Transcript Wild Idea - Scott Aaronson

Algebrization: A New Barrier
in Complexity Theory
Scott Aaronson (MIT)
Avi Wigderson (IAS)
NEXPP/polyNEXP=MA
PPSIZE(n)
RG=EXP
MAEXPP/poly
-15xyz+43xy-5x
xw-44xz+x-7y+
4xyw-12yz+17xyzw-2x-2y-2z-2w
What To Call It?
Algebraic Relativization?
Algevitization?
Algevization?
Algebraicization?
Algebraization?
Algebrization?
A
DIAGONALIZATION
Any proof of PNP will have
to defeat two terrifying
monsters…
PNP
Relativization
[Baker-Gill-Solovay 1975]
Natural Proofs
[Razborov-Rudich 1993]
Furthermore, even our
best weapons seem to
work against one monster
but not the other…
Yet within the last decade, we’ve seen circuit
lower bounds that overcome both barriers
[Buhrman-Fortnow-Thierauf 1998]: MAEXP  P/poly
Furthermore, this separation doesn’t relativize
[Vinodchandran 2004]: PP  SIZE(nk) for every fixed k
[A. 2006]: Vinodchandran’s result is non-relativizing
Vinodchandran’s Proof:
PP  P/poly
 We’re done
Non-Relativizing
PP  P/poly
 P#P = MA [LFKN]
Non-Naturalizing
 P#P = PP
 2P  PP [Toda]
 PP  SIZE(nk) [Kannan]
[Santhanam 2007]: PromiseMA  SIZE(nk) for fixed k
Bottom Line: Relativization and natural proofs, even taken
together, are no longer insuperable barriers to circuit lower
bounds
Obvious Question [Santhanam 2007]: Is there a third
barrier?
This Talk: Unfortunately, yes.
“Algebrization”: A generalization of relativization where the
simulating machine gets access not only to an oracle A, but
also a low-degree extension à of A over a finite field or ring
We show:
• Almost all known techniques in complexity theory algebrize
• Any proof of PNP—or even P=RP or NEXPP/poly—will
require non-algebrizing techniques
Algebrizing
[LFKN], [Shamir], [BFL],
[BFT], [Vinodchandran],
[Santhanam], [IKW], …
Relativizing
[Toda], [ImpagliazzoWigderson], [ValiantVazirani], [Kannan],
hundreds more
[Your result here]
[GMW?]
Naturalizing
[Furst-Saxe-Sipser],
[Razborov-Smolensky],
[Raz], dozens more
Definitions
The inclusion CD relativizes if CADA for all oracles A
CA[poly]: Polynomial-size queries to A only
CA[exp]: Exponential-size queries also allowed
Given an oracle A={An} with An:{0,1}n{0,1}, an
Note:
consider
over
extension
à ofCan
A is also
a collection
ofextensions
polynomials
Ãn:ZnZ
finite fields instead of the integers. Will tell
satisfying:
you when this distinction matters.
(i) Ãn(x)=An(x) for all Boolean x{0,1}n,
(ii) deg(Ãn)=O(n),
(iii) size(Ãn(x))  p(size(x)) for some polynomial p, where
n
sizex  :  1  log2 xi .
i 1
A complexity class inclusion CD algebrizes if
CADà for all oracles A and all extensions à of A
Proving CD requires non-algebrizing
techniques if there exist A,Ã such that CADÃ
A separation CD algebrizes if CÃDA for all A,Ã
Proving CD requires non-algebrizing techniques
if there exist A,Ã such that CÃDA
Notice we’ve defined things so that every
relativizing result is also algebrizing.
Related Work
Low-degree oracles have been studied before for
various reasons
[Fortnow94] defined a class O of oracles such that
IPA=PSPACEA for all AO
Since he wanted the same oracle A on both sides,
he had to define A recursively
(take a low-degree extension, then reinterpret as a Boolean
function, then take another low-degree extension, etc.)
Proving separations in his model seems
extremely hard
Why coNPIP Algebrizes
Recall the usual coNPIP proof of [LFKN]:
px ,, x   0
x1 ,, xn  0,1
1
n
Bullshit!
The only time Arthur ever has to evaluate the polynomial
p directly is in the very last round—when he checks that
p(r1,…,rn) equals what Merlin said it does, for some
r1,…,rn chosen randomly in the previous rounds.
How was the polynomial p produced?
By starting from a Boolean circuit, then multiplying
together terms that enforce “correct propagation” at
each gate:
 g
A
Ã(x,y)g
(1-Ã(x,y))(1-g)
xyg+++(1-A(x,y))(1-g)
(1-xy)(1-g)
A(x,y)g
x
y
Arthur and Merlin then reinterpret p not as a Boolean
function, but as a polynomial over some larger field.
But what if the circuit contained oracle gates? Then
how could Arthur evaluate p over the larger field?
He’d almost need oracle access to a low-degree
extension à of A. Hey, wait…
Other Results That Algebrize
PSPACEA[poly]  IPÃ
[Shamir]
NEXPA[poly]  MIPÃ
[BFL]
EXPA[poly]  RGÃ (RG = Refereed Games)
[FK]
PPÃ  PÃ/poly  PPA  MAÃ
[LFKN]
NEXPÃ[poly]  PÃ/poly  NEXPA[poly]  MAÃ
[IKW]
MAEXPÃ[exp]  PA/poly
[BFT]
PPÃ  SIZEA(n)
[Vinodchandran]
PromiseMAÃ  SIZEA(n)
[Santhanam]
 OWF secure against PÃ  NPA  ZKIPÃ
[GMW]
Proving PNP Will Require NonAlgebrizing Techniques
Theorem: There exists an oracle A, and an
extension Ã, such that NPÃPA.
Proof: Let A be a PSPACE-complete language,
and let à be the unique multilinear extension of A.
Then à is also PSPACE-complete [BFL].
Hence NPÃ = PA = PSPACE.
Harder Example: Proving P=RP Will
Require Non-Algebrizing Techniques
(hence P=NP as well)
Theorem: There exist A,Ã such that RPAPÃ.
What’s the difficulty here, compared to “standard”
oracle separation theorems?
Since à is a low-degree polynomial, we don’t have the
freedom to toggle each Ã(x) independently.
I.e. the algorithm we’re fighting is no longer looking for
a needle in a haystack—it can also look in the
haystack’s low-degree extension!
We will defeat it anyway.
Theorem: Let F be a field, and let YFn be the set of
points queried by the algorithm. Then there exists a
polynomial p:FnF, of degree at most 2n, such that
(i) p(y)=0 for all yY.
(ii) p(z)=1 for at least 2n-|Y| Boolean points z.
(iii) p(z)=0 for the remaining Boolean points.
0
Y
0
0
0
1
0
1
1
1
0
0
Proof: Given a Boolean point z, let z be the unique
multilinear polynomial that’s 1 at z and 0 at all other
A standard
diagonalization
argument
now
Boolean
points. Then
we can express
any multilinear
yields the
polynomial
r asseparation between P and RP we
wanted—at rleast
x  in the case
 xof
. finite fields.

z0,1n
z
z
Requiring r(y)=0 for all yY yields |Y| linear equations in
2n unknowns. Hence there exists a solution r such that
r(z)0 for at least 2n-|Y| Boolean points z. We now set
In the integers case, we can no longer use Gaussian

x  z x  we (i.e. Avi)
elimination to construct r. rHowever,
px  :
.
found a cleverzway
around rthis
z  problem using
0,1n : r  z 0
Chinese remaindering and Hensel lifting, provided
every query y satisfies size(y)=O(poly(n)).

Other Oracle Results We Can Prove By
Building “Designer Polynomials”
A,Ã : NPA  coNPÃ
A,Ã : NPA  BPPÃ
(only for finite fields, not integers)
A,Ã : NEXPÃ[exp]  PA/poly
A,Ã : NPÃ  SIZEA(n)
By contrast, MAEXP 
P/poly and PromiseMA
 SIZE(n) algebrize!
Since MAEXP and MA are “just above” NEXP and NP
respectively (indeed equal to them under derandomization assumptions), we
seem to get a precise explanation for why progress on
non-relativizing circuit lower bounds stopped where it did.
From Algebraic Query Algorithms to
Communication Protocols
A(000)=1
A(001)=0
A(010)=0
A(011)=1
A0
A(100)=0
A(101)=0
A(110)=1
A(111)=1
Truth table of a Boolean function A
A1
Alice and Bob’s Goal: Compute some property of the
function A:{0,1}n{0,1}, using minimal communication.
Let Ã:FnF be the unique multilinear extension of A
over a finite field F.
Theorem: If a problem can be solved using T queries
to Ã, then it can also be solved using O(Tnlog|F|) bits
of communication between Alice and Bob.
This argument works just as well in the
n, we can write
Proof: Given
any
point
yF
randomized world, the nondeterministic
~
y  
 x  y  world…
Aworld,
A xquantum
the
x0 ,1n
A0 x   y    A1x   y 

Also works with integer extensions (we

0x
x0 ,1
n 1
x0 ,1
n 1
1x
~
~
didn’t have
 y . a finite field).
: A  y to
 Ause
0
1
The protocol is now as follows:
y1
(O(nlog|F|) bits)
Ã1(y1) (O(log|F|) bits)
Theorem: If a problem can be solved using T queries
y2 (O(nlog|F|) bits)
to Ã, then it can also
be solved using O(Tnlog|F|) bits
of communication between Alice and Bob.
The Harvest: Separations in Communication
Complexity Imply Algebraic Oracle Separations
(2n) randomized lower bound for
 A,Ã : NPA  BPPÃ
Disjointness [KS 1987] [Razborov 1990]
Advantage of this approach: Ã is just
(2n/2) quantum lower bound for
 A,Ã : NPA  BQPÃ
the multilinear
Disjointness [Razborov
2002] extension of A!
(2n/2) lower bound on MA-protocols for
Disjointness [Klauck 2003]
 A,Ã : coNPA  MAÃ
Disadvantage: The functions achieving
A  BPPÃ
Exponentialthe
separation
between

A,Ã
:
BQP
separations are more contrived
classical and quantum communication
(e.g. Disjointness instead of OR).
complexities [Raz 1999]
Exponential separation between MA and  A,Ã : QMAA  MAÃ
QMA communication complexities [RazShpilka 2004]
Can also go the other way: algebrizationinspired communication protocols
[Klauck 2003]: Disjointness requires total communication
(N) (where N=2n), even with a Merlin around to prove
Alice and Bob’s sets are disjoint
“Obvious” Conjecture: Klauck’s lower bound can be
improved to (N)
This conjecture is false! We give an MA-protocol for
Disjointness (and indeed Inner Product) with total
communication cost O(N log N)
“Hardest” communication predicate?
O(N log N) MA-protocol for Inner Product
B:[N][N]{0,1}
A:[N][N]{0,1}

~
~
r, Br,1,, B r, N
Alice and Bob’s Goal: Compute IP 

rRF
N
 Ax, y Bx, y .
x , y 1
First step: Let F be a finite field with |F|[N,2N]. Extend A and B
~ ~ 2
A
to degree-(N-1) polynomials , B : F  F.
N
~
~
Now let S x  :  Ax, y B x, y .
y 1
N
If Merlin is honest, then IP   S x .
x 1
But how to check S’=S?

 degS ' 2 N
~
~

.
If S’S, then PrS ' r    Ar , y B r , y  
r
F
N
y 1


N
Conclusions
Arithmetization had a great run.
It led to IP=PSPACE, the PCP Theorem, non-relativizing circuit
lower bounds…
Yet we showed it’s fundamentally unable to resolve barrier
problems like P vs. NP, or even P vs. BPP or NEXP vs. P/poly.
Why? It “doesn’t pry open the black-box wide enough.”
I.e. it uses a polynomial-size Boolean circuit to produce a low-degree
polynomial, which it then evaluates as a black box. It doesn’t exploit
the small size of the circuit in any “deeper” way.
To reach this conclusion, we introduced a new model of
algebraic query complexity, which has independent
applications (e.g. to communication complexity) and lots of
nooks and crannies to explore in its own right.
Open Problems
Develop non-algebrizing techniques!
Do there exist A,Ã such that coNPA  AMÃ?
Improve PSPACEA[poly]  IPÃ to PSPACEÃ[poly] = IPÃ
MAEXPÃ[poly]  PA/poly?
“Double algebrization”
Integer queries of unbounded size
Algebraic query lower bounds  communication lower
bounds?
Generalize to arbitrary error-correcting codes (not just
low-degree extensions)?