The power and weakness of randomness (when you are short on time) Avi Wigderson Institute for Advanced Study

Similar documents
Great Theoretical Ideas in Computer Science

-bit integers are all in ThC. Th The following problems are complete for PSPACE NPSPACE ATIME QSAT, GEOGRAPHY, SUCCINCT REACH.

Finding hay in haystacks: the power and limits of Randomness. Avi Wigderson IAS, Princeton

A Short History of Computational Complexity

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn

Lecture 19: Interactive Proofs and the PCP Theorem

Does randomness solve problems? Russell Impagliazzo UCSD

The P versus NP Problem. Ker-I Ko. Stony Brook, New York

1 Randomized Computation

20.1 2SAT. CS125 Lecture 20 Fall 2016

Mathematics, Proofs and Computation

fsat We next show that if sat P, then fsat has a polynomial-time algorithm. c 2010 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 425

Meta-Algorithms vs. Circuit Lower Bounds Valentine Kabanets

Randomness and non-uniformity

conp = { L L NP } (1) This problem is essentially the same as SAT because a formula is not satisfiable if and only if its negation is a tautology.

6.080 / Great Ideas in Theoretical Computer Science Spring 2008

A note on exponential circuit lower bounds from derandomizing Arthur-Merlin games

Asymptotically Optimal Hitting Sets Against Polynomials

Chapter 7 Randomization Algorithm Theory WS 2017/18 Fabian Kuhn

Computational Complexity: A Modern Approach

Permanent and Determinant

Algorithms. Sudoku. Rubik s cube. Evaluating how good (how efficient) an algorithm is 3/4/17. Algorithms, complexity and P vs NP SURVEY

Lecture 15 - Zero Knowledge Proofs

On the efficient approximability of constraint satisfaction problems

CSC 373: Algorithm Design and Analysis Lecture 30

Input-Oblivious Proof Systems and a Uniform Complexity Perspective on P/poly

Pseudorandomness and Combinatorial Constructions

COMPUTATIONAL COMPLEXITY

Randomized Complexity Classes; RP

Formalizing Randomized Matching Algorithms

Lecture 1: January 16

Probabilistically Checkable Proofs

Pseudorandomness and combinatorial constructions

PSEUDORANDOMNESS AND AVERAGE-CASE COMPLEXITY VIA UNIFORM REDUCTIONS

DRAFT -- DRAFT -- DRAFT -- DRAFT -- DRAFT --

Two Comments on Targeted Canonical Derandomizers

On Pseudorandomness w.r.t Deterministic Observers

NP Complete Problems. COMP 215 Lecture 20

CSC 5170: Theory of Computational Complexity Lecture 5 The Chinese University of Hong Kong 8 February 2010

Worst-Case to Average-Case Reductions Revisited

Expander Construction in VNC 1

NP and Computational Intractability

Lecture 6: Random Walks versus Independent Sampling

Almost transparent short proofs for NP R

/633 Introduction to Algorithms Lecturer: Michael Dinitz Topic: NP-Completeness I Date: 11/13/18

Lecture 16 November 6th, 2012 (Prasad Raghavendra)

CHAPTER 3 FUNDAMENTALS OF COMPUTATIONAL COMPLEXITY. E. Amaldi Foundations of Operations Research Politecnico di Milano 1

Identifying an Honest EXP NP Oracle Among Many

Randomness and non-uniformity

Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-np Historical Comments Optimization Problems More Complexity Classes

Pseudorandom Generators

Basic Probabilistic Checking 3

Notes for Lecture 2. Statement of the PCP Theorem and Constraint Satisfaction

6.080/6.089 GITCS April 8, Lecture 15

Lecture 22: Derandomization Implies Circuit Lower Bounds

Lecture 5. 1 Review (Pairwise Independence and Derandomization)

Factorization & Primality Testing

6.045: Automata, Computability, and Complexity (GITCS) Class 17 Nancy Lynch

Additive Combinatorics and Computational Complexity

Limits to Approximability: When Algorithms Won't Help You. Note: Contents of today s lecture won t be on the exam

Lecture 3: Randomness in Computation

Lecture 10: Hardness of approximating clique, FGLSS graph

Self-Testing Polynomial Functions Efficiently and over Rational Domains

1 Cryptographic hash functions

Universal Traversal Sequences with Backtracking

6.841/18.405J: Advanced Complexity Wednesday, April 2, Lecture Lecture 14

Sparse Pseudorandom Distributions

10 Concrete candidates for public key crypto

Dinur s Proof of the PCP Theorem

Lecture 5: Derandomization (Part II)

CS151 Complexity Theory. Lecture 9 May 1, 2017

Umans Complexity Theory Lectures

Lecture 3: Interactive Proofs and Zero-Knowledge

Mathematics and computing

Last time, we described a pseudorandom generator that stretched its truly random input by one. If f is ( 1 2

