8 research outputs found
Polynomials that Sign Represent Parity and Descartes' Rule of Signs
A real polynomial sign represents if
for every , the sign of equals
. Such sign representations are well-studied in computer
science and have applications to computational complexity and computational
learning theory. In this work, we present a systematic study of tradeoffs
between degree and sparsity of sign representations through the lens of the
parity function. We attempt to prove bounds that hold for any choice of set
. We show that sign representing parity over with the
degree in each variable at most requires sparsity at least . We show
that a tradeoff exists between sparsity and degree, by exhibiting a sign
representation that has higher degree but lower sparsity. We show a lower bound
of on the sparsity of polynomials of any degree representing
parity over . We prove exact bounds on the sparsity of such
polynomials for any two element subset . The main tool used is Descartes'
Rule of Signs, a classical result in algebra, relating the sparsity of a
polynomial to its number of real roots. As an application, we use bounds on
sparsity to derive circuit lower bounds for depth-two AND-OR-NOT circuits with
a Threshold Gate at the top. We use this to give a simple proof that such
circuits need size to compute parity, which improves the previous bound
of due to Goldmann (1997). We show a tight lower bound of
for the inner product function over .Comment: To appear in Computational Complexit
Improved Pseudorandom Generators from Pseudorandom Multi-Switching Lemmas
We give the best known pseudorandom generators for two touchstone classes in
unconditional derandomization: an -PRG for the class of size-
depth- circuits with seed length , and an -PRG for the class of -sparse
polynomials with seed length . These results bring the state of the art for
unconditional derandomization of these classes into sharp alignment with the
state of the art for computational hardness for all parameter settings:
improving on the seed lengths of either PRG would require breakthrough progress
on longstanding and notorious circuit lower bounds.
The key enabling ingredient in our approach is a new \emph{pseudorandom
multi-switching lemma}. We derandomize recently-developed
\emph{multi}-switching lemmas, which are powerful generalizations of
H{\aa}stad's switching lemma that deal with \emph{families} of depth-two
circuits. Our pseudorandom multi-switching lemma---a randomness-efficient
algorithm for sampling restrictions that simultaneously simplify all circuits
in a family---achieves the parameters obtained by the (full randomness)
multi-switching lemmas of Impagliazzo, Matthews, and Paturi [IMP12] and
H{\aa}stad [H{\aa}s14]. This optimality of our derandomization translates into
the optimality (given current circuit lower bounds) of our PRGs for
and sparse polynomials
Majority vs. approximate linear sum and average-case complexity below NC1
We develop a general framework that characterizes strong average-case lower bounds against circuit classe
Making the Best of a Leaky Situation: Zero-Knowledge PCPs from Leakage-Resilient Circuits
A Probabilistically Checkable Proof (PCP) allows a randomized verifier, with oracle access to a purported proof, to probabilistically verify an input statement of the form ``\u27\u27 by querying only few bits of the proof. A zero-knowledge PCP (ZKPCP) is a PCP with the additional guarantee that the view of any verifier querying a bounded number of proof bits can be efficiently simulated given the input alone, where the simulated and actual views are statistically close.
Originating from the first ZKPCP construction of Kilian et~al.(STOC~\u2797), all previous constructions relied on locking schemes, an unconditionally secure oracle-based commitment primitive.
The use of locking schemes makes the verifier \emph{inherently} adaptive, namely, it needs to make at least two rounds of queries to the proof.
Motivated by the goal of constructing non-adaptively verifiable ZKPCPs, we suggest a new technique for compiling standard PCPs into ZKPCPs. Our approach is based on leakage-resilient circuits, which are circuits that withstand certain ``side-channel\u27\u27 attacks, in the sense that these attacks reveal nothing about the (properly encoded) input, other than
the output. We observe that the verifier\u27s oracle queries constitute a side-channel attack on the wire-values of the circuit verifying membership in , so a PCP constructed from a circuit resilient against such attacks would be ZK. However, a leakage-resilient circuit evaluates the desired function \emph{only if} its input is properly encoded, i.e., has a specific structure, whereas by generating a ``proof\u27\u27 from the wire-values of the circuit on an \emph{ill-formed} ``encoded\u27\u27 input, one can cause the verification to accept inputs \emph{with probability 1}. We overcome this obstacle by constructing leakage-resilient circuits with the additional guarantee that ill-formed encoded inputs are detected. Using this approach, we obtain the following results:
\begin{itemize}
\sloppy
\item We construct the first \emph{witness-indistinguishable} PCPs (WIPCP) for NP with non-adaptive verification. WIPCPs relax ZKPCPs by only requiring that different witnesses be indistinguishable. Our construction combines strong leakage-resilient circuits as above with the PCP of Arora and Safra (FOCS \u2792), in which queries correspond to side-channel attacks by shallow circuits, and with correlation bounds for shallow circuits due to Lovett and Srivinasan (RANDOM \u2711).
\item Building on these WIPCPs, we construct non-adaptively verifiable \emph{computational} ZKPCPs for NP in the common random string model, assuming that one-way functions exist.
\item As an application of the above results, we construct \emph{3-round} WI and ZK proofs for NP in a distributed setting in which the prover and the verifier interact with multiple servers of which can be corrupted, and the total communication involving the verifier consists of \poly\log\left(t\right) bits.
\end{itemize