Pseudorandom Bitsfor Constant-Depth Circuits
with Few Arbitrary Symmetric Gates
Emanuele ViolaHarvard University
June 2005
• Efficiently Computable
• Big Stretch s(n) À n ( e.g. s(n) = n(1) )
• Fools small circuits: 8 small CPrX, |X| = s(n)[C(X) = 1] ¼ Pr, || = n [C(PRG()) = 1]
Pseudorandom Generator (PRG) [BM,Y,NW]
PRG
• PRG ) derandomization: BP ¢ P ( EXP [Y,NW,…]
• PRG , circuit lower bounds: EXP P/poly [NW,BFNW,STV,SU,…]
• Open Problem: PRG exist?
• This Work: study restricted PRGOnly fool constant-depth circuitsWe know lower bounds for constant-depth circuits
Do PRG Exist?
• Constant-depth circuit =
• PRG that fools constant-depth circuit
As before, but only fools small constant-depth circuit CPrX, |X| = s(n)[C(X) = 1] ¼ Pr, || = n [C(PRG()) = 1]
PRG that fools constant-depth circuits
x1 :x1 x2 . . . . :xs
Depth
PRG
Previous Results• [N’91] PRG : {0,1}n ! {0,1}s(n)
s(n) = 2n , fools AC0 =
• Applications: BP ¢ AC ( EXP, more in [NW,HVV,V]
• [LVW’93] PRG : {0,1}n ! {0,1}s(n)
s(n) = n log n, fools SYM ○ AND =
SYM = arbitrary symmetric gate
E.g., SYM = PARITY, MAJORITY
x1 :x1 x2 . . . . . :xs
Æ Æ Æ Æ Æ Æ Æ ÆÇ Ç Ç Ç Ç Ç
Æ
SYM
Æ Æ Æ Æ Æ Æx1 :x1 x2 . . . . :xs
• Theorem[This Work]:
PRG : {0,1}n ! {0,1}s(n) with s(n) = n log n fools AC0 with log2n SYM =
• Improves on [LVW93]Fools richer class than [N91] but worse stretch
• BP ¢ (AC0 with few SYM) ( EXPCurrently richest BP ¢ class one can derandomize
Our Results
Æ Æ Æ Æ Æ Æ
Ç Ç Ç Ç
SYM
SYM
SYM
x1 :x1 x2 . . . . :xs
• [NW] style
Input = 1101010101110110101110
Output = 101010 …........1 ……….....1010100
f = © = PARITY[RW]
The Pseudorandom Generator
f
x1 . . . . . . . . . . . . . xn
Æ©
Æ
© © © ©
Outline
• Why previous results/techniques do not suffice
• For PRG need new average-case lower bound for AC0 with few SYM
• Proof sketch of average-case lower bound
Known Lower Bounds
• Recall
AC0 with log2n SYM =
• [H,BNS,HG,RW,HM,CH]: f 2 P that requires
AC0 circuits with log2n SYM of size nlog n
• Often, lower bound ) PRG. But NOT this time!
Æ Æ Æ Æ Æ Æ
Ç Ç Ç Ç
SYM
SYM
SYM
x1 :x1 x2 . . . . :xs
Standard Approach
[BFNW,STV,SU,…] [NW]
• Def. f : {0,1}n ! {0,1} average-case hard for Cif 8 small C 2 CPrx[C(x) f(x)] ¸ ½ - n- (1)
To construct PRG that fools C (e.g. AC0 with few SYM)
h hard for C
f hard on average for C
PRG that fools C
Standard Approach Fails
h hard for C
f hard on average for C
PRG that fools C
Proving correctness
9 C 2 C C = h
9 C 2 C comp. f on average
9 C 2 C breaks PRG
Problem: requires C ¶ TC0. Is TC0 ¶ NEXP? [RR]
Conjecture [V]: Black-box construction ) C ¶ TC0
To construct PRG that fools C (e.g. AC0 with few SYM)
C = AC0 with few SYM
Our vs. Previous Lower Bounds
[H,BNS,HG,RW,HM,CH]not average-case hard
Theorem[This Work]: There is f 2 P s.t.8 AC0 circuit C of size nlog n with log2n SYM
Prx[C(x) f(x)] ¸ ½ - nlog n
h hard for C
f hard on average for C
PRG that fools C
• Tools: Random restrictions [FSS,H,…]– : {x1, x2,…, xs} ! {0,1,*} , C| subcircuit on *’s
Communication complexity bound for GIP [BNS]
• Theorem[This Work]: GIP ○ PARITY is average-case hard for small AC0 circuits with few SYM
• Proof sketch: C small AC0 circuit with few SYM.W.h.p. over random restriction
E1: GIP ○ PARITY| ¼ GIP ) high comm. complexityE2: C| computable with low comm. complexity
E1 and E2 ) C|(x) GIP(x) Q.E.D.
