Pseudorandom Generators and Typically-Correct Derandomization

About This Presentation

Title:

Pseudorandom Generators and Typically-Correct Derandomization

Description:

Pseudorandom Generators and TypicallyCorrect Derandomization – PowerPoint PPT presentation

Number of Views:31

Avg rating:3.0/5.0

Slides: 19

Provided by: jeffk76

Learn more at: https://pages.cs.wisc.edu

Category:

more less

Transcript and Presenter's Notes

Title: Pseudorandom Generators and Typically-Correct Derandomization

1
Pseudorandom Generators andTypically-Correct
Derandomization

Jeff Kinne, Dieter van MelkebeekUniversity of
Wisconsin-Madison
Ronen Shaltiel
University of Haifa

Just One More Talk

3
The Power of Randomness?

Is randomness more powerful for
Polynomial-time Algorithms?

Weaker Derandomization
IW heuristic
GW typically-correct

BPP
P
Circuit Testing
PRIMES

Does BPP P?
Yes, if pseudorandom generators
Yes, if circuit lower bounds NW, IW,
Not without circuit lower bounds KI

Random strings
reject
accept
4
Typically-Correct Derandomization

More efficient derandomizations?
Weaker (or no) hardness assumptions?
How to leverage ability to make errors?

Randomized Algorithm A(x, r) computing L
Typically-correct B(x) L(x) except for e2n
xs

Our Contributions
New approach based on PRGs
Simpler proofs, new derandomizations
Implies circuit lower bounds

Previous Approaches to
Typically-Correct Derandomization

6
Goldreich and Wigderson
Randomized Algorithm A(x, r) computing
L Deterministic simulation B(x) A(x, E(x))

If (1) r lt x and (2) most r correct for all x
B(x) A(x, x) makes few mistakes
Make error very small B(x) Majy(A(x, E(x,y)))
BPP hardness assumption ? PRG ? A satisfies

Subsequent work vMS, Zim, Sha
Set of all r set of all x
perfect r
x
7
Shaltiel

E is 2-O(m)-extractor for x A(x,r) L(x),
fixed r
Use PRG to get r lt x
BPP hardness assumption ? seedless extractor
Unconditional results for AC0, streaming algs,

Goal
PrxA(x,E(x)) L(x) Prx,rA(x,r)
L(x) 1-?
Left hand side Sr?0,1m PrxA(x,r)
L(x)PrxE(x) r A(x,r) L(x)
Right hand side Sr?0,1m PrxA(x,r)
L(x)PrxUm r A(x,r) L(x)

Randomized Algorithm A(x, r) computing
L Deterministic simulation B(x) A(x, E(x))

2-m
8

Pseudorandom Generator Approach to
Typically-Correct Derandomization

9
Pseudorandom Generator Approach
Randomized Algorithm A(x, r) computing
L Deterministic simulation B(x) A(x, E(x))

A(G(x))

E pseudorandom even with seed revealed
G a seed-extending PRG, G(x) x, E(x)

Goal PrxA(G(x)) L(x) Prx,rA(x, r)
L(x) 1-?
G is pseudorandom against test that checks if
A(x, r) L(x)
10
Pseudorandom Generator Approach
Randomized Algorithm A(x, r) computing L B(x)
A(G(x)), G a seed-extending PRG

Can PRGs be seed-extending?
Cryptographic No!
Derandomization Yes! NW,
Different use of PRG
B only runs G once, only need poly stretch
Compare to GW, Sha (PRG extractor)
PRG is already enough!

11
New Results

New conditional typically-correct
derandomizations
New unconditional typically-correct
derandomizations

Randomized Algorithm A(x, r) computing
L Deterministic simulation B(x) A(x,
NWH(x)) NWH based on hardness of H
12
New Conditional Results

Deterministic polynomial-time simulations of BPP
Similar conditional results for AM, BPL,

Hardness assumption ?
NW E ? SIZE(2en) 0
GW P is 1/3-hard for SIZESAT(nd) 2ne
Sha P is ½-2-nO(1)-hard for SIZE(nd) 2n/2nO(1)
ours P is 1/poly-hard for SIZE(nd) 2n/poly
mistakes
13
New Unconditional Results

AC0 with few symmetric gates
A uses o(log2n) sym gates, error ? 1/3
? B in AC0sym and B(x)
L(x) for all but ?n-?(1) fraction of x
Other settings multi-party communication

14
PRGs More General than Sha

? PRG approach can prove all of Sha

E is a seedless 2-O(r)-extractor
fordistributions x A(x, r) L(x)
Sha
A(x, E(x)) L(x) for all but ? fraction of x
(x, E(x)) is a 2-O(r)-PRG for tests that check
if A(x,r)L(x)
15