Finite fields, randomness and complexity. Swastik Kopparty Rutgers University

Similar documents
Sums of products of polynomials of low-arity - lower bounds and PIT

Certifying polynomials for AC 0 [ ] circuits, with applications

Deterministic APSP, Orthogonal Vectors, and More:

Equivalence of Polynomial Identity Testing and Deterministic Multivariate Polynomial Factorization

Lecture 4: LMN Learning (Part 2)

Fourier Analysis. 1 Fourier basics. 1.1 Examples. 1.2 Characters form an orthonormal basis

Notes for Lecture 25

CSC 2429 Approaches to the P vs. NP Question and Related Complexity Questions Lecture 2: Switching Lemma, AC 0 Circuit Lower Bounds

Lecture 3: AC 0, the switching lemma

Lecture 3 Small bias with respect to linear tests

1 Randomized Computation

Sums of Products of Polynomials in Few Variables: Lower Bounds and Polynomial Identity Testing

Lecture 6: Deterministic Primality Testing

Linear-algebraic pseudorandomness: Subspace Designs & Dimension Expanders

Arithmetic Circuits with Locally Low Algebraic Rank

: Error Correcting Codes. October 2017 Lecture 1

Discrete Math, Fourteenth Problem Set (July 18)

Lecture 10: Learning DNF, AC 0, Juntas. 1 Learning DNF in Almost Polynomial Time

Lecture 7: ɛ-biased and almost k-wise independent spaces

Definition 1. NP is a class of language L such that there exists a poly time verifier V with

Factoring univariate polynomials over the rationals

Constant-Depth Circuits for Arithmetic in Finite Fields of Characteristic Two

Majority is incompressible by AC 0 [p] circuits

On the Fourier spectrum of symmetric Boolean functions

November 17, Recent Results on. Amir Shpilka Technion. PIT Survey Oberwolfach

Error Correcting Codes Questions Pool

Lecture 10: Deterministic Factorization Over Finite Fields

Homework 8 Solutions to Selected Problems

CS294: Pseudorandomness and Combinatorial Constructions September 13, Notes for Lecture 5

Hardness amplification proofs require majority

Notes for Lecture 11

Lecture 11 - Basic Number Theory.

1 Nisan-Wigderson pseudorandom generator

Lecture Examples of problems which have randomized algorithms

Arithmetic Circuits: A Chasm at Depth Four

The sum of d small-bias generators fools polynomials of degree d

CPSC 536N: Randomized Algorithms Term 2. Lecture 9

Polynomial Identity Testing

Faster Satisfiability Algorithms for Systems of Polynomial Equations over Finite Fields and ACC^0[p]

Questions Pool. Amnon Ta-Shma and Dean Doron. January 2, Make sure you know how to solve. Do not submit.

Low-discrepancy sets for high-dimensional rectangles: a survey

The Weil bounds. 1 The Statement

Classifying polynomials and identity testing

Lecture 4: Codes based on Concatenation

Problem Set 2. Assigned: Mon. November. 23, 2015

EXPONENTIAL LOWER BOUNDS FOR DEPTH THREE BOOLEAN CIRCUITS

Pseudorandom generators for low degree polynomials

Polynomial Identity Testing and Circuit Lower Bounds

Random Graphs and the Parity Quantifier

Deterministically Testing Sparse Polynomial Identities of Unbounded Degree

Nondeterminism LECTURE Nondeterminism as a proof system. University of California, Los Angeles CS 289A Communication Complexity

The zeta function, L-functions, and irreducible polynomials

Reconstruction of full rank algebraic branching programs

Tutorial: Locally decodable codes. UT Austin

PRGs for space-bounded computation: INW, Nisan

Ben Lee Volk. Joint with. Michael A. Forbes Amir Shpilka

6.842 Randomness and Computation April 2, Lecture 14

Finite Fields. Mike Reiter

2-4 Zeros of Polynomial Functions

Some Depth Two (and Three) Threshold Circuit Lower Bounds. Ryan Williams Stanford Joint work with Daniel Kane (UCSD)

