Title: Pseudorandom Generators and Typically-Correct Derandomization
1Pseudorandom Generators andTypically-Correct
Derandomization
- Jeff Kinne, Dieter van MelkebeekUniversity of
Wisconsin-Madison - Ronen Shaltiel
- University of Haifa
2 3The Power of Randomness?
- Is randomness more powerful for
- Polynomial-time Algorithms?
- Weaker Derandomization
- IW heuristic
- GW typically-correct
BPP
P
Circuit Testing
PRIMES
- Does BPP P?
- Yes, if pseudorandom generators
- Yes, if circuit lower bounds NW, IW,
- Not without circuit lower bounds KI
Random strings
reject
accept
4Typically-Correct Derandomization
- More efficient derandomizations?
- Weaker (or no) hardness assumptions?
- How to leverage ability to make errors?
- Randomized Algorithm A(x, r) computing L
- Typically-correct B(x) L(x) except for e2n
xs
- Our Contributions
- New approach based on PRGs
- Simpler proofs, new derandomizations
- Implies circuit lower bounds
5- Previous Approaches to
- Typically-Correct Derandomization
6Goldreich and Wigderson
Randomized Algorithm A(x, r) computing
L Deterministic simulation B(x) A(x, E(x))
- If (1) r lt x and (2) most r correct for all x
- B(x) A(x, x) makes few mistakes
- Make error very small B(x) Majy(A(x, E(x,y)))
- BPP hardness assumption ? PRG ? A satisfies
Subsequent work vMS, Zim, Sha
Set of all r set of all x
perfect r
x
7Shaltiel
- E is 2-O(m)-extractor for x A(x,r) L(x),
fixed r - Use PRG to get r lt x
- BPP hardness assumption ? seedless extractor
- Unconditional results for AC0, streaming algs,
- Goal
- PrxA(x,E(x)) L(x) Prx,rA(x,r)
L(x) 1-? - Left hand side Sr?0,1m PrxA(x,r)
L(x)PrxE(x) r A(x,r) L(x) - Right hand side Sr?0,1m PrxA(x,r)
L(x)PrxUm r A(x,r) L(x)
Randomized Algorithm A(x, r) computing
L Deterministic simulation B(x) A(x, E(x))
2-m
8- Pseudorandom Generator Approach to
Typically-Correct Derandomization
9Pseudorandom Generator Approach
Randomized Algorithm A(x, r) computing
L Deterministic simulation B(x) A(x, E(x))
A(G(x))
- E pseudorandom even with seed revealed
- G a seed-extending PRG, G(x) x, E(x)
Goal PrxA(G(x)) L(x) Prx,rA(x, r)
L(x) 1-?
G is pseudorandom against test that checks if
A(x, r) L(x)
10Pseudorandom Generator Approach
Randomized Algorithm A(x, r) computing L B(x)
A(G(x)), G a seed-extending PRG
- Can PRGs be seed-extending?
- Cryptographic No!
- Derandomization Yes! NW,
- Different use of PRG
- B only runs G once, only need poly stretch
- Compare to GW, Sha (PRG extractor)
- PRG is already enough!
11New Results
- New conditional typically-correct
derandomizations - New unconditional typically-correct
derandomizations
Randomized Algorithm A(x, r) computing
L Deterministic simulation B(x) A(x,
NWH(x)) NWH based on hardness of H
12New Conditional Results
- Deterministic polynomial-time simulations of BPP
- Similar conditional results for AM, BPL,
Hardness assumption ?
NW E ? SIZE(2en) 0
GW P is 1/3-hard for SIZESAT(nd) 2ne
Sha P is ½-2-nO(1)-hard for SIZE(nd) 2n/2nO(1)
ours P is 1/poly-hard for SIZE(nd) 2n/poly
mistakes
13New Unconditional Results
- AC0 with few symmetric gates
- A uses o(log2n) sym gates, error ? 1/3
- ? B in AC0sym and B(x)
L(x) for all but ?n-?(1) fraction of x - Other settings multi-party communication
14PRGs More General than Sha
- ? PRG approach can prove all of Sha
E is a seedless 2-O(r)-extractor
fordistributions x A(x, r) L(x)
Sha
A(x, E(x)) L(x) for all but ? fraction of x
(x, E(x)) is a 2-O(r)-PRG for tests that check
if A(x,r)L(x)
15- Typically-Correct Derandomizationof BPP
Implies Circuit Lower Bounds
16Difficulty of Proving Typ-Cor Derand
- KI BPP ? NSUBEXP ? NEXP ? P/poly or PERM
? Arith-P/poly - Typically-correct derandomization of BPP without
circuit lower bounds? - No for small error NSUBEXP computes BPP with
2ne errors - Large error relativizing techniques and
arithmetization alone cannot settle
Error rate of GW
Simpler proof for everywhere-correct setting
17Recap
- New seed-extending PRG approach
- simpler proofs, weaker hardness conditions
- unconditional results in some settings!
- BPP setting implies circuit lower bounds, ...
Typically-Correct Derandomization allowed to
make small of mistakes
18- Thanks!
- Full paper and annotated slides
- available from my website