Transcript Wild Idea - Institute for Advanced Study

Algebrization: A New Barrier
in Complexity Theory
Scott Aaronson (MIT)
Avi Wigderson (IAS)
NEXPP/polyNEXP=MA
PPSIZE(n)
RG=EXP
MAEXPP/poly
-15xyz+43xy-5x
xw-44xz+x-7y+
4xyw-12yz+17xyzw-2x-2y-2z-2w
A
DIAGONALIZATION
Any proof of PNP will have
to defeat two terrifying
monsters…
PNP
Relativization
[Baker-Gill-Solovay 1975]
Natural Proofs
[Razborov-Rudich 1993]
Furthermore, even our
best weapons seem to
work against one monster
but not the other…
Yet within the last decade, we’ve seen circuit
lower bounds that overcome both barriers
[Buhrman-Fortnow-Thierauf 1998]: MAEXP  P/poly
Furthermore, this separation doesn’t relativize
[Vinodchandran 2004]: PP  SIZE(nk) for every fixed k
[Aaronson. 2006]: This separation is doesn’t relativize
Vinodchandran’s Proof:
PP  P/poly
 We’re done
Non-Relativizing
PP  P/poly
 P#P = MA [LFKN]
Non-Naturalizing
 P#P = PP
 2P  PP [Toda]
 PP  SIZE(nk) [Kannan]
[Santhanam 2007]: PromiseMA  SIZE(nk) for fixed k
Bottom Line: Relativization and natural proofs, even taken
together, are no longer insuperable barriers to circuit lower
bounds
Obvious Question [Santhanam 2007]: Is there a third
barrier?
This Talk: Unfortunately, yes.
“Algebrization”: A generalization of relativization where the
simulating machine gets access not only to an oracle A, but
also a low-degree extension à of A over a finite field or ring
We show:
• Almost all known techniques in complexity theory algebrize
• Any proof of PNP, P=RP or NEXPP/poly --- will require
non-algebrizing techniques
Algebrizing
[Your result here]
[LFKN], [Shamir], [BFL],
[BFT], [Vinodchandran],
[Santhanam], [IKW], …
Relativizing
[Toda], [ImpagliazzoWigderson], [ValiantVazirani], [Kannan],
hundreds more
Naturalizing
[Furst-Saxe-Sipser],
[Razborov-Smolensky],
[Raz], dozens more
Plan for the rest of the talk
-Definition of algebraization & algebraizing results
-Almost every non relativized results algebraizes
-Almost all remaining open problems don’t algebraize
Definitions
The inclusion CD relativizes if CADA for all oracles A
Given an oracle A={An} with An:{0,1}n{0,1}, an
extension à of A is a collection of polynomials Ãn:ZnZ
satisfying:
(i) Ãn(x)=An(x) for all Boolean x{0,1}n,
(ii) deg(Ãn)=O(n),
(iii) size(Ãn(x))  p(size(x)) for some polynomial p, where
n
sizex  :  1  log2 xi .
i 1
Note: Can also consider extensions over
finite fields instead of the integers. Will tell
you when this distinction matters.
A complexity class inclusion CD algebrizes if
CADà for all oracles A and all extensions à of A
Proving CD requires non-algebrizing
techniques if there exist A,Ã such that CADÃ
A complexity class separation CD algebrizes if
CÃDA for all A,Ã
Proving CD requires non-algebrizing techniques
if there exist A,Ã such that CÃDA
Notice we’ve defined things so that every
relativizing result is also algebrizing.
Algebraizing results
Why coNPIP Algebrizes
Recall the usual coNPIP proof of [LFKN]:
px ,, x   0
x1 ,, xn  0,1
1
n
Bullshit!
The only time Arthur ever has to evaluate the polynomial
p directly is in the very last round—when he checks that
p(r1,…,rn) equals what Merlin said it does, for some
r1,…,rn chosen randomly in the previous rounds.
How was the polynomial p produced?
By starting from a Boolean circuit, assign a variable to
every gate, then multiply together terms that enforce
“correct propagation” at each gate:
 g
A
Ã(x,y)g
(1-Ã(x,y))(1-g)
xyg+++(1-A(x,y))(1-g)
(1-xy)(1-g)
A(x,y)g
x
y
Arthur and Merlin then reinterpret p not as a Boolean
function, but as a polynomial over some larger field.
But what if the circuit contained oracle gates? Then
how could Arthur evaluate p over the larger field?
That’s why IP=PSPACE doesn’t relativize!
But if Arthur has access to an extension à of A….
Other Results That Algebrize
Notation: CA[poly]: Polynomial-size queries to A only
PSPACEA[poly]  IPÃ
[Shamir]
NEXPA[poly]  MIPÃ
[BFL]
PPÃ  PÃ/poly  PPA  MAÃ
[LFKN]
NEXPÃ[poly]  PÃ/poly  NEXPA[poly]  MAÃ
[IKW]
MAEXPÃ  PA/poly
[BFT]
PPÃ  SIZEA(n)
[Vinodchandran]
PromiseMAÃ  SIZEA(n)
[Santhanam]
 OWF fPÃ, f-1BPPÃ  NPA  ZKIPÃ [GMW]
Proving PNP Will Require NonAlgebrizing Techniques
Theorem: There exists an oracle A, and an
extension Ã, such that NPÃPA.
Proof: Let A be a PSPACE-complete [BGS] .
Let à be the unique multilinear extension of A.
Then à is also PSPACE-complete [BFL].
Hence NPÃ = PA = PSPACE.
Harder Example: Proving P=NP Will
Require Non-Algebrizing Techniques
Theorem: There exist A,Ã such that NPA  PÃ.
What’s the difficulty here, compared to [BGS] NPA  PA?
LA(n): does A(z)=1 for any z {0,1}n ? (find a needle in a
haystack). We’ll answer P-machine queries to A by 0.
But if the machine queries Ã, a low-degree polynomial
extension of A, we can’t toggle each Ã(x) freely!
I.e. the algorithm we’re fighting is no longer looking for
a needle in a haystack—it can also look in the
haystack’s low-degree extension!
Can access to a haystack extension help? Yes & No
Polynomial extensions help
Theorem: [JKRS]
For A: {0,1}n  {0,1} let #A=x A(x)
Let Ã: Fn  F be the multilinear extension of A
with char(F)  2. Then #A  PÃ
Proof: #A = 2n Ã(½, ½ … ½ )
Polynomial extensions don’t help
Theorem: Let F be a field, and let YFn be the set of
points queried by the algorithm. Then there exists a
polynomial p:FnF, of degree at most 2n, such that
(i) p(y)=0 for all yY.
(ii) p(z)=1 for at least 2n-|Y| Boolean points z.
(iii) p(z)=0 for the remaining Boolean points.
0
Y
0
0
0
1
0
1
1
1
0
0
Proof: Given a Boolean point z, let z be the unique
multilinear polynomial that’s 1 at z and 0 at all other
A standard
diagonalization
argument
now
Boolean
points. Then
we can express
any multilinear
yields the
polynomial
r asseparation between P and RP we
wanted—at rleast
x  in the case
 xof
. finite fields.

