ebook img

Succinct Hitting Sets and Barriers to Proving Algebraic Circuits Lower Bounds PDF

0.42 MB·
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Succinct Hitting Sets and Barriers to Proving Algebraic Circuits Lower Bounds

Succinct Hitting Sets and Barriers to Proving Algebraic Circuits Lower Bounds Michael A.Forbes AmirShpilka† BenLee Volk† ∗ 7 1 0 2 Abstract n We formalizea frameworkof algebraicallynaturallower boundsforalgebraiccircuits. Just a as with the natural proofs notion of Razborov and Rudich [RR97] for boolean circuit lower J bounds, our notion of algebraically natural lower bounds captures nearly all lower bound 9 techniquesknown. However,unlikethebooleansetting, therehasbeennoconcreteevidence 1 demonstrating that this is a barrier to obtaining super-polynomial lower bounds for general ] algebraic circuits, as there is little understanding whether algebraic circuits are expressive C enoughtosupport“cryptography”secureagainstalgebraiccircuits. C Following a similar result of Williams [Wil16] in the boolean setting, we show that the s. existence of analgebraicnaturalproofsbarrierisequivalent tothe existence ofsuccinct deran- c domization of the polynomial identity testing problem. That is, whether the coefficient vec- [ torsofpolylog(N)-degreepolylog(N)-sizecircuitsisahittingsetfortheclassofpoly(N)-degree 1 poly(N)-sizecircuits. Further,wegiveanexplicituniversalconstruction showingthatif such v asuccincthittingsetexists,thenouruniversalconstructionsuffices. 8 Further, we assess the existing literature constructing hitting sets for restricted classes of 2 algebraic circuits and observe that none of them are succinct as given. Yet, we show how to 3 5 modify some of these constructions to obtain succinct hitting sets. This constitutes the first 0 evidencesupportingtheexistenceofanalgebraicnaturalproofsbarrier. 1. OurframeworkissimilartotheGeometricComplexityTheory(GCT)programofMulmu- 0 leyandSohoni[MS01],exceptthathereweemphasizeconstructivenessoftheproofswhilethe 7 GCTprogramemphasizessymmetry. Nevertheless,oursuccincthittingsetshaverelevanceto 1 theGCTprogramastheyimplylowerboundsforthecomplexityofthedefiningequationsof : v polynomialscomputedbysmallcircuits. i X r a ∗Simons Institute for the Theory of Computing, at the University of California, Berkeley. E-mail: [email protected]. Thisworkwas performedwhen the author was atStanford University, while supported bytheNSF,includingNSFCCF-1617580,andtheDARPASafewareprogram. †Department of Computer Science, Tel Aviv University, Tel Aviv, Israel, E-mails: [email protected], [email protected]. TheresearchleadingtotheseresultshasreceivedfundingfromtheEuropeanCommunity’s SeventhFrameworkProgramme(FP7/2007-2013) undergrantagreementnumber257575andfromtheIsraelScience Foundation(grantnumber552/16). 1 Introduction Computational complexity theory studies the limits of efficient computation, and a particular goal is to quantify the power of different computational resources such as time, space, non- determinism,andrandomness. Suchquestionscanbeinstantiatedasaskingtoproveequalitiesor separations betweencomplexity classes, such as resolving P versus NP. Indeed,there have been various successes: the (deterministic) time-hierarchy theorem showing that P = EXP ([HS65]), 6 circuit lowerboundsshowingthatAC0 = P([Ajt83,FSS84,Yao85,Ha˚s89]),andinteractiveproofs 6 showing IP = PSPACE ([LFKN92, Sha90]). However, for each of these seminal works we have now established barriers for why their underlying techniques cannot resolve questions such as P versus NP. Respectively, the above results are covered by the barriers of relativization of Baker, Gill and Solovay [BGS75], natural proofs of Razborov and Rudich [RR97], and algebraization of Aaronsonand Wigderson[AW09]. Inthis workwerevisit thenaturalproofsbarrier ofRazborov and Rudich [RR97] and seek to understand how it extends to a barrier to algebraic circuit lower bounds. While previous works have considered versions of an algebraic natural proofs barrier, wegivethefirstevidenceofsuchabarrieragainstrestrictedalgebraicreasoning. Natural Proofs: The setting of Razborov and Rudich [RR97] is that of non-uniform complexity, whereinsteadofconsideringaTuringmachinesolvingaproblemonallinputsizes,oneconsiders a modelsuch as boolean circuits wherethe computationaldevice can change with thesize ofthe input. While circuits are at least as