Shafi Goldwasser,Ofer Grossman,Dhiraj Holden

DOI: https://doi.org/10.48550/arXiv.1706.04641

2017-06-15

Abstract:We introduce pseudo-deterministic interactive proofs (psdAM): interactive proof systems for search problems where the verifier is guaranteed with high probability to output the same output on different executions. As in the case with classical interactive proofs, the verifier is a probabilistic polynomial time algorithm interacting with an untrusted powerful prover. We view pseudo-deterministic interactive proofs as an extension of the study of pseudo-deterministic randomized polynomial time algorithms: the goal of the latter is to find canonical solutions to search problems whereas the goal of the former is to prove that a solution to a search problem is canonical to a probabilistic polynomial time verifier. Alternatively, one may think of the powerful prover as aiding the probabilistic polynomial time verifier to find canonical solutions to search problems, with high probability over the randomness of the verifier. The challenge is that pseudo-determinism should hold not only with respect to the randomness, but also with respect to the prover: a malicious prover should not be able to cause the verifier to output a solution other than the unique canonical one.

Computational Complexity

Mohsen Ghaffari,David G. Harris,Fabian Kuhn

DOI: https://doi.org/10.48550/arXiv.1711.02194

2019-09-18

Abstract:The gap between the known randomized and deterministic local distributed algorithms underlies arguably the most fundamental and central open question in distributed graph algorithms. In this paper, we develop a generic and clean recipe for derandomizing LOCAL algorithms. We also exhibit how this simple recipe leads to significant improvements on a number of problem. Two main results are: - An improved distributed hypergraph maximal matching algorithm, improving on Fischer, Ghaffari, and Kuhn [FOCS'17], and giving improved algorithms for edge-coloring, maximum matching approximation, and low out-degree edge orientation. The first gives an improved algorithm for Open Problem 11.4 of the book of Barenboim and Elkin, and the last gives the first positive resolution of their Open Problem 11.10. - An improved distributed algorithm for the Lovász Local Lemma, which gets closer to a conjecture of Chang and Pettie [FOCS'17], and moreover leads to improved distributed algorithms for problems such as defective coloring and $k$-SAT.

Data Structures and Algorithms,Distributed, Parallel, and Cluster Computing

Samuel Epstein

2023-09-12

Abstract:We provide another proof to the EL Theorem. We show the tradeoff between compressibility of codebooks and their communication capacity. A resource bounded version of the EL Theorem is proven. This is used to prove three instances of resource bounded derandomization. This paper is in support of the general claim that if the existence of an object can be proven with the probabilistic method, then bounds on its Kolmogorov complexity can be proven as well.

Computational Complexity,Information Theory

Lijie Chen,Roei Tell

DOI: https://doi.org/10.1137/22m1475491

2024-12-05

SIAM Journal on Computing

Abstract:SIAM Journal on Computing, Ahead of Print. We propose a new approach to the hardness-to-randomness framework and to the [math] conjecture. Classical results rely on nonuniform hardness assumptions to construct derandomization algorithms that work in the worst case, or rely on uniform hardness assumptions to construct derandomization algorithms that work only in the average case. In both types of results, the derandomization algorithm is "black-box" and uses the standard approach based on pseudorandom generators (PRGs). In this work we present results that closely relate new and natural uniform hardness assumptions to worst-case derandomization of [math], where the algorithms underlying the latter derandomization are non-black-box. In our main result, we show that [math] if the following holds: There exists a multi-output function computable by logspace-uniform circuits of polynomial size and depth [math] that cannot be computed by uniform probabilistic algorithms in time [math], for some universal constant [math], on almost all inputs. The required failure on "almost all inputs" is stronger than the standard requirement of failing on one input of each length; however, the same assumption without the depth restriction on [math] is necessary for the conclusion. This suggests a potential equivalence between worst-case derandomization of [math] of any form (i.e., not necessarily by a black-box algorithm) and the existence of efficiently computable functions that are hard for probabilistic algorithms on almost all inputs. In our second result, we introduce a new and uniform hardness-to-randomness tradeoff for the setting of superfast average-case derandomization; prior to this work, superfast average-case derandomization was known only under nonuniform hardness assumptions. In an extreme instantiation of our new tradeoff, under appealing uniform hardness assumptions and if one-way functions exist, we show that for every polynomial [math] and constant [math] it holds that [math], where the "[math]" prefix means that no polynomial-time algorithm can find, with nonnegligible probability, an input on which the deterministic simulation errs. Technically, our approach is to design targeted PRGs and hitting-set generators (HSGs), as introduced by Goldreich [In a world of [math], in Studies in Complexity and Cryptography, Lecture Notes in Comput. Sci. 6650, Springer, 2011, pp. 191–232]. Our targeted PRGs/HSGs "produce randomness from the input," as suggested by Goldreich and Wigderson [Proceedings of the 6th International Workshop on Randomization and Approximation Techniques in Computer Science (RANDOM), 2002, pp. 209–223], and our analysis of these targeted PRGs/HSGs relies on non-black-box versions of the reconstruction procedure of Impagliazzo and Wigderson [Proceedings of the 39th Annual IEEE Symposium on Foundations of Computer Science (FOCS), 1998, pp. 734–743]. Our main reconstruction procedure crucially relies on the ideas underlying the proof system of Goldwasser, Kalai, and Rothblum [J. ACM, 62 (2015), 27].

