Strong ETH Breaks With Merlin and Arthur. Or: Short Non-Interactive Proofs of Batch Evaluation

Similar documents
CS151 Complexity Theory. Lecture 13 May 15, 2017

Introduction to Interactive Proofs & The Sumcheck Protocol

Lecture 19: Interactive Proofs and the PCP Theorem

2 Evidence that Graph Isomorphism is not NP-complete

Complexity Theory of Polynomial-Time Problems

CS151 Complexity Theory. Lecture 14 May 17, 2017

Hardness for easy problems. An introduction

Lecture 12: Interactive Proofs

1. Introduction Recap

A FINE-GRAINED APPROACH TO

Computer Science 385 Analysis of Algorithms Siena College Spring Topic Notes: Limitations of Algorithms

1 Randomized reduction: a first start

Kernel-Size Lower Bounds. The Evidence from Complexity Theory

The Class NP. NP is the problems that can be solved in polynomial time by a nondeterministic machine.

Polynomial Representations of Threshold Functions and Algorithmic Applications. Joint with Josh Alman (Stanford) and Timothy M.

6.S078 A FINE-GRAINED APPROACH TO ALGORITHMS AND COMPLEXITY LECTURE 1

Permanent and Determinant

Algorithms as Lower Bounds

A FINE-GRAINED APPROACH TO ALGORITHMS AND COMPLEXITY. Virginia Vassilevska Williams Stanford University

Computational Complexity Theory

Interactive Proofs 1

INAPPROX APPROX PTAS. FPTAS Knapsack P

NP-Complete problems

Arthur-Merlin Streaming Complexity

CS/COE

Limits to Approximability: When Algorithms Won't Help You. Note: Contents of today s lecture won t be on the exam

Agenda. What is a complexity class? What are the important complexity classes? How do you prove an algorithm is in a certain class

Notes on Complexity Theory Last updated: November, Lecture 10

Lecture Notes CS:5360 Randomized Algorithms Lecture 20 and 21: Nov 6th and 8th, 2018 Scribe: Qianhang Sun

CS 583: Algorithms. NP Completeness Ch 34. Intractability

Complexity Theory of Polynomial-Time Problems

Doubly Efficient Interactive Proofs. Ron Rothblum

Connections between exponential time and polynomial time problem Lecture Notes for CS294

BBM402-Lecture 11: The Class NP

Introduction. Pvs.NPExample

No Harder Than. We want these transformations to effectively be a problem-hardness version of #, which we will call No Harder Than.

Holger Dell Saarland University and Cluster of Excellence (MMCI) Simons Institute for the Theory of Computing

Interactive Proofs. Merlin-Arthur games (MA) [Babai] Decision problem: D;

Complexity, P and NP

20.1 2SAT. CS125 Lecture 20 Fall 2016

Theory of Computation CS3102 Spring 2014 A tale of computers, math, problem solving, life, love and tragic death

NP-Hardness reductions

Real Interactive Proofs for VPSPACE

-bit integers are all in ThC. Th The following problems are complete for PSPACE NPSPACE ATIME QSAT, GEOGRAPHY, SUCCINCT REACH.

How proofs are prepared at Camelot

Lecture 26. Daniel Apon

CSE 548: (Design and) Analysis of Algorithms

From Secure MPC to Efficient Zero-Knowledge

2 Natural Proofs: a barrier for proving circuit lower bounds

Limitations of Algorithm Power

Summer School on Introduction to Algorithms and Optimization Techniques July 4-12, 2017 Organized by ACMU, ISI and IEEE CEDA.

NP Completeness and Approximation Algorithms

Exponential time vs probabilistic polynomial time

NP and Computational Intractability

A An Overview of Complexity Theory for the Algorithm Designer

Lecture 18: PCP Theorem and Hardness of Approximation I

PCP Theorem and Hardness of Approximation

VIII. NP-completeness

CS151 Complexity Theory. Lecture 15 May 22, 2017

The power and weakness of randomness (when you are short on time) Avi Wigderson Institute for Advanced Study

MTAT Complexity Theory December 8th, Lecture 12

NP Complete Problems. COMP 215 Lecture 20

Algorithms. NP -Complete Problems. Dong Kyue Kim Hanyang University

Geometric Problems in Moderate Dimensions

P versus NP. Math 40210, Spring September 16, Math (Spring 2012) P versus NP September 16, / 9

On The Hardness of Approximate and Exact (Bichromatic) Maximum Inner Product. Lijie Chen (Massachusetts Institute of Technology)

Great Theoretical Ideas in Computer Science

CSI 4105 MIDTERM SOLUTION

Lecture 21: Counting and Sampling Problems

P, NP, NP-Complete. Ruth Anderson

Towards Hardness of Approximation for Polynomial Time Problems

PCP Course; Lectures 1, 2

Lecture 19: Finish NP-Completeness, conp and Friends

Umans Complexity Theory Lectures

Polynomial kernels for constant-factor approximable problems

Algebraic Dynamic Programming. Solving Satisfiability with ADP

Correctness of Dijkstra s algorithm

Shamir s Theorem. Johannes Mittmann. Technische Universität München (TUM)

