A survey on derandomizing BPP and AM

1
A survey on derandomizing BPP and AM

• Danny Gutfreund, Hebrew U.
• Ronen Shaltiel, Weizmann Inst.
• Amnon Ta-Shma, Tel-Aviv U.

2
Arthur-Merlin Games BM

• Interactive games in which the all-powerful
  prover Merlin attempts to prove some statement to
  a probabilistic poly-time verifier.

x?L
Merlin
Arthur
toss coins
I accept
3
Arthur-Merlin Games BM

• Completeness If the statement is true then
  Arthur accepts.
• Soundness If the statement is false then
  PrArthur acceptslt½.

x?L
Merlin
Arthur
toss coins
I accept
4
Arthur-Merlin Games BM

• Completeness If the statement is true then
  Arthur accepts.
• Soundness If the statement is false then
  PrArthur acceptslt½.

• The class AM All languages L which have an
  Arthur-Merlin protocol.
• Contains many interesting problems not known to
  be in NP.

5
Example Co-isomorphism of Graphs.

• LG1,G2 the labeled graphs G1,G2 are not
  isomorphic.
• L in coNP and is not known to be in NP.

(G1,G2) ? L
Merlin
Arthur
Randonly chooses b ?1,2
Decides which of the two graphs was permuted.
Verifies that cb.
6
The big question

• Does AMNP?
• In other words Can every Arthur-Merlin protocol
  be replaced with one in which Arthur is
  deterministic?
• Note that such a protocol is an NP proof.

7
Derandomization a brief overview

• A paradigm that attempts to transform
• Probabilistic algorithms gt deterministic
  algorithms. (P ? BPP ? EXP ? NEXP).
• Probabilistic protocols gt deterministic
  protocols. (NP ? AM ? EXP ? NEXP).
• We dont know how to separate BPP and NEXP.
• Can derandomize BPP and AM under natural
  complexity theoretic assumptions.

8
Hardness versus Randomness

• Initiated by BM,Yao,Shamir.
• Assumption hard functions exist.
• Conclusion Derandomization.

A lot of works BM82,Y82,HILL,NW88,BFNW93,
I95,IW97,IW98,KvM99,STV99,ISW99,MV99,
ISW00,SU01,U02,TV02
9
A quick survey

• Assumption There exists a function in
  DTIME(2O(n)) which is hard for small circuits.

AM BPP Class
Nondeterministic circuits Deterministic circuits A hard function for
AMNP BPPP High-end
AM ?NSUBEXP BPP?SUBEXP Low-end
10
Hardness versus Randomness

• Assumption hard functions exist.
• Conclusion Derandomization.

11
Hardness versus Randomness

• Assumption hard functions exist.
• Exists pseudo-random generator
• Conclusion Derandomization.

12
Pseudo-random generators

• A pseudo-random generator (PRG) is an algorithm
  that stretches a short string of truly random
  bits into a long string of pseudo-random bits.

• Pseudo-random bits are indistinguishable from
  truly random bits for feasible algorithms.
• For derandomizing AM
  Feasible algorithms nondeterministic
  circuits.
• ??????????????

13
Pseudo-random generators for nondeterministic
circuits

• Nondeterministic circuits can identify
  pseudo-random strings.
• Given a long string, guess a short seed and check
  that PRG(seed)long string.
• Can distinguish between random strings and
  pseudo-random strings.
• Assuming the circuit can run the PRG!!
• The Nisan-Wigderson setup The circuit cannot run
  the PRG!!
• For example The PRG runs in time n5 and fools
  (nondeterministic) circuits of size n3.
• Sufficient for derandomization!!

14
Hardness versus Randomness

• Assumption hard functions exist.
• Exists pseudo-random generator
• Conclusion Derandomization.

15
PRGs for nondeterministic circuits derandomize AM

• We can model the AM protocol as a
  nondeterministic circuit which gets the random
  coins as input.

x?L
Merlin
Arthur
Hardwire input
I accept
16
PRGs for nondeterministic circuits derandomize AM

• We can model the AM protocol as a
  nondeterministic circuit which gets the random
  coins as input.

x?L
Merlin
Arthur
Hardwire input
input
Nondeterministic guess
random input
Nondeterministic guess
I accept
17
PRGs for nondeterministic circuits derandomize AM

• We can model the AM protocol as a
  nondeterministic circuit which gets the random
  coins as input.
• We can use pseudo-random bits instead of truly
  random bits.

x?L
Merlin
Arthur
Hardwire input
input
Nondeterministic guess
pseudo-random input
Nondeterministic guess
I accept
18
PRGs for nondeterministic circuits derandomize AM

• We have an AM protocol in which Arthur acts
  deterministically.
• (Arthur sends all pseudo-random strings and
  Merlin replies on each one.)
• Deterministic protocol gt NP proof.

x?L
Merlin
Arthur
pseudo-random input
Nondeterministic guess
I accept
19
A quick survey

• Assumption There exists a function in
  DTIME(2O(n)) which is hard for small circuits.

AM BPP Class
Nondeterministic circuits Deterministic circuits A hard function for
AMNP BPPP High-end
AM?NSUBEXP BPP?SUBEXP Low-end
20
The Nisan-Wigderson setting

• Were given a function f which is
• Hard for small circuits.
• Computable by uniform machines with slightly
  larger time.
• Basic idea
• G(x)x,f(x)
• f(x) looks random to a small circuit that sees
  x.
• Warning no composition theorems.
• Correctness proof of PRG cant use its
  efficiency.
• The PRG runs in time slightly larger than the
  size of the circuit.

21
The rest

• At this point I moved to the blackboard and
  covered
• The Nisan-Wigderson generator. (You can find a
  presentation (as well as an introduction to
  derandomization)on my homepage www.wisdom.weizmann
  .ac.il/ronens under the title derandomizing
  BPP. This was written in 1998 so the part about
  hardness amplification is slightly outdated.
  However, the first chapter is still relevant and
  contains both the BMY and NW generators.
• I also explained that PRGs for nondeterministic
  circuits (which derandomize AM) can be
  constructed using methods for constructing PRGs
  for deterministic circuits. This was pointed out
  by Klivans and van-Melekbeek and you can get the
  paper at http//www.cs.wisc.edu/dieter/Research/r
  -gni.html.