Transcript Wild Idea - Scott Aaronson

Algebrization: A New Barrier
in Complexity Theory
Scott Aaronson (MIT)
Avi Wigderson (IAS)
NEXPP/polyNEXP=MA
PPSIZE(n)
RG=EXP
MAEXPP/poly
-15xyz+43xy-5x
xw-44xz+x-7y+
4xyw-12yz+17xyzw-2x-2y-2z-2w
What To Call It?
Algebraic Relativization?
Algevitization?
Algevization?
Algebraicization?
Algebraization?
Algebrization?
A
DIAGONALIZATION
Any proof of PNP will have
to defeat two terrifying
monsters…
PNP
Relativization
[Baker-Gill-Solovay 1975]
Natural Proofs
[Razborov-Rudich 1993]
Furthermore, even our
best weapons seem to
work against one monster
but not the other…
Yet within the last decade, we’ve seen circuit
lower bounds that overcome both barriers
[Buhrman-Fortnow-Thierauf 1998]: MAEXP  P/poly
Furthermore, this separation doesn’t relativize
[Vinodchandran 2004]: PP  SIZE(nk) for every fixed k
[A. 2006]: Vinodchandran’s result is non-relativizing
Vinodchandran’s Proof:
PP  P/poly
 We’re done
Non-Relativizing
PP  P/poly
 P#P = MA [LFKN]
Non-Naturalizing
 P#P = PP
 2P  PP [Toda]
 PP  SIZE(nk) [Kannan]
[Santhanam 2007]: PromiseMA  SIZE(nk) for fixed k
Bottom Line: Relativization and natural proofs, even taken
together, are no longer insuperable barriers to circuit lower
bounds
Obvious Question [Santhanam 2007]: Is there a third
barrier?
This Talk: Unfortunately, yes.
“Algebrization”: A generalization of relativization where the
simulating machine gets access not only to an oracle A, but
also a low-degree extension à of A over a finite field or ring
We show:
• Almost all known techniques in complexity theory algebrize
• Any proof of PNP—or even P=RP or NEXPP/poly—will
require non-algebrizing techniques
Algebrizing
[LFKN], [Shamir], [BFL],
[BFT], [Vinodchandran],
[Santhanam], [IKW], …
Relativizing
[Toda], [ImpagliazzoWigderson], [ValiantVazirani], [Kannan],
hundreds more
[Your result here]
[GMW?]
Naturalizing
[Furst-Saxe-Sipser],
[Razborov-Smolensky],
[Raz], dozens more
Outline
A New Kind of Relativization
Why Existing Results Algebrize
Example: coNPIP
The Need for Non-Algebrizing Techniques
…to prove PNP
…to prove P=RP
Connections to Communication Complexity
O(N log N) MA-protocol for Inner Product
Conclusions and Open Problems
Outline
A New Kind of Relativization
Why Existing Results Algebrize
Example: coNPIP
The Need for Non-Algebrizing Techniques
…to prove PNP
…to prove P=RP
Connections to Communication Complexity
O(N log N) MA-protocol for Inner Product
Conclusions and Open Problems
First, the old kind of relativization…
An oracle is basically just a
Boolean function A that we can
insert into a circuit as a “black box”
x1



A
x2
x3
x4
Given a complexity class C, CA is the class of problems
solvable by a C machine with oracle access to A
The inclusion CD relativizes if CADA for all oracles A
CA[poly]: Polynomial-size queries to A only
CA[exp]: Exponential-size queries also allowed
To prove an oracle separation between C and D means
to construct an A such that CADA.
In designing A, we get to be arbitrarily devious—toggling
each bit independently.
Example: Suppose a P
machine is looking for an
x{0,1}n such that A(x)=1.
Then we can wait to see
which x’s the machine
queries, set A(x)=0 for all of
them, and set A(x)=1 for
some x that wasn’t queried.
This idea (plus diagonalization over all P machines) was used by
[Baker-Gill-Solovay] to create an A such that PANPA.
Now for the “new” relativization
An extension of a Boolean function A:{0,1}n{0,1} is an
integer-valued polynomial Ã:ZnZ that agrees with A on
all 2n Boolean points.
Given a set of Boolean functions A={An} (one for each
input size n), we’ll be interested in sets of polynomials
Note:
also consider
extensions over
Ã={Ãn} with
theCan
following
properties:
finite fields instead of the integers. Will tell
(i) Ãn is an extension
An for
every n.matters.
you whenofthis
distinction
(ii) deg(Ãn)  cn for some constant c.
(iii) size(Ãn(x))  p(size(x)) for some polynomial p, where
n
sizex  :  1  log2 xi .
i 1
A complexity class inclusion CD algebrizes if CADÃ
for all oracles A and all extensions à of A.
Proving CD requires non-algebrizing techniques
if there exist A,Ã such that CADÃ.
A separation CD algebrizes if CÃDA for all A,Ã.
Proving CD requires non-algebrizing techniques if
there exist A,Ã such that CÃDA.
Notice we’ve defined things so that every
relativizing result is also algebrizing.
Why not require CÃDÃ? Because we don’t
know how to prove things like PSPACEÃIPÃ!
Related Work
Low-degree oracles have been studied before for
various reasons
[Fortnow94] defined a class O of oracles such that
IPA=PSPACEA for all AO
Since he wanted the same oracle A on both sides, he
had to define A recursively
(take a low-degree extension, then reinterpret as a Boolean
function, then take another low-degree extension, etc.)
He didn’t consider algebraic oracle separations
(indeed, proving separations in his model seems much harder
than in ours)
Outline
A New Kind of Relativization
Why Existing Results Algebrize
Example: coNPIP
The Need for Non-Algebrizing Techniques
…to prove PNP
…to prove P=RP
Connections to Communication Complexity
O(N log N) MA-protocol for Inner Product
Conclusions and Open Problems
Why coNPIP Algebrizes
Recall the usual coNPIP proof of [LFKN]:
px ,, x   0
x1 ,, xn  0,1
1
n
Bullshit!
The only time Arthur ever has to evaluate the polynomial
p directly is in the very last round—when he checks that
p(r1,…,rn) equals what Merlin said it does, for some
r1,…,rn chosen randomly in the previous rounds.
How was the polynomial p produced?
By starting from a Boolean circuit, then multiplying
together terms that enforce “correct propagation” at
each gate:
 g
A
Ã(x,y)g
(1-Ã(x,y))(1-g)
xyg+++(1-A(x,y))(1-g)
(1-xy)(1-g)
A(x,y)g
x
y
Arthur and Merlin then reinterpret p not as a Boolean
function, but as a polynomial over some larger field.
But what if the circuit contained oracle gates? Then
how could Arthur evaluate p over the larger field?
He’d almost need oracle access to a low-degree
extension à of A. Hey, wait…
Other Results That Algebrize
PSPACEA[poly]  IPÃ
[Shamir]
NEXPA[poly]  MIPÃ
[BFL]
EXPA[poly]  RGÃ (RG = Refereed Games)
[FK]
PPÃ  PÃ/poly  PPA  MAÃ
[LFKN]
NEXPÃ[poly]  PÃ/poly  NEXPA[poly]  MAÃ
[IKW]
MAEXPÃ[exp]  PA/poly
[BFT]
PPÃ  SIZEA(n)
[Vinodchandran]
PromiseMAÃ  SIZEA(n)
[Santhanam]
 OWF secure against PÃ  NPA  ZKIPÃ
[GMW]
Outline
A New Kind of Relativization
Why Existing Results Algebrize
Example: coNPIP
The Need for Non-Algebrizing Techniques
…to prove PNP
…to prove P=RP
Connections to Communication Complexity
O(N log N) MA-protocol for Inner Product
Conclusions and Open Problems
Proving PNP Will Require NonAlgebrizing Techniques
Theorem: There exists an oracle A, and an
extension Ã, such that NPÃPA.
Proof: Let A be a PSPACE-complete language,
and let à be the unique multilinear extension of A.
Then à is also PSPACE-complete [BFL].
Hence NPÃ = PA = PSPACE.
Harder Example: Proving P=RP Will
Require Non-Algebrizing Techniques
(hence P=NP as well)
Theorem: There exist A,Ã such that RPAPÃ.
What’s the difficulty here, compared to “standard”
oracle separation theorems?
Since à is a low-degree polynomial, we don’t have the
freedom to toggle each Ã(x) independently.
I.e. the algorithm we’re fighting is no longer looking for
a needle in a haystack—it can also look in the
haystack’s low-degree extension!
We will defeat it anyway.
Theorem: Let F be a field, and let YFn be the set of
points queried by the algorithm. Then there exists a
polynomial p:FnF, of degree at most 2n, such that
(i) p(y)=0 for all yY.
(ii) p(z)=1 for at least 2n-|Y| Boolean points z.
(iii) p(z)=0 for the remaining Boolean points.
0
Y
0
0
0
1
0
1
1
1
0
0
Proof: Given a Boolean point z, let z be the unique
multilinear polynomial that’s 1 at z and 0 at all other
A standard
diagonalization
argument
now
Boolean
points. Then
we can express
any multilinear
yields the
polynomial
r asseparation between P and RP we
wanted—at rleast
x  in the case
 xof
. finite fields.