Polynomial-time reductions. We have seen several reductions:

Computational Complexity

Umans Complexity Theory Lectures

Computational Intractability 2010/4/15. Lecture 2

CHAPTER 3 FUNDAMENTALS OF COMPUTATIONAL COMPLEXITY. E. Amaldi Foundations of Operations Research Politecnico di Milano 1

Lecture 22: Derandomization Implies Circuit Lower Bounds

Complete problems for classes in PH, The Polynomial-Time Hierarchy (PH) oracle is like a subroutine, or function in

Today. Few Comments. PCP Theorem, Simple proof due to Irit Dinur [ECCC, TR05-046]! Based on some ideas promoted in [Dinur- Reingold 04].

Discrete Optimization 2010 Lecture 10 P, N P, and N PCompleteness

Complexity Theory. Jörg Kreiker. Summer term Chair for Theoretical Computer Science Prof. Esparza TU München

NP-complete problems. CSE 101: Design and Analysis of Algorithms Lecture 20

COMP Analysis of Algorithms & Data Structures

Comp487/587 - Boolean Formulas

SAT, Coloring, Hamiltonian Cycle, TSP

QMA(2) workshop Tutorial 1. Bill Fefferman (QuICS)

Verifying Computations in the Cloud (and Elsewhere) Michael Mitzenmacher, Harvard University Work offloaded to Justin Thaler, Harvard University

Fine Grained Counting Complexity I

Faster Satisfiability Algorithms for Systems of Polynomial Equations over Finite Fields and ACC^0[p]

Umans Complexity Theory Lectures

De Morgan s a Laws. De Morgan s laws say that. (φ 1 φ 2 ) = φ 1 φ 2, (φ 1 φ 2 ) = φ 1 φ 2.

Chapter 2. Reductions and NP. 2.1 Reductions Continued The Satisfiability Problem (SAT) SAT 3SAT. CS 573: Algorithms, Fall 2013 August 29, 2013

Transcription:

Strong ETH Breaks With Merlin and Arthur Or: Short Non-Interactive Proofs of Batch Evaluation Ryan Williams Stanford

Two Stories Story #1: The ircuit and the Adversarial loud. Given: a 1,, a K F n Want: a 1,, a K F Let me do it! Would naively take ~ s K time / n variables = Arithmetic ircuit over +, in field F omputes some polynomial x 1,, x n F x 1,, x n of degree d

Two Stories Story #1: The ircuit and the Adversarial loud. Given: a 1,, a K F n Want: a 1,, a K F a 1 = 0,, a K = 0 You owe me $200. / n variables = Arithmetic ircuit over +, in field F omputes some polynomial x 1,, x n F x 1,, x n of degree d

Two Stories Story #1: The ircuit and the Adversarial loud. Given: a 1,, a K F n Want: a 1,, a K F a 1 = 0,, a K = 0 You owe me $200. / n variables How can very quickly check the work of the loud? (without just doing the work himself ) IP = PSPAE [LFKN 92, Shamir 92] - intractable provers Delegating omputation [GKR 08,,RRR 16] O(1)-round interactive proofs for low-depth ckts with fast verification

Two Stories Story #1: The ircuit and the Adversarial loud. Given: a 1,, a K F n Want: a 1,, a K F Note the input itself is K n + s size NON-INTERATIVE! Deg. d / n variables Thm: Verifier alg. where for all x 1,, x n and a 1,, a K F n, There is a proof of length O(K d) the loud can send, along with values a 1,, a K F, such that dk F The Verifier can toss poly log coins and check the proof in about O(K n + d + s) time, with probability of error ε. ε

Two Stories Story #2: The Many Exponential Time Hypotheses. Once upon a time 3-SAT = { satisfiability of formulas in NF, all clauses have at most 3 literals} Exponential Time Hypothesis (ETH) [IPZ 01] : 3-SAT requires at least 2 αn (randomized) time, for some α > 0 (n = # of variables in the formula) Best known 3-SAT algorithm: about 1. 31 n time Vast strengthening of P NP

Many Exponential-Time Lower Bounds, assuming ETH! Assuming ETH, the problems Independent Set, lique, Vertex over, Dominating Set, Graph oloring, Max ut, Set Splitting, Hitting Set, Min Bisection, Feedback Vertex Set, Hamiltonian Path, Max Leaf Spanning Tree, Subset Sum, Knapsack, 3-Dimensional Matching, luster Editing, Treewidth and many others do not have 2 o(n) time algorithms. (Note: Not easy! These do not follow from typical NP-completeness reductions)

ould We Predict the Exact Exponents of Running Times? Find evidence that 3-SAT is not in 1.0000001 n time? (Note for n 10 8, 1.0000001 n is pretty small!) Assuming ETH, we can distinguish between runtimes like 2 n and 2 n/log n, but not between 1.2 n and 1.3 n Need a stronger ETH... Best known k-sat algorithms: 2 n n/o(k) time Achieved by four different algorithmic paradigms!

