Computational Complexity Average Case Complexity, Lecture Notes - Computer Science, Study notes of Computational Methods

Prof. Salil Vadhan, Computer Science, Computational Complexity, Average-Case Complexity, Low-Degree Extensions, Harvard, Lecture Notes

Typology: Study notes

2010/2011

Uploaded on 10/28/2011

thecoral
thecoral 🇺🇸

4.5

(30)

395 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CS221: Computational Complexity Prof. Salil Vadhan
Lecture 27: Average-Case Complexity, Low-Degree Extensions
11/27 Scribe: Saurabh Sanghvi
Contents
1 Recap 1
2 Main Result 1
3 Multilinear Extension 3
Today we will finish up our coverage of average-case complexity with a proof of the theorem stated
last time, which effectively gave an example of a problem that is hard in the average-case if it is
hard in the worst-case.
1 Recap
Last time, we defined the problem Modular Permanent as follows:
Input: (1k,1p, M )pprime, p > k + 1, MZk×k
p(So k×kmatrix with entries in Zp).
Output: Perm(M) mod p
We are in the process of relating the worst-case complexity of this problem to its average-case
complexity under the distribution µk,p the uniform distribution over MZk×k
p.
Theorem 1 If there exists a probabilistic polynomial time (PPT) algorithm Asuch that
PrMµk,p [A(1k,1p, M )6= Perm(M) mod p]1
3(k+1) , then there exists a PPT algorithm Bsuch
that for every MZk×k
p,Prcoins of B[B(1k,1p, M)6= Perm(M) mod p]1/3
In particular, we’d have that ModPerm BPP, and thus P#P=BPP. (We proved ModPerm
was #P-hard last class). Note that this theorem is usually read negatively—since we don’t believe
these consequences hold, it is unlikely such an Aexists. The proof of this theorem follows (as shown
in the last class), from this more general one, which we will now prove:
2 Main Result
Theorem 2 For Ffinite field, |F| d+ 2, given oracle access to f:FmFdisagreeing with
some polynomial p:FmFof degree din fewer than 1
3(d+1) fraction of points in Fm, one can
compute peverywhere with high probability in time poly(d, m, log |F|).
1
pf3
pf4

Partial preview of the text

Download Computational Complexity Average Case Complexity, Lecture Notes - Computer Science and more Study notes Computational Methods in PDF only on Docsity!

CS221: Computational Complexity Prof. Salil Vadhan

Lecture 27: Average-Case Complexity, Low-Degree Extensions

11/27 Scribe: Saurabh Sanghvi

Contents

1 Recap 1

2 Main Result 1

3 Multilinear Extension 3

Today we will finish up our coverage of average-case complexity with a proof of the theorem stated last time, which effectively gave an example of a problem that is hard in the average-case if it is hard in the worst-case.

1 Recap

Last time, we defined the problem Modular Permanent as follows:

  • Input: (1k, 1 p, M ) p prime, p > k + 1, M ∈ Zkp× k(So k × k matrix with entries in Zp).
  • Output: Perm(M ) mod p

We are in the process of relating the worst-case complexity of this problem to its average-case complexity under the distribution μk,p — the uniform distribution over M ∈ Zkp ×k.

Theorem 1 If there exists a probabilistic polynomial time (PPT) algorithm A such that PrM ←μk,p [A(1k, 1 p, M ) 6 = Perm(M ) mod p ] ≤ (^) 3(k^1 +1) , then there exists a PPT algorithm B such

that for every M ∈ Zkp ×k, Prcoins of B[B(1k, 1 p, M ) 6 = Perm(M ) mod p] ≤ 1 / 3

In particular, we’d have that ModPerm ∈ BPP, and thus P#P^ = BPP. (We proved ModPerm was #P-hard last class). Note that this theorem is usually read negatively—since we don’t believe these consequences hold, it is unlikely such an A exists. The proof of this theorem follows (as shown in the last class), from this more general one, which we will now prove:

2 Main Result

Theorem 2 For F finite field, |F| ≥ d + 2, given oracle access to f : Fm^ → F disagreeing with some polynomial p : Fm^ → F of degree ≤ d in fewer than (^) 3(d^1 +1) fraction of points in Fm, one can compute p everywhere with high probability in time poly(d, m, log |F|).

Proof: The basic method we will use is called random self-reducibility—the process of taking an algorithm that works on random points and making it work at an arbitrary point.

