Pseudorandom generators hard for propositional proof systems Markus - PowerPoint PPT Presentation

Pseudorandom generators hard for propositional proof systems Markus Latte April 3 and 4, 2009 JASS09 Sankt Peterburg

Pseudorandom Generators in Complexity Theory Informally, a pseudorandom generator is a (computable) function G n : { 0 , 1 } n → { 0 , 1 } m ( n < m ) which stretches a short random string x to a long random string G n ( x ) such that a deterministic polytime algorithm f cannot distinguish them, i. e. the difference between x ∈{ 0 , 1 } n [ f ( G n ( x )) = 1] and Pr y ∈{ 0 , 1 } m [ f ( y ) = 1] Pr is small.

Pseudorandom Generators in Complexity Theory Informally, a pseudorandom generator is a (computable) function G n : { 0 , 1 } n → { 0 , 1 } m ( n < m ) which stretches a short random string x to a long random string G n ( x ) such that a deterministic polytime algorithm f cannot distinguish them, i. e. the difference between x ∈{ 0 , 1 } n [ f ( G n ( x )) = 1] and Pr y ∈{ 0 , 1 } m [ f ( y ) = 1] Pr is small. Hence, a random generator for size m can be replaced by a random generator for size n together with G n without affecting f essentially.

Pseudorandom Generators in Complexity Theory Informally, a pseudorandom generator is a (computable) function G n : { 0 , 1 } n → { 0 , 1 } m ( n < m ) which stretches a short random string x to a long random string G n ( x ) such that a deterministic polytime algorithm f cannot distinguish them, i. e. the difference between x ∈{ 0 , 1 } n [ f ( G n ( x )) = 1] and Pr y ∈{ 0 , 1 } m [ f ( y ) = 1] Pr is small. Hence, a random generator for size m can be replaced by a random generator for size n together with G n without affecting f essentially.

Pseudorandom Generators in Proof Complexity Definition A generator is a family ( G n ) n ∈ N such that G n : { 0 , 1 } n → { 0 , 1 } m for some m > n . Definition A generator ( G n : { 0 , 1 } n → { 0 , 1 } m ) n ∈ N is hard for a propositional proof system P iff for all n ∈ N and for any string b ∈ { 0 , 1 } m \ Image( G n ) there is no efficient P -proof of the statement � G n ( x 1 , . . . , x n ) � = b � . ( x 1 , . . . , x n are propositional variables)

Purpose To establish a lower bound, it suffices to . . . ◮ . . . find a generator G n . ◮ . . . find an encoding of � G n ( x 1 , . . . , x n ) � = b � .

Table of contents Nisan-Wigderson Generators Width Lower Bound for Resolution Existence of Expander Size Lower Bounds for Resolution

Nisan-Wigderson Generator Let A = ( a i , j ) be matrix of dimension m × n over { 0 , 1 } . For any row number i ∈ [ m ] let J i ( A ) := { j ∈ [ n ] | a i , j = 1 } and X i ( A ) := { x j | j ∈ J i ( A ) } .

Nisan-Wigderson Generator Let A = ( a i , j ) be matrix of dimension m × n over { 0 , 1 } . For any row number i ∈ [ m ] let J i ( A ) := { j ∈ [ n ] | a i , j = 1 } and X i ( A ) := { x j | j ∈ J i ( A ) } . Let g 1 ( x 1 , . . . , x n ), . . . , g m ( x 1 , . . . , x n ) be boolean functions such that Vars( g i ) ⊆ X i ( A ) for all i ∈ [ m ].

Nisan-Wigderson Generator Let A = ( a i , j ) be matrix of dimension m × n over { 0 , 1 } . For any row number i ∈ [ m ] let J i ( A ) := { j ∈ [ n ] | a i , j = 1 } and X i ( A ) := { x j | j ∈ J i ( A ) } . Let g 1 ( x 1 , . . . , x n ), . . . , g m ( x 1 , . . . , x n ) be boolean functions such that Vars( g i ) ⊆ X i ( A ) for all i ∈ [ m ]. We are interested in the system of boolean equations: g 1 ( x 1 , . . . , x n ) = 1 . . . g m ( x 1 , . . . , x n ) = 1

Divide and Conquer Using Nisan-Wigderson generators, the construction of a hard generator can be decomposed into four aspects: ◮ combinatorial properties of matrix A , ◮ hardness conditions for the base functions � g , x ) = � ◮ encoding of the equation system � g ( � 1, and ◮ a lower bound.

Combinatorial Properties of Matrix A For a set of rows I ⊆ [ m ], its boundary is the set ∂ A ( I ) := { j ∈ [ n ] | ∃ ! i ∈ I . a i , j = 1 } . Remark: ∂ A ( I ) defines a function ∂ A ( I ) → I . A is an ( r , s , c )-expander iff ◮ for all i ∈ [ m ]: | J i ( A ) | ≤ s , and ◮ for all I ⊆ [ m ]: | I | ≤ r implies | ∂ A ( I ) | ≥ c | I | .

Encoding of A and � g There are many possible encodings. All share one common property. Informal Equation on Encodings 1 � = Complexity of a proof for � � x ) � = � g ( � Complexity of the functions � g ( � x ) – Complexity of the encoding � · �

Functional Encoding of A and � g For every Boolean function f satisfying Vars( f ) ⊆ X i ( A ) for some i ∈ [ m ], an extension variable y f is presumed, living in Vars( A ).

Functional Encoding of A and � g For every Boolean function f satisfying Vars( f ) ⊆ X i ( A ) for some i ∈ [ m ], an extension variable y f is presumed, living in Vars( A ). The functional encoding τ ( A ,� g ) is the CNF over the variables Vars( A ) consisting of clauses y ε 1 f 1 ∨ . . . ∨ y ε w f w for which a row i ∈ [ m ] exists such that ◮ Vars( f 1 ) ∪ . . . ∪ Vars( f w ) ⊆ X i ( A ), and = f ε 1 1 ∨ . . . ∨ f ε w ◮ g i | w . Lemma x ) = � The system � g ( � 1 is satisfiable iff τ ( A ,� g ) is satisfiable.

Examples of Clauses Generated by One Row ◮ y g i � � � � Since f ( x ,� x ) ≡ ¬ x ∧ f (0 ,� x ) ∨ x ∧ f (1 ,� x ) for any boolean function f (Shannon-expansion): ◮ y ¬ f ( x ,� x ) ∨ y x ∧ f (0 ,� x ) ∨ y x ∧ f (1 ,� x ) ◮ y ¬ ( ¬ x ∧ f (0 ,� x )) ∨ y f ( x ,� x ) ◮ y ¬ ( x ∧ f (1 ,� x )) ∨ y f ( x ,� x )

Size of Functional Encoding Lemma If τ ( A ,� g ) is unsatisfiable then it has an unsatisfiable sub-CNF of size O (2 s m ) provided that | J i ( A ) | ≤ s for all i ∈ [ m ] for some s.

Width Lower Bound for Resolution Definition A boolean function f is ℓ -robust if every restriction ρ holds: if f | ρ is constant then | ρ | ≥ ℓ .

Width Lower Bound for Resolution Definition A boolean function f is ℓ -robust if every restriction ρ holds: if f | ρ is constant then | ρ | ≥ ℓ . Theorem Let A be an ( r , s , c ) -expander matrix of size m × n and let g 1 , . . . , g m be ℓ -robust functions such that Vars( g i ) ⊆ X i ( A ) . Then every resolution refutation of τ ( A ,� g ) must have width at least r ( c + ℓ − s ) 2 ℓ provided that a certain restriction holds on c, ℓ and s. Later on the theorem is used with c = 3 4 s and ℓ = 5 8 s , say. Thus the width lower bound is ≈ r .