Strong Exponential Time Hypothesis (SETH) [IP 01,IP 09] SETH: For every ε > 0 there exists a k 3 such that Satisfiability of k-nfs requires (2-ε) n time. Theorem: SETH ETH An even more productive hypothesis! Tight lower bounds on many natural polynomial-time tasks, edit distance [BI 15], LS [ABV 15], dynamic graph algorithms [AV 14], many refs very recently! Refuting SETH new circuit lower bounds [JMV] (Valiant series-parallel circuits)

Nondeterministic Strong ETH (NSETH) [GIMPS 16] NSETH: For every ε > 0 there exists a k 3 such that refuting unsatisfiable k-nfs requires (2-ε) n nondeterministic time. We cannot (yet?) refute this. But we can lay some other conjectures to rest MA-SETH AM-SETH We hardly knew ye

Non-Interactive Proofs of UNSAT That Beat Exhaustive Search Thm: There is a proof system for UNSAT such that every UNSAT Boolean formula of poly(n) size has a proof of length ~ 2 n/2 verifiable with poly(n) bits of randomness in ~ 2 n/2 time. (an even count SAT assignments) If this proof system can be de-randomized then NSETH is false! The derandomization problem reduces to an interesting univariate polynomial identity test

Thm: For all x 1,, x n and all a 1,, a K F n, there is a Verifier alg: There is a proof of length O(K d) the loud can send, along with values a 1,, a K F, such that the Verifier can toss poly log dk F coins and check the proof in ε about O(K n + d + s) time, with probability of error ε. Given: a 1,, a K F n Want: a 1,, a K F Naively takes ~ s K time get ~ s + K Degree d n variables / Idea: Define a univariate polynomial that simulates evaluation of on the a i Degree d n variables

Thm: For all x 1,, x n and all a 1,, a K F n, there is a Verifier alg: There is a proof of length O(K d) the loud can send, along with values a 1,, a K F, such that the Verifier can toss poly log dk F coins and check the proof in ε about O(K n + d + s) time, with probability of error ε. Given: a 1,, a K F n Want: a 1,, a K F Naively takes ~ s K time get ~ s + K Degree d n variables / Idea: Define a univariate polynomial that simulates evaluation of on the a i p 1 (x) p 2 (x) Degree d The loud sends this polynomial Q(x), of degree K d. Verifier: 1. Evals Q β 1,, Q β K to get a 1,, a K 2. Picks random r F, F large extension of F 3. hecks Q r = p 1 (r),, p n (r). p n 1 p (x) degree K polys. Let β 1,, β K F be distinct. for all i = 1,, n, & j = 1,, K, p i β j = α j i

Given: a 1,, a K F n Want: a 1,, a K F Would naively take s K time to compute Idea: Define a univariate polynomial that simulates evaluation of on the a i Q x : = p 1 (x) p 2 (x) Degree d The loud sends Q (x), of degree K d Verifier: 1. Evaluates Q β 1,, Q β K to obtain the values a 1,, a K [ Use Fast Fourier Transform: O K d time] 2. Picks unifom random r F, where p n 1 p (x) degree K polynomials For all i, j, p i β j = α j i for distinct β 1,, β K F poly dk F ε F is an extension field of F 3. hecks Q r = p 1 (r),, p n (r) [ Evaluate each p i on r, then evaluate Takes O s + K n time] orrectness: [Euler??] For every pair p(x), q(x) of distinct polynomials of degree D, p(r) = q(r) for D + 1 points r.

Thm: There is a proof system for UNSAT such that every UNSAT Boolean formula of poly(n) size has a proof of length ~ 2 n/2 verifiable with poly(n) bits of randomness in ~ 2 n/2 time. Proof: Let F be a field of char 2 n. Given a Boolean formula B: 1. Arithmetize B: WLOG, B has O log n depth. Define n-variate polynomial P over F equivalent to B (over 0, 1 n ) by replacing a b a b, a b a + b a b, a (1 a) For all a 0, 1 n, P a 1,, a n = B a 1,, a n 2. Partial-Sum P: Define a new polynomial P in n/2 variables: P x 1,, x n/2 a n/2+1,,a n {0,1} P x 1,, x n/2, a n/2+1,, a n Note that degree(p ) poly(n) and size(p ) 2 n/2 poly(n) 3. Apply Protocol! loud proves that P a = 0 for all a 0, 1 n/2 The proof is a polynomial Q y of degree poly(n) 2 n/2 over F such that Q β i = P a i, where a i 0, 1 n/2. Verifier checks Q(β i ) = 0 on all 2 n/2 relevant points.

onclusion Similar results hold for Permanent, ounting liques,., any problem in the class VNP 3-Round (AMA) proof system for QBF in 2 3n/4 time Are there more tombstones? Suppose we are given two arithmetic circuits (x), D(x) of size n, degree n, and one variable x. Testing whether D is easy: O n 2 deterministic time O n randomized time an D be tested in O n 1.999 A yes answer NSETH is false! time? Thank you!

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback