Scott Aaronson MIT Avi Wigderson IAS NP oly

Scott Aaronson (MIT) Avi Wigderson (IAS) NP oly p / P NEXP SIZE 4 xyw-12 yz+17 xyzw-2 x-2 y-2 z-2 w CE A P PS MIP=N EXP IP= NEXP P/poly NEXP=MA PP RG=EXP P /poly PP SIZE(n) PP =MA ) n ( E Z I S A M Promise MAEXP P/poly -15 xyz+43 xy-5 x xw-44 xz+x-7 y+ P= Algebrization: A New Barrier in Complexity Theory P P NP BP (n)

What To Call It? Algebraic Relativization? Algevitization? Algevization? Algebraicization? Algebraization? Algebrization? SCOTT & AVI A NEW KIND OF ORACLE

AT IZ ET N IO A DIAGONALIZATION HM IT AR Any proof of P NP will have to defeat two terrifying monsters… P NP Relativization [Baker-Gill-Solovay 1975] Natural Proofs [Razborov-Rudich 1993] Furthermore, even our best weapons seem to work against one monster but not the other…

Yet within the last decade, we’ve seen circuit lower bounds that overcome both barriers [Buhrman-Fortnow-Thierauf 1998]: MAEXP P/poly Furthermore, this separation doesn’t relativize [Vinodchandran 2004]: PP SIZE(nk) for every fixed k [A. 2006]: Vinodchandran’s result is non-relativizing Vinodchandran’s Proof: PP P/poly We’re done Non-Relativizing PP P/poly P#P = MA [LFKN] Non-Naturalizing P#P = PP 2 P PP [Toda] PP SIZE(nk) [Kannan] [Santhanam 2007]: Promise. MA SIZE(nk) for fixed k

Bottom Line: Relativization and natural proofs, even taken together, are no longer insuperable barriers to circuit lower bounds Obvious Question [Santhanam 2007]: Is there a third barrier? This Talk: Unfortunately, yes. “Algebrization”: A generalization of relativization where the simulating machine gets access not only to an oracle A, but also a low-degree extension à of A over a finite field or ring We show: • Almost all known techniques in complexity theory algebrize • Any proof of P NP—or even P=RP or NEXP P/poly—will require non-algebrizing techniques

Algebrizing [LFKN], [Shamir], [BFL], [BFT], [Vinodchandran], [Santhanam], [IKW], … Relativizing [Toda], [Impagliazzo. Wigderson], [Valiant. Vazirani], [Kannan], hundreds more [Your result here] [GMW? ] Naturalizing [Furst-Saxe-Sipser], [Razborov-Smolensky], [Raz], dozens more

Definitions The inclusion C D relativizes if CA DA for all oracles A CA[poly]: Polynomial-size queries to A only CA[exp]: Exponential-size queries also allowed Given an oracle A={An} with An: {0, 1}n {0, 1}, an Note: considerofextensions over extension à of. Can A is also a collection polynomials Ãn: Zn Z finite fields instead of the integers. Will tell satisfying: you when this distinction matters. (i) Ãn(x)=An(x) for all Boolean x {0, 1}n, (ii) deg(Ãn)=O(n), (iii) size(Ãn(x)) p(size(x)) for some polynomial p, where

A complexity class inclusion C D algebrizes if CA Dà for all oracles A and all extensions à of A Proving C D requires non-algebrizing techniques if there exist A, à such that CA Dà A separation C D algebrizes if Cà DA for all A, à Proving C D requires non-algebrizing techniques if there exist A, à such that Cà DA Notice we’ve defined things so that every relativizing result is also algebrizing.

Related Work Low-degree oracles have been studied before for various reasons [Fortnow 94] defined a class O of oracles such that IPA=PSPACEA for all A O Since he wanted the same oracle A on both sides, he had to define A recursively (take a low-degree extension, then reinterpret as a Boolean function, then take another low-degree extension, etc. ) Proving separations in his model seems extremely hard

Why co. NP IP Algebrizes Recall the usual co. NP IP proof of [LFKN]: Bullshit! The only time Arthur ever has to evaluate the polynomial p directly is in the very last round—when he checks that p(r 1, …, rn) equals what Merlin said it does, for some r 1, …, rn chosen randomly in the previous rounds.

How was the polynomial p produced? By starting from a Boolean circuit, then multiplying together terms that enforce “correct propagation” at each gate: A g Ã(x, y)g (1 -Ã(x, y))(1 -g) xyg+++(1 -A(x, y))(1 -g) (1 -xy)(1 -g) A(x, y)g x y Arthur and Merlin then reinterpret p not as a Boolean function, but as a polynomial over some larger field. But what if the circuit contained oracle gates? Then how could Arthur evaluate p over the larger field? He’d almost need oracle access to a low-degree extension à of A. Hey, wait…

Other Results That Algebrize PSPACEA[poly] IPÃ [Shamir] NEXPA[poly] MIPÃ [BFL] EXPA[poly] RGÃ (RG = Refereed Games) [FK] PPÃ PÃ/poly PPA MAÃ [LFKN] NEXPÃ[poly] PÃ/poly NEXPA[poly] MAÃ [IKW] MAEXPÃ[exp] PA/poly [BFT] PPÃ SIZEA(n) [Vinodchandran] Promise. MAÃ SIZEA(n) [Santhanam] OWF secure against PÃ NPA ZKIPÃ [GMW]

Proving P NP Will Require Non. Algebrizing Techniques Theorem: There exists an oracle A, and an extension Ã, such that NPà PA. Proof: Let A be a PSPACE-complete language, and let à be the unique multilinear extension of A. Then à is also PSPACE-complete [BFL]. Hence NPà = PA = PSPACE.