Pseudorandom Generators for Low Degree Polynomials from Algebraic Geometry Codes

The idea is that if we restrict our attention to any k positions in x, no matter how many times we

Three Query Locally Decodable Codes with Higher Correctness Require Exponential Length

Complexity Theory of Polynomial-Time Problems

3 Finish learning monotone Boolean functions

18.5 Crossings and incidences

RECONSTRUCTING ALGEBRAIC FUNCTIONS FROM MIXED DATA

Meta-Algorithms vs. Circuit Lower Bounds Valentine Kabanets

Last time, we described a pseudorandom generator that stretched its truly random input by one. If f is ( 1 2

A Lower Bound for the Size of Syntactically Multilinear Arithmetic Circuits

Lecture 3: Randomness in Computation

Arthur-Merlin Streaming Complexity

Direct product theorem for discrepancy

Pseudorandom Sequences II: Exponential Sums and Uniform Distribution

1 Lecture 6-7, Scribe: Willy Quach

Chapter 4 Finite Fields

Poly-logarithmic independence fools AC 0 circuits

Addition is exponentially harder than counting for shallow monotone circuits

Detecting Rational Points on Hypersurfaces over Finite Fields

Hadamard Tensors and Lower Bounds on Multiparty Communication Complexity

Depth-3 Arithmetic Formulae over Fields of Characteristic Zero

Higher-order Fourier analysis of F n p and the complexity of systems of linear forms

complexity distributions

1 The Low-Degree Testing Assumption

CSC 5170: Theory of Computational Complexity Lecture 9 The Chinese University of Hong Kong 15 March 2010

[06.1] Given a 3-by-3 matrix M with integer entries, find A, B integer 3-by-3 matrices with determinant ±1 such that AMB is diagonal.

Explicit bounds on the entangled value of multiplayer XOR games. Joint work with Thomas Vidick (MIT)

HARDNESS AMPLIFICATION VIA SPACE-EFFICIENT DIRECT PRODUCTS

Complexity of Finding a Duplicate in a Stream: Simple Open Problems

Simple Constructions of Almost k-wise Independent Random Variables

Algebra Review 2. 1 Fields. A field is an extension of the concept of a group.

Lecture 5: Derandomization (Part II)

CS 6815: Lecture 4. September 4, 2018

CS151 Complexity Theory. Lecture 9 May 1, 2017

Primality Testing. 1 Introduction. 2 Brief Chronology of Primality Testing. CS265/CME309, Fall Instructor: Gregory Valiant

Counting points on hyperelliptic curves

Symmetric Functions Capture General Functions

20.1 2SAT. CS125 Lecture 20 Fall 2016

Finite Fields. SOLUTIONS Network Coding - Prof. Frank H.P. Fitzek

Transcription:

Finite fields, randomness and complexity Swastik Kopparty Rutgers University

This talk Three great problems: Polynomial factorization Epsilon-biased sets Function uncorrelated with low-degree polynomials

Polynomial factorization

Polynomial factorization Algorithmic problem: Given a polynomial, factorize it into irreducible factors Over F q, degree d, n variables n=1: [Berlekamp] randomized poly(d, log q) time short and sweet, one of the first nontrivial randomized algorithms General n: [Grigoriev, Chistov,, Lenstra, Kaltofen] randomized poly(d n, log q) Via reduction to 1-variable case Big open question: deterministic? Essentially optimal: d n is number of monomials Or is it?