NP-Completeness I. Lecture Overview Introduction: Reduction and Expressiveness

1.1 P, NP, and NP-complete

Lecture 12: Interactive Proofs

Polynomial Identity Testing. Amir Shpilka Technion

HARDNESS AMPLIFICATION VIA SPACE-EFFICIENT DIRECT PRODUCTS

November 17, Recent Results on. Amir Shpilka Technion. PIT Survey Oberwolfach

Introduction to Modern Cryptography. Benny Chor

Some Results on Circuit Lower Bounds and Derandomization of Arthur-Merlin Problems

Tolerant Versus Intolerant Testing for Boolean Properties

CS154, Lecture 18: 1

Symposium on Theoretical Aspects of Computer Science 2008 (Bordeaux), pp

How many rounds can Random Selection handle?

Tolerant Versus Intolerant Testing for Boolean Properties

Algorithms Design & Analysis. Approximation Algorithm

On the Power of Multi-Prover Interactive Protocols. Lance Fortnow. John Rompel y. Michael Sipser z. Massachusetts Institute of Technology

Model Counting for Logical Theories

Pseudorandomness. Contents

1. Algebra 1.7. Prime numbers

Algorithms: COMP3121/3821/9101/9801

Essential facts about NP-completeness:

Determinant Versus Permanent

PRIMES is in P. Manindra Agrawal. NUS Singapore / IIT Kanpur

Amplification and Derandomization Without Slowdown

CS6999 Probabilistic Methods in Integer Programming Randomized Rounding Andrew D. Smith April 2003

Transcription:

The power and weakness of randomness (when you are short on time) Avi Wigderson Institute for Advanced Study

Plan of the talk Computational complexity -- efficient algorithms, hard and easy problems, P vs. NP The power of randomness -- in saving time The weakness of randomness -- what is randomness? -- the hardness vs. randomness paradigm The power of randomness -- in saving space -- to strengthen proofs

Easy and Hard Problems asymptotic complexity of functions Multiplication mult(23,67) = 1541 grade school algorithm: n 2 steps on n digit inputs EASY P Polynomial time algorithm Factoring factor(1541) = (23,67) best known algorithm: exp( n) steps on n digits HARD? -- we don t know! -- the whole world thinks so!

Map Coloring and P vs. NP Input: planar map M (with n countries) 2-COL: is M 2-colorable? 3-COL: is M 3-colorable? 4-COL: is M 4-colorable? Thm: If 3-COL is Easy then Factoring is Easy P vs. NP problem: Formal: Easy Hard? Trivial -Thm [Cook-Levin 71, Karp 72]: 3-COL is NP-complete -. Numerous equally hard problems in all sciences Is 3-COL Easy? Informal: Can creativity be automated?

Fundamental question #1 Is NP P? Is any of these problems hard? - Factoring integers - Map coloring - Satisfiability of Boolean formulae - Traveling salesman problem - Solving polynomial equations - Computing optimal Chess/Go strategies Best known algorithms: exponential time/size. Is exponential time/size necessary for some? Conjecture 1 : YES

The Power of Randomness Host of problems for which: - We have probabilistic polynomial time algorithms - We (still) have no deterministic algorithms of subexponential time.

Coin Flips and Errors Algorithms will make decisions using coin flips 0111011000010001110101010111 (flips are independent and unbiased) When using coin flips, we ll guarantee: task will be achieved, with probability >99% Why tolerate errors? We tolerate uncertainty in life Here we can reduce error arbitrarily <exp(-n) To compensate we can do much more

Number Theory: Primes Problem 1: Given x [2 n, 2 n+1 ], is x prime? 1975 [Solovay-Strassen, Rabin] : Probabilistic 2002 [Agrawal-Kayal-Saxena]: Deterministic!! Problem 2: Given n, find a prime in [2 n, 2 n+1 ] Algorithm: Pick at random x 1, x 2,, x 1000n For each x i apply primality test. Prime Number Theorem Pr [ i x i prime] >.99

Algebra: Polynomial Identities Is det( )- i<k (x i -x k ) 0? Theorem [Vandermonde]: YES Given (implicitly, e.g. as a formula) a polynomial p of degree d. Is p(x 1, x 2,, x n ) 0? Algorithm [Schwartz-Zippel 80] : Pick r i indep at random in {1,2,,100d} p 0 Pr[ p(r 1, r 2,, r n ) =0 ] =1 p 0 Pr[ p(r 1, r 2,, r n ) 0 ] >.99 Applications: Program testing, Polynomial factorization

