On Hardness Assumptions Needed for “Extreme High-End” PRGs and Fast Derandomization

Ronen Shaltiel; Emanuele Viola

doi:10.4230/LIPIcs.ITCS.2022.116

On Hardness Assumptions Needed for “Extreme High-End” PRGs and Fast Derandomization

Ronen Shaltiel, Emanuele Viola

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The hardness vs. randomness paradigm aims to explicitly construct pseudorandom generators G : {0, 1}^r → {0, 1}^m that fool circuits of size m, assuming the existence of explicit hard functions. A “high-end PRG” with seed length r = O(log m) (implying BPP=P) was achieved in a seminal work of Impagliazzo and Wigderson (STOC 1997), assuming the high-end hardness assumption: there exist constants 0 < β < 1 < B, and functions computable in time 2^B·n that cannot be computed by circuits of size 2^β·n. Recently, motivated by fast derandomization of randomized algorithms, Doron et al. (FOCS 2020) and Chen and Tell (STOC 2021), construct “extreme high-end PRGs” with seed length r = (1 + o(1)) · log m, under qualitatively stronger assumptions. We study whether extreme high-end PRGs can be constructed from the corresponding hardness assumption in which β = 1−o(1) and B = 1+o(1), which we call the extreme high-end hardness assumption. We give a partial negative answer: The construction of Doron et al. composes a PEG (pseudo-entropy generator) with an extractor. The PEG is constructed starting from a function that is hard for MA-type circuits. We show that black-box PEG constructions from the extreme high-end hardness assumption must have large seed length (and so cannot be used to obtain extreme high-end PRGs by applying an extractor). To prove this, we establish a new property of (general) black-box PRG constructions from hard functions: it is possible to fix many output bits of the construction while fixing few bits of the hard function. This property distinguishes PRG constructions from typical extractor constructions, and this may explain why it is difficult to design PRG constructions. The construction of Chen and Tell composes two PRGs: (Equation presented) and (Equation presented). The first PRG is constructed from the extreme high-end hardness assumption, and the second PRG needs to run in time m^1+o(1), and is constructed assuming one way functions. We show that in black-box proofs of hardness amplification to 1/2 + 1/m, reductions must make Ω(m) queries, even in the extreme high-end. Known PRG constructions from hard functions are black-box and use (or imply) hardness amplification, and so cannot be used to construct a PRG G2 from the extreme high-end hardness assumption. The new feature of our hardness amplification result is that it applies even to the extreme high-end setting of parameters, whereas past work does not. Our techniques also improve recent lower bounds of Ron-Zewi, Shaltiel and Varma (ITCS 2021) on the number of queries of local list-decoding algorithms.

Original language	English
Title of host publication	13th Innovations in Theoretical Computer Science Conference, ITCS 2022
Editors	Mark Braverman
Publisher	Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
ISBN (Electronic)	9783959772174
DOIs	https://doi.org/10.4230/LIPIcs.ITCS.2022.116
State	Published - 1 Jan 2022
Event	13th Innovations in Theoretical Computer Science Conference, ITCS 2022 - Berkeley, United States Duration: 31 Jan 2022 → 3 Feb 2022

Publication series

Name	Leibniz International Proceedings in Informatics, LIPIcs
Volume	215
ISSN (Print)	1868-8969

Conference

Conference	13th Innovations in Theoretical Computer Science Conference, ITCS 2022
Country/Territory	United States
City	Berkeley
Period	31/01/22 → 3/02/22

Bibliographical note

Publisher Copyright:
© Ronen Shaltiel and Emanuele Viola; licensed under Creative Commons License CC-BY 4.0

Keywords

Black-box proofs
Complexity Theory
Derandomization
Pseudorandom generators

ASJC Scopus subject areas

Software

Access to Document

10.4230/LIPIcs.ITCS.2022.116

Cite this

Shaltiel, R., & Viola, E. (2022). On Hardness Assumptions Needed for “Extreme High-End” PRGs and Fast Derandomization. In M. Braverman (Ed.), 13th Innovations in Theoretical Computer Science Conference, ITCS 2022 Article 116 (Leibniz International Proceedings in Informatics, LIPIcs; Vol. 215). Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing. https://doi.org/10.4230/LIPIcs.ITCS.2022.116

