Hardness amplification proofs require majority

Ronen ShaltielUniversity of Haifa

Joint work with

Emanuele ViolaColumbia University

June 2008

• Major goal of computational complexity theory

• Success with constant-depth circuits (1980’s)[Furst Saxe Sipser, Ajtai, Yao, Hastad, Razborov, Smolensky,…]

• Theorem[Razborov ’87] Majority not in AC0[©]

Majority(x1,…,xn) := 1 , xi > n/2

AC0[©] =© =

parity \/ = or

/\ = and

Circuit lower bounds

V © © © V V V

/\ /\ /\ /\ © /\

©

input

• Lack of progress for general circuit models

• Theorem[Razborov Rudich] + [Naor Reingold]:

Standard techniques cannot prove lower bounds for circuits that can compute Majority:

• No natural proofs of lower bounds for TC0. (Constant depth circuits with majority gates).

Natural proofs barrier

[Razborov Rudich] + [Naor Reingold]

Majority

Powerof CCannot prove

lower bounds[RR] + [NR]

• Stronger variant of lower bounds.

• Def: f : {0,1}n ! {0,1} -hard for class C if

every C 2 C : Prx[f(x) ≠ C(x)] ¸ ( 2 [0,1/2])

n f is worst case hard.

• E.g. C = general circuits of size nlog n, AC0[©],…

• Strong average-case hardness: = 1/2 – 1/n(1)

Need for cryptography, pseudorandom generators[Nisan Wigderson,…]

Average-case hardness

•

• Major line of research (1982 – present)[Y,GL,L,BF,BFL,BFNW,I,GNW,FL,IW,IW,CPS,STV,TV,SU,T,O,V,T,HVV,SU,GK,IJK,IJKW,…]

• Yao’s XOR lemma: Enc(f)(x1,…,xt) := f(x1) ©© f(xt)

f is -hard ) Enc(f) is (½–)-hard. against C = general poly-size circuits

(t = poly(log(1//)) .

Hardness amplificationHardness

amplificationagainst C

-hard ffor C

Enc(f) (1/2-)-hardfor C

• There are no lower bounds against strong classes, but what about week classes?

• Observation: Known hardness amplifications fail against any

class C for which we have lower bounds.

• Example: Have f ∉ AC0[©]. Open f : (1/2-1/n)-hard for AC0[©] ?

The problem we study

Our results + [Razborov Rudich] + [Naor Reingold]

Majority

Powerof CCannot prove

lower bounds[RR] + [NR]

Cannot provehardness amplification[this work]

“You can only amplify the hardness you don’t have”

“Lose-lose” reach of “standard techniques”:

Disclaimer: These are not impossibility

results.

Our results• Theorem [This work]: (Black-box non-adaptive)

hardness amplification against class C requires Majority 2 C

• No black-box hardness amplification against

AC0[©] because Majority not in AC0[©]

• Black-box amplification to (1/2-)-hard requires

C to compute majority on 1/ bits – tight

Outline

• Overview

• Formal statement of our results

• Significance of our results

• Proof

Proofs of Hardness Amplification• Yao’s XOR lemma: Enc(f)(x1,…,xt) := f(x1) ©© f(xt)

f is -hard ) Enc(f) is (½–)-hard. (t = poly(log(1//))

against C = general poly-size circuits

• Proofs work by proving the contra-positive:

Enc(f) is not (½–)-hard ) f is not -hard.

• Proofs convert:– A circuit h that errs computing Enc(f) on (½–)-fraction of inputs

– into a circuit g in C that errs computing f on fraction of inputs.

• Black-box proofs are reductions converting h into g.

Black-box reductions• Proofs convert:

– A circuit h that errs computing Enc(f) on (½–)-fraction of inputs

– into a circuit g in C that errs computing f on fraction of inputs.

Uniform reductions:

one poly-time circuit C s.t.

∀ f,h as above

s.t. g(x)=Ch(x)

Captures most reductions in Complexity/Crypto.

Non-uniform reductions:

∀ f,h as above

poly-size circuit C=Cf,h

s.t. g(x)=Ch(x)

Necessary for hardness amplification (Coding T).

The reduction Ch gets a poly-size “advice string”

about f,h

Often C is a PPM

The local list-decoding view[Sudan Trevisan Vadhan ’99]

f =

Enc(f) =

h =

(1/2–errors)

Ch(x) = f(x) (for 1- x’s)

0 1 0 1 0 1 0 1 0 1 0 1

0 1 1 1 0 1 0 0 1 0 1 1 0 0 0 1 0 1 1 0 00 0 0 0 0 1 1 0 1 1 1 1 1 0 0 0 1 0 1 0 0

q queries

encoding

decoding

LocalList-

No unique

decoding

Black-box hardness amplification• Def. Black-box !(1/2-) hardness amplific. against C

∀ f, h : Pry[Enc(f)(y) ≠ h(y)] < 1/2-

circuit C 2 C : Prx[f(x) ≠ Ch(x)] <

• Rationale: f -hard ) Enc(f) (1/2-)-hard

(f -hard for C if 8 C 2 C : Prx[f(x) ≠ C(x)] ¸ )

• Note: Enc is arbitrary (not necessarily black-box). Caveat: we can only handle non-adaptive oracle calls.

Encf : {0,1}k!{0,1} Enc(f) : {0,1}n!{0,1}

Our results (informal): Black box reductions for h.a. are “complex”.

• Theorem [this work]: Non-adaptive black-box

≤ ! (1/2-) hardness amplification

against a class C of poly-size circuits )

(1) C 2 C computes majority on 1/ bits.

(2) C 2 C makes q = Ω(log(1/)/2) oracle queries.

• Both asymptotically tight (as there are matching

upper bounds):

(1) [Impagliazzo, Goldwasser Gutfreund Healy Kaufman Rothblum]

(2) [Impagliazzo, Klivans Servedio]

Outline

• Overview

• Formal statement of our results

• Significance of our results

• Proof

• Lack of hardness vs. randomness tradeoffs a-la [Nisan Wigderson] for some families of constant-depth circuits

• Loss in circuit size: -hard for size s

) (1/2-)-hard for size s¢2 / log(1/)

Our results somewhat explain

Direct product vs. Yao’s XOR

• Yao’s XOR lemma:

Enc(f)(x1,…,xt) := f(x1) © © f(xt) 2 {0,1}

• Direct product lemma (non-Boolean)

Enc(f)(x1,…,xt) := ( f(x1) ,,f(xt) ) 2 {0,1}t

• For general poly-size circuits Direct product , Yao XOR [Goldreich Levin]

• Yao’s XOR requires majority [this work]direct product does not [folklore, Impagliazzo Jaiswal

Kabanets Wigderson]

• Also a difference in # of oracle queries needed.

Outline

• Overview

• Formal statement of our results

• Significance of our results

• Proof

Proof• Recall Theorem: non-adaptive black-box

≤ ! (1/2-) hardness amplification against

a class C of poly-size circuits )

(1) C 2 C computes majority on 1/ bits.

(2) C 2 C makes q ¸ log(1/)/2 oracle queries.

• We show hypot.) C 2 C tells Noise 1/2 from 1/2 –

(D) | Pr[C(N1/2,…,N1/2)=1] - Pr[C(N1/2-,…,N1/2-)=1] | >1-

• (1) ( (D) + “best way to distinguish is majority” [Sudan].

(2) ( (D) + “tigthness of Chernoff bound”

q q

Warm-up: uniform reduction

• Want: non-uniform reductions (8 f,h 9 C)

For every f ,h : Pry[Enc(f)(y) ≠ h(y)] < 1/2-

there is circuit C 2 C : Prx[f(x) ≠ Ch(x)] <

• Warm-up: uniform reductions (9 C 8 f,h )

There is circuit C 2 C :

For every f, h : Pry[Enc(f)(y) ≠ h(y)] < 1/2-

Prx[f(x) ≠ Ch(x)] <

Proof in uniform case• Let F : {0,1}k ! {0,1}, X 2 {0,1}k be random

Consider C(X) with oracle access to

H(y) = Enc(F)(y) © N(y)

N(y) ~ N1/2 ) CEnc(F) © N(X) = CN(X) ≠ F(X) w.p ½.C has no information about F

N(y) ~ N1/2- ) CEnc(F) © N(X) = F(X) w.p. 1- .H=Enc(F) © N is (1/2-)-close to Enc(F)

• To tell z ~ Noise 1/2 from z ~ Noise 1/2 – , |z| = q

Run C(X); answer i-th query yi with Enc(F)(yi) © ziCompare answer to F(X) (which is hardwired).Q.e.d.

Proof outline in non-uniform case• Non-uniform: C depends on F and H (8 f,h 9 C)

• New proof technique

1) Fix C to C’ that works for many f,h Condition F’ := (F | C=C’), H’ := (H | C=C’)

2) Information-theoretic lemma

Enc(F’)©N’ (y1,…,yq) ¼ Enc(F)©N (y1,…,yq)

If all yi 2 “good” set G µ {0,1}n

Can argue as for uniform case if all yi 2 G

3) Deal with queries yi not in G

Fixing C

• Choose F : {0,1}k ! {0,1} uniform, N(y) ~ N1/2-

• Enc(F)©N is (1/2-)-close to Enc(F). We have (8f,h9C)

With probability 1 over F,H there is C 2 C :

PrX[CEnc(F) © N(X) ≠ F(X)] <

• ) there is C’ 2 C : with probability 1/|C| over F,H

PrX[C’ Enc(F) © N (X) ≠ F(X)] <

• Note: C = all circuits of size poly(k), 1/|C| = 2-poly(k)

The information-theoretic lemma• Lemma

Let V1,…,Vt i.i.d., V1’,…,Vt’ := (V1,…,Vt | E)

E noticeable ) there is large good set G µ [t] :

for every i1,…,iq 2 G : (V’i1,…,V’iq) ¼ (Vi1,…,Viq

) as long as q is small.

• Proof: E noticeable ) H(V1’,…,Vt’) large

) H(V’i |V’1,…,V’i -1) large for many i (2 G)

Closeness[(Vi1,…,Viq

),(V’i1,…,V’iq)] ¸ H(V’i1,…,V’iq)

¸ H(V’iq | V’1,…,V’iq -1) + … + H(V’i1 | V’1 ,…,V’i1-1) large

Q.e.d.

• Similar to [Edmonds Rudich Impagliazzo Sgall, Raz]

Applying the lemma

• Vy = N(y) ~ Noise 1/2-

• E := { H : PrX[C’ Enc(F) © N(X) ≠ F(X)] < }, Pr[E]¸ 1/|C|

H’ = N | E =

C’ Enc(F’) © N’ (x) ¼ C’ Enc(F) © N (x)

• All queries in G ) proof for uniform case goes thru

0 1 1 1 0 1 0 0 1 0 1 1 0 0 0 1 0 1 1 0 0 Gq queries

Handling bad queries

• Problem: C(x) may query bad y 2 {0,1}n not in G

• Idea: Fix bad query. Queries either in G or fixed )proof for uniform case goes thru

• Delicate argument:

Fixing bad query H(y) may create new bad queries

Instead fix heavy queries: asked by C(x) for many x’s

Gain because new bad queries are light, affect few x’s Must verify that there are few added bad queries.

• Theorem[This work] Black-box hardness amplification against class C requires Majority 2 C

• Reach of standard techniques in circuit complexity[This work] + [Razborov Rudich], [Naor Reingold]

“Can amplify hardness , cannot prove lower bound”

• New proof technique to handle non-uniform reductions

• Open problemsAdaptivity?

[GutfreundRothblum08] handle adaptive reductions in the case of “low nonuniformity” (small list sizes).1/3-pseudorandom from 1/3-hard requires majority?

Conclusion