Proof of the Width Lower Bound for Resolution The proof follows the method developed by Ben-Sasson and Wigderson: Define a measure µ on clauses such that ◮ µ ( C ) ≤ µ ( C 0 ) + µ ( C 1 ) for any resolution step C 0 C 1 , C ◮ µ ( C ) = 1 for any axiom C , and ◮ µ ( ⊥ ) > r .

Proof of the Width Lower Bound for Resolution The proof follows the method developed by Ben-Sasson and Wigderson: Define a measure µ on clauses such that ◮ µ ( C ) ≤ µ ( C 0 ) + µ ( C 1 ) for any resolution step C 0 C 1 , C ◮ µ ( C ) = 1 for any axiom C , and ◮ µ ( ⊥ ) > r . Hence there is a clause C with r / 2 < µ ( C ) ≤ r .

Proof of the Width Lower Bound for Resolution The proof follows the method developed by Ben-Sasson and Wigderson: Define a measure µ on clauses such that ◮ µ ( C ) ≤ µ ( C 0 ) + µ ( C 1 ) for any resolution step C 0 C 1 , C ◮ µ ( C ) = 1 for any axiom C , and ◮ µ ( ⊥ ) > r . Hence there is a clause C with r / 2 < µ ( C ) ≤ r . Finally, it suffices that the clause is wide.

Proof of the Width Lower Bound for Resolution Definition The measure µ ( C ) for a clause C is the size of a minimal I ⊆ [ m ] such that ◮ ∀ y ε f ∈ C ∃ i ∈ I . Vars( f ) ⊆ X i ( A ), and ( µ -cover) ◮ { g i | i ∈ I } | = � C � . ( µ -sem)

Proof of the Width Lower Bound for Resolution Definition The measure µ ( C ) for a clause C is the size of a minimal I ⊆ [ m ] such that ◮ ∀ y ε f ∈ C ∃ i ∈ I . Vars( f ) ⊆ X i ( A ), and ( µ -cover) ◮ { g i | i ∈ I } | = � C � . ( µ -sem) Lemma The measure µ exhibits the first two demanded properties.

Proof of the Width Lower Bound for Resolution Lemma ◮ If r / 2 < µ ( C ) ≤ r then the width of C is at least r ( c + ℓ − s ) . 2 ℓ ◮ µ ( ⊥ ) > r provided that c + ℓ ≥ s + 1 .

Claim: for all i 1 ∈ I 1 : | J i 1 ∩ ∂ A ( I ) | ≤ s − ℓ Proof sketch: ◮ { g i | i ∈ I \ { i 1 }} �| = � C � . ◮ α witnessing assignment. ◮ Define a partial restriction ρ by � α ( x j ) if j / ∈ J i 1 ∩ ∂ A ( I ) ρ ( x j ) := undefined otherwise ◮ ρ is total for Vars( g i ) for i � = i 1 . ◮ ρ is total on Vars( � C � ) since i 1 / ∈ I 0 ◮ g i | ρ = 1 for i � = i 1 , and � C � | ρ = 0 ◮ By ( µ -sem): g i 1 | ρ = 0. ◮ Let ρ 1 be ρ restricted to the domain of g i 1 , i.e. to J i 1 ( A ). ◮ Since ρ undef. on J i 1 ∩ ∂ A ( I ): domain of ρ 1 is J i 1 \ ∂ A ( I ). ◮ As g i is ℓ -robust: | J i 1 \ ∂ A ( I ) | ≥ ℓ

Proof (Auxiliary estimations). ◮ Since A is an ( r , s , c )-expander: c | I | ≤ | ∂ A ( I ) | ≤ s | I 0 | + ( s − ℓ ) | I 1 | = ( s − ℓ ) | I | + ℓ | I 0 | ≤ ( s − ℓ ) | I | + ℓ · width( C ) ◮ Using | I | > r / 2: width( C ) ≥ ( c + ℓ − s ) | I | > ( c + ℓ − s ) r ℓ 2 ℓ