computer science, theory & methods,mathematics, applied

Jeff Giliberti,David G. Harris

2024-11-27

Abstract:One main genre of algorithmic derandomization comes from the construction of probability distributions with small support that fool a randomized algorithm. This is especially well-suited to parallelization, i.e. NC algorithms. A significant abstraction of these methods can be formulated in terms of fooling polynomial-space statistical tests computed via finite automata (Sivakumar 2002); this encompasses $k$-wise independence, sums of random variables, and many other properties. We describe new parallel algorithms to fool general finite-state automata with significantly reduced processor complexity. The analysis is also simplified because we can cleanly separate the problem-specific optimizations from the general lattice discrepancy problems at the core of the automaton-fooling construction. We illustrate with improved applications to the Gale-Berlekamp Switching Game and to approximate MAX-CUT via SDP rounding.

Data Structures and Algorithms

Mahdi Cheraghchi

DOI: https://doi.org/10.5075/epfl-thesis-4767

2011-07-24

Abstract:Randomized techniques play a fundamental role in theoretical computer science and discrete mathematics, in particular for the design of efficient algorithms and construction of combinatorial objects. The basic goal in derandomization theory is to eliminate or reduce the need for randomness in such randomized constructions. In this thesis, we explore some applications of the fundamental notions in derandomization theory to problems outside the core of theoretical computer science, and in particular, certain problems related to coding theory. First, we consider the wiretap channel problem which involves a communication system in which an intruder can eavesdrop a limited portion of the transmissions, and construct efficient and information-theoretically optimal communication protocols for this model. Then we consider the combinatorial group testing problem. In this classical problem, one aims to determine a set of defective items within a large population by asking a number of queries, where each query reveals whether a defective item is present within a specified group of items. We use randomness condensers to explicitly construct optimal, or nearly optimal, group testing schemes for a setting where the query outcomes can be highly unreliable, as well as the threshold model where a query returns positive if the number of defectives pass a certain threshold. Finally, we design ensembles of error-correcting codes that achieve the information-theoretic capacity of a large class of communication channels, and then use the obtained ensembles for construction of explicit capacity achieving codes. [This is a shortened version of the actual abstract in the thesis.]

Discrete Mathematics,Computational Complexity,Information Theory

Jan Dreier,Jamie Tucker-Foltz

2023-04-24

Abstract:We study pseudorandomness and pseudorandom generators from the perspective of logical definability. Building on results from ordinary derandomization and finite model theory, we show that it is possible to deterministically construct, in polynomial time, graphs and relational structures that are statistically indistinguishable from random structures by any sentence of first order or least fixed point logics. This raises the question of whether such constructions can be implemented via logical transductions from simpler structures with less entropy. In other words, can logical formulas be pseudorandom generators? We provide a complete classification of when this is possible for first order logic, fixed point logic, and fixed point logic with parity, and provide partial results and conjectures for first order logic with parity.