powerful as Turing machines, and can even (trivially) com- pute undecidable languages, their ability to solve computational problems of interest can seem closertouniformcomputation. Forexample,ifcircuitscansolveNP-hardproblemsthenthereare unexpected implications for uniform computation similar to P = NP (the polynomial hierarchy collapses ([KL82])). As such, obtaining lower bounds for boolean circuits was seen as a viable methodtoindirectlytackleTuringmachinelowerbounds,withthebenefitofbeingabletoappeal to more combinatorial methods and thus bypassing the relativization barrier of Baker, Gill and Solovay[BGS75]whichseemstoobstructmostmethodsthatcanexploituniformity. There have been many important lower bounds obtained for restricted classes of circuits: constant-depth circuits ([Ajt83, FSS84, Yao85, Ha˚s89]), constant-depth circuits with prime mod- ulargates([Raz87,Smo87]),aswellaslowerboundsformonotonecircuits([Raz85,AB87,Tar88]). Razborov and Rudich [RR97] observed that many of these lower bounds prove more than just a lower bound for a single explicit function. Indeed, they observed that such lower bounds often distinguish functions computable by small circuits from random functions, and in fact they do so efficiently. Specifically,anaturalproperty PisasubsetofbooleanfunctionsP f : 0,1 n n 1 0,1 withthefollowingproperties.1 ⊆ ∪ ≥ { { } → { }} 1. Usefulness: If f : 0,1 n 0,1 iscomputable bypoly(n)-sizecircuits than f hasproperty { } → { } P. 2. Largeness: Randomfunctions f : 0,1 n 0,1 donothavethepropertyPwithnoticeable { } → { } probability,thatis,withprobabilityatleast1/poly(N) = 2 O(n). − 3. Constructivity: Givenatruth-tableofafunction f : 0,1 n 0,1 ,ofsize N = 2n,deciding { } → { } whether f hasthepropertyPcanbecheckedinpoly(N) = 2O(n) time. 1TheRazborovandRudich[RR97]definitionofanaturalpropertyactuallyappliestothecomplementoftheprop- ertyPweusehere.Thisisatrivialdifferenceforbooleancomplexity,butisimportantforalgebraiccomplexityasthere naturalpropertiesareone-sided,seeSection1.2. 1 To obtain a circuit lower bound, a priori one only needs to obtain a (non-trivial) property P that is useful in the above sense. However, Razborov and Rudich [RR97] showed that (possibly after asmallmodification)mostcircuitlowerbounds(suchasthoseforconstant-depthcircuits([Ajt83, FSS84, Yao85, Ha˚s89, Raz87, Smo87])) yield large and constructive properties, and called such lowerboundsnaturalproofs. Further, Razborov and Rudich [RR97] argued that standard cryptographic assumptions im- plythatnaturalproofscannotyieldsuper-polynomiallowerboundsagainstanyrestrictedclassof circuits that is sufficiently rich to implement cryptography. That is, a pseudorandom function is an efficiently computable function f : 0,1 n 0,1 λ 0,1 such that when sampling the key { } ×{ } → { } k 0,1 λ at random the resulting distribution of functions f( ,k) is computationally indistin- ∈ { } · guishablefromatrulyrandomfunctionf : 0,1 n 0,1 . Theexistenceofpseudorandomfunc- { } → { } tions follows from the existence of one-way functions ([HILL99, GGM86]) which is essentially the weakest interesting cryptographic assumption. There are even candidate constructions of pseu- dorandom functions computable by polynomial-size constant-depth threshold circuits (TC0) as givenbyNaorandReingold[NR97],whosesecurityrestsontheintractability ofdiscrete-logand factoring-type assumptions (see also Krause and Lucks [KL01]). As such, it is widely-believed that there are pseudorandom functions, even ones computationally indistinguishable from ran- domexcepttoadversariesrunninginexp(λΩ(1))-time. In contrast, Razborov and Rudich [RR97] showedthat a natural proof usefulagainst poly(n)- size circuits can distinguish a pseudorandomfunction from a truly random function in poly(2n)- time, which would contradict the believed exp(λΩ(1))-indistinguishability when taking λ to be a largeenoughpolynomialinn. Thatis,supposePisanaturalproperty. Thenforapseudorandom function f( , ) and each value k 0,1 λ of the key, the resulting function f( ,k) : 0,1 n · · ∈ { } · { } → 0,1 hasapoly(n)-sizecircuit,andhaspropertyP(byusefulness). Incontrast,randomfunctions { } will not have property P with noticeable probability (by largeness). As the property is construc- tive,thisgivesapoly(2n)-timealgorithmdistinguishing f( ,k)fromarandomfunction,asdesired. · While the natural proofs barrier has proved difficult to