Analysis: Fourier coefficients Given (implicitely) a function f:(z 2 ) n {-1,1} (e.g. as a formula), and >0, Find all characters such that <f, > Comment : At most 1/ 2 such Algorithm [Goldreich-Levin 89] : adaptive sampling Pr[ success ] >.99 [AGS] : Extension to other Abelian groups. Applications: Coding Theory, Complexity Theory Learning Theory, Game Theory

Geometry: Estimating Volumes Given (implicitly) a convex body K in R d (d large!) (e.g. by a set of linear inequalities) Estimate volume (K) Comment: Computing volume(k) exactly is #P-complete Algorithm [Dyer-Frieze-Kannan 91]: Approx counting random sampling Random walk inside K. Rapidly mixing Markov chain. Analysis: Spectral gap isoperimetric inequality Applications: Statistical Mechanics, Group Theory K

Fundamental question #2 Does randomness help? Are there problems with probabilistic polytime algorithm but no deterministic one? Conjecture 2: YES Fundamental question #1 Does NP require exponential time/size? Conjecture 1: YES Theorem: One of these conjectures is false!

Hardness vs. Randomness Theorems [Blum-Micali,Yao,Nisan-Wigderson, Impagliazzo-Wigderson ] : If there are natural hard problems, then randomness can be efficiently eliminated. Theorem [Impagliazzo-Wigderson 98] NP requires exponential size circuits every probabilistic polynomial-time algorithm has a deterministic counterpart Theorem [Impagliazzo-Kabanets 04, IKW 03] Partial converse!

Computational Pseudo-Randomness input algorithm output input algorithm output many unbiased independent Goldwasser-Micali 81 pseudorandom if for every efficient algorithm, for every input, n n efficient deterministic k ~ c log n pseudorandom generator many biased dependent few output output none

Hardness Pseudorandomness Need G: k bits n bits NW generator Show G: k bits k+1 bits f k+1 k ~ clog n Need: f hard on random input Average-case hardness Hardness amplification Have: f hard on some input Worst-case hardness

Derandomization input algorithm output Deterministic algorithm: - Try all possible 2 k =n c seeds - Take majority vote Pseudorandomness paradigm: Can derandomize specific algorithms without assumptions! e.g. Primality Testing & Maze exploration G efficient deterministic pseudorandom generator n k ~ c log n

Randomness and space complexity

Getting out of mazes (when your memory is weak) n vertex maze/graph Theseus Only a local view (logspace) Theorem [Aleliunas-Karp- Lipton-Lovasz-Rackoff 80]: A random walk will visit every vertex in n 2 steps (with probability >99% ) Theorem [Reingold 06] : Ariadne A deterministic walk, computable Mars, in 2003AD logspace, Crete, ~1000 BC will visit every vertex. Uses ZigZag expanders [Reingold-Vadhan-Wigderson 02]

The power of pandomness in Proof Systems

Probabilistic Proof System [Goldwasser-Micali-Rackoff, Babai 85] Is a mathematical statement claim true? E.g. claim: No integers x, y, z, n>2 satisfy x n +y n = z n claim: The Riemann Hypothesis has a 200 page proof probabilistic An efficient Verifier V(claim, argument) satisfies: *) If claim is true then V(claim, argument) = TRUE for some argument always (in which case claim=theorem, argument=proof) **) If claim is false then V(claim, argument) = FALSE for every argument with probability > 99%

Remarkable properties of Probabilistic Proof Systems - Probabilistically Checkable Proofs (PCPs) - Zero-Knowledge (ZK) proofs

Probabilistically Checkable Proofs (PCPs) claim: The Riemann Hypothesis Prover: (argument) Verifier: (editor/referee/amateur) Verifier s concern: Has no time PCPs: Ver reads 100 (random) bits of argument. Th[Arora-Lund-Motwani-Safra-Sudan-Szegedy 90] Every proof can be eff. transformed to a PCP Refereeing (even by amateurs) in seconds! Major application approximation algorithms

Zero-Knowledge (ZK) proofs [Goldwasser-Micali-Rackoff 85] claim: The Riemann Hypothesis Prover: (argument) Verifier: (editor/referee/amateur) Prover s concern: Will Verifier publish first? ZK proofs: argument reveals only correctness! Theorem [Goldreich-Micali-Wigderson 86]: Every proof can be efficiently transformed to a ZK proof, assuming Factoring is HARD Major application - cryptography

Conclusions & Problems When resources are limited, basic notions get new meanings (randomness, learning, knowledge, proof, ). - Randomness is in the eye of the beholder. - Hardness can generate (good enough) randomness. - Probabilistic algs seem powerful but probably are not. - Sometimes this can be proven! (Mazes,Primality) - Randomness is essential in some settings. Is Factoring HARD? Is electronic commerce secure? Is Theorem Proving Hard? Is P NP? Can creativity be automated?

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback