lec8 - Derandomization Goal: try to simulate BPP in...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 CS151 Complexity Theory Lecture 8 April 21, 2011 April 21, 2011 2 Derandomization • Goal : try to simulate BPP in subexponential time (or better) • use Pseudo-Random Generator (PRG): • often: PRG “good” if it passes (ad-hoc) statistical tests seed output string G t bits m bits April 21, 2011 3 Derandomization • ad-hoc tests not good enough to prove BPP has non-trivial simulations • Our requirements: – G is efficiently computable – “ stretches t bits into m bits – “ fools ” small circuits: for all circuits C of size at most s : |Pr y [C(y) = 1] – Pr z [C(G(z)) = 1]| ≤ ε April 21, 2011 4 Simulating BPP using PRGs • Recall: L BPP implies exists p.p.t.TM M x L Pr y [M(x,y) accepts] ≥ 2/3 x L Pr y [M(x,y) rejects] ≥ 2/3 • given an input x: – convert M into circuit C(x, y) – simplification: pad y so that |C| = |y| = m • hardwire input x to get circuit C x Pr y [C x (y) = 1] ≥ 2/3 (“yes”) Pr y [C x (y) = 1] ≤ 1/3 (“no”) April 21, 2011 5 Simulating BPP using PRGs • Use a PRG G with – output length m – seed length t « m – error ε < 1/6 – fooling size s = m • Compute Pr z [C x (G(z)) = 1] exactly – evaluate C x (G(z)) on every seed z {0,1} t • running time (O(m)+(time for G)) 2 t April 21, 2011 6 Simulating BPP using PRGs • knowing Pr z [C x (G(z)) = 1] , can distinguish between two cases: 0 1/3 1/2 2/3 1 “yes”: ε 0 1/3 1/2 2/3 1 “no”: ε
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 April 21, 2011 7 Blum-Micali-Yao PRG • Initial goal: for all 1 > δ > 0, we will build a family of PRGs {G m } with: output length m fooling size s = m seed length t = m δ running time m c error ε < 1/6 • implies: BPP δ>0 TIME(2 ) ( EXP • Why? simulation runs in time O(m+m c )(2 m δ ) = O(2 m ) = O(2 n 2kδ ) April 21, 2011 8 Blum-Micali-Yao PRG • PRGs of this type imply existence of one-way- functions – we’ll use widely believed cryptographic assumptions Definition : One Way Function (OWF) : function family f = {f n }, f n :{0,1} n {0,1} n – f n computable in poly(n) time – for every family of poly-size circuits {C n } Pr x [C n (f n (x)) f n -1 (f n (x))] ≤ ε(n) – ε(n) = o(n -c ) for all c April 21, 2011 9 Blum-Micali-Yao PRG • believe one-way functions exist – e.g. integer multiplication, discrete log, RSA (w/ minor modifications) Definition : One Way Permutation: OWF in which f n is 1-1 – can simplify “ Pr x [C n (f n (x)) f n -1 (f n (x))] ≤ ε(n) ” to Pr y [C n (y) = f n -1 (y)] ≤ ε(n) April 21, 2011 10 First attempt • attempt at PRG from OWF f: – t = m δ – y 0 {0,1} t – y i = f t ( y i-1 ) – G(y 0 ) = y k-1 y k-2 y k-3 …y 0 – k = m/t • computable in time at most kt c < mt c-1 = m c April 21, 2011 11 First attempt • output is “ unpredictable ”: – no poly-size circuit C can output y i-1 given y k-1 y k-2 y k-3 …y i with non-negl. success prob. – if C could, then given
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 8

lec8 - Derandomization Goal: try to simulate BPP in...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online