Abstract
We revisit the notion of a targeted canonical derandomizer, introduced in our prior work (ECCC, TR10-135) as a uniform notion of a pseudorandom generator that suffices for yielding \(\mathcal{BPP}=\mathcal{P}\). The original notion was derived (as a variant of the standard notion of a canonical derandomizer) by providing both the distinguisher and the generator with the same auxiliary-input. Here we take one step further and consider pseudorandom generators that fool a single circuit that is given to both (the distinguisher and the generator) as auxiliary input. Building on the aforementioned prior work, we show that such pseudorandom generators of constant seed length exist if and only if \(\mathcal{BPP}=\mathcal{P}\), which means that they exist if and only if the previously defined targeted canonical derandomizers (of exponential stretch, as in the prior work) exist. We also relate such targeted canonical derandomizer to targeted hitters, which are the analogous canonical derandomizers for \(\mathcal{RP}\).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
More accurately, for any \(S\in \mathcal{BPP}\) and every polynomial p, there exists a deterministic polynomial-time A such that no probabilistic p-time algorithm F can find (with probability exceeding 1/p) an input on which A errs; that is, the probability that \(F(1^n)\) equals an n-bit string x such that \(A(x)\ne \chi _S(x)\) is at most 1/p(n), where \(\chi _S\) is the characteristic function of S.
- 2.
See motivational discussion in [4, Sec. 3.1].
- 3.
To streamline our exposition, we preferred to avoid the standard additional step of replacing \(D(x,\cdot )\) by an arbitrary (non-uniform) Boolean circuit of quadratic size.
- 4.
His treatment vastly extends the original notion of auxiliary-input one-way functions put forward in [7].
- 5.
Indeed, in general, one may allow k to be a function of the size of the circuit, provided that \(k<\ell \), where \(\ell \) denotes the length of the output of the generator (equiv., the length of the input of the circuit).
- 6.
This requires using a slightly redundant description of circuits so that evaluating them can be done in linear-time.
- 7.
Indeed, when seeking to use this reduction with respect to a search problem \({R_{\textsc {yes}}}\), one should define \({R_{\textsc {no}}}\) such that the following two conditions hold:
1. On the one hand, for every x, obtaining a solution outside \({R_{\textsc {no}}}(x)\) is almost as good as obtaining a solution in \({R_{\textsc {yes}}}(x)\).
2. On the other hand, one can solve the decision problem \(({R_{\textsc {yes}}},{R_{\textsc {no}}})\) in probabilistic polynomial-time.
This is exactly what we have done when defining \({R^{\textsc {prg}}_{\textsc {no}}}\).
- 8.
Note that in case \(\mathrm{Pr}[C(U_\ell )\!=1\!1]=1/2\) it must hold that \(|\mathrm{Pr}[C(G(U_k,\langle {C}\rangle ))\!=1\!1]\in (1/3,2/3)\) and so \(G(U_k,\langle {C}\rangle )\) must have support size at least two. This holds for any non-trivial distinguishing gap (i.e., any constant \(\delta <1/2\)).
- 9.
Actually, we need a variant of the second task that calls for (deterministically) finding an \(\ell \)-bit string x such that \(C(x)=\sigma \), provided that \(\mathrm{Pr}[C(U_\ell )\!=\!\sigma ]\ge 1/6\). This task can be reduced to the original one. specifically, if \(\mathrm{Pr}[C(U_\ell )\!=\!1]\ge 1/6\) (resp., \(\mathrm{Pr}[C(U_\ell )\!=\!0]\ge 1/6\)), then we find an input that satisfies the circuit \(C'\) such that \(C'(x_1,x_2,x_3,x_4)=\bigvee _{i\in [4]}C(x_i)\) (resp., \(C'(x_1,x_2,x_3,x_4)=\bigwedge _{i\in [4]}C(x_i)\)), here we use the fact that \((5/6)^4<1/2\).
References
Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SICOMP 13, 850–864 (1984). Preliminary version in 23rd FOCS, pp. 80–91 (1982)
Even, S., Selman, A.L., Yacobi, Y.: The complexity of promise problems with applications to public-key cryptography. Inf. Control 61, 159–173 (1984)
Goldreich, O.: Computational Complexity: A Conceptual Perspective. Cambridge University Press, Cambridge (2008)
Goldreich, O.: In a world of P=BPP. In: Goldreich, O. (ed.) Studies in Complexity and Cryptography. Miscellanea on the Interplay Between Randomness and Computation. LNCS, vol. 6650, pp. 191–232. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22670-0_20
Impagliazzo, R., Wigderson, A.: Randomness vs. time: de-randomization under a uniform assumption. JCSS 63(4), 672–688 (2001). Preliminary version in 39th FOCS (1998)
Nisan, N., Wigderson, A.: Hardness vs randomness. JCSS 49(2), 149–167 (1994). Preliminary version in 29th FOCS (1988)
Ostrovsky, R., Wigderson, A.: One-way functions are essential for non-trivial zero-knowledge. In: 2nd Israel Symposium on Theory of Computing and Systems, pp. 3–17. IEEE Computer Society Press (1993)
Vadhan, S.: An unconditional study of computational zero knowledge. SICOMP 36(4), 1160–1214 (2006). Preliminary version in 45th FOCS (2004)
Yao, A.C.: Theory and application of trapdoor functions. In: 23rd FOCS, pp. 80–91 (1982)
Acknowledgments
The current work was triggered by questions posed to me during my presentation of [4] at the Institut Henri Poincare (Paris).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Goldreich, O. (2020). Two Comments on Targeted Canonical Derandomizers. In: Goldreich, O. (eds) Computational Complexity and Property Testing. Lecture Notes in Computer Science(), vol 12050. Springer, Cham. https://doi.org/10.1007/978-3-030-43662-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-43662-9_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-43661-2
Online ISBN: 978-3-030-43662-9
eBook Packages: Computer ScienceComputer Science (R0)