@inproceedings{fc63beaa46ec4c32b10f72d9a5bea522,

title = "On Hardness Assumptions Needed for “Extreme High-End” PRGs and Fast Derandomization",

abstract = "The hardness vs. randomness paradigm aims to explicitly construct pseudorandom generators G : {0, 1}r → {0, 1}m that fool circuits of size m, assuming the existence of explicit hard functions. A “high-end PRG” with seed length r = O(log m) (implying BPP=P) was achieved in a seminal work of Impagliazzo and Wigderson (STOC 1997), assuming the high-end hardness assumption: there exist constants 0 < β < 1 < B, and functions computable in time 2B·n that cannot be computed by circuits of size 2β·n. Recently, motivated by fast derandomization of randomized algorithms, Doron et al. (FOCS 2020) and Chen and Tell (STOC 2021), construct “extreme high-end PRGs” with seed length r = (1 + o(1)) · log m, under qualitatively stronger assumptions. We study whether extreme high-end PRGs can be constructed from the corresponding hardness assumption in which β = 1−o(1) and B = 1+o(1), which we call the extreme high-end hardness assumption. We give a partial negative answer: The construction of Doron et al. composes a PEG (pseudo-entropy generator) with an extractor. The PEG is constructed starting from a function that is hard for MA-type circuits. We show that black-box PEG constructions from the extreme high-end hardness assumption must have large seed length (and so cannot be used to obtain extreme high-end PRGs by applying an extractor). To prove this, we establish a new property of (general) black-box PRG constructions from hard functions: it is possible to fix many output bits of the construction while fixing few bits of the hard function. This property distinguishes PRG constructions from typical extractor constructions, and this may explain why it is difficult to design PRG constructions. The construction of Chen and Tell composes two PRGs: (Equation presented) and (Equation presented). The first PRG is constructed from the extreme high-end hardness assumption, and the second PRG needs to run in time m1+o(1), and is constructed assuming one way functions. We show that in black-box proofs of hardness amplification to 1/2 + 1/m, reductions must make Ω(m) queries, even in the extreme high-end. Known PRG constructions from hard functions are black-box and use (or imply) hardness amplification, and so cannot be used to construct a PRG G2 from the extreme high-end hardness assumption. The new feature of our hardness amplification result is that it applies even to the extreme high-end setting of parameters, whereas past work does not. Our techniques also improve recent lower bounds of Ron-Zewi, Shaltiel and Varma (ITCS 2021) on the number of queries of local list-decoding algorithms.",

keywords = "Black-box proofs, Complexity Theory, Derandomization, Pseudorandom generators",

author = "Ronen Shaltiel and Emanuele Viola",

note = "Publisher Copyright: {\textcopyright} Ronen Shaltiel and Emanuele Viola; licensed under Creative Commons License CC-BY 4.0; 13th Innovations in Theoretical Computer Science Conference, ITCS 2022 ; Conference date: 31-01-2022 Through 03-02-2022",

year = "2022",

month = jan,

day = "1",

doi = "10.4230/LIPIcs.ITCS.2022.116",

language = "English",

series = "Leibniz International Proceedings in Informatics, LIPIcs",

publisher = "Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing",

editor = "Mark Braverman",

booktitle = "13th Innovations in Theoretical Computer Science Conference, ITCS 2022",

address = "Germany",

}

Shaltiel, R & Viola, E 2022, On Hardness Assumptions Needed for “Extreme High-End” PRGs and Fast Derandomization. in M Braverman (ed.), 13th Innovations in Theoretical Computer Science Conference, ITCS 2022., 116, Leibniz International Proceedings in Informatics, LIPIcs, vol. 215, Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing, 13th Innovations in Theoretical Computer Science Conference, ITCS 2022, Berkeley, United States, 31/01/22. https://doi.org/10.4230/LIPIcs.ITCS.2022.116

On Hardness Assumptions Needed for “Extreme High-End” PRGs and Fast Derandomization. / Shaltiel, Ronen; Viola, Emanuele.
13th Innovations in Theoretical Computer Science Conference, ITCS 2022. ed. / Mark Braverman. Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing, 2022. 116 (Leibniz International Proceedings in Informatics, LIPIcs; Vol. 215).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On Hardness Assumptions Needed for “Extreme High-End” PRGs and Fast Derandomization

AU - Shaltiel, Ronen

AU - Viola, Emanuele

PY - 2022/1/1

Y1 - 2022/1/1

N2 - The hardness vs. randomness paradigm aims to explicitly construct pseudorandom generators G : {0, 1}r → {0, 1}m that fool circuits of size m, assuming the existence of explicit hard functions. A “high-end PRG” with seed length r = O(log m) (implying BPP=P) was achieved in a seminal work of Impagliazzo and Wigderson (STOC 1997), assuming the high-end hardness assumption: there exist constants 0 < β < 1 < B, and functions computable in time 2B·n that cannot be computed by circuits of size 2β·n. Recently, motivated by fast derandomization of randomized algorithms, Doron et al. (FOCS 2020) and Chen and Tell (STOC 2021), construct “extreme high-end PRGs” with seed length r = (1 + o(1)) · log m, under qualitatively stronger assumptions. We study whether extreme high-end PRGs can be constructed from the corresponding hardness assumption in which β = 1−o(1) and B = 1+o(1), which we call the extreme high-end hardness assumption. We give a partial negative answer: The construction of Doron et al. composes a PEG (pseudo-entropy generator) with an extractor. The PEG is constructed starting from a function that is hard for MA-type circuits. We show that black-box PEG constructions from the extreme high-end hardness assumption must have large seed length (and so cannot be used to obtain extreme high-end PRGs by applying an extractor). To prove this, we establish a new property of (general) black-box PRG constructions from hard functions: it is possible to fix many output bits of the construction while fixing few bits of the hard function. This property distinguishes PRG constructions from typical extractor constructions, and this may explain why it is difficult to design PRG constructions. The construction of Chen and Tell composes two PRGs: (Equation presented) and (Equation presented). The first PRG is constructed from the extreme high-end hardness assumption, and the second PRG needs to run in time m1+o(1), and is constructed assuming one way functions. We show that in black-box proofs of hardness amplification to 1/2 + 1/m, reductions must make Ω(m) queries, even in the extreme high-end. Known PRG constructions from hard functions are black-box and use (or imply) hardness amplification, and so cannot be used to construct a PRG G2 from the extreme high-end hardness assumption. The new feature of our hardness amplification result is that it applies even to the extreme high-end setting of parameters, whereas past work does not. Our techniques also improve recent lower bounds of Ron-Zewi, Shaltiel and Varma (ITCS 2021) on the number of queries of local list-decoding algorithms.

AB - The hardness vs. randomness paradigm aims to explicitly construct pseudorandom generators G : {0, 1}r → {0, 1}m that fool circuits of size m, assuming the existence of explicit hard functions. A “high-end PRG” with seed length r = O(log m) (implying BPP=P) was achieved in a seminal work of Impagliazzo and Wigderson (STOC 1997), assuming the high-end hardness assumption: there exist constants 0 < β < 1 < B, and functions computable in time 2B·n that cannot be computed by circuits of size 2β·n. Recently, motivated by fast derandomization of randomized algorithms, Doron et al. (FOCS 2020) and Chen and Tell (STOC 2021), construct “extreme high-end PRGs” with seed length r = (1 + o(1)) · log m, under qualitatively stronger assumptions. We study whether extreme high-end PRGs can be constructed from the corresponding hardness assumption in which β = 1−o(1) and B = 1+o(1), which we call the extreme high-end hardness assumption. We give a partial negative answer: The construction of Doron et al. composes a PEG (pseudo-entropy generator) with an extractor. The PEG is constructed starting from a function that is hard for MA-type circuits. We show that black-box PEG constructions from the extreme high-end hardness assumption must have large seed length (and so cannot be used to obtain extreme high-end PRGs by applying an extractor). To prove this, we establish a new property of (general) black-box PRG constructions from hard functions: it is possible to fix many output bits of the construction while fixing few bits of the hard function. This property distinguishes PRG constructions from typical extractor constructions, and this may explain why it is difficult to design PRG constructions. The construction of Chen and Tell composes two PRGs: (Equation presented) and (Equation presented). The first PRG is constructed from the extreme high-end hardness assumption, and the second PRG needs to run in time m1+o(1), and is constructed assuming one way functions. We show that in black-box proofs of hardness amplification to 1/2 + 1/m, reductions must make Ω(m) queries, even in the extreme high-end. Known PRG constructions from hard functions are black-box and use (or imply) hardness amplification, and so cannot be used to construct a PRG G2 from the extreme high-end hardness assumption. The new feature of our hardness amplification result is that it applies even to the extreme high-end setting of parameters, whereas past work does not. Our techniques also improve recent lower bounds of Ron-Zewi, Shaltiel and Varma (ITCS 2021) on the number of queries of local list-decoding algorithms.

KW - Black-box proofs

KW - Complexity Theory

KW - Derandomization

KW - Pseudorandom generators

UR - http://www.scopus.com/inward/record.url?scp=85124010046&partnerID=8YFLogxK

U2 - 10.4230/LIPIcs.ITCS.2022.116

DO - 10.4230/LIPIcs.ITCS.2022.116

M3 - Conference contribution

AN - SCOPUS:85124010046

T3 - Leibniz International Proceedings in Informatics, LIPIcs

BT - 13th Innovations in Theoretical Computer Science Conference, ITCS 2022

A2 - Braverman, Mark

PB - Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing

T2 - 13th Innovations in Theoretical Computer Science Conference, ITCS 2022

Y2 - 31 January 2022 through 3 February 2022

ER -

Shaltiel R, Viola E. On Hardness Assumptions Needed for “Extreme High-End” PRGs and Fast Derandomization. In Braverman M, editor, 13th Innovations in Theoretical Computer Science Conference, ITCS 2022. Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing. 2022. 116. (Leibniz International Proceedings in Informatics, LIPIcs). doi: 10.4230/LIPIcs.ITCS.2022.116

On Hardness Assumptions Needed for “Extreme High-End” PRGs and Fast Derandomization

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this