The Power and Limitations of Randomness in Computational Complexity, Exams of Cryptography and System Security

This document, presented by avi wigderson at the institute for advanced study, explores the role of randomness in computational complexity. Topics include the distinction between easy and hard problems, the power of randomness in saving time and space, and the weaknesses of randomness. The document also discusses the relationship between theorem proving and p versus np, and the power of randomness in various fields such as number theory, algebra, geometry, and learning theory.

Typology: Exams

Pre 2010

Uploaded on 08/30/2009

koofers-user-j78-1
koofers-user-j78-1 🇺🇸

10 documents

1 / 23

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Randomness
A computational complexity view
Avi Wigderson
Institute for Advanced Study
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17

Partial preview of the text

Download The Power and Limitations of Randomness in Computational Complexity and more Exams Cryptography and System Security in PDF only on Docsity!

Randomness

A computational complexity view

Avi Wigderson

Institute for Advanced Study

Plan of the talk

•^

Computational complexity

-- efficient algorithms, hard and easy problems,

P vs. NP

-^

The power of randomness

-- in saving time

-^

The weakness of randomness

-- what is randomness? -- the hardness vs. randomness paradigm

-^

The power of randomness

-- in saving space -- to strengthen proofs

Theorem Proving and P vs. NP

Theorem:

If

Theorem proving

is Easy

then

Factoring

is Easy

P vs. NP problem: Formal:

Is Theorem proving Easy?

Informal: Can creativity be efficiently automated?

Theorem proving : Input: a mathematical statement S (

e.g. Riemann’s hypothesis

and an integer n

Task: Find a proof of S (

e.g. in ZF

) of length

≤n

(if exists)

Theorem [Cook-Levin ‘71]:Theorem proving is NP-complete …. Numerous equally hard problems in all sciences

Fundamental question

Is NP

≠P?

How fast can we solve:

  • Factoring integers- Theorem proving- Computing the Permanent of a matrix -^

Deciding knottedness of a knot

-^

Solving a set of polynomial equations in finite fields

-^ …….Best known algorithms: exponential time/size.Is exponential time/size necessary for some?Conjecture 1 : YES

Coin Flips and Errors

Algorithms will make decisions using coin flips

(flips are independent and unbiased)

When using coin flips, we’ll guarantee:“task will be achieved, with probability >99%”Why tolerate errors? •^ We tolerate uncertainty in life •^ Here we can reduce error arbitrarily <exp(-n) •^ To compensate – we can do much more…

Number Theory: Primes

Problem 1 [Gauss]: Given x

∈[

n^ , 2

n+

], is x prime?

1975 [Solovey-Strassen, Rabin] : Probabilistic 2002 [Agrawal-Kayal-Saxena]: Deterministic !! Problem 2: Given n, find a prime in [

n^ , 2

n+

]

Algorithm: Pick at random x

, x 1

,…, x 2

1000n

For each x

apply primality test.i^

Prime Number Theorem

Pr [

i x

prime] > .99i^

Analysis: Fourier coefficients

Given (implicitely) a function f:(Z

n ) 2

(e.g. as a formula), and

Find all characters

such that |<f,

Comment : At most 1/

such

Algorithm [Goldreich-Levin ‘89] : …adaptive sampling…

Pr[ success ] >.

[AGS] : Extension to other Abelian groups. Applications: Coding Theory, Complexity Theory

Learning Theory, Game Theory

Geometry: Estimating Volumes

Algorithm [Dyer-Frieze-Kannan ‘91]:Approx counting

≈^

random sampling

Random walk inside K.Rapidly mixing Markov chain.

Analysis: Spectral gap

≈^

isoperimetric inequality

Applications: Statistical Mechanics, Group Theory

Given (implicitly) a convex body K in R

d^ (d large!)

(e.g. by a set of linear inequalities) Estimate

volume (K)

Comment: Computing volume(K) exactly is #P-complete

Hardness vs. Randomness

Theorems [Blum-Micali,Yao,Nisan-Wigderson,

Impagliazzo-Wigderson…] :

If there are natural hard problems Then randomness can be efficiently eliminated. Theorem [Impagliazzo-Wigderson ‘98] NP requires exponential

size
BPP=P

(every probabilistic polynomial-time algorithm has a deterministic counterpart) Theorem [IKW ’04, Impagliazzo-Kabanets ‘05] : Partial converse! Derandomization

Hardness

Computational Pseudo-Randomness

pseudorandom if

for

every efficient

algorithm, for

every input,

output

≈output

efficientdeterministic

none

pseudo-randomgenerator

algorithm

input

output

manyunbiasedindependent

n

algorithm

input

outputmanybiaseddependent

n

few

k ~ c log n

Derandomization

G^

efficient algorithm deterministicpseudo-randomgenerator

input

output^ n k ~ c log n

Deterministic algorithm: -^ Try all possible 2

k=n

c^ “seeds”

-^ Take majority vote^ Pseudorandomness

paradigm:

Can derandomize specific algorithms without assumptions! e.g. Primality Testing & Maze exploration

The Power of Randomness

In other settings…

Probabilistic Proof System

[Goldwasser-Micali-Rackoff, Babai ‘85]

Is a mathematical statement claim true? E.g.claim:

“No integers x, y, z, n>2 satisfy x

n^ +y

n^ = z

n “

claim:

“The Riemann Hypothesis has a 200 page proof” An efficient Verifier V(claim, argument) satisfies:) If claim is true then V(claim, argument) = TRUEfor some argument(in which case claim=theorem, argument=proof)*) If claim is false then V(claim, argument) = FALSEfor every argument

probabilistic

always with probability > 99%

Prover

Remarkable properties ofProbabilistic Proof Systems

  • Probabilistically Checkable Proofs (PCPs) - Zero-Knowledge (ZK) proofs