z0,1n
z
z
Requiring r(y)=0 for all yY yields |Y| linear equations in
2n unknowns. Hence there exists a solution r such that
r(z)0 for at least 2n-|Y| Boolean points z. We now set
In the integers case, we can no longer use Gaussian

x  z x  we (i.e. Avi)
elimination to construct r. rHowever,
px  :
.
found a cleverzway
around rthis
z  problem using
0,1n : r  z 0
Chinese remaindering and Hensel lifting, provided
every query y satisfies size(y)=O(poly(n)).

Other Oracle Results We Can Prove By
Building “Designer Polynomials”
A,Ã : NPA  coNPÃ
A,Ã : NPA  BPPÃ
(only for finite fields, not integers)
A,Ã : NEXPÃ  PA/poly
A,Ã : NPÃ  SIZEA(n)
By contrast, MAEXP  P/poly
and PromiseMA  SIZE(n)
algebrize!
Since MAEXP and MA are “just above” NEXP and NP
respectively (indeed equal to them under derandomization assumptions), we
seem to get a precise explanation for why progress on
non-relativizing circuit lower bounds stopped where it did.
Outline
A New Kind of Relativization
Why Existing Results Algebrize
Example: coNPIP
The Need for Non-Algebrizing Techniques
…to prove PNP
…to prove P=RP
Connections to Communication Complexity
O(N log N) MA-protocol for Inner Product
Conclusions and Open Problems
From Algebraic Query Algorithms to
Communication Protocols
A(000)=1
A(001)=0
A(010)=0
A(011)=1
A0
A(100)=0
A(101)=0
A(110)=1
A(111)=1
Truth table of a Boolean function A
A1
Alice and Bob’s Goal: Compute some property of the
function A:{0,1}n{0,1}, using minimal communication.
Let Ã:FnF be the unique multilinear extension of A
over a finite field F.
Theorem: If a problem can be solved using T queries
to Ã, then it can also be solved using O(Tnlog|F|) bits
of communication between Alice and Bob.
This argument works just as well in the
n, we can write
Proof: Given
any
point
yF
randomized world, the nondeterministic
~
y  
 x  y  world…
Aworld,
A xquantum
the
x0 ,1n
A0 x   y    A1x   y 