Logic in Computer Science,Cryptography and Security

Mohsen Ghaffari,Christoph Grunau,Václav Rozhoň

2023-11-23

Abstract:We present a novel technique for work-efficient parallel derandomization, for algorithms that rely on the concentration of measure bounds such as Chernoff, Hoeffding, and Bernstein inequalities. Our method increases the algorithm's computational work and depth by only polylogarithmic factors. Before our work, the only known method to obtain parallel derandomization with such strong concentrations was by the results of [Motwani, Naor, and Naor FOCS'89; Berger and Rompel FOCS'89], which perform a binary search in a $k$-wise independent space for $k=poly(\log n)$. However, that method blows up the computational work by a high $poly(n)$ factor and does not yield work-efficient parallel algorithms. Their method was an extension of the approach of [Luby FOCS'88], which gave a work-efficient derandomization but was limited to algorithms analyzed with only pairwise independence. Pushing the method from pairwise to the higher $k$-wise analysis resulted in the $poly(n)$ factor computational work blow-up. Our work can be viewed as an alternative extension from the pairwise case, which yields the desired strong concentrations while retaining work efficiency up to logarithmic factors. Our approach works by casting the problem of determining the random variables as an iterative process with $poly(\log n)$ iterations, where different iterations have independent randomness. This is done so that for the desired concentrations, we need only pairwise independence inside each iteration. In particular, we model each binary random variable as a result of a gradual random walk, and our method shows that the desired Chernoff-like concentrations about the endpoints of these walks can be boiled down to some pairwise analysis on the steps of these random walks in each iteration (while having independence across iterations).

Data Structures and Algorithms

ZZ Chen,MY Kao

DOI: https://doi.org/10.1137/s0097539798341600

1999-01-01

Abstract:We propose a general methodology for testing whether a given polynomial with integer coefficients is identically zero. The methodology evaluates the polynomial at efficiently computable approximations of suitable irrational points. In contrast to the classical technique of DeMillo, Lipton, Schwartz, and Zippel, this methodology can decrease the error probability by increasing the precision of the approximations instead of using more random bits. Consequently, randomized algorithms that use the classical technique can generally be improved using the new methodology. To demonstrate the methodology, we discuss two nontrivial applications. The first is to decide whether a graph has a perfect matching in parallel. Our new NC algorithm uses fewer random bits while doing less work than the previously best NC algorithm by Chari, Rohatgi, and Srinivasan. The second application is to test the equality of two multisets of integers. Our new algorithm improves upon the previously best algorithms by Blum and Kannan and can speed up their checking algorithm for sorting programs on a large range of inputs.

Prabhanjan Ananth,John Bostanci,Aditya Gulati,Yao-Ting Lin

2024-10-25

Abstract:We study the (in)feasibility of quantum pseudorandom notions in a quantum analog of the random oracle model, where all the parties, including the adversary, have oracle access to the same Haar random unitary. In this model, we show the following: - (Unbounded-query secure) pseudorandom unitaries (PRU) exist. Moreover, the PRU construction makes two calls to the Haar oracle. - We consider constructions of PRUs making a single call to the Haar oracle. In this setting, we show that unbounded-query security is impossible to achieve. We complement this result by showing that bounded-query secure PRUs do exist with a single query to the Haar oracle. - We show that multi-copy pseudorandom state generators and function-like state generators (with classical query access), making a single call to the Haar oracle, exist. Our results have two consequences: (a) when the Haar random unitary is instantiated suitably, our results present viable approaches for building quantum pseudorandom objects without relying upon one-way functions and, (b) for the first time, we show that the key length in pseudorandom unitaries can be generically shrunk (relative to the output length). Our results are also some of the first usecases of the new "path recording" formalism for Haar random unitaries, introduced in the recent breakthrough work of Ma and Huang.