z0,1n
z
z
Requiring r(y)=0 for all yY yields |Y| linear equations in
2n unknowns. Hence there exists a solution r such that
n-|Y| Boolean
r(z)0
for integers
at least 2case,
points
z. use
We Gaussian
now set
In the
we can no
longer
elimination to construct r. However,
r x  z x  using Chinese
px  :and
 Hensel lifting, some
. proof works
remaindering

r zsize(y)=O(poly(n)).
z0,1n :yr satisfies
z  0
provided every query

If |Y|=poly(n), the algorithm can’t even distinguish if
A
is all 0’s or A is mostly 1’s on {0,1}n. Proved RPA  PÃ !
Other Oracle Results We Can Prove By
Building “Designer Polynomials”
A,Ã : NPA  coNPÃ
A,Ã : NPA  BPPÃ
(only for finite fields, not integers)
A,Ã : NEXPÃ  PA/poly
MAEXP  P/poly, and
A,Ã : NPÃ  SIZEA(n)
PromiseMA  SIZE(n)
do algebrize!
We seem to get a precise explanation for why
progress on non-relativizing circuit lower bounds
stopped where it did
From Algebraic Query Algorithms to
Communication Protocols
A(000)=1
A(001)=0
A(010)=0
A(011)=1
A0
A(100)=0
A(101)=0
A(110)=1
A(111)=1
Truth table of a Boolean function A
A1
Alice and Bob’s Goal: Compute some property of the
function A:{0,1}n{0,1}, using minimal communication
Let Ã:FnF be the unique multilinear extension of A
over a finite field F
Theorem: If a problem can be solved using T queries
to Ã, then it can also be solved using O(Tnlog|F|) bits
of communication between Alice and Bob
Theorem: If a problem can be solved using T queries
to Ã, then it can also be solved using O(Tnlog|F|) bits
of communication between Alice and Bob
This argument works just as well in the
n, we can write
Proof: Given
any
point
yF
randomized world, the nondeterministic
~
y  
 x  y  world…
Aworld,
A xquantum
the
x0 ,1n
A0 x   y    A1x   y 