More specifically, what is going to happen here is that we have a polynomial defined over an Fm hypercube, and we want to evaluate the polynomial at any given point, using an oracle that errs on a certain percentage of them. The strategy is to pick a random line coming out of the point. Since the points on this line are uniformly random, with high probability we’ll be able to evaluate the polynomial at sufficiently many points along the line. But since they are still related in this close way to the original point, using the value of the polynomial at those points we can interpolate and get the polynomial at the desired point.

Use the following algorithm to compute p(x), given oracle for f :

  1. Choose y R ← Fm.
  2. Define the line : F → Fm,(t) = x + ty.
  3. Query f ((1)),... f ((d + 1)).
  4. Interpolate to get a univariate polynomial q(t) of degree ≤ d such that q(i) = f (`(i)) for i = 1,... d + 1.
  5. Output q(0).

Before we formally analyze this proof, one should note the use of two key observations early on that gave us this algorithm:

  1. The first is noting that p((t)) is a univariate polynomial of t that has degree d. This is clear because p is a polynomial of n variables with degree at most d, and is linear—and so plugging in ` will not increase the degree. This is critical because basically we are trying to capture this polynomial with q to get p(x), without knowing p in general, and so we need it to have a particular low degree.
  2. Second, for all i ∈ F { 0 }, (i) is uniformly random in Fm. Granted, since each point lies on the same line they are very correlated and not independent, but still y is a completely random direction, and so each point x + ty is random. This property is critical to ensuring the likelihood that we can get p((t)).

Another note: the choice of 1,... , d + 1 as the points to be queried in step 3 was arbitrary—we just needed d + 1 distinct points in the field.

To analyze this, we want to bound the probability this algorithm fails—i.e., Pr[q(0) 6 = p(x)]. The following does just that:

Pr[q(0) 6 = p(x)] ≤ Pr[∃i ∈ { 1 ,... , d + 1} such that f ((i)) 6 = p((i))] (1) ≤ (d + 1) ·

3(d + 1)

(1) clearly holds because if in fact for all i, f ((i)) = p((i)), then clearly we will succeed because we will be able to recover p((t)) (by Observation 1) and so will correctly calculate p(x) = p((0)). Thus, the probability of failure is at most the probability that one f (`(i)) is wrong.

Corollary 4 If PSPACE 6 = BPP (or EXP 6 = BPP), then PSPACE (respectively, EXP) has a problem which is hard on average with respect to the uniform distribution. (That is, there will not be a PPT algorithm A solving the problem with error ≤ (^) p(^1 n) for some polynomial p).

Proof:

Let f ∈ PSPACE\BPP. Then fˆ ∈ PSPACE\BPP: fˆ ∈ PSPACE because fˆ ∈ PSPACEf^ , and f /ˆ∈ BPP because f reduces to fˆ. This means that fˆ is hard in the worst case.

But if there were to exist PPT algorithm A such that Prx[A(x) 6 = fˆ (x)] ≤ (^) 3(n^1 +1) , then by theorem

2 we would have that fˆ ∈ BPP. Contradiction—and so fˆ is hard on average.

(Note that the application of theorem 2 requires that the degree of fˆ is at most n.)

So with this corollary we now know how to relate average case with uniform distribution to the worst case, for #P and above. (The corollary won’t work with anything lower, of course, because then we won’t be able to conclude that fˆ is in that lower class, since at best we know fˆ ∈ P#P f ).

A reasonable question to ask here is: what about NP? As mentioned before cryptography is very interested in the average case, and so a similar result for NP would be most useful. Unfortunately, this is still an open problem. Ajtai in 1997 gave a worst-case/average-case equivalence for lattice problems (given an n-dimensional lattice L, find an approximately shortest vector in L), which are in NP but not known to be NP-complete (but the problems still appear to be hard—they are not known to be in BPP).

Looking back over these results, two points to take away are the important roles played by algebra and randomization:

  1. Algebra was found to be quite useful as computational problems and complexity classes can be encoded using polynomials, which are themselves tools of algebra. The benefit of doing this is that we can put the problem into an area where we have much more structure and machinery to prove results. We’ve seen this many times before: the result that Permanent is #P- complete gives a lot of structure to #P, we used polynomials to prove that Parity ∈/ AC 0 , and on the problem set you use polynomials to show that testing equivalence of read-once branching programs is in BPP.
  2. Similarly, randomization was crucial above: only through randomly picking that line were we able to bootstrap an algorithm that gets the polynomial right on a few points to one that gets it right with high probability on all points. In general, randomization seems to be very powerful in conjuction with algebra — intuitively because properties of polynomials tend to be reflected almost everywhere (and hence at random points).

Needless to say, these two tools show up together in many more parts of complexity theory, as we will see.