Quantum Physics,Computational Complexity,Cryptography and Security

Mohsen Ghaffari,Christoph Grunau

2023-11-23

Abstract:We present an efficient parallel derandomization method for randomized algorithms that rely on concentrations such as the Chernoff bound. This settles a classic problem in parallel derandomization, which dates back to the 1980s. Consider the \textit{set balancing} problem where $m$ sets of size at most $s$ are given in a ground set of size $n$, and we should partition the ground set into two parts such that each set is split evenly up to a small additive (discrepancy) bound. A random partition achieves a discrepancy of $O(\sqrt{s \log m})$ in each set, by Chernoff bound. We give a deterministic parallel algorithm that matches this bound, using near-linear work and polylogarithmic depth. The previous results were weaker in discrepancy and/or work bounds: Motwani, Naor, and Naor [FOCS'89] and Berger and Rompel [FOCS'89] achieve discrepancy $s^{\varepsilon} \cdot O(\sqrt{s \log m})$ with work $\tilde{O}(m+n+\sum_{i=1}^{m} |S_i|) \cdot m^{\Theta(1/\varepsilon)}$ and polylogarithmic depth; the discrepancy was optimized to $O(\sqrt{s \log m})$ in later work, e.g. by Harris [Algorithmica'19], but the work bound remained high at $\tilde{O}(m^4n^3)$. Ghaffari, Grunau, and Rozhon [FOCS'23] achieve discrepancy $s/poly(\log(nm)) + O(\sqrt{s \log m})$ with near-linear work and polylogarithmic-depth. Notice that this discrepancy is barely sublinear with respect to the trivial bound of $s$. Our method relies on a novel bootstrapping idea that uses crude partitioning algorithms as a subroutine. In particular, we solve the problem recursively, by using the crude partition in each iteration to split the variables into many smaller parts, and then we find a constraint for the variables in each part such that we reduce the overall number of variables in the problem. The scheme relies on an interesting application of the multiplicative weights update method to control the variance losses in each iteration.

Data Structures and Algorithms

Surendra Ghentiyala,Venkatesan Guruswami

2024-09-12

Abstract:Introduced in [CG24], pseudorandom error-correcting codes (PRCs) are a new cryptographic primitive with applications in watermarking generative AI models. These are codes where a collection of polynomially many codewords is computationally indistinguishable from random, except to individuals with the decoding key. In this work, we examine the assumptions under which PRCs with robustness to a constant error rate exist. 1. We show that if both the planted hyperloop assumption introduced in [BKR23] and security of a version of Goldreich's PRG hold, then there exist public-key PRCs for which no efficient adversary can distinguish a polynomial number of codewords from random with better than $o(1)$ advantage. 2. We revisit the construction of [CG24] and show that it can be based on a wider range of assumptions than presented in [CG24]. To do this, we introduce a weakened version of the planted XOR assumption which we call the weak planted XOR assumption and which may be of independent interest. 3. We initiate the study of PRCs which are secure against space-bounded adversaries. We show how to construct secret-key PRCs of length $O(n)$ which are $\textit{unconditionally}$ indistinguishable from random by $\text{poly}(n)$ time, $O(n^{1.5-\varepsilon})$ space adversaries.

Cryptography and Security,Computational Complexity

Ronen Shaltiel,Emanuele Viola

2023-11-20

Abstract:The hardness vs.~randomness paradigm aims to explicitly construct pseudorandom generators $G:\{0,1\}^r \rightarrow \{0,1\}^m$ that fool circuits of size $m$, assuming the existence of explicit hard functions. A ``high-end PRG'' with seed length $r=O(\log m)$ (implying BPP=P) was achieved in a seminal work of Impagliazzo and Wigderson (STOC 1997), assuming the high-end hardness assumption: there exist constants $0<\beta < 1< B$, and functions computable in time $2^{B \cdot n}$ that cannot be computed by circuits of size $2^{\beta \cdot n}$. Recently, motivated by fast derandomization of randomized algorithms, Doron et al.~(FOCS 2020) and Chen and Tell (STOC 2021), construct ``extreme high-end PRGs'' with seed length $r=(1+o(1))\cdot \log m$, under qualitatively stronger assumptions. We study whether extreme high-end PRGs can be constructed from the following scaled version of the assumption which we call ``the extreme high-end hardness assumption'', and in which $\beta=1-o(1)$ and $B=1+o(1)$. We give a partial negative answer, showing that certain approaches cannot yield a black-box proof. (A longer abstract with more details appears in the PDF file)