overcome, there are results that seem to circumvent it. For example, the barrier does not seem to apply to the lower bounds obtained formonotonecircuits([Raz85]),astherethenotionofa“randommonotonefunction”isnotwell- defined. Further, there are results (such as Williams’ [Wil14] result of ACC0 = NEXP) that cir- 6 cumvent the natural proofs barrier by incorporating techniques from uniform complexity. Other work has demonstrated that relaxing the notion of natural proof can avoid the implications to breaking cryptography. Chow [Cho11] has shown that almost natural proofs (which relax large- nessslightly)canprovesuper-polynomialcircuitlowerbounds(underplausiblecryptographicor complexity-theoretic assumptions). Williams [Wil16] has shown, among other results, that some circuitlowerbounds(suchasforEXPorNEXP)areequivalenttoconstructive(non-trivial)proper- tiesusefulagainstsmallcircuits, whichyethavenoneedforanysortoflargeness. Chapman and Williams [CW15] have shown that obtaining circuit lower bounds for a self-checkable problem (such as SAT) is essentially equivalent to obtaining a natural property against circuits that “check theirwork”. Theseworkssuggestthattheexactimplicationsofthenaturalproofsbarrierremains notfullyunderstood. AlgebraicNaturalProofs: Algebraiccircuitsarethemostnaturalmodelforcomputingpolyno- mialsbyusingadditionandmultiplication. Whilemorerestrictedthangeneral(boolean)compu- tation, proving lower bounds for algebraic circuits has proved challenging. Yet, we do not have formal barrier results for understanding the difficulty of such lower bounds. While such lower bounds are not a priori subject to the natural proofs barrier due to the formal differences in the 2 computationalmodel,therelevanceoftheideasofnaturalproofstoalgebraiccircuitshasbeenre- peatedlyasked. Aaronson-Drucker[AD08] as well as Grochow [Gro15]noticedthat many ofthe prominentalgebraic circuit lowerbounds(suchas [Nis91a,NW97, Raz06,RY09])are algebraically natural,inthattheyobeyaalgebraicformofusefulness,largeness,andconstructivity. While this would seemingly then imply a Razborov and Rudich [RR97]-type barrier for ex- isting techniques, there is a key piece missing: we have very little evidence for the existence of algebraic pseudorandom functions. That is, the pseudorandom functions used by Razborov and Rudich[RR97]arebooleanfunctions,andnaiveattemptstoalgebrizethemseeminglydonotyield pseudorandompolynomials. Indeed,asalgebraiccircuitsareacomputationalmodelweakerthan generalcomputation,it is conceivable thattheyare tooweaktoimplementcryptography,sothat naturalproofsbarrierwouldnotapply. Incontrast,itisalsoconceivablethatalgebraiccircuitsare soweakthattheycan compute“enough”cryptographytobesecureagainst algebraiccircuits, so thatanaturalproofsbarrierwouldapply. Our Work: In this work we formalize the study of pseudorandom polynomials by exhibiting thefirstconstructionsprovablysecureagainstrestrictedclassesofalgebraiccircuits. Inparticular, we follow Williams [Wil16] in treating the existence of a natural proofs barrier as the problem of succinct derandomization: replacing randomness with pseudorandomness that further has a succinctdescription. Werevisitexistingderandomizationofrestrictedclassesofalgebraiccircuits andshow(vianon-trivialmodification)thattheycanbemadesuccinctinmanycases. Recently, and independently of our work, Grochow, Kumar, Saks, and Saraf [GKSS17] ob- servedasimilarconnectionbetweenanaturalproofsbarrierforalgebraiccircuitsandsuccinctde- randomization. TheirworkalsopresentsconnectionswithGeometricComplexityTheory(which wediscussbelowin Section1.7) andalgebraic proofcomplexity. However,unlike ourworkthey donotpresentanyconstructionsofsuccinctderandomization. 1.1 AlgebraicComplexity Wenowdiscussthealgebraic settingforwhich wewishtodiscussthenaturalproofsbarrier. Al- gebraic complexity theorystudiesthe complexity ofsyntactic computation of polynomials using algebraic operations. Themostnatural modelofcomputationis that ofan algebraic circuit, which isadirectedacyclicgraphwhoseleavesarelabeledbyeithervariables x ,...,x orelementsfrom 1 n the field F, and whose internal nodes are labeled by the algebraic operations of addition (+) or multiplication ( ). Each node in the circuit computes a polynomial in the natural way, and the × circuit has oneor moreoutput nodes, which are nodesofout-degreezero. The size ofthecircuit is