1 robust pcps of proximity (shorter pcps, applications to coding) eli ben-sasson (radcliffe) oded...
Post on 20-Dec-2015
223 views
TRANSCRIPT
11
Robust PCPs of ProximityRobust PCPs of Proximity(Shorter PCPs, applications to Coding)(Shorter PCPs, applications to Coding)
Eli Ben-Sasson
(Radcliffe)
Oded Goldreich(Weizmann & Radcliffe)
Prahladh Harsha(MIT)
Madhu Sudan(MIT & Radcliffe)
Salil Vadhan(Harvard & Radcliffe)
22
NP – Classical ProofsNP – Classical Proofs NP – Class of languages that have short proofs of NP – Class of languages that have short proofs of
membershipmembership
V(determinist
icverifier)
Proof
x 2 L
Graph Graph ColoringColoring
Formula ÁGraph G
Satisfiability Proof =3 coloring
Proof =Satisfying
assignment
Completeness:
Soundness:
0
0
1
0
1
0
1
1
x 2 L ) 9¼;V(x;¼) = accept
x =2 L ) 8¼;V(x;¼) = reject
(x _ y_ ¹z) :::(¹x _ y_ z)
¼
33
PCP Theorem [AS ’92, ALMSS ’92]PCP Theorem [AS ’92, ALMSS ’92]
V(determinist
icverifier)
V
(probabilisticverifier)
PCP Theorem
NP Proof
Completeness:
Soundness: x =2 L ) 8¼;Pr[V¼(x) = 1] · 12
x 2 L ) 9¼;Pr[V¼(x) = 1] = 1
¼
Parameters:1. # random coins - O(log n)2. # queries - constant3. proof size - polynomial
44
PCPs - SignificancePCPs - Significance
Major impact on the study of combinatorial Major impact on the study of combinatorial optimization optimization Consequence: For many NP-hard combinatorial Consequence: For many NP-hard combinatorial
optimization problems, finding near-optimal optimization problems, finding near-optimal solutions is also NP-hardsolutions is also NP-hard
Approximating Approximating MAXSATMAXSAT to within a factor of to within a factor of (8/7 - (8/7 - )), for any, for any > 0 > 0,, is NP-hard is NP-hard
(Will not dwell into consequence on combinatorial (Will not dwell into consequence on combinatorial optimization)optimization)
55
Short PCPs?Short PCPs? How long is the new PCP proof?How long is the new PCP proof?
Old NP proof – Old NP proof – nn ; New PCP proof - ; New PCP proof - ??
Why Short PCPs?Why Short PCPs? Upper boundsUpper bounds
Cryptography Cryptography Computationally Sound Proofs and applications Computationally Sound Proofs and applications [Kil [Kil
’92, Mic ’94, CGH ’98, Bar ’01] ’92, Mic ’94, CGH ’98, Bar ’01] Coding TheoryCoding Theory
Locally testable codes Locally testable codes [GS ’02, BSVW ’03, this [GS ’02, BSVW ’03, this paper]paper]
““Relaxed Locally Decodable Codes” Relaxed Locally Decodable Codes” [this paper][this paper]
66
Why Short PCPs? (Contd)Why Short PCPs? (Contd)
Lower BoundsLower Bounds Tightness of approximation algorithms with Tightness of approximation algorithms with
respect to running timerespect to running time e.g.: If SAT has a PCP of size e.g.: If SAT has a PCP of size nn then then
+
SAT 2 TIME¡2 (n)
¢
Approximating requires time at least MAXSAT 2n1=®
77
Short PCPs – Earlier ResultsShort PCPs – Earlier Results
[PS ’94][PS ’94] Proof Size = Proof Size = nn1+1+, query = O(1/, query = O(1/))
(Constant hidden in big-O (Constant hidden in big-O ¼¼ 10 1066 ) )
[Hås ’97][Hås ’97] Proof Size = nProof Size = n10000001000000, query = 3; , query = 3;
88
Short PCPs vs Query ComplexityShort PCPs vs Query Complexityqueriesqueriesproof sizeproof size
[HS ’00][HS ’00]
[GS ’02, BSVW ’03][GS ’02, BSVW ’03]
This paper This paper
n3+²
n ¢2p
logn
n ¢2(logn)²O(1
²)
n ¢2(log logn)c
O(1)
o(loglogn)
17
(= n1+o(1))
99
Our Main ResultsOur Main ResultsMain Theorem:Main Theorem:
Satisfiability of circuits of size Satisfiability of circuits of size nn can be can be probabilistically verifiedprobabilistically verified By probing a proof of length By probing a proof of length
in bit-locations.in bit-locations.
OROR By probing a proof of length By probing a proof of length
in bit-locations.in bit-locations.
Previous PCPs required length proof Previous PCPs required length proof size even when reading bit-locations size even when reading bit-locations
[GS ’02, BSVW ’03][GS ’02, BSVW ’03]
n ¢2(logn)²
O(1²)
n ¢2p
logn
n ¢2(log logn)c
o(loglogn)
2p
logn
1010
Proof TechniquesProof Techniques
New Definition: Robust PCP of New Definition: Robust PCP of Proximity Proximity
New Composition Theorem New Composition Theorem Essential for short PCPsEssential for short PCPs simple, modularsimple, modular
Building BlockBuilding Block
1111
Robust PCP of ProximityRobust PCP of Proximityandand
Composition TheoremComposition Theorem
1212
PCP – Definition (Recall)PCP – Definition (Recall)
VL
(probabilisticverifier)
x - Theorem Completeness:
Soundness:
x 2 L ) 9¼;Pr[V¼(x) = 1] = 1
¼x =2 L ) 8¼;Pr[V¼(x) = 1] · 1
2
Parameters of Interest:• size of proof (|• # queries (q )
|| · q ¢ 2rand
1313
Why Composition?Why Composition?
Don’t know to build PCPs with Don’t know to build PCPs with q = Oq = O(1)(1) and and
sizesize = = poly(poly(nn)) directly directly However,However,
[AS ’92, ALMSS ’92] type of PCP: size = poly(n ) q = poly log n
Verifier V
[AS ’92, ALMSS ’92] “magically compose” verifier V with itself to obtain new verifier V ©V with following parameters
size = poly(n ) q = poly log log n V ©V
1414
Proof Composition, a la [AS ‘92]Proof Composition, a la [AS ‘92]
VL
r = O(logn)q= poly logn
¼
x
Completeness:
Soundness:
x 2 L ) 9¼;Pr[V¼(x) = 1] = 1x =2 L ) 8¼;Pr[V¼(x) = 1] · 1
2
DR
ConsistencyCheck
a1 a2 : :: aQR
Need to check if satisfy consistency check DRa1 a2 : : : aQR
Idea : Use a PCP verifier to check !
x 2 L ) 9¼;Pr[DR (a1 : : :aQR) = 1] = 1
x =2 L ) 8¼;Pr[DR (a1 : : :aQR) = 1] · 1
2
Random coins - R
1515
Proof Composition, ContdProof Composition, Contd
DR
ConsistencyCheck
a1 a2 : :: aQR
Create language
Check if using a PCP veriifier
LR = f(a1; : : : ;aQR)jDR accepts (a1; : : : ;aQR
)g
(a1; : : : ;aQR) 2 LR
VL ¼
x
VLR
¼R
Problem: PCP verifier VLR
needs to read all of
theorem (input)Key Observation:• “PCP Verifier barely looks at Theorem”• [BFLS ’91] : Assume theorem is encoded andcount #queries into theorem
1616
[BFLS ’91] PCP Verifier (Holographic [BFLS ’91] PCP Verifier (Holographic Proofs)Proofs)
V
(probabilisticverifier)
x - Theorem Completeness:
Soundness:
¼
Important: • # queries = sum of queries into encoded theorem + proof
E nc(x) - Encoding x 2 L )9¼;Pr[VE nc(x);¼= 1] = 1
y¡ far from Enc(L) )8¼;Pr[Vy;¼ = 1] · 1
2
y
1717
Proof Composition, ContdProof Composition, Contd
VL
x
VLR
¼R
a1 a2 : :: aQR
¼Enc(a1 a2 : : : aQR
)
Problem: Need to check and areconsistent.
Semantics of arranging this is complex.
Earlier performed by“parallelization” – costlyin randomness (large proof size)
(a1; : : : ;aQR)
Enc(a1 a2 : : : aQR)
Idea: Remove restriction that theorem is encoded !
1818
PCP of Proximity (PCPP)PCP of Proximity (PCPP)
V
(probabilisticverifier)
x - Theorem Completeness:
Soundness:
¼
• # queries = sum of queries into theorem + proof • Theorem in un-encoded format• – proximity parameter
x 2 L ) 9¼;Pr[V x;¼= 1] = 1
¢ (x;L) > ±)8¼;Pr[Vx;¼() = 1] · 1
2
x =2 L )8¼;Pr[Vx;¼() = 1] · 1
2
1919
Composition againComposition again
VLVLR
¼R
a1 a2 : :: aQR
¼
x
Completeness:
Soundness:Problem:
Need to distinguish between & PCPP distinguishes between &
(a1; :: : ;aQR) 2 LR (a1; :: : ;aQR
) =2 LR(a1; :: : ;aQR
) 2 LR ±¡ far from LR
Strengthen soundness condition of verifier VL
x 2 L ) 9¼;Pr[(a1; : : : ;aQR) 2 LR ] = 1
x =2 L ) 8¼;Pr[(a1;: : :;aQR) =2 LR ]> 1
2
2020
PCP of ProximityPCP of Proximity
V
Completeness:
Soundness:
DR
ConsistencyCheck
Robust Soundness:
- robustness parameter of robust-PCPP
(Robust-PCPP) (Robust-PCPP) New!New!RobustRobust
x
a1 a2 : aQR
x 2 L ) 9¼;Pr[DR (a1; : : : ;aQR) = 1] = 1
¢ (x;L) > ±) 8¼;Pr[DR (a1; : : : ;aQR) = 1] · 1
2¢ (x;L) > ±)
8¼;Pr[(a1; : : : ;aQR) is ½-far from LR ] > 1
2
2121
Composition TheoremComposition Theorem
VOUT
VIN R1
Rm
New PCPP Proof for VCOMP = (, R1,….., Rm)
VOUT + VIN = VCOMP
Randomness: rCOMP = rOUT + rIN
Robustness: COMP = INProximity: COMP = OUT
Queries: qCOMP = qIN
x
VIN
• Req. of Inner Verifier: IN (proximity) < OUT (robustness)
2222
Advantages of PCPPsAdvantages of PCPPs
Give shortest known PCPsGive shortest known PCPs Allow natural self-compositionAllow natural self-composition Simpler constructions of PCPs (no parallelization)Simpler constructions of PCPs (no parallelization) Coding applications:Coding applications:
Simple, highly efficient Locally Testable CodesSimple, highly efficient Locally Testable Codes Simple, highly efficient Relaxed Locally Simple, highly efficient Relaxed Locally
Decodable CodesDecodable Codes Any efficient property is locally testable (with a Any efficient property is locally testable (with a
little bit of help)little bit of help)
2323
PCPPs – Brief HistoryPCPPs – Brief History
Holographic proofs - PCPPs where assignment Holographic proofs - PCPPs where assignment xx
is encoded. is encoded. [BFLS ’91] [BFLS ’91] PCPP - implicit in low-degree tests PCPP - implicit in low-degree tests
[RS ’92, ALMSS ’92][RS ’92, ALMSS ’92] PCPPs - special case of “PCP Spot Checkers” PCPPs - special case of “PCP Spot Checkers”
[EKR ’99][EKR ’99] PCPP – extension of Property Testing PCPP – extension of Property Testing
[RS ’92, GGR ’96][RS ’92, GGR ’96] Assignment Testers ofAssignment Testers of [DR ’03] [DR ’03] similar to PCPPs.similar to PCPPs.
2424
Building BlockBuilding Block
2525
Robust PCPPs constructionsRobust PCPPs constructions
Most existing PCP constructions can be modified Most existing PCP constructions can be modified to obtain robust PCPs of Proximityto obtain robust PCPs of Proximity
However, the parameters of such robust-PCPPs do However, the parameters of such robust-PCPPs do not satisfy our needsnot satisfy our needs
So, build robust PCPP from scratchSo, build robust PCPP from scratch
2626
Bird’s eye-view of PCP constructionBird’s eye-view of PCP constructionF m F m
f 1
. . . . . .f 2
PCP Construction: Sequence of function evaluations, fi : F m ! F
Checks performed by verifier• Each function fi: F
m ! F is a low-degree polynomial
• Input Consistency: f1 ¼ input
• Each fi+1 is obtained consistently from fi
e.g.: fi+1(x) = fi (x)¢ fi (x+1)
• final function fr:Fm ! F is identically zero
i.e., fr ´ 0
How to test if a function is a low-degree polynomial ? Input: Evaluation of function f at each point in F m
Need to check if evaluation of f is close to the evaluation of a low-degree polynomial
f r
F m
2727
Low Degree PolynomialsLow Degree Polynomials Main Tool – Low Degree Polynomial over Finite FieldsMain Tool – Low Degree Polynomial over Finite Fields
(Reed-Muller Codes)(Reed-Muller Codes) FF - finite field, - finite field, ff: F: Fmm !! F F, , mm-variate polynomial over -variate polynomial over
FF, , deg(deg(ff)) = maximal degree of monomial in = maximal degree of monomial in ff
l
f : F m ! F [Schwartz-Zippel] [Schwartz-Zippel]
If If f f g g have degree < have degree < dd, , then then
Fact:Fact:
If If deg(deg(f f ) < ) < dd and and ll – line, then – line, then f f restricted to line restricted to line l l is a is a univariate polynomial of univariate polynomial of degree degree < < dd..