Computational Complexity

Nick Fischer,Piotr Kaliciak,Adam Polak

2023-11-29

Abstract:As one of the three main pillars of fine-grained complexity theory, the 3SUM problem explains the hardness of many diverse polynomial-time problems via fine-grained reductions. Many of these reductions are either directly based on or heavily inspired by Pătraşcu's framework involving additive hashing and are thus randomized. Some selected reductions were derandomized in previous work [Chan, He; SOSA'20], but the current techniques are limited and a major fraction of the reductions remains randomized. In this work we gather a toolkit aimed to derandomize reductions based on additive hashing. Using this toolkit, we manage to derandomize almost all known 3SUM-hardness reductions. As technical highlights we derandomize the hardness reductions to (offline) Set Disjointness, (offline) Set Intersection and Triangle Listing -- these questions were explicitly left open in previous work [Kopelowitz, Pettie, Porat; SODA'16]. The few exceptions to our work fall into a special category of recent reductions based on structure-versus-randomness dichotomies. We expect that our toolkit can be readily applied to derandomize future reductions as well. As a conceptual innovation, our work thereby promotes the theory of deterministic 3SUM-hardness. As our second contribution, we prove that there is a deterministic universe reduction for 3SUM. Specifically, using additive hashing it is a standard trick to assume that the numbers in 3SUM have size at most $n^3$. We prove that this assumption is similarly valid for deterministic algorithms.

Computational Complexity,Data Structures and Algorithms

Yakov Shalunov

2024-06-28

Abstract:Efficient derandomization has long been a goal in complexity theory, and a major recent result by Yanyi Liu and Rafael Pass identifies a new class of hardness assumption under which it is possible to perform time-bounded derandomization efficiently: that of ''leakage-resilient hardness.'' They identify a specific form of this assumption which is $\textit{equivalent}$ to $\mathsf{prP} = \mathsf{prBPP}$. In this paper, we pursue an equivalence to derandomization of $\mathsf{prBP{\cdot}L}$ (logspace promise problems with two-way randomness) through techniques analogous to Liu and Pass. We are able to obtain an equivalence between a similar ''leakage-resilient hardness'' assumption and a slightly stronger statement than derandomization of $\mathsf{prBP{\cdot}L}$, that of finding ''non-no'' instances of ''promise search problems.''

Computational Complexity

Susan Hohenberger,Brent Waters

DOI: https://doi.org/10.1007/978-3-642-13190-5_33

2010-01-01

Abstract:We present a family of verifiable random functions which are provably secure for exponentially-large input spaces under a noninteractive complexity assumption. Prior constructions required either an interactive complexity assumption or one that could tolerate a factor 2n security loss for n-bit inputs. Our construction is practical and inspired by the pseudorandom functions of Naor and Reingold and the verifiable random functions of Lysyanskaya. Set in a bilinear group, where the Decisional Diffie-Hellman problem is easy to solve, we require the l- Decisional Diffie-Hellman Exponent assumption in the standard model, without a common reference string. Our core idea is to apply a simulation technique where the large space of VRF inputs is collapsed into a small (polynomial-size) input in the view of the reduction algorithm. This view, however, is information-theoretically hidden from the attacker. Since the input space is exponentially large, we can first apply a collision-resistant hash function to handle arbitrarily-large inputs.

Aaron L Putterman,Edward Pyne

2023-04-10

Abstract:We introduce a novel family of expander-based error correcting codes. These codes can be sampled with randomness linear in the block-length, and achieve list-decoding capacity (among other local properties). Our expander-based codes can be made starting from any family of sufficiently low-bias codes, and as a consequence, we give the first construction of a family of algebraic codes that can be sampled with linear randomness and achieve list-decoding capacity. We achieve this by introducing the notion of a pseudorandom puncturing of a code, where we select $n$ indices of a base code $C\subset \mathbb{F}_q^m$ via an expander random walk on a graph on $[m]$. Concretely, whereas a random linear code (i.e. a truly random puncturing of the Hadamard code) requires $O(n^2)$ random bits to sample, we sample a pseudorandom linear code with $O(n)$ random bits. We show that pseudorandom puncturings satisfy several desirable properties exhibited by truly random puncturings. In particular, we extend a result of (Guruswami Mosheiff FOCS 2022) and show that a pseudorandom puncturing of a small-bias code satisfies the same local properties as a random linear code with high probability. As a further application of our techniques, we also show that pseudorandom puncturings of Reed Solomon codes are list-recoverable beyond the Johnson bound, extending a result of (Lund Potukuchi RANDOM 2020). We do this by instead analyzing properties of codes with large distance, and show that pseudorandom puncturings still work well in this regime.