Proof Sketch
• ``Number on the forehead’’ model [CFL]– k-parties want to compute f(x)– x partitioned in k blocks !– i-th party knows all x but xi
– Communication = broadcast
• Generalized Inner Product. GIP(x) =
• Lemma[BNS]:Low communication complexity protocol P )Prx[P(x) GIP(x)] ¸ ½ - nlog n
– k = .5 log n– Proof uses discrepancy method, [CT,R]
Multiparty Communication Complexity
Æ©n
kx1 . . . . . . . . . . xnk
Æk
x1 x2 xk
C| low communication complexity
• Restriction [FSS,…] map variables to {0,1,*}– Rp = uniform distribution, Pr[(xi) = *] = p
– C| subcircuit. New input bits = *
• Lemma: C small AC0 circuit with log2n SYMW.h.p. over 2 Rp , C| low comm. complexity– p = 1/n
• First prove 1 SYM, then log2n SYM
1 SYM gate• Lemma: C small AC0 circuit with 1 SYM
W.h.p. over 2 Rp , C| low comm. complexity
• Proof [H,B,HM]:
Æ Æ Æ Æ Æ Æ Æ ÆÇ Ç Ç Ç Ç
SYM
=SYM
Æ Æ Æ Æ Æ Æk-1 k-1
Ç
01**00*001**10*0 *********************
Note: Æ Fan-in < # players = k
1 SYM gate• Lemma: C small AC0 circuit with 1 SYM
W.h.p. over 2 Rp , C| low comm. complexity
• Proof [HG]:
SYM ○ ANDk-1 low comm. for k players– 8 AND 9 party that can compute it (fan-in < k = # blocks)– Parties broadcast # AND = 1– Communication = k ¢ log(size of circuit) Q.E.D.
SYM
Æ Æ Æ Æ Æ Æk-1 k-1
x1 x2 xk
More SYM gates
• Lemma: C small AC0 circuit with log2n SYMW.h.p. over 2 Rp , C| low comm. complexity
• Proof:
Consider following protocol
Æ Æ Æ Æ Æ Æ
Ç Ç Ç Ç
SYM3
SYM2
SYM1
x1 :x1 x2 . . . . . . :xs
• Lemma: C small AC0 circuit with log2n SYMW.h.p. over 2 Rp , C| low comm. complexity
• Proof:
Previous lemma ) low communication complexity
More SYM gates
Æ Æ Æ Æ Æ Æ
Ç Ç Ç Ç SYM2
SYM1
SYM3
x1 :x1 x2 . . . . . . :xs
• Lemma: C small AC0 circuit with log2n SYMW.h.p. over 2 Rp , C| low comm. complexity
• Proof:
Parties compute value of SYM gate
More SYM gates
Æ Æ Æ Æ Æ Æ
Ç Ç Ç Ç SYM2
1
SYM3
x1 :x1 x2 . . . . . . :xs
More SYM gates
• Lemma: C small AC0 circuit with log2n SYMW.h.p. over 2 Rp , C| low comm. complexity
• Proof:
Previous lemma ) low communication complexity
Æ Æ Æ Æ Æ Æ
SYM2
1
Ç Ç Ç Ç
SYM3
x1 :x1 x2 . . . . . . :xs
• Lemma: C small AC0 circuit with log2n SYMW.h.p. over 2 Rp , C| low comm. complexity
• Proof:
Parties compute value of SYM gate
More SYM gates
Æ Æ Æ Æ Æ Æ
0
1
Ç Ç Ç Ç
SYM3
x1 :x1 x2 . . . . . . :xs
More SYM gates
• Lemma: C small AC0 circuit with log2n SYMW.h.p. over 2 Rp , C| low comm. complexity
• Proof:
Previous lemma ) low communication complexity
Æ Æ Æ Æ Æ Æ
Ç Ç Ç Ç
SYM3
0
1
x1 :x1 x2 . . . . . . :xs
More SYM gates
• Lemma: C small AC0 circuit with log2n SYMW.h.p. over 2 Rp , C| low comm. complexity
• Proof:
Parties compute value of SYM gate
Æ Æ Æ Æ Æ Æ
Ç Ç Ç Ç
1
0
1 Æ
x1 :x1 x2 . . . . . . :xs
More SYM gates
• Lemma: C small AC0 circuit with log2n SYMW.h.p. over 2 Rp , C| low comm. complexity
• Proof:
Total communication =
communication for 1 SYM X # SYM
Q.E.D.
• Union bound over 2#SYM circuits limits # SYM.
Open Problem: Better analysis?
• Lemma[BNS]: Low communication complexity protocol P )
Prx[P(x) GIP(x)] ¸ ½ - nlog n
• Lemma: C small AC0 circuit with log2n SYMW.h.p. over 2 Rp , C| low comm. complexity
• WantTheorem: There is f 2 P s.t.8 AC0 circuit C of size nlog n with log2n SYM gates
Prx[C(x) f(x)] ¸ ½ - nlog n
Summary of Lemmas
Proof: f = GIP ○ PARITY =
C small AC0 circuit with log2n SYM Random Input x = random + random y for the *
• E1: f | ¼ GIP ) high comm. complexity– E1 ( each bottom PARITY has *
• E2: C| low comm. complexity
Prx[C(x) f(x)] ¸ Pr, y[C|(y) f|(y) | E1, E2] Pr[E1, E2]= Pry[P(y) GIP(y)] (1 - nlog n) ¸ ( ½ - nlog n) Q.E.D.
x1 . . . . . . . . . . .. . . . . xn
Æ©
Æ© © © ©
• Theorem[This Work]: PRG : {0,1}n ! {0,1}s(n) with s(n) = n log n fools AC0 with log2n SYM
• Improves [LVW93], fools richer class than [N91]Currently richest BP ¢ class one can derandomize
• Obtained from average-case hardness result
Conj.: PRG from worst-case hardness ) C ¶ TC0
• Open problems: (log2n) SYM?EXP average-case hard for GF(2) poly of deg. log n ?
Conclusion