Permanent is hard to compute even on a good day

Similar documents
Highly resilient correctors for polynomials

Decoding Reed-Muller codes over product sets

Notes 10: List Decoding Reed-Solomon Codes and Concatenated codes

List Decoding in Average-Case Complexity and Pseudorandomness

Lecture 6. k+1 n, wherein n =, is defined for a given

Lecture 12: November 6, 2017

Computing Error Distance of Reed-Solomon Codes

Lecture 3: Error Correcting Codes

Lecture 03: Polynomial Based Codes

Self-Testing Polynomial Functions Efficiently and over Rational Domains

A Combinatorial Bound on the List Size

Berlekamp-Massey decoding of RS code

Proof: Let the check matrix be

12. Perturbed Matrices

Error Correcting Codes Questions Pool

Algebra Exam. Solutions and Grading Guide

Chapter 6 Reed-Solomon Codes. 6.1 Finite Field Algebra 6.2 Reed-Solomon Codes 6.3 Syndrome Based Decoding 6.4 Curve-Fitting Based Decoding

Questions Pool. Amnon Ta-Shma and Dean Doron. January 2, Make sure you know how to solve. Do not submit.

1 Randomized Computation

CS 6820 Fall 2014 Lectures, October 3-20, 2014

On the NP-Hardness of Bounded Distance Decoding of Reed-Solomon Codes

Locally Decodable Codes

Algebraic Codes for Error Control

Notes on Alekhnovich s cryptosystems

Notes for the Hong Kong Lectures on Algorithmic Coding Theory. Luca Trevisan. January 7, 2007

Coding Theory. Ruud Pellikaan MasterMath 2MMC30. Lecture 11.1 May

Lecture 21: P vs BPP 2

Lecture 4: Proof of Shannon s theorem and an explicit code

Codes over Subfields. Chapter Basics

On Irreducible Polynomial Remainder Codes

Decoding Interleaved Gabidulin Codes using Alekhnovich s Algorithm 1

Reed-Solomon codes. Chapter Linear codes over finite fields

An Interpolation Algorithm for List Decoding of Reed-Solomon Codes

6.895 PCP and Hardness of Approximation MIT, Fall Lecture 3: Coding Theory

Lecture 2: Vector Spaces, Metric Spaces

Generalized Reed-Solomon Codes

Theorem 11.1 (Lund-Fortnow-Karloff-Nisan). There is a polynomial length interactive proof for the

: Error Correcting Codes. October 2017 Lecture 1

Last time, we described a pseudorandom generator that stretched its truly random input by one. If f is ( 1 2

Lecture 12: Reed-Solomon Codes

Algebraic Soft-Decision Decoding of Reed Solomon Codes

IP = PSPACE using Error Correcting Codes

Linear Algebra, Summer 2011, pt. 2

MATH 320, WEEK 6: Linear Systems, Gaussian Elimination, Coefficient Matrices

Lecture Introduction. 2 Formal Definition. CS CTT Current Topics in Theoretical CS Oct 30, 2012

MATH 115, SUMMER 2012 LECTURE 12

Linear-algebraic pseudorandomness: Subspace Designs & Dimension Expanders

atri/courses/coding-theory/book/

D-MATH Algebra I HS18 Prof. Rahul Pandharipande. Solution 6. Unique Factorization Domains

Lecture 26: QIP and QMIP

Randomized Algorithms

From the Shortest Vector Problem to the Dihedral Hidden Subgroup Problem

PREDICTING MASKED LINEAR PSEUDORANDOM NUMBER GENERATORS OVER FINITE FIELDS

6.841/18.405J: Advanced Complexity Wednesday, April 2, Lecture Lecture 14

Complexity of Decoding Positive-Rate Reed-Solomon Codes

The Complexity of the Permanent and Related Problems

(x 1 +x 2 )(x 1 x 2 )+(x 2 +x 3 )(x 2 x 3 )+(x 3 +x 1 )(x 3 x 1 ).

