Home Theory Pseudorandom Generators and Derandomization

Pseudorandom Generators and Derandomization

Posted on Posted in Theory Tagged with , ,

Definition of Pseudorandom Generators

Two distributions \(X\) and \(Y\) over \(\{0,1\}^n\) are \((s, \epsilon)\)-indistinguishable if, for any circuit \(C\) of size at most \(s\),
\[
\left| \Pr_X[C(X) = 1] – \Pr_Y[C(Y) = 1] \right| \leq \epsilon.
\]

A pseudorandom generator is a way of generating bits that look random, which means indistinguishable from truly random bits.

A family of functions \(G_n\colon \{0,1\}^{l(n)} \to \{0,1\}^n\) with \(l(n) < n[/latex] is an [latex](s,\epsilon)\)-pseudorandom generator if, for every \(n\), the distribution \(G_n(U_{l(n)})\) is \((s,\epsilon)\)-indistinguishable from \(U_n\). Here \(U_n\) denotes the uniform distribution over \(n\) bits strings.

We assume \(\{G_n\}\) is computable by a deterministic Turing machine taking \(l\) bits of seeds padded with \(1^n\) as inputs and producing \(n\) bits outputs. The running time is a function of the input size \(l+n\). Here we allow generators running in time \(2^{O(l)}\); this is enough for the purpose of derandomization.

The following is a summary of the parameters defining a pseudorandom generator: for output length \(n\),

  • seed length \(l(n)\),
  • distinguisher circuit size \(s(n)\),
  • error bound \(\epsilon(n)\),
  • running time of the generator \(t(n)\).

Derandomization using Pseudorandom Generators

Lemma. Suppose there exists a \((\hbox{poly}, 1/10)\)-pseudorandom generator with seed length \(l(n) = O(\log n)\). Then \({\bf BPP} = {\bf P}\).

Proof.
The idea is to replace random strings in a probabilistic algorithm with pseudorandomly generated strings.

Let \(L\) be a language in \({\bf BPP}\). Then there exists a polynomial-time deterministic algorithm \(A\) such that \({\bf Pr}_r [A(x, r) = L(x)] \geq 2/3\), where \(r\) is a random string of length \(m\leq \hbox{poly}(n)\). We next construct a deterministic algorithm deciding \(L\).

On input \(x\in \{0,1\}^n\), our algorithm does the following:

  • try all seeds \(z \in \{0,1\}^{l(m)}\), and use the generator to produce strings of length \(m\);
  • for each generated string \(G(z)\), run algorithm \(A\) on inputs \((x, G(z))\);
  • output the majority of \(A(x, G(z))\) for all \(z \in \{0,1\}^{l(m)}\).

We claim that \(A(x, G(z)) = L(x)\) holds with probability at least \(2/3 – 1/10\), and the majority output is correct.

Fix an input \(x\) of length \(n\). We view algorithm \(A(x,\cdot)\) with a fixed \(x\) as an algorithm over strings of length \(m\leq \hbox{poly}(n)\). Since \(L\) is in \({\bf BPP}\), we have
\[
\Pr_{r\sim U_m} [A(x, r) = L(x)] \geq \frac{2}{3}.
\]
Since \(A(x, \cdot)\) is in polynomial time, and can be computed by polynomial-size circuits, by the property of pseudorandom generators, we have
\[
\left| \Pr_{z\sim U_{l(m)}}[A(x, G(z)) = 1] – \Pr_{r\sim U_m}[A(x, r) = 1] \right| \leq \frac{1}{10}.
\]

If \(x\in L\), then \(\Pr_{z\sim U_{l(m)}}[A(x, G(z)) = 1] \geq 2/3 – 1/10 > 1/2 \), and the majority of \(A(x, G(z))\) is 1. If \(x\notin L\), the argument is similar.

This algorithm runs in time \(2^{O(l(n))} \cdot \hbox{poly}(n) = \hbox{poly}(n)\) and thus in \({\bf P}\). This ends the proof.

The following is a generalization of this lemma with parametrized distinguisher circuit size and seed length. The proof is similar.

Lemma. Suppose there is a \((s(n), 1/10)\)-pseudorandom generator with seed length \(l(n)\). Then there is a constant \(c\) such that
\[
{\bf BPTIME}(s(n)) \subseteq {\bf DTIME}(2^{O( l(s(n))}).
\]

The following are some corollaries from this lemma. Let \(s(n) = \hbox{poly}(n)\) and \({\bf BPTIME}(s(n)) = {\bf BPP}\).

  • If \(l(n) = n^{o(1)}\), then \({\bf BPP}\subseteq {\bf SUBEXP} ={\bf DTIME}(2^{n^{o(1)}})\).
  • If \(l(n) = \hbox{polylog}(n)\), then \({\bf BPP}\subseteq {\bf QuasiP} = {\bf DTIME}(2^{\mathop{\mathrm{polylog}}(n)})\).
  • If \(l(n) = O(\log n)\), then \({\bf BPP} = {\bf P}\).

Comments

comments