definedtobethenumberofwires,andthedepthisdefinedtobethelengthofalongestpathfrom an inputnodetotheoutputnode. Asusual,acircuit whoseunderlyinggraphisatreeiscalled a formula. Onecanassociatevariouscomplexityclasseswithalgebraiccircuits,andthemostimpor- tantonefor usis VP, whichtheclassesofn-variate polynomials withpoly(n)-degreecomputable by poly(n)-size algebraic circuits. Thereis also VNP, which we will informally defineas the class of“explicit”polynomials. A central open problem in algebraic complexity theory is proving super-polynomial lower bound for the algebraic circuit size of any explicit polynomial, that is, proving VP = VNP. Sub- 6 stantial attention has been given to this problem, using various techniques that leverage non- trivial algebraic tools to study the syntactic nature of these circuits. Indeed, our knowledge of algebraic lower bounds seem to surpass that of boolean circuits, as we have super-linear lower boundsforgeneralcircuits([Str73,BS83])—agoalasyetunachievedinthebooleansetting. Sim- ilarly, there are a wide array of super-polynomial or even exponential lower bounds known for 3 various weaker models of computation such as non-commutative formulas ([Nis91a]), multilin- ear formulas ([Raz09, RY08]), and homogeneousdepth-3 and depth-4 circuits ([NW97, GKKS16, KSS14, FLMS14, KLSS14, KS14]). We refer the reader to Saptharishi [Sap16] for a continuously- updatingcomprehensivecompendiumoftheselowerbounds. However, this landscape might still feel reminiscent of the boolean setting, in that there are various restricted models where lower bounds techniques are known, and yet lower bounds for general circuits or formulas remain relatively poorly understood. Yet, there has been some sig- nificant recent cause for optimism for obtaining general circuit lower bounds, as various depth- reduction results ([VSBR83, AJMV98, AV08, Koi12, Tav15, GKKS16, CKSV16]) have shown that n-variable degree-d polynomials computable by size-s algebraic circuits have sO(√d)-size depth-3 or homogeneous depth-4 formulas. Further, recent methods ([Kay12, GKKS14, KSS14, FLMS14, KLSS14, KS14]) have proven (nd)Ω(√d) lower bounds computing explicit polynomials by homo- geneousdepth-4formulas. Ifonecouldsimplypushthesemethodstoobtaina“(nd)ω(√d)”lower boundthenthiswouldobtainsuper-polynomiallowerboundsforgeneralcircuits! Unfortunately, allofthelowerboundsmethodsknownseemtoapplynotjusttocandidatehardpolynomials,but alsocertaineasypolynomials,sothatnosuch“(nd)ω(√d)”lowerboundcanbebeobtainedasthis wouldcontradictthedepth-reductiontheorems. Giventhisstateofaffairs,itisunclearwhethertobeoptimisticorpessimisticregardingfuture prospects for obtaining superpolynomial lower bounds for general algebraic circuits. To resolve this uncertainty it is clearly important to formalize the barriers constraining our lower bound techniques. Indeed, as mentionedabove all known lower-bound methodsapply not just to hard polynomialsbutalsotoeasypolynomials—isthisintrinsictocurrentmethods? Thisisessentially thequestionofwhetherthereisanalgebraicnaturalproofsbarrier,aswenowdescribe. 1.2 AlgebraicNaturalProofs We now define the notion of an algebraically natural proof used in this paper. Intuitively, we wanttoknowwhetherlowerboundsmethodscandistinguishbetweenlow-complexityandhigh- complexity polynomials, so that they are useful in the sense of Razborov and Rudich [RR97]. In particular, we want to knowif such distinguishers2 can be efficient, so that they are also construc- tive. Severalworks,suchasAaronsonandDrucker[AD08]Grochow[Gro15](seealsoShpilkaand Yehudayoff[SY10,Section3.9],andAaronson[Aar16,Section6.5.3])havenoticedthatmostallof the lower bounds methods in algebraic complexity theory are themselves algebraic in a certain sensewhichwenowdescribe. The simplest example is to consider matrix rank, where the complexity ofan n n matrix M × < is exactly captured by its determinant, which is a polynomial. That is, if M is of rank n then detM = 0, andifrank = n thendetM = 0. Thekeyfeaturehereis thatdetM is apolynomialin 6 thecoefficientsoftheunderlyingalgebraicobject,whichinthiscaseisthematrixM. Mostofthecentral lowerboundstechniques,suchaspartialderivatives([NW97]),evaluation/coefficientdimension ([Nis91a,Raz06,RY09,FS13]),orshiftedpartialderivatives([Kay12,GKKS14])aregeneralizations of this idea, specifically leveraging notionsof linear algebra and rank. Abstractly, thesemethods takeann-variatepolynomial f,inspectsitscoefficients,andthenformsanexponentially-large(in n) matrix M whose entries are polynomials in the coefficients of f. One then shows that if f is f < simple thenrankM r, while foran explicit polynomial f onecan showthatrankM r. In f 0 f0 ≥ 2Grochow[Gro15]referredtodistinguishersastestpolynomials,astheytestwhetheraninputpolynomialisoflow- orhigh-complexity. 