Solving with Absolute Value

Generalization of Gabidulin Codes over Fields of Rational Functions

Orthogonal Arrays & Codes

A New Approximation Algorithm for the Asymmetric TSP with Triangle Inequality By Markus Bläser

Lecture 2: January 18

Polylogarithmic Round Arthur-Merlin Games and Random-Self-Reducibility

Final Review Sheet. B = (1, 1 + 3x, 1 + x 2 ) then 2 + 3x + 6x 2

Nondeterminism LECTURE Nondeterminism as a proof system. University of California, Los Angeles CS 289A Communication Complexity

RON M. ROTH * GADIEL SEROUSSI **

Errors, Eavesdroppers, and Enormous Matrices

TREVOR HYDE AND JOSEPH KRAISLER

Black Box Linear Algebra

Low-Degree Polynomials

Error Correcting Codes: Combinatorics, Algorithms and Applications Spring Homework Due Monday March 23, 2009 in class

Chapter 7 Reed Solomon Codes and Binary Transmission

MATH32031: Coding Theory Part 15: Summary

SIGACT News Complexity Theory Column 25

An analogy from Calculus: limits

THE DIVISION THEOREM IN Z AND R[T ]

And for polynomials with coefficients in F 2 = Z/2 Euclidean algorithm for gcd s Concept of equality mod M(x) Extended Euclid for inverses mod M(x)

Lecture 4. P r[x > ce[x]] 1/c. = ap r[x = a] + a>ce[x] P r[x = a]

The Hamming Codes and Delsarte s Linear Programming Bound

MATH 291T CODING THEORY

Theorem 5.3. Let E/F, E = F (u), be a simple field extension. Then u is algebraic if and only if E/F is finite. In this case, [E : F ] = deg f u.

MAT 585: Johnson-Lindenstrauss, Group testing, and Compressed Sensing

Maximum-Likelihood Decoding of Reed-Solomon Codes is NP-hard

Skew Cyclic Codes Of Arbitrary Length

Basic Probabilistic Checking 3

IRREDUCIBILITY TESTS IN Q[T ]

MSRI-UP 2009 PROJECT TOPIC IDEAS. 1. Toric Codes. A first group of project topics deals with a class of codes known as toric codes.

The number of message symbols encoded into a

The Growth of Functions. A Practical Introduction with as Little Theory as possible

0.1. Linear transformations

The Tensor Product of Two Codes is Not Necessarily Robustly Testable

Monotone Submodular Maximization over a Matroid

Improved low-degree testing and its applications

Non-Asymptotic Theory of Random Matrices Lecture 4: Dimension Reduction Date: January 16, 2007

Introduction to finite fields

arxiv: v1 [cs.it] 1 Sep 2015

Lecture 4: Constructing the Integers, Rationals and Reals

Lecture 10 + additional notes

Optimality, Duality, Complementarity for Constrained Optimization

Lecture 9: List decoding Reed-Solomon and Folded Reed-Solomon codes

Transcription:

Permanent is hard to compute even on a good day Yuval Filmus September 11, 2012 Abstract We give an exposition of Cai, Pavan and Sivakumar s result on the hardness of permanent. They show that assuming it is hard to compute the permanent in the worst case, an algorithm cannot compute the permanent correctly even on (say) a 1/n fraction of the inputs. 1 Introduction Complexity theory usually analyzes problems and algorithm from the worstcase point of view. However, in practice, one is often more interested in what happens on the average. Sometimes one can show that a specific problem, which is known to be hard in the worst-case, is also hard on average. One way of doing this is to give a reduction from an algorithm which works on average to an algorithm which works on an arbitrary input (with high probability, regardless of the input). In this talk we will do just that for the problem of computing the permanent. The permanent of an n n matrix A is per A = n a iπ(i). π S n In other words, the permanent is defined like the determinant, only without the signs. This makes a big difference: while the determinant can be computed in polynomial time using Gaussian elimination, computing the permanent is hard for #P. Note, however, that when the underlying field has characteristic two, then the permanent is equal to the determinant, and so easy to compute. Instead, one often considers the problem of computing the permanent of a 0/1 matrix over the integers, or, equivalently, over Z p for a prime p in the range [n!, 2n!]. We will focus on the problem of computing the permanent of a matrix with arbitrary entries over a finite field which is big enough. The size of the finite field, which we denote by q, will have to grow with n. This setting is somewhat unnatural, but the results can also be cast in terms of permanents over the integers. 1