Arithmetic circuit representation Arithmetic circuit representation Polynomial presented as an arithmetic circuit of size s, degree d Can we factorize this in time poly(s,d)? Before that Can we do anything with polynomial presented as an arithmetic circuit? Polynomial identity testing Test if C(X 1,, X n ) 0 (the identically 0 polynomial) Classical randomized algorithm: Pick a random point a F n, and check if C(a) = 0. No deterministic algorithm known. Central problem in complexity theory

Factorization in the circuit representation [Kaltofen, Kaltofen-Trager] Efficient factorization is possible in the circuit representation! Randomized poly(s) time algorithm. How are the factors represented? As arithmetic circuits of size poly(s)! Can this be made deterministic? 2 open problems stand in the way Deterministic univariate factorization Deterministic polynomial identity testing [K-Saraf-Shpilka 15]: these are the only obstacles

Berlekamp s randomized factorization Let us factor 1-variable quadratic polynomial H(X) over F p, for p prime (in time polylog(p) ) Algorithm: Pick u, v F p uniformly at random Set G(X) = H(uX+v) (random affine shift) Suffices to factor G(X) Compute GCD(X (p-1)/2 1, G(X) ) If degree of GCD = 1, we found a factor of G(X) Else repeat and try again Two facts for analysis: For fixed α, β F p, the random variables uα + v, uβ + v are uniform and independent Probability that a random element of F p is a root of X (p-1)/2 1 is about ½ Thus with probability ½, the following event happens: one of the roots of G(X) will be a root of X (p-1)/2 1, and the other root of G(X) will not be

Epsilon-biased sets

Epsilon-biased sets Setting: F 2 n Linear functions l a : F 2 n F 2 la x = a, x S F 2 n is called ε-biased if: For all nonzero linear functions l a : F 2 n F 2 l a is not too biased on S: Pr l a x = 0 1/2 ε, 1/2 + ε x S Many applications is pseurodandomness, coding theory

Basic questions: existence and construction How small can epsilon-biased sets be? How to construct small epsilon-biased sets explicitly? Compute i th bit of the j th element in time poly(log n)

Small epsilon-biased sets Randomized construction: probabilistic method Random set of size O( n ε2) is epsilon-biased with high probability Deterministic constructions: Known with size: O( n2 ε 2) O( n ε 3) O( n [Alon-Goldreich-Hastad-Peralta] [Naor-Naor, based on Reed-Solomon codes] ε 2 1.25 ) [BenAroya-TaShma, based on Hermitian codes]

Lower bounds on epsilon-biased sets MRRW bound 77: epsilon biased sets must have size at least n Ω ε 2 log 1 ε Alon 04: very clever linear-algebra proof Next: less clever version of Alon s proof

Lower bounds on epsilon-biased sets Let S be epsilon biased Let f: F 2n R be given by: f(x) = 1/ S f(x) = 0 if x S otherwise Let F: F 2n R be the Fourier transform of f F(a) = x f x 1 a,x Key point of epsilon-bias: F(a) ε for all nonzero a F(0) = 1

Lower bounds on epsilon-biased sets Ingredient 1: Fourier transform is l 2 norm preserving: x f x 2 = 1 2 n a F a 2 LHS: x f x 2 = 1 S RHS: 1 2 n a F a 2 1+ 2n 1 ε 2 1 2 n 2n + ε2 So S Ω min 1 ε 2, 2n Close!

Lower bounds for epsilon-biased sets Ingredient 2: Convolution and Fourier transform Let t be an integer Define g: F 2n R by: g(x) = f(x 1 ) f(x 2 ) f(x t ) where the sum is over all x 1,, x t s.t. x 1 + + x t = x g is the convolution of f with itself t times g is the probability distribution of x 1 + x 2 + + x t, where x i chosen from S uniformly Let G:F 2n R be the Fourier transform of g Then G(a) = F(a) t.

Putting everything together x g x 2 = 1 2 n a G a 2 RHS: 1 2 n a G a 2 1+ 2n 1 ε 2t 1 2 n 2n + ε2t LHS: x g x 2 =? Cauchy-Schwarz: (support(g) ) ( x g x 2 ) x g x 2 = 1 So ( x g x 2 ) 1/support(g) support(g) S t Summarizing: S min 2 n 1, t ε 2t Optimizing value of t gives S Ω n ε 2 log 1 ε

