# lec8 - CS151 Complexity Theory Lecture 8 Derandomization...

This preview shows pages 1–12. Sign up to view the full content.

CS151 Complexity Theory Lecture 8 April 21, 2011

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
April 21, 2011 2 Derandomization Goal : try to simulate BPP in subexponential time (or better) use Pseudo-Random Generator (PRG): often: PRG “good” if it passes (ad-hoc) statistical tests seed output string G t bits m  bits
April 21, 2011 3 Derandomization ad-hoc tests not good enough to prove BPP has non-trivial simulations Our requirements: G is efficiently computable stretches t bits into m bits fools ” small circuits: for all circuits C of size at most s : |Pr y [C(y) = 1] – Pr z [C(G(z)) = 1]| ≤ ε

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
April 21, 2011 4 Simulating BPP using PRGs Recall: L BPP implies exists p.p.t.TM M x L Pr y [M(x,y) accepts] ≥ 2/3 x L Pr y [M(x,y) rejects] ≥ 2/3 given an input x: convert M into circuit C(x, y) simplification: pad y so that |C| = |y| = m hardwire input x to get circuit C x Pr y [C x (y) = 1] ≥ 2/3 (“yes”) Pr y [C x (y) = 1] ≤ 1/3 (“no”)
April 21, 2011 5 Simulating BPP using PRGs Use a PRG G with output length m seed length t « m error ε < 1/6 fooling size s = m • Compute Pr z [C x (G(z)) = 1] exactly – evaluate C x (G(z)) on every seed z {0,1} t running time (O(m)+(time for G)) 2 t

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
April 21, 2011 6 Simulating BPP using PRGs knowing Pr z [C x (G(z)) = 1] , can distinguish between two cases: 0 1/3 1/2 2/3 1 “yes”: ε 0 1/3 1/2 2/3 1 “no”: ε
April 21, 2011 7 Blum-Micali-Yao PRG Initial goal: for all 1 > δ > 0, we will build a family of PRGs {G m } with: output length m fooling size s = m seed length t = m δ running time m c error ε < 1/6 implies: BPP δ>0 TIME(2 n δ ) ( EXP Why? simulation runs in time O(m+m c )(2 m δ ) = O(2 m ) = O(2 n 2kδ )

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
April 21, 2011 8 Blum-Micali-Yao PRG PRGs of this type imply existence of one-way- functions we’ll use widely believed cryptographic assumptions Definition : One Way Function (OWF) : function family f = {f n }, f n :{0,1} n {0,1} n – f n computable in poly(n) time – for every family of poly-size circuits {C n } Pr x [C n (f n (x)) f n -1 (f n (x))] ≤ ε(n) ε(n) = o(n -c ) for all c
April 21, 2011 9 Blum-Micali-Yao PRG believe one-way functions exist e.g. integer multiplication, discrete log, RSA (w/ minor modifications) Definition : One Way Permutation: OWF in which f n is 1-1 – can simplify “ Pr x [C n (f n (x)) f n -1 (f n (x))] ≤ ε(n) ” to Pr y [C n (y) = f n -1 (y)] ≤ ε(n)

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
April 21, 2011 10 First attempt attempt at PRG from OWF f: t = m δ – y 0 {0,1} t – y i = f t ( y i-1 ) – G(y 0 ) = y k-1 y k-2 y k-3 …y 0 k = m/t computable in time at most kt c < mt c-1 = m c
April 21, 2011 11 First attempt output is “ unpredictable ”: – no poly-size circuit C can output y i-1 given y k-1 y k-2 y k-3 …y i with non-negl. success prob. – if C could, then given

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
This is the end of the preview. Sign up to access the rest of the document.

## This document was uploaded on 01/05/2012.

### Page1 / 47

lec8 - CS151 Complexity Theory Lecture 8 Derandomization...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online