4 particular,bybasiclinearalgebrathisshowsthatthereissomer rsubmatrix M ofM suchthat × ′f f detM = 0forsimple f,yetdetM = 0,provingthat f isahardpolynomial. ′f ′f0 6 0 Wenowobservethattheabove outlinegivesanatural property P := f : detM = 0 in the { ′f } senseofRazborovandRudich[RR97]. 1. Usefulness: For low-complexity f we have that f P as argued above. Further, P is a non- ∈ trivialpropertyas f / P. 0 ∈ 2. Constructivity: Foragiven f,decidingwhether“f P?” istantamounttocomputingdetM . ∈ ′f Even though M might be exponentially-large, it is often polynomially-large in thesize of f ′f (which isexponentialinthenumbern ofvariables in f). Astypically M isasimplematrix ′f intermsof f,computingdetM isessentiallythecomplexityofcomputingthedeterminant, ′f which is computable by small algebraic circuits ([Ber84, MV97]). Thus, the property P is efficientlydecidableinthesizeofitsinput. 3. Largeness: Thelargenessconditionisintrinsichere,asthepropertyisgovernedbythevanish- ingofanon-zeropolynomial;detM isnon-zeroasapolynomialasinparticulardetM = ′f ′f0 6 0. As non-zero polynomials evaluate to non-zero at random points with high probability ([Sch80,Zip79,DL78]),thismeansthatsuchdistinguisherscertifythatrandompolynomials areofhigh-complexity. Thus,weseethat theabove meta-methodformsaverynaturalsubclass ofnaturalproofs. As algebraiccomputationisasubclassofgeneralcomputation,thisisweakerframeworkthanthefull naturalproofsparadigm. While it mightthenseemthattheRazborovand Rudich[RR97]barrier should apply to this framework also, we only need to prove lower bounds for algebraic circuits, sothatwehaveaweakergoalthanobtainingbooleanlowerbounds. Hencethenecessitytostudy thisrestrictedframeworkanditsbarriersinitsownright. We now give a formalization ofthe above notion, which is implicit in prior work and known to experts. To begin, we must first note that in comparing low-complexity to high-complexity polynomials,wemustdetailthespaceinwhichthepolynomialsreside. Therearethreespacesof primaryinterest. 1. F[x ,...,x ]d: Thespaceofn-variatepolynomialsoftotaldegreeatmostd. ThereareN := 1 n n,d (n+d)manymonomialsxa := xa1 xan inthisspace. d 1 ··· n 2. F[x ,...,x ]d : Thespaceofhomogeneousn-variatepolynomialsoftotaldegreeexactlyd. 1 n hom Thereare Nhom := (n+d−1)manymonomials xa inthisspace. n,d d 3. F[x ,...,x ]d : The space of n-variate polynomials of individual degree at most d. There 1 n ideg are Nideg := (d+1)n manymonomials xa inthisspace. n,d While this may seem pedantic, it is important to distinguish these spaces. That is, while homo- geneousdegree-d polynomials capture nearly all of the interesting complexity of polynomials of degreeatmostd,itistrivialtodistinguishthetwo. Thatis,considerthedistinguisherpolynomial c that simply returns the constant coefficient (the coefficient of 1) of a polynomial f = ∑ c xa. 0 a a ThispolynomialvanishesonF[x ,...,x ]d ford > 0,butdoesnotvanishontheconstantpoly- 1 n hom nomial 1 F[x ,...,x ]d. However, it would be absurd to say that “1 is a hard polynomial for 1 n ∈ F[x ,...,x ]d ”. Thus,indiscussinghowpropertiescandistinguishpolynomialswemustspec- 1 n hom ify the domain of interest. Indeed, to discuss lower bounds for homogeneous computation one 5 mustrestrictattentiontothespaceF[x]d , and likewisetodiscusslower boundsfor multilinear hom computationonemustrestrictattentiontothespaceF[x]1 . ideg Wenowpresentourdefinition,withenoughgeneralitytohandletheabovespacesofpolyno- mialssimultaneously. Thatis,forafixedsetofmonomials (suchasallmonomialsofdegreeat M most d) we considerthe space span( ), which is definedas all linear combinations over mono- M mials in . We then identify a polynomial f span( ) defined by f = ∑ c xa with its list of sucMh coefficients, which is a vector coeff∈(f) FM defined coeff (f)xa:∈=M(ca) . We M a xa M ∈ M ∈M thenaskfordistinguisherD whichtakeasinputthese manycoefficients,whichcanseparate |M| low-complexitypolynomialsfromhigh-complexitypolynomials. Definition 1.1 (Algebraically Natural Proof).Let F[x ,...,x ] be a set of monomials = 1 n M ⊆ M xa ,andletthesetspan( ) := ∑ c xa : c F bealllinearcombinationsofthesemonomials. L{et}a span( ) and M F[ c{ xa∈M] bae classae∈s of}polynomials, where the latter is in many a xa C ⊆ M D ⊆ { } ∈M |M| variables. Apolynomial D isanalgebraic -naturalproofagainst ,alsocalledadistinguisher,if ∈ D D C 1. D isanon-zeropolynomial. 