A nice deterministic construction with size O( n2 ε 2) [AGHP 90] Pick an irreducible polynomial h(t) of degree d = O(log n ε ) Pick a bit-sequence s of length d Consider linear recurrence starting with s, with characteristic polynomial h Generate n bit sequence x out of this recurrence Analysis: Based on: FACT: Let A(T) be a nonzero degree n polynomial Then Pr[ h(t) divides A(T) ] < ε, where h(t) is random irreducible polynomial of degree d Missing piece: How to pick irreducible polynomials? Let I d be the set of all irreducible polynomials of degree d Want a bijection from {1,2,.., I d } I d computable in time poly(d) [K-Kumar-Saks 15] Can be done: indexing irreducible polynomials over finite fields

Functions uncorrelated with polynomials

Functions uncorrelated with polynomials Let f : F 2 n F 2 Define correlation of f with degree d polynomials Maximum ε s.t. there exists h(x1,, xn) of degree d s.t. Pr x F 2 n f x = h x = 1 2 + ε Denoted Corr(f, P d ) How low can this correlation be? Probabilistic method: For d < n/3, a random function f has w.h.p. Corr(f, P d ) < 2 Ω n Open question: find an explicit example of such a function

Conection to circuit complexity Circuit Class AC 0 (mod 2) Bounded depth Boolean circuits Allowed gates: AND, OR, NOT, Parity (unbounded fan-in) [Razborov 87] Such circuits can be approximated by polynomials

Application to circuit complexity [Razborov 87] Circuits can be approximated by polynomials For every poly-size AC 0 (mod 2) circuit C h(x 1,, x n ) F 2 [x 1,, x n ] with deg(h) = n 0.1 s.t. Pr x F 2 n C x = h x = 1 n ω 1 Corollary: If Corr(f, P n 0.1 ) < n ω 1 then for all poly-size AC 0 (mod 2) circuits C, i.e., f is average case hard for these circuits. Pr C x = f x < 1 x Fn 2 2 + n ω 1 Corollary: (Via Nisan-Wigderson hardness vs randomness) Explicit such f implies efficient pseudorandom generators against AC 0 (mod 2)

Functions uncorrelated with polynomials For small d, exponentially small correlation known: f(x 1,, x n ) = x 1 x 2 x 3 + x 4 x 5 x 6 + (n/3 disjoint monomials) f(x) = Tr(x 7 ) (viewed as map from F 2 n F 2 ) has 2 Ω n correlation with degree 2. Proof by (repeatedly) squaring and Cauchy-Schwarz: E x F2 n 1 f x +h x Analogous results for all d << log n. For larger d, only much weaker correlation known. f(x) = Majority(x) [ Smolensky 94] f(x) = Tr(x 1/3 ) [K 11] Have 1/n 0.4 correlation with degree n 0.1.

Majority is uncorrelated with degree n 0.1 Key Lemma: Majority is versatile For all g: F 2n F 2, there exist polynomials g, g with deg(g ), deg(g ) n/2 s.t. for all x, g(x) = g (x) Maj(x) + g (x) Proof: Consider x s.t. Maj(x) = 0 Need g (x) = g(x) for such x This uniquely defines g of degree n/2 Consider x s.t. Maj(x) = 1 Need g (x) = g(x) g (x) for such x This uniquely defines g of degree n/2 Maj = 1 Maj = 0 {0,1} n

Majority is uncorrelated with degree n 0.1 Suppose deg(h) < n 0.1, and Pr[ h(x) = Majority(x)] = ½ + ε Let S = { x: h(x) = Majority(x) } By versatility: Every function g: S F 2 can be written as: g = g Maj + g = g h + g which is degree n/2 + n 0.1. Now counting: #(functions on S) = 2 S. #(polynomials of degree at most n/2 + n 0.1 ) < 2 1 2 +n 0.4 2 n 1 So S < + 2 n 0.4 2 n So ε < n 0.4

Wrap-up Open questions: Polynomial factorization: Deterministic univariate polynomial factorization? Deterministic polynomial identity testing? Epsilon biased sets: What is the optimal size? Efficient constructions matching this? Functions uncorrelated with polynomials: Explicit functions highly uncorrelated with polynomials?

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback