT)
Avi Wigderson (IAS)
4xyw-12yz+17xyzw-2x-2y-2z-2w
IP=PSPACE
MAEXPP/poly
MIP=NEXP
PPSIZE(n)
PromiseMASIZE(n)
PPP/polyPP=MA
NEXPP/polyNEXP=MA
RG=EXP
NEXPP/poly NPSIZE(n)
-15
xy
z+4
3x
y-5
x1
3x
w-4
4x
z+x
-7y
+
PNPP=BPP
Any proof of PNP will have to defeat two terrifying
monsters…
PNP
A
Relativization[Baker-Gill-Solovay 1975]
Natural Proofs[Razborov-Rudich 1993]
AR
ITHM
ETIZATIO
N
Furthermore, even our best weapons seem to
work against one monster but not the other…
DIA
GO
NA
LIZ
AT
ION
Yet within the last decade, we’ve seen circuit lower bounds that overcome both barriers[Buhrman-Fortnow-Thierauf 1998]: MAEXP P/polyFurthermore, this separation doesn’t relativize
[Vinodchandran 2004]: PP SIZE(nk) for every fixed k[Aaronson. 2006]: This separation is doesn’t relativize
[Santhanam 2007]: PromiseMA SIZE(nk) for fixed k
Vinodchandran’s Proof:
PP P/poly We’re done
PP P/poly P#P = MA [LFKN] P#P = PP 2P PP [Toda] PP SIZE(nk) [Kannan]
Non-Relativizing
Non-Naturalizing
Bottom Line: Relativization and natural proofs, even taken together, are no longer insuperable barriers to circuit lower bounds
Obvious Question [Santhanam 2007]: Is there a third barrier?
This Talk: Unfortunately, yes.
“Algebrization”: A generalization of relativization where the simulating machine gets access not only to an oracle A, but also a low-degree extension à of A over a finite field or ring
We show:
• Almost all known techniques in complexity theory algebrize
• Any proof of PNP, P=RP or NEXPP/poly --- will require non-algebrizing techniques
Algebrizing
Relativizing Naturalizing[Toda], [Impagliazzo-Wigderson], [Valiant-Vazirani], [Kannan],
hundreds more
[LFKN], [Shamir], [BFL], [BFT], [Vinodchandran], [Santhanam], [IKW], …
[Furst-Saxe-Sipser], [Razborov-Smolensky],
[Raz], dozens more
[Your result here]
Plan for the rest of the talk
-Definition of algebraization & algebraizing results
-Almost every non relativized results algebraizes
-Almost all remaining open problems don’t algebraize
DefinitionsThe inclusion CD relativizes if CADA for all oracles A
Given an oracle A={An} with An:{0,1}n{0,1}, an extension à of A is a collection of polynomials Ãn:ZnZ satisfying:
(i) Ãn(x)=An(x) for all Boolean x{0,1}n,(ii) deg(Ãn)=O(n),(iii) size(Ãn(x)) p(size(x)) for some polynomial p, where
.log1:size1
2
n
iixx
Note: Can also consider extensions over finite fields instead of the integers. Will tell
you when this distinction matters.
Note: Can also consider extensions over finite fields instead of the integers. Will tell
you when this distinction matters.
A complexity class inclusion CD algebrizes if CADà for all oracles A and all extensions à of A
Proving CD requires non-algebrizing techniques if there exist A,Ã such that CADÃ
A complexity class separation CD algebrizes if CÃDA for all A,Ã
Proving CD requires non-algebrizing techniques if there exist A,Ã such that CÃDA
Notice we’ve defined things so that every relativizing result is also algebrizing.
Notice we’ve defined things so that every relativizing result is also algebrizing.
Algebraizing results
Why coNPIP Algebrizes
The only time Arthur ever has to evaluate the polynomial p directly is in the very last round—when he checks that p(r1,…,rn) equals what Merlin said it does, for some r1,…,rn chosen randomly in the previous rounds.
Recall the usual coNPIP proof of [LFKN]:
0,,1,0,,1
1
nxx
nxxp
Bullshit!
How was the polynomial p produced?
By starting from a Boolean circuit, assign a variable to every gate, then multiply together terms that enforce “correct propagation” at each gate:
xyg + (1-xy)(1-g)
x y
g
Arthur and Merlin then reinterpret p not as a Boolean function, but as a polynomial over some larger field.
But what if the circuit contained oracle gates? Then how could Arthur evaluate p over the larger field?
A(x,y)g + (1-A(x,y))(1-g) A
That’s why IP=PSPACE doesn’t relativize! But if Arthur has access to an extension à of A….
Ã(x,y)g + (1-Ã(x,y))(1-g)
Other Results That AlgebrizeNotation: CA[poly]: Polynomial-size queries to A only
PSPACEA[poly] IPÃ [Shamir]
NEXPA[poly] MIPÃ [BFL]
PPÃ PÃ/poly PPA MAÃ [LFKN]
NEXPÃ[poly] PÃ/poly NEXPA[poly] MAÃ [IKW]
MAEXPÃ PA/poly [BFT]
PPÃ SIZEA(n) [Vinodchandran]
PromiseMAÃ SIZEA(n) [Santhanam]
OWF fPÃ, f-1BPPÃ NPA ZKIPÃ [GMW]
Proving PNP Will Require Non-Algebrizing Techniques
Theorem: There exists an oracle A, and an extension Ã, such that NPÃPA.
Proof: Let A be a PSPACE-complete [BGS] .
Let à be the unique multilinear extension of A.
Then à is also PSPACE-complete [BFL].
Hence NPÃ = PA = PSPACE.
Harder Example: Proving P=NP Will Require Non-Algebrizing Techniques
Theorem: There exist A,Ã such that NPA PÃ.
What’s the difficulty here, compared to [BGS] NPA PA? LA(n): does A(z)=1 for any z {0,1}n ? (find a needle in a haystack). We’ll answer P-machine queries to A by 0.
But if the machine queries Ã, a low-degree polynomial extension of A, we can’t toggle each Ã(x) freely!
I.e. the algorithm we’re fighting is no longer looking for a needle in a haystack—it can also look in the haystack’s low-degree extension!
Can access to a haystack extension help? Yes & No
Polynomial extensions help
Theorem: [JKRS]
For A: {0,1}n {0,1} let #A=x A(x)
Let Ã: Fn F be the multilinear extension of A
with char(F) 2. Then #A PÃ
Proof: #A = 2n Ã(½, ½ … ½ )
Theorem: Let F be a field, and let YFn be the set of points queried by the algorithm. Then there exists a polynomial p:FnF, of degree at most 2n, such that
(i) p(y)=0 for all yY.(ii) p(z)=1 for at least 2n-|Y| Boolean points z.(iii) p(z)=0 for the remaining Boolean points.
00
0
0
0
0
0
1
1
1
1
Y
Polynomial extensions don’t help
If |Y|=poly(n), the algorithm can’t even distinguish if A is all 0’s or A is mostly 1’s on {0,1}n. Proved RPA PÃ !
Proof: Given a Boolean point z, let z be the unique multilinear polynomial that’s 1 at z and 0 at all other Boolean points. Then we can express any multilinear polynomial r as
.1,0
xxr zz
zn
Requiring r(y)=0 for all yY yields |Y| linear equations in 2n unknowns. Hence there exists a solution r such that r(z)0 for at least 2n-|Y| Boolean points z. We now set
.:0:1,0
zrz
z
n zr
xxrxp
In the integers case, we can no longer use Gaussian elimination to construct r. However, using Chinese remaindering and Hensel lifting, some proof works provided every query y satisfies size(y)=O(poly(n)).
In the integers case, we can no longer use Gaussian elimination to construct r. However, using Chinese remaindering and Hensel lifting, some proof works provided every query y satisfies size(y)=O(poly(n)).
A standard diagonalization argument now yields the separation between P and RP we wanted—at least in the case of finite fields.
A standard diagonalization argument now yields the separation between P and RP we wanted—at least in the case of finite fields.
Other Oracle Results We Can Prove By Building “Designer Polynomials”
A,Ã : NPA coNPÃ
A,Ã : NPA BPPÃ (only for finite fields, not integers)
A,Ã : NEXPÃ PA/poly
A,Ã : NPÃ SIZEA(n)
MAEXP P/poly, and
PromiseMA SIZE(n) do algebrize!
MAEXP P/poly, and
PromiseMA SIZE(n) do algebrize!
We seem to get a precise explanation for why progress on non-relativizing circuit lower bounds
stopped where it did
We seem to get a precise explanation for why progress on non-relativizing circuit lower bounds
stopped where it did
From Algebraic Query Algorithms to Communication Protocols
A(000)=1A(001)=0A(010)=0A(011)=1
A(100)=0A(101)=0A(110)=1A(111)=1
Truth table of a Boolean function A
Alice and Bob’s Goal: Compute some property of the function A:{0,1}n{0,1}, using minimal communication
Theorem: If a problem can be solved using T queries to Ã, then it can also be solved using O(Tnlog|F|) bits of communication between Alice and Bob
Let Ã:FnF be the unique multilinear extension of A over a finite field F
A0 A1
Proof: Given any point yFn, we can write
Theorem: If a problem can be solved using T queries to Ã, then it can also be solved using O(Tnlog|F|) bits of communication between Alice and Bob
.~~:
10
~
10
1,01
1,00
1,0
11
yAyA
yxAyxA
yxAyA
nn
n
xx
xx
xx
The protocol is now as follows:
y1 (O(nlog|F|) bits)
Ã1(y1) (O(log|F|) bits)
y2 (O(nlog|F|) bits)
This argument works just as well in the randomized world, the nondeterministic
world, the quantum world…
This argument works just as well in the randomized world, the nondeterministic
world, the quantum world…
Also works with integer extensions (we didn’t have to use a finite field).
Also works with integer extensions (we didn’t have to use a finite field).
Ã(y1)=Ã0(y1)+Ã1(y1)
The Harvest: Separations in Communication Complexity Imply Algebraic Oracle Separations
(2n) randomized lower bound for Disjointness [KS 1987] [Razborov 1990]
A,Ã : NPA BPPÃ
(2n/2) quantum lower bound for Disjointness [Razborov 2002]
A,Ã : NPA BQPÃ
(2n/2) lower bound on MA-protocols for Disjointness [Klauck 2003]
A,Ã : coNPA MAÃ
Exponential separation between classical and quantum communication complexities [Raz 1999]
A,Ã : BQPA BPPÃ
Exponential separation between MA and QMA communication complexities [Raz-Shpilka 2004]
A,Ã : QMAA MAÃ
Advantages of this approach:
à is just the multilinear extension of A!
Works automatically with integer extensions
Advantages of this approach:
à is just the multilinear extension of A!
Works automatically with integer extensions
Disadvantage: The functions achieving the separations are more contrived (e.g. Disjointness instead of OR).
Disadvantage: The functions achieving the separations are more contrived (e.g. Disjointness instead of OR).
ConclusionsArithmetization had a great run: led to IP=PSPACE, the PCP Theorem, non-relativizing circuit lower bounds…
Yet we showed it’s fundamentally unable to resolve barrier problems like P vs. NP, or even P vs. BPP or NEXP vs. P/poly.
Why? It “doesn’t pry open the black-box wide enough.”
I.e. it uses a polynomial-size Boolean circuit to produce a low-degree polynomial, which it then evaluates as a black box. It doesn’t exploit the small size of the circuit in any “deeper” way.
To reach this conclusion, we introduced a new model of algebraic query complexity, which has independent applications (e.g. to communication complexity) and lots of nooks and crannies to explore in its own right.
OPEN: Prove a non-algebrizing result!
Open ProblemsDevelop non-algebrizing techniques!
Do there exist A,Ã such that coNPA AMÃ?
Improve PSPACEA[poly] IPÃ to PSPACEÃ[poly] = IPÃ
The power of “double algebrization”
Integer queries of unbounded size
Generalize to arbitrary error-correcting codes (not just low-degree extensions)?
Test if a low-degree extension came from a small circuit?
Algebraize other crypto results (oblivious function eval)
Can also go the other way: algebrization-inspired communication protocols
[Klauck 2003]: Disjointness requires (N) communication, even if there’s a Merlin to prove Alice and Bob’s sets are disjoint
“Obvious” Conjecture: Klauck’s lower bound can be improved to (N)
This conjecture is false! We give an MA-protocol for Disjointness (and indeed Inner Product) with total communication cost O(N log N)
“Hardest” communication predicate?
O(N log N) MA-protocol for Inner Product
A:[N][N]{0,1} B:[N][N]{0,1}
Alice and Bob’s Goal: Compute
N
yx
yxByxAIP1,
.,,
First step: Let F be a finite field with |F|[N,2N]. Extend A and B to degree-(N-1) polynomials .:
~,~ 2 FFBA
.,~
,~
:1
yxByxAxSN
y
If Merlin is honest, then .1
N
x
xSIP But how to check S’=S?
If S’S, then
.
2'deg,
~,
~'Pr
1 N
N
F
SyrByrArS
N
yr
Now let
NrBrBr ,~,,1,
~,
rRFClaimed value S’ for S
top related