2 Testing Suppose you have written an algorithm that computes the permanent. How can you check your algorithm? Two ideas come to mind. The first idea uses the expansion of the permanent along the first row: per A = a 1i A 1i, (1) where A ij is the (i, j)-minor of A. This equation gives rise to the following algorithm: Compute per A and per A 1i for i [n]. Verify that (1) holds. Choose an arbitrary i [n], and use the same procedure to verify the value of per A 1i. The procedure stops once the matrix gets small enough so that we can compute the permanent using a reliable algorithm. The second idea, due to Lipton [4], uses the fact that the permanent is a sum of terms, each having n factors. This implies that for any two matrices A, B of size n n, the function f(t) = per(a + tb) is a polynomial of degree n. In order to test our algorithm, we evaluate f(t) at many points (at least n + 1), and check that the result corresponds to some polynomial of degree n. 3 Verification Now suppose you re in a slightly different scenario: someone else has written an algorithm that computes the permanent, and you want to use it to compute the permanent of some matrix A. However, you don t trust the other party. Therefore you use the following interactive protocol, due to Lund, Fortnow, Karloff and Nisan [5] (they attribute this version of the protocol to Babai; see also Feige and Lund [2]). Obtain the value of per A and per A 1i for i [n]. Verify that (1) holds. Define the matrix B t = δ i (t)a 1i, where δ i is a polynomial of degree n 1 such that δ i (i) = 1 and δ i (j) = 0 for j [n] i. Determine the n(n 1)-degree polynomial f(t) = per B t by obtaining its value on n(n 1) + 1 points. Generate a random t and run the procedure recursively on B t. 2

As before, the procedure stops once the matrix gets so small that we can evaluate the permanent on our own. If the value of per A is wrong, then at least one of the values of per A 1i is wrong. Therefore the polynomial f(t) we compute is wrong. The correct polynomial g(t) also has degree n(n 1), and so f(t) and g(t) can agree on at most n(n 1) points. Therefore with probability 1 n(n 1)/p, f(t) per B t for the t we choose in the last step. If p is large enough (say at least n 4 ), then with high probability the mistake will propagate all the way down to a point where we can notice it by computing the permanent of the relevant matrix. 4 Average-case to worst-case It s time to go back to our original goal, that of showing that the permanent is hard even on average. When does an algorithm solve the permanent on average? In order to quantify the quality of an algorithm, we consider its performance on random matrices (this is the reason we work over a finite field rather than over the integers). Arguably, we should say that an algorithm works on average if there is only a small fraction of inputs which confuse it. Suppose, for example, that we have an algorithm P that computes the permanent of an n n matrix correctly with probability 1 1/3n. The following algorithm by Lipton [4] computes the permanent of an arbitrary n n matrix A correctly with probability at least 2/3. (To get a fix on the correct value, run the algorithm many times and take a plurality vote.) Let B be a random n n matrix. Compute the degree-n polynomial f(t) = per(a + tb) by sampling n + 1 random points. Return f(0). For each t 0, the matrix A + tb is random, and so the value of f(t) is correct with probability 1 1/3n. Therefore f(t) is computed correctly with probability roughly 2/3. 5 Usual-case to worst-case Lipton s algorithm stops working once the success probability of P is bounded away from 1. However, a very similar procedure works even if P succeeds only with probability α = 1/2 + ɛ. We need to make two adjustments to Lipton s algorithm. First, we need to make the matrices whose permanent is sampled more independent. Second, we need a procedure that allows us to compute the polynomial f(t) in the presence of errors. Here is the resulting algorithm, due to Gemmell and Sudan [3]. Let B, C be random n n matrices. 3

Evaluate the degree-2n polynomial f(t) = per(a + tb + t 2 C) by sampling N arbitrary non-zero points and using the Berlekamp-Welch decoding algorithm. Return f(0). Previously, we only needed to use the fact that the matrices A + tb (for t 0) are individually random. If P succeeds with high probability, then the union bound allows us to deduce that it succeeds on many of the matrices A+tB at once. Here, however, the situation is different: we don t expect the algorithm to succeed on all of the instances. Rather, the best we can hope for is getting the correct answers on αn of the input points. In order to deduce such a concentration of measure property, we need to assume something stronger. The matrices A + tb + t 2 C are pairwise independent, and so Chebyshev s inequality allows us to deduce that with high probability, the number of correct answers is indeed close to αn. Previously, we computed the polynomial f(t) given n + 1 points (t, f(t)). We didn t mention how this is done, but one way is solving linear equations. In the present case, only αn of the pairs (t, f(t)) are correct, and so this method breaks down. We are in the setting of error-correcting codes. Given a set T of N inputs, each polynomial P (t) of degree d = 2n gives rise to the codeword P (t) t T. Two codewords can agree on at most d points, hence the code has minimal distance N d. Coding theory tells us that we can hope to correct up to (N d 1)/2 errors. In other words, we need to get at least (1/2+(d+1)/2N)N of the points right. For every α > 1/2, we can choose N large enough so that α > 1/2 + (d + 1)/2N. Then we can at least hope to be able to determine the correct polynomial P (t). We note in passing that it is possible to sample N random points only if the underlying field has at least N elements. This is why we need the underlying field to be large enough. Can we correct (N d 1)/2 errors? Berlekamp and Welch designed (and patented) an efficient algorithm that does just that, in the context of Reed- Solomon codes (these are codes in which the set T consists of the entire field). Here is how their algorithm works. Suppose f(t) is the actual polynomial, and (t, P (t)) t T are our samples, of which those in W T are incorrect. Then for any t T, E(t)P (t) = E(t)f(t), where E(t) = (t w). w W We can convert this into linear equations in terms of the coefficients of E(t) and of Q(t) = E(t)f(t). In total, the number of unknowns is 2 deg E + deg f + 2 = N d 1 + d + 2 = N + 1. Since the total number of equations is N, there is at least one non-trivial solution (E(t), Q(t)), from which we can compute f(t) = Q(t)/E(t). Are there extraneous solutions? If there are two non-trivial solutions (E 1 (t), Q 1 (t)), (E 2 (t), Q 2 (t)), 4

then E 1 (t)q 2 (t) = E 1 (t)e 2 (t)p (t) = E 2 (t)q 1 (t). Since deg E i + deg Q j = N 1 and the two polynomials E 1 (t)q 2 (t), E 2 (t)q 1 (t) agree on N points, it follows that E 1 (t)q 2 (t) = E 2 (t)q 1 (t) and so Q 1 (t)/e 1 (t) = Q 2 (t)/e 2 (t). 6 Lucky-case to worst-case Gemmell and Sudan s algorithm breaks when the success probability of P drops below 1/2. The problem is that it is not possible to decode an error-correcting code unless at least half the symbols are correct. This is true for any code: suppose that C 1 and C 2 are two different codewords. Form a codeword C by taking the first half of C 1 and the second half of C 2. We can think of C both as coming from C 1 with only half the symbols correct, or as coming from C 2 with only half the symbols correct. How prevalent is this situation, though? The code we considered above has q d+1 codewords, each lying inside a space of size q N. The size of each Hamming ball of radius N/2 is roughly 2 N (q 1) N/2. Hence on average, a point in space is N/2-close to this many codewords: q d+1 2 N (q 1) N/2 q N. For reasonable values of q and N, this number is very small. Hence if we take a codeword and change half of its coordinates, then most of the time it will be N/2-close only to its original codeword. We get similar results even with a smaller fraction of correct symbols. This suggests the following heuristic algorithm, which can handle a smaller success probability of P: run the same algorithm as Gemmell and Sudan s, using a different procedure to obtain f(t). We expect that most of the time, we will be able to determine f(t) uniquely. The problem with this heuristic algorithm is that the pattern of errors can be complicated, since all we know about the values A + tb + t 2 C are that they are pairwise independent. Also, our reasoning assumed the results are random, whereas we know that they are somewhat close to a codeword. So we have to relax the demand that f(t) be obtained uniquely. This leads us to the concept of list decoding. Using an algorithm of Sudan (which we describe below), for appropriate values of α and N it is possible to get a small list of possible values for f(t). The list will often contain only one polynomial, but might potentially contain more. Sudan s algorithm guarantees that the size of the list will be reasonable (polynomial in n). Given a list of possible values of f(t), how do we know which one is correct? The trick is to use the LFKN protocol, described above, as part of the procedure. Here is the algorithm of Cai, Pavan and Sivakumar [1]. Let B, C be random n n matrices. 5