2. Forall f , D vanishesonthecoefficientvectorof f,thatis, D(coeff (f)) = 0. ♦ ∈ C M WewillprimarilyinterestedintakingthesetofmonomialsMtocorrespondtooneoftheabove three setsof polynomials, F[x]d, F[x]d and F[x]d , to which we define the relevant coefficient hom ideg vectors as as coeff , coeffhom and coeffideg. We will use “coeff” if the space of polynomials is n,d n,d n,d clearfromcontext. Thus,torevisit thecomparisonwith Razborovand Rudich[RR97], condition(2) saysthatthe distinguisherDisusefulagainsttheclass . Condition(1)indicatesthatthepropertyisnon-trivial, C and in particular is large, as a non-zero polynomial will evaluate to non-zero at a random point with high probability ([Sch80, Zip79, DL78]). Finally, the fact that distinguisher D comes from the restricted class is the constructivity requirement, and the main question is how simple the D distinguisherDcanbe. Further, note how the above distinguishers naturally have a one-sided nature to them as in algebraic complexity one typically seeks lower bounds against any field of coefficients. In using theabovetodefinetheRazborovandRudich[RR97]stylepropertyP := f : D(coeff (f)) = 0 , { M } wenotethatthecomplementproperty P = span( ) P = f : D(coeff (f)) = 0 cannotbe ¬ M \ { M 6 } expressedintheaboveframework. Thatis,fornon-zeropolynomials pandq,itcannotbethatthe product pq vanisheseverywhere(over large enoughfields),sothat in particular it cannot bethat p(α) = 0iffq(α) = 0. 6 We argued above that most of the main lower bound techniques fall into the above algebraic natural proof paradigm where the distinguisher has polynomial-size algebraic circuits, so that theproofis VP-natural. This motivatesthefollowing questionabout algebraic VP-natural proofs againstVP. Question 1.2. For the space of total degree polynomials F[x ,...,x ]d, is there an algebraic poly(N )- 1 n n,d sizenaturalproofforlowerboundsagainstpoly(n,d)-sizecircuits? While one could make a detailed study of existing lower bounds to prove the intuitive fact that VP-natural properties suffice for them, our attention will be to studying the limits of this framework. Thatsaid,itisworthmentioningthatthereareknowntechniquesforalgebraiccircuit lowerboundsthatfalloutsidethisframework. 6 First,theshiftedpartialderivativetechniqueofGupta,Kamath,KayalandSaptharishi[Kay12, GKKS14]is notcurrentlyknownto be VP-natural. That is, while it doesfall intothe above rank- based meta-method (and thus the algebraic natural proof paradigm), the matrices involved are actually quasi-polynomially largeintheirinput,sothemethodisonlyquasiVP-natural. However, astheshiftedpartialtechniqueprovesexponentiallowerboundstherequiredquasiVP-naturalness stillseemsrathermodest. In contrast, there are actually methods which completely fall of the algebraic framework (con- structiveornot). Thatis,asdiscussedbelowinSection1.7,thisalgebraicdistinguisherframework is limited to proving border complexity lower bounds, where border complexity is always upper bounded by usual complexity notions. For the tensor rank model, distinguishers actually prove border rank lower bounds. In contrast, the substitutionmethod ([BCS97, Chapter 6],[Bla¨14]) can prove tensor rank lower bounds which are higher than known border rank upper bounds (for explicit tensors), giving a separation between these two complexities and thus showing the sub- stitution method is not captured by the algebraic natural proof framework. However, all such knownseparationsarebyatmostamultiplicative constantfactor, sotheinability ofthesubstitu- tion method to be algebraically natural does not currently seem to be a serious deficiency in the frameworkdevelopedhere. 1.3 PseudorandomPolynomials Having given our formal definition of algebraic natural proofs, we now explain our notion of thealgebraic naturalproofbarrier. Inparticular, as algebraically natural proofsconcernthe zeros of (non-zero) polynomials computable by small circuits, this naturally leads us to the polynomial identitytesting(PIT)problem. PolynomialIdentityTesting: Polynomialidentitytestingisthefollowingalgorithmicproblem: given an algebraic circuit D computing an N-variate polynomial, decide whether D computes theidentically zeropolynomial. Theproblemadmitsasimpleefficient randomizedalgorithmby theSchwartz-Zippel-DeMillo-Lipton Lemma[Sch80, Zip79, DL78]. That is, evaluations ofa low- degree non-zero polynomial at random points will be non-zero with high probability. Thus, to checknon-zeronessitisenoughtoevaluateDonarandominputαandobservewhetherD(α) = 0, which is clearly efficient. However, the best known deterministic algorithms run in exponential time. Designingan efficient deterministicalgorithmforPITis anothermajor openproblemin al- gebraiccomplexity,withintricateandbidirectionalconnectionstoprovingalgebraicandboolean circuitlowerbounds[HS80,Agr05,KI04]. Thetwoflavorsinwhichtheproblemappearsarethewhite-boxmodel,inwhichthealgorithm is allowed to inspect the structure of the circuit, and the black-box model, in which the algorithm isonlyallowedtoaccessevaluationsofthecircuitoninputsofitschoice,suchastherandomized algorithm describedabove. Itcan be easily seenthat efficient deterministicblack-box algorithms areequivalenttoconstructingsmallhitting sets: ahittingsetforclass F[c ,...,c ]ofcircuits 1 N D ⊆ isaset FN suchthatforanynon-zerocircuit D ,thereexistsα suchthat D(α) = 0. H ⊆ ∈ D ∈ H 6 While small hitting setsexist for VP, little progresshas been made for explicitly constructingany non-trivialhittingsetsforgeneralalgebraiccircuits(orevensolvingPITinthewhite-boxmodel). In contrast, there has been substantial work developing efficient deterministic white- and black- boxPITalgorithmsfornon-trivialrestrictedclassesofalgebraiccomputation,seeforexamplethe surveysofSaxena[Sax09,Sax14]andShpilka-Yehudayoff[SY10]. 7 Succinct Derandomization: We now define our notions of an pseudorandom polynomials by connecting the algebraic natural proof framework with hitting sets. Consider a class of poly- C nomials, say within the space of polynomials of bounded total degree F[x ,...,x ]d. If D is an 1 n algebraicnaturalproofagainst thenwehave: C 1. D isanon-zeropolynomial. 2. D vanishesontheset := coeff (f) : f ofcoefficientvectorsofpolynomialsin . n,d H { ∈ C} C Puttogether,theseconditionsareequivalenttosayingthatthat isnotahittingsetfor D. Thus, H we see that there are algebraically natural proofs if and only if coefficient-vectors of simple poly- nomials are not hitting sets. Thus, we see that the existence of an algebraic natural proofs bar- riercan berephrasedas whetherPITcan be derandomizedusingsuccinctpseudorandomness. A completely analogous statement was proven by Williams [Wil16] in boolean setting, where the existenceoftheRazborovandRudich[RR97]naturalproofsbarrierwasshownequivalenttosuc- cinct derandomization of ZPE, those problems solvable in zero-error 2O(n)-time. However, that equivalencethereisslightlymoreinvolved,whileitisimmediatehere. We now give the formal definition mirroring the above discussion, in the same generality of Definition1.1. Definition 1.3 (Succinct Hitting Set).Let F[x ,...,x ] be a set of monomials = xa , 1 n a M ⊆ M { } and let the set span( ) := ∑ c xa : c F be all linear combinations of these monomials. Let span( ) aMnd {F[xac∈M a ] be cala∈sses}of polynomials, where the latter is in many a xa C ⊆ M D ⊆ { } ∈M |M| variables. is a -succinct hitting set for if := coeff (f) : f is a hitting set for . That is, D C isnCon-zeroiff D isnon-zero,DthatHis,ther{eissomMe f su∈chCth}at D(coeff (f)) =D0. ♦ ∈ D |H ∈ C M 6 The above argument showing the tension between algebraic natural proofs and pseudoran- dompolynomialscanbesummarizedinthefollowingtheorem,whichfollowsimmediatelyfrom thedefinitions. Theorem 1.4.Let F[x ,...,x ] be a set of monomials = xa , and let the set span( ) := 1 n a M ⊆ M { } M ∑ c xa : c F be all linear combinations of these monomials. Let span( ) and F{[ xca∈M a ]becalas∈seso}fpolynomials, wherethelatterisin manyvariablCes.