Also works with integer extensions (we

0x
x0 ,1
n 1
x0 ,1
n 1
1x
~
~
didn’t have
 y . a finite field).
: A  y to
 Ause
0
1
The protocol is now as follows:
y1
(O(nlog|F|) bits)
Ã1(y1) (O(log|F|) bits)
Theorem: If a problem can be solved using T queries
y2 (O(nlog|F|) bits)
to Ã, then it can also
be solved using O(Tnlog|F|) bits
of communication between Alice and Bob.
The Harvest: Separations in Communication
Complexity Imply Algebraic Oracle Separations
(2n) randomized lower bound for
 A,Ã : NPA  BPPÃ
Disjointness [KS 1987] [Razborov 1990]
Advantage of this approach: Ã is just
(2n/2) quantum lower bound for
 A,Ã : NPA  BQPÃ
the multilinear
Disjointness [Razborov
2002] extension of A!
(2n/2) lower bound on MA-protocols for
Disjointness [Klauck 2003]
 A,Ã : coNPA  MAÃ
Disadvantage: The functions achieving
A  BPPÃ
Exponentialthe
separation
between

A,Ã
:
BQP
separations are more contrived
classical and quantum communication
(e.g. Disjointness instead of OR).
complexities [Raz 1999]
Exponential separation between MA and  A,Ã : QMAA  MAÃ
QMA communication complexities [RazShpilka 2004]
Can also go the other way: use
algebrization to get new communication
protocols
Recall that [Klauck 2003] showed Disjointness requires
total communication (N) (where N=2n), even with a
Merlin around to prove Alice and Bob’s sets are disjoint.
“Obvious” Conjecture: Klauck’s lower bound can be
improved to (N).
The obvious conjecture is false! We give an MA-protocol
for Disjointness (and indeed Inner Product) with total
communication cost O(N log N).
“Hardest” communication predicate?
O(N log N) MA-protocol for Inner Product
B:[N][N]{0,1}
A:[N][N]{0,1}

~
~
r, Br,1,, B r, N
Alice and Bob’s Goal: Compute IP 

rRF
N
 Ax, y Bx, y .
x , y 1
First step: Let F be a finite field with |F|[N,2N]. Extend A and B
~ ~ 2
A
to degree-(N-1) polynomials , B : F  F.
N
~
~
Now let S x  :  Ax, y B x, y .
y 1
N
If Merlin is honest, then IP   S x .
x 1
But how to check S’=S?

 degS ' 2 N
~
~

.
If S’S, then PrS ' r    Ar , y B r , y  
r
F
N
y 1


N
Outline
A New Kind of Relativization
Why Existing Results Algebrize
Example: coNPIP
The Need for Non-Algebrizing Techniques
…to prove PNP
…to prove P=RP
Connections to Communication Complexity
O(N log N) MA-protocol for Inner Product
Conclusions and Open Problems
Conclusions
Arithmetization had a great run.
It led to IP=PSPACE, the PCP Theorem, non-relativizing circuit
lower bounds…
Yet we showed it’s fundamentally unable to resolve barrier
problems like P vs. NP, or even P vs. BPP or NEXP vs. P/poly.
Why? It “doesn’t pry open the black-box wide enough.”
I.e. it uses a polynomial-size Boolean circuit to produce a low-degree
polynomial, which it then evaluates as a black box. It doesn’t exploit
the small size of the circuit in any “deeper” way.
To reach this conclusion, we introduced a new model of
algebraic query complexity, which has independent
applications (e.g. to communication complexity) and lots of
nooks and crannies to explore in its own right.
Open Problems
Develop non-algebrizing techniques!
Do there exist A,Ã such that coNPA  AMÃ?
Can we improve PSPACEA[poly]  IPÃ to PSPACEÃ[poly] = IPÃ?
Is MAEXPÃ[poly]  PA/poly?
Can our query complexity lower bound for integer extensions
be generalized to queries of unbounded size?
Do algebraic query complexity lower bounds ever imply
communication complexity lower bounds?
How far can we generalize our results to arbitrary errorcorrecting codes (not just low-degree extensions)?
Can we construct “pseudorandom low-degree polynomials”?