Evaluate the degree-n(n + 1) polynomial f(t) = per M t, M t = at N arbitrary points t > n. n δ i (t)a 1i + (B + tc) (t i) Using Sudan s (or Guruswami s) list decoding algorithm, obtain a small list F of possible polynomials. Find a point t on which all the polynomial in F disagree. Recursively compute the permanent of M t. Find the unique polynomial f F such that f(t ) = per M t, and return a 1i f(i). For t > n, the matrices M t are pairwise independent, and so all the preceding reasoning still holds. Sudan s list decoding algorithm will leave us with a reasonably small list of possible polynomials of degree d = n(n + 1). Any two of them can agree on at most n(n + 1) points, so as long as F 2 2q/n(n + 1), we will be able to find a point t on which all polynomials in F disagree. By taking N large enough, the error probability in each step of the algorithm will be so small that altogether, the algorithm will succeed with high probability. (An aside: Chebyshev s lemma gives quite mild guarantees on the fraction of errors among the N sample points, and so in order to guarantee a small overall success probability, we need to stop the process at some large constant n. Alternatively, we could use a random polynomial of degree n instead of B + tc. The resulting matrices M t are n-wise independent, and so we get Chernoff-like concentration, see Schmidt, Siegel and Srinivasan [6].) It remains to determine for what values of N it is possible to obtain the small list F alluded to above. Here is one algorithm for the problem, Sudan s algorithm. Suppose we could find a bivariate polynomial G(x, y) of small degree such that G(t, P (t)) = 0 for any sample point (t, P (t)) t T. If f(t) is a polynomial of degree d such that P agrees with d on more than r points, then G(t, f(t)) = 0 has more than r zeroes. Hence, if we could guarantee that deg G(t, f(t)) r, we can deduce that G(t, f(t)) is the zero polynomial. It follows (using some algebra 1 ) that y f(x) divides G(x, y) as a polynomial. Thus we can obtain the list F by factorizing G(x, y) (which is possible to accomplish efficiently using sophisticated randomized algorithms), and the size of the list is bounded by the degree of y in G(x, y). 1 We can think of G(x, y) as a polynomial in y over the field R(x), where R is the underlying field we are working inside. Since G(x, f(x)) = 0, the polynomial has the root y = f(x), and so y f(x) G(x, y) as a polynomial in y over R(x). However, y f(x) is monic and so primitive, hence Gauss s lemma implies that y f(x) G(x, y) as a polynomial in y over R[x], in other words over R[x, y]. 6

How do we find such a polynomial G(x, y)? We know that all the monomials of G(x, y) must be of the form x i y j, where i + dj r. The number of such monomials is r/d (r dj) r2 2d. j=0 If this number is larger than N, then we can find such a polynomial by solving linear equations, since there are more variables than equations. This leads to the bound r 2 2dN. The size of the list is at most r/d 2N/d. (Guruswami developed an algorithm which can handle dn instead of 2dN correct values, and this matches a general bound known as the Johnson bound. It is not known whether more errors can be corrected.) In our case, r = αn, and so this method requires N 2d/α 2 = 2n(n + 1)/α 2. This means that as long as α is inversely polynomial, our algorithm is polynomial-time. References [1] Jin-Yi Cai, A. Pavan, and D. Sivakumar. On the hardness of permanent. In Proceedings of the 16th annual conference on Theoretical aspects of computer science, STACS 99, pages 90 99, Berlin, Heidelberg, 1999. Springer-Verlag. [2] Uriel Feige and Carsten Lund. On the hardness of computing the permanent of random matrices. Comp. Comp., 6:643 654, 1992. [3] Peter Gemmell and Madhu Sudan. Highly resilient correctors for polynomials. Inf. Process. Lett., 43(4):169 174, Sep 1992. [4] Richard Lipton. New directions in testing. In Distributed computing and cryptography, DIMACS, 1991. [5] Carsten Lund, Lance Fortnow, Howard Karloff, and Noam Nisan. Algebraic methods for interactive proof systems. In Proceedings of the 31st Annual Symposium on Foundations of Computer Science, SFCS 90, pages 2 10 vol.1, Washington, DC, USA, 1990. IEEE Computer Society. [6] Jeanette P. Schmidt, Alan Siegel, and Aravind Srinivasan. Chernoffhoeffding bounds for applications with limited independence. SIAM J. Discret. Math., 8(2):223 250, May 1995. 7

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback