Non-Malleable Codes for Small-Depth Circuits

We construct efficient, unconditional non-malleable codes that are secure against tampering functions computed by small-depth circuits. For constant-depth circuits of polynomial size (i.e. $\mathsf{AC^0}$ tampering functions), our codes have codeword length $n = k^{1+o(1)}$ for a $k$-bit message. This is an exponential improvement of the previous best construction due to Chattopadhyay and Li (STOC 2017), which had codeword length $2^{O(\sqrt{k})}$. Our construction remains efficient for circuit depths as large as $\Theta(\log(n)/\log\log(n))$ (indeed, our codeword length remains $n\leq k^{1+\epsilon})$, and extending our result beyond this would require separating $\mathsf{P}$ from $\mathsf{NC^1}$. We obtain our codes via a new efficient non-malleable reduction from small-depth tampering to split-state tampering. A novel aspect of our work is the incorporation of techniques from unconditional derandomization into the framework of non-malleable reductions. In particular, a key ingredient in our analysis is a recent pseudorandom switching lemma of Trevisan and Xue (CCC 2013), a derandomization of the influential switching lemma from circuit complexity; the randomness-efficiency of this switching lemma translates into the rate-efficiency of our codes via our non-malleable reduction.Comment: 26 pages, 4 figure

Three Puzzles on Mathematics, Computation, and Games

In this lecture I will talk about three mathematical puzzles involving mathematics and computation that have preoccupied me over the years. The first puzzle is to understand the amazing success of the simplex algorithm for linear programming. The second puzzle is about errors made when votes are counted during elections. The third puzzle is: are quantum computers possible?Comment: ICM 2018 plenary lecture, Rio de Janeiro, 36 pages, 7 Figure

Quantified Derandomization of Linear Threshold Circuits

One of the prominent current challenges in complexity theory is the attempt to prove lower bounds for $TC^0$, the class of constant-depth, polynomial-size circuits with majority gates. Relying on the results of Williams (2013), an appealing approach to prove such lower bounds is to construct a non-trivial derandomization algorithm for $TC^0$. In this work we take a first step towards the latter goal, by proving the first positive results regarding the derandomization of $TC^0$ circuits of depth $d>2$. Our first main result is a quantified derandomization algorithm for $TC^0$ circuits with a super-linear number of wires. Specifically, we construct an algorithm that gets as input a $TC^0$ circuit $C$ over $n$ input bits with depth $d$ and $n^{1+\exp(-d)}$ wires, runs in almost-polynomial-time, and distinguishes between the case that $C$ rejects at most $2^{n^{1-1/5d}}$ inputs and the case that $C$ accepts at most $2^{n^{1-1/5d}}$ inputs. In fact, our algorithm works even when the circuit $C$ is a linear threshold circuit, rather than just a $TC^0$ circuit (i.e., $C$ is a circuit with linear threshold gates, which are stronger than majority gates). Our second main result is that even a modest improvement of our quantified derandomization algorithm would yield a non-trivial algorithm for standard derandomization of all of $TC^0$, and would consequently imply that $NEXP\not\subseteq TC^0$. Specifically, if there exists a quantified derandomization algorithm that gets as input a $TC^0$ circuit with depth $d$ and $n^{1+O(1/d)}$ wires (rather than $n^{1+\exp(-d)}$ wires), runs in time at most $2^{n^{\exp(-d)}}$, and distinguishes between the case that $C$ rejects at most $2^{n^{1-1/5d}}$ inputs and the case that $C$ accepts at most $2^{n^{1-1/5d}}$ inputs, then there exists an algorithm with running time $2^{n^{1-\Omega(1)}}$ for standard derandomization of $TC^0$.Comment: Changes in this revision: An additional result (a PRG for quantified derandomization of depth-2 LTF circuits); rewrite of some of the exposition; minor correction