Also works with integer extensions (we

0x
x0 ,1
n 1
x0 ,1
n 1
1x
~
~
didn’t have
 y . a finite field).
: A  y to
 Ause
0
1
The protocol is now as follows:
Ã(y1)=Ã0(y1)+Ã1(y1)
y1 (O(nlog|F|) bits)
Ã1(y1)
y2
(O(log|F|) bits)
(O(nlog|F|) bits)
The Harvest: Separations in Communication
Complexity Imply Algebraic Oracle Separations
(2n) randomized lower bound for
 A,Ã : NPA  BPPÃ
Disjointness [KS 1987] [Razborov 1990]
of this approach:
(2n/2) quantumAdvantages
lower bound for
 A,Ã : NPA  BQPÃ
Disjointness
[Razborov
à is
just the 2002]
multilinear extension of A!
(2n/2) lower bound on MA-protocols for  A,Ã : coNPA  MAÃ
Works[Klauck
automatically
with integer extensions
Disjointness
2003]
Exponential separation between
 A,Ã : BQPA  BPPÃ
classical and
quantum communication
Disadvantage:
The functions achieving
complexitiesthe
[Raz
1999]
separations
are more contrived
Exponential separation
between MA
and of
A,Ã
: QMAA  MAÃ
(e.g. Disjointness
instead
OR).
QMA communication complexities [RazShpilka 2004]
Conclusions
Arithmetization had a great run: led to IP=PSPACE, the PCP
Theorem, non-relativizing circuit lower bounds…
Yet we showed it’s fundamentally unable to resolve barrier
problems like P vs. NP, or even P vs. BPP or NEXP vs. P/poly.
Why? It “doesn’t pry open the black-box wide enough.”
I.e. it uses a polynomial-size Boolean circuit to produce a low-degree
polynomial, which it then evaluates as a black box. It doesn’t exploit
the small size of the circuit in any “deeper” way.
To reach this conclusion, we introduced a new model of
algebraic query complexity, which has independent
applications (e.g. to communication complexity) and lots of
nooks and crannies to explore in its own right.
OPEN: Prove a non-algebrizing result!
Open Problems
Develop non-algebrizing techniques!
Do there exist A,Ã such that coNPA  AMÃ?
Improve PSPACEA[poly]  IPÃ to PSPACEÃ[poly] = IPÃ
The power of “double algebrization”
Integer queries of unbounded size
Generalize to arbitrary error-correcting codes (not just
low-degree extensions)?
Test if a low-degree extension came from a small circuit?
Algebraize other crypto results (oblivious function eval)
Can also go the other way: algebrizationinspired communication protocols
[Klauck 2003]: Disjointness requires (N)
communication, even if there’s a Merlin to prove Alice
and Bob’s sets are disjoint
“Obvious” Conjecture: Klauck’s lower bound can be
improved to (N)
This conjecture is false! We give an MA-protocol for
Disjointness (and indeed Inner Product) with total
communication cost O(N log N)
“Hardest” communication predicate?
O(N log N) MA-protocol for Inner Product
B:[N][N]{0,1}
A:[N][N]{0,1}

~
~
r, Br,1,, B r, N
Alice and Bob’s Goal: Compute IP 

rRF
N
 Ax, y Bx, y .
x , y 1
First step: Let F be a finite field with |F|[N,2N]. Extend A and B
~ ~ 2
A
to degree-(N-1) polynomials , B : F  F.
N
~
~
Now let S x  :  Ax, y B x, y .
y 1
N
If Merlin is honest, then IP   S x .
x 1
But how to check S’=S?

 degS ' 2 N
~
~

.
If S’S, then PrS ' r    Ar , y B r , y  
r
F
N
y 1


N