Harder Example: Proving P=RP Will Require Non-Algebrizing Techniques (hence P=NP as well) Theorem: There exist A, à such that RPA PÃ. What’s the difficulty here, compared to “standard” oracle separation theorems? Since à is a low-degree polynomial, we don’t have the freedom to toggle each Ã(x) independently. I. e. the algorithm we’re fighting is no longer looking for a needle in a haystack—it can also look in the haystack’s low-degree extension! We will defeat it anyway.

Theorem: Let F be a field, and let Y Fn be the set of points queried by the algorithm. Then there exists a polynomial p: Fn F, of degree at most 2 n, such that (i) p(y)=0 for all y Y. (ii) p(z)=1 for at least 2 n-|Y| Boolean points z. (iii) p(z)=0 for the remaining Boolean points. 0 Y 0 0 0 1 1 1 0 0

Proof: Given a Boolean point z, let z be the unique multilinear polynomial that’s 1 at z and 0 at all other A standard diagonalization argument now Boolean points. Then we can express any multilinear yields the polynomial r asseparation between P and RP we wanted—at least in the case of finite fields. Requiring r(y)=0 for all y Y yields |Y| linear equations in 2 n unknowns. Hence there exists a solution r such that r(z) 0 for at least 2 n-|Y| Boolean points z. We now set In the integers case, we can no longer use Gaussian elimination to construct r. However, we (i. e. Avi) found a clever way around this problem using Chinese remaindering and Hensel lifting, provided every query y satisfies size(y)=O(poly(n)).

Other Oracle Results We Can Prove By Building “Designer Polynomials” A, Ã : NPA co. NPÃ A, Ã : NPA BPPÃ (only for finite fields, not integers) A, Ã : NEXPÃ[exp] PA/poly A, Ã : NPÃ SIZEA(n) By contrast, MAEXP P/poly and Promise. MA SIZE(n) algebrize! Since MAEXP and MA are “just above” NEXP and NP respectively (indeed equal to them under derandomization assumptions), we seem to get a precise explanation for why progress on non-relativizing circuit lower bounds stopped where it did.

From Algebraic Query Algorithms to Communication Protocols A(000)=1 A(001)=0 A(010)=0 A(011)=1 A 0 A(100)=0 A(101)=0 A(110)=1 A(111)=1 Truth table of a Boolean function A A 1 Alice and Bob’s Goal: Compute some property of the function A: {0, 1}n {0, 1}, using minimal communication. Let Ã: Fn F be the unique multilinear extension of A over a finite field F. Theorem: If a problem can be solved using T queries to Ã, then it can also be solved using O(Tnlog|F|) bits of communication between Alice and Bob.

This argument works just as well in the n, we can write Proof: Given any point y F randomized world, the nondeterministic world, the quantum world… Also works with integer extensions (we didn’t have to use a finite field). The protocol is now as follows: y 1 (O(nlog|F|) bits) Ã1(y 1) (O(log|F|) bits) Theorem: If a problem can be solved using T queries y 2 (O(nlog|F|) bits) to Ã, then it can also be solved using O(Tnlog|F|) bits of communication between Alice and Bob.

The Harvest: Separations in Communication Complexity Imply Algebraic Oracle Separations (2 n) randomized lower bound for A, Ã : NPA BPPÃ Disjointness [KS 1987] [Razborov 1990] Advantage of this approach: Ã is just (2 n/2) quantum lower bound for A, Ã : NPA BQPÃ the multilinear Disjointness [Razborov 2002] extension of A! (2 n/2) lower bound on MA-protocols for Disjointness [Klauck 2003] A, Ã : co. NPA MAÃ Disadvantage: The functions achieving A BPPÃ Exponential the separation between A, Ã : BQP separations are more contrived classical and quantum communication (e. g. Disjointness instead of OR). complexities [Raz 1999] Exponential separation between MA and A, Ã : QMAA MAÃ QMA communication complexities [Raz. Shpilka 2004]

Can also go the other way: algebrizationinspired communication protocols [Klauck 2003]: Disjointness requires total communication ( N) (where N=2 n), even with a Merlin around to prove Alice and Bob’s sets are disjoint “Obvious” Conjecture: Klauck’s lower bound can be improved to (N) This conjecture is false! We give an MA-protocol for Disjointness (and indeed Inner Product) with total communication cost O( N log N) “Hardest” communication predicate?

O( N log N) MA-protocol for Inner Product A: [ N] {0, 1} ed m i la ’ for S e valu S C B: [ N] {0, 1} r RF Alice and Bob’s Goal: Compute First step: Let F be a finite field with |F| [N, 2 N]. Extend A and B to degree-( N-1) polynomials Now let If Merlin is honest, then If S’ S, then But how to check S’=S?

Conclusions Arithmetization had a great run. It led to IP=PSPACE, the PCP Theorem, non-relativizing circuit lower bounds… Yet we showed it’s fundamentally unable to resolve barrier problems like P vs. NP, or even P vs. BPP or NEXP vs. P/poly. Why? It “doesn’t pry open the black-box wide enough. ” I. e. it uses a polynomial-size Boolean circuit to produce a low-degree polynomial, which it then evaluates as a black box. It doesn’t exploit the small size of the circuit in any “deeper” way. To reach this conclusion, we introduced a new model of algebraic query complexity, which has independent applications (e. g. to communication complexity) and lots of nooks and crannies to explore in its own right.

Open Problems Develop non-algebrizing techniques! Do there exist A, Ã such that co. NPA AMÃ? Improve PSPACEA[poly] IPÃ to PSPACEÃ[poly] = IPÃ MAEXPÃ[poly] PA/poly? “Double algebrization” Integer queries of unbounded size Algebraic query lower bounds communication lower bounds? Generalize to arbitrary error-correcting codes (not just low -degree extensions)?