Pr[f (x) = g(x)] · djF j
2828
Low Degree Test (LDT)Low Degree Test (LDT)
Robust Soundness of LDT Robust Soundness of LDT [RS ’92, ALMSS ’92][RS ’92, ALMSS ’92]
ff:F:Fmm !! F F isis -far from low degree, then-far from low degree, then
PrPrll[[ff||ll is far from being low-degree ] > is far from being low-degree ] > (()) Amount of Randomness Required:Amount of Randomness Required:
[RS ’92, ALMSS ’92][RS ’92, ALMSS ’92] 2 points – 2 points – 2 log |2 log |F F mm|| [BSVW ’03][BSVW ’03] derandomized set of linesderandomized set of lines ¼¼ log | log |F F mm||
Input: Table of evaluations of f at each point of F m
Output: Is f low-degree?• Choose a random line l• Read f along line l• Check that restriction of f
along l is a univariate low-degree polynomial
l
f : F m ! F
2929
Robust LDTs via BundlingRobust LDTs via Bundling
f1 f2f r
Each LDT performed separatelyEach LDT performed separately Possible to cheat by having just one of Possible to cheat by having just one of ffii not low-degree not low-degree
----- NOT ROBUST----- NOT ROBUST Bundle evaluations of diff. polys. together and perform LDTs in Bundle evaluations of diff. polys. together and perform LDTs in
parallel (bundling)parallel (bundling) PCPP PCPP on query on query xx returns returns (f(f11(x),f(x),f22(x),…, f(x),…, frr(x))(x))
Robust over larger alphabetRobust over larger alphabet FFrr
Can use error-correcting code to make robust over binary Can use error-correcting code to make robust over binary alphabet. alphabet. PCPP PCPP on query on query xx returns returns ECC(fECC(f11(x),f(x),f22(x),…, f(x),…, frr(x))(x))
3030
Building Block - Robust-PCPPBuilding Block - Robust-PCPP
Randomness:Randomness:
# Queries :# Queries :
Robustness ParameterRobustness Parameter Proximity ParameterProximity Parameter
12
logn + O(loglogn)
constant
pn¢poly logn
3131
Applications to CodingApplications to Coding
• Locally Testable Codes
• Relaxed-Locally Decodable Codes
3232
Locally Testable CodesLocally Testable Codes
Lower BoundsLower Bounds [BHR ’03] [BHR ’03] Random LDPC Codes are not LTCsRandom LDPC Codes are not LTCs
LTC ConstructionsLTC Constructions [GS ’02, BSVW ’03][GS ’02, BSVW ’03] This paperThis paper
k ¡ ! k ¢2p
logk
k ¡ ! k ¢2(logk)²
T
constant# queries
w
w – codeword: w – codeword:
Tester T accepts with Tester T accepts with probability 1 probability 1
w - far from codeword:w - far from codeword:
Tester T accepts with low Tester T accepts with low probabilityprobability
Tester
3333
Locally Decodable CodesLocally Decodable Codes
Hadamard – locally decodable, but poor rateHadamard – locally decodable, but poor rate
Upper Bound:Upper Bound: [BIKR ’02][BIKR ’02] n n ·· 2 2O(k)O(k)
Lower Bound:Lower Bound: [KT ’00][KT ’00] n n ¸̧ k k(1)(1)
D
constant# queries
ci th mesg bit?
r
corruption
If less than n bits corrupted,for all message
bits i Pr[Dr (i) = mi ] ¸ 34
3434
RelaxedRelaxed Locally Decodable Codes Locally Decodable Codes New!New!
This paper:This paper: For every For every > 0 > 0, there exist relaxed-, there exist relaxed-LDCs withLDCs with
D
constant# queries
ci th mesg bit?
r
corruption
If less than n bits corrupted,
for “most’’ message bits i
Pr[Dr (i) = mi ] ¸ 34
For remaining bits
Pr[Dr (i) = ?] ¸ 34
k ¡ ! k1+²
3535
Summary of resultsSummary of results
Defined: Robust PCP of proximityDefined: Robust PCP of proximity Strengthened definition of standard PCPsStrengthened definition of standard PCPs
Composition TheoremComposition Theorem simple, modularsimple, modular
Simpler constructions of PCPsSimpler constructions of PCPs Coding applications:Coding applications:
Locally Testable CodesLocally Testable Codes Relaxed Locally Decodable CodesRelaxed Locally Decodable Codes
3636
The End