⊆ M D ⊆ a xa { } ∈M |M| Thenthereisaalgebraic -naturalproofagainst iff isnota -succincthittingsetfor . D C C C D Instantiatingthis claim with being thespaceofdegree-dmonomials, wegetthefollowing M quantitativeversionoftheabove. Corollary 1.5.Let F[x ,...,x ]d be the class of poly(n,d)-size circuits of total degree at most d. 1 n C ⊆ Then there is an algebraic poly(N )-natural proof against iff is not a poly(n,d)-succinct hitting set n,d C C forpoly(N )-sizecircuitsin N variables. n,d n,d In the common regime when d = poly(n), we have that poly(n) = polylog(N ). That is, this n,d existence of an algebraic natural proofs barrier is equivalent to saying that coefficient-vectors of polylogarithmic-sizecircuitsformahittingsetofpolynomial-size. Withthisequivalencein hand,wecannowphrasethequestionofanalgebraic naturalproofs barrier. Question1.6(AlgebraicNaturalProofsBarrier). Isthereapolylog(N)-succincthittingsetforcircuits ofpoly(N)-size? Again,wenotethatQuestion1.6wasalsoraisedbyGrochow,Kumar,Saks,andSaraf[GKSS17], who presented a definition similar to Definition 1.3 and also observed the implication in Theo- rem1.4. 8 SuccinctGenerators: While theabove equivalence already sufficesfor studyingthebarrier, the notion of a hitting set is sometimes fragile. A more robust way to obtain hitting sets for a class F[c ,...,c ]istoobtainagenerator,whichisapolynomialmapG : Fℓ FN suchthatD 1 N D ⊆ → ∈ D isanon-zeroiff D G 0,thatis,thecompositionD(G(y)) = 0isnon-zeroasapolynomialiny. ◦ 6≡ 6 ℓ Hereonemeasuresthequalityofthegeneratorbyaskingtominimize theseed-length . Bypoly- nomial interpolation, it follows that constructing small hitting sets is equivalent to constructing ℓ generatorswith small,seeforexampleShpilka-Yehudayoff[SY10]. However, in our setting we want succinct generators so that the polynomial-map G is com- putablebyasmallalgebraiccircuit. Inparticular,convertingasuccincthittingset toagenerator H usingthestandardinterpolationmethodswouldgiveageneratorwhichhascircuitsizepoly( ). |H| However,aswearetryingtohitpolynomialson N variables,thiswouldyieldapoly(N)-sizegen- erator whereas we would want a generator of complexity polylog(N). As such, we now define succinctgeneratorsandgiveatighterrelationshipwithsuccincthittingsets. Definition1.7.Let F[x ,...,x ] beaset ofmonomials = xa ,andletthe setspan( ) := 1 n a M ⊆ M { } M ∑ c xa : c F be all linear combinations of these monomials. Let span( ) and F{[ xca∈M a ] be cala∈sses}of polynomials, where the latter is in many varCiab⊆les. FurMther, let D ⊆ a xa ′ F[{x1,.}..∈,xMn,y1,...,yℓ]beanotherclassofpolynomials. |M| C ⊆ ThenapolynomialmapG : Fℓ F isa -succinctgeneratorfor computablein if M ′ → C D C 1. mThiaelpcoolmynpoumteidalbGy(txhe,yx)a-:c=oo∑rdxian∈aMteGofxaG(.y)·xa isapolynomialfrom C′,where Gxa(y)isthepolyno- 2. Foreveryvalueα Fℓ,thepolynomial G(x,α) . ∈ ∈ C 3. G is agenerator for for . Thatis, D isa non-zero polynomial in F[c] iff D G 0in F[y], D ∈ D ◦ 6≡ meaning that D(coeff (G(x,y))) = 0 as a polynomial in F[y], where these coefficients are taken intheringF[y][x] sothMatcoeff (G6 (x,y)) F[y] . ♦ M M ∈ Conditions (2) and item 3 are equivalent, over large enough fields, to the property that the outputofthegenerator G(x,Fℓ) = G(x,α) : α Fℓ is a -succinct hitting setfor . However, { ∈ } C D thegeneratorresultis a prioristrongeras it saysthat thehittingsetcan besuccinctly indexedby apolynomialin . ′ C Also, note that the computability of the generator implies -succinctness, that is, that its ′ ′ image G(x,α) : α FℓC areallcircuitswhichare -circuits,atleaCstassumingthat isaclassof ′ ′ { ∈ } C C polynomialswhichisclosedundersubstitution. However,sometimestheactuallysuccinctness C canbemorestringentthan forrestrictedclassesofcomputation. ′ C We now give our first result, which uses the construction of a universal circuit to show that there is a explicit universal construction of a succinct generator, that is, this circuit is a succinct generator if there are any succinct hitting sets. Further, this shows that any succinct hitting set (even infinite) implies a quasipolynomial deterministic black-box PIT algorithm. To make this theoremclear,letVP denotetheclassofsmalllow-degreecircuitsinmvariables. m Theorem (Informal summary of Section 3). There is an explicit polylog(N)-size circuit which is a VP -succinctgeneratorforVP iffthereisanyVP -succincthittingsetforVP . Further, polylog(N) N polylog(N) N the existence of any VP -succinct hitting set for VP implies an explicit poly(N)polylog(N)-size polylog(N) N hittingsetforVP . N Note that Aaronson and Drucker [AD08] proposed a candidate universal algebraic pseudo- randomfunctionbasedongenericprojectionsofdeterminants,butdidnotproveitsuniversality. Theirconstructiondoesnotseemsufficientfortheaboveresult,asdiscussedinSection3. 9

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.