Combinatorics,Data Structures and Algorithms

Prabhanjan Ananth,Aditya Gulati,Luowen Qian,Henry Yuen

2023-06-10

Abstract:Pseudorandom quantum states (PRS) are efficiently constructible states that are computationally indistinguishable from being Haar-random, and have recently found cryptographic applications. We explore new definitions, new properties and applications of pseudorandom states, and present the following contributions: 1. New Definitions: We study variants of pseudorandom function-like state (PRFS) generators, introduced by Ananth, Qian, and Yuen (CRYPTO'22), where the pseudorandomness property holds even when the generator can be queried adaptively or in superposition. We show feasibility of these variants assuming the existence of post-quantum one-way functions. 2. Classical Communication: We show that PRS generators with logarithmic output length imply commitment and encryption schemes with classical communication. Previous constructions of such schemes from PRS generators required quantum communication. 3. Simplified Proof: We give a simpler proof of the Brakerski--Shmueli (TCC'19) result that polynomially-many copies of uniform superposition states with random binary phases are indistinguishable from Haar-random states. 4. Necessity of Computational Assumptions: We also show that a secure PRS with output length logarithmic, or larger, in the key length necessarily requires computational assumptions.

Quantum Physics,Computational Complexity,Cryptography and Security

C. Thomborson

2001-01-01

Abstract:We o er a set of public-domain tools to aid the development and test of pseudorandom Clanguage computer programs running under 4.3bsd Unix. Our tools make it easier to reproduce experimental results, to report them in a standardized format, and to check their validity by using a di erent random number generator (RNG). Furthermore, the tools should help users avoid some of the common pitfalls in randomized experimentation. These pitfalls include the initial seeding of the RNG, the generation of random integers in a restricted range, and the use of RNGs with known weaknesses. Our tool suite also includes several of the standard tests on the \randomness" of an RNG. All the tests we implement are based on examining a Pearson's chi-square statistic for a process that, under the null hypothesis, independently places N items into k equiprobable bins. We provide a routine to calculate an approximate p-value for such test statistics, applying novel corrections for \small N ." Research supported by the National Science Foundation, through its Design, Tools and Test Program under grant number MIP 9023238.

M. Utkan Gezer,A. C. Cem Say

2024-06-28

Abstract:Interactive proof systems whose verifiers are constant-space machines have interesting features that do not have counterparts in the better studied case where the verifiers operate under reasonably large space bounds. The language verification power of finite-state verifiers is known to be sensitive to the difference between private and public randomization. These machines also lack the capability of imposing worst-case superlinear bounds on their own runtime, and long interactions with untrustable provers can involve the risk of being fooled to loop forever. We analyze such verifiers under different bounds on the numbers of private and public random bits that they are allowed to use. This separate accounting for the private and public coin budgets as resource functions of the input length provides interesting characterizations of the collections of the associated languages. When the randomness bound is constant, the verifiable class is $\rm NL$ for private-coin machines, but equals just the regular languages when one uses public coins. Increasing the public coin budget while keeping the number of private coins constant augments the power: We show that the set of languages that are verifiable by such machines in expected polynomial time (with an arbitrarily small positive probability of looping) equals the complexity class $\rm P$. This hints that allowing a minuscule probability of looping may add significant power to polynomial-time finite-state automata, since it is still not known whether those machines can verify all of $\rm P$ when required to halt with probability 1, even with no bound on their private coin usage. We also show that logarithmic-space machines which hide a constant number of their coins are limited to verifying the languages in $\rm P$.

Computational Complexity