Worst-Case to Average-Case Reductions for Subclasses of P

Abstract

For every polynomial q, we present (almost-linear-time) worst-case to average-case reductions for a class of problems in \(\mathcal P\) that are widely conjectured not to be solvable in time q. These classes contain, for example, the problems of counting the number of t-cliques in a graph, for any fixed \(t\ge 3\).

Specifically, we consider the class of problems that consist of counting the number of local neighborhoods in the input that satisfy some predetermined conditions, where the number of neighborhoods is polynomial, and the neighborhoods as well as the conditions can be specified by small uniform Boolean formulas. We show an almost-linear-time reduction from solving any such problem in the worst-case to solving some other problem (in the same class) on typical inputs. Furthermore, for some of these problems, we show that their average-case complexity almost equals their worst-case complexity.

En route we highlight a few issues and ideas such as sample-aided reductions, average-case analysis of randomized algorithms, and average-case emulation of arithmetic circuits by Boolean circuits. We also observe that adequately uniform versions of \(\mathcal{AC}^0[2]\) admit worst-case to average-case reductions that run in almost linear-time.

Appendices

Appendices

Appendix A.1 relates Definition 2.3 to [16, Def. 2], and Appendix A.2 presents a worst-case to average-case reduction for uniform \(\mathcal{AC}^0[2]\).

1.1 A.1 A Related Class (for Context Only)

In this appendix, we review the definition of locally-characterizable sets [16], and discuss its relation to Definition 2.3.

Definition A.1

(locally-characterizable sets [16, Def. 2]):²⁷ A set S is locally-characterizable if there exist a constant c, a polynomial p and a polynomial-time algorithm that on input n outputs \(\mathrm{poly}(\log n)\)-sized formulae \(\phi _n:\{0,1\}^{c\cdot \log n}\times \{0,1\}^{p(\log n)}\rightarrow \{0,1\}\) and \({\sigma }_{n,1},...,{\sigma }_{n,p(\log n)}:\{0,1\}^{c\cdot \log n}\rightarrow [n]\) such that, for every \(x\in \{0,1\}^n\), it holds that \(x\in S\) if and only if for all \(w\in \{0,1\}^{c\log n}\)

$$\begin{aligned} \varPhi _x(w){\mathop {=}\limits ^\mathrm{def}}\phi _n(w,x_{{\sigma }_{n,1}(w)},...,x_{{\sigma }_{n,p(\log n)}(w)}) \end{aligned}$$

(10)

equals 0.²⁸

That is, each value of \(w\in \{0,1\}^{c\log n}\) corresponds to a local condition that refers to polylogarithmically many locations in the input (i.e., the locations \({\sigma }_{n,1}(w),...,{\sigma }_{n,p(\log n)}(w)\in [n]\)). This local condition is captured by \(\phi _n\), and in its general form it depends both on the selected locations (equiv., on w) and on the value on the input at these locations. A simplified form, which suffices in many case, uses a local condition that only depends on the values of the input at these locations (i.e., \(\phi _n:[n]^{ca\cdot \log n}\times \{0,1\}^{p(\log n)}\rightarrow \{0,1\}\) only depends on the \(p(\log n)\)-bit long suffix).

A locally-characterizable set corresponds to the set of inputs for the counting problem (of Definition 2.3) that have value 0 (i.e., the number of satisfied local conditions is 0). This correspondence is not an equality, because the sizes of the formulae in the two definitions are different. Whereas in Definition 2.3 the number of formulae and their sizes are exponential in a function d that is in the admissible class, in Definition A.1 the number and size is poly-logarithmic in n. In both definitions, the formulae are constructed in time that is polynomial in their number and size.

1.2 A.2 Worst-Case to Average-Case Reduction for Uniform \(\mathcal{AC}^0[2]\)

For constants \(c,d\in \mathbb N\), let \(\mathtt{C}^{(d,c)}\) denote the class of decision problems on n-bit inputs that can be solved by uniform families of (unbounded fan-in) Boolean circuits of depth d and size \(n^c\), with and, or, parity, and not gates. Specifically, a problem is parameterized by an efficient algorithm that on input n and \(i,j\in [n^{c}]\) returns the type of the \(i^\mathrm{th}\) gate and whether or not the \(j^\mathrm{th}\) gate feeds into it (in the circuit that corresponds to n-bit inputs). The term “efficient” is left unspecified on purpose; possible choices include \(\mathrm{poly}(n)\)-time and \(O(\log n)\)-space. Note that any decision problem having sufficiently uniform \(\mathcal{AC}^0[2]\) circuits is in \(\mathtt{C}^{(d,c)}\) for some constants \(c,d\in \mathbb N\).

Theorem A.2

(worst-case to average-case reduction for \(\mathcal{AC}_0\)): There exists a universal constant \(\gamma \) such that for any \(c,d\in \mathbb N\), solving any problem in \(\mathtt{C}^{(d,c)}\) on the worst-case reduces in almost linear time to solving some problem in \(\mathtt{C}^{(\gamma \cdot d,c+o(1))}\) on at least 90% of the instances.

Proof Sketch:

We proceed in three steps: First we reduce the Boolean problem (in \(\mathtt{C}^{(d,c)}\)) to an Arithmetic problem, next we show that the latter problem supports a worst-case to average-case reduction, and lastly we reduce the Arithmetic problem to a Boolean problem (in \(\mathtt{C}^{(\gamma \cdot d,c+o(1))}\)). This is very similar to what was done in the main part of this work, except that the first step is fundamentally different.

A straightforward emulation of the Boolean circuit by the Arithmetic circuit would yield multiplication gates of polynomial fan-in, which in turn would mean that the polynomial computed by this circuit is of polynomial degree. In contrast, using the approximation method of Razborov [26] and Smolensky [29], we can get multiplication gates of logarithmic fan-in, and arithmetic circuits that compute polynomials of polylogarithmic degree. The approximation error is of no real concern, since we are actually interested in the value of the circuit at a single point. We need, however, to perform the foregoing randomized reduction using an almost linear amount of randomness, since we need to run in almost linear time, but this is possible using small-bias generators (cf. [25]). Details follow.

The first step is a randomized reduction of solving the Boolean problem in the worst-case to solving a corresponding Arithmetic problem on the worst-case. This reduction uses the ideas underlying the approximation method of Razborov [26] and Smolensky [29], while working with the field \(\mathrm{GF}(2)\) (as [26], rather than with \(\mathrm{GF}(p)\) for some prime \(p>2\) (as [29])).²⁹ When doing so, we replace the random choices made at each gate by pseudorandom choices that are generated by a small bias generator [25]; specifically, we use a “highly uniform” generator \(G:\{0,1\}^{O(\log n^c)}\rightarrow \{0,1\}^{{\widetilde{O}}(n^c)}\) such that the individual bits of G(s) are computed by uniform \(n^{o(1)}\)-size circuits of constant depth (and parity gates) [2, 19].³⁰ We stress that the same pseudorandom sequence can be used for all gates in the circuit, and in each gate we can use \(O(\log n^c)\) disjoint portions of the pseudorandom sequence for the \(O(\log n^c)\) different linear combinations.³¹

Hence, for a fixed Boolean circuit \(C_n\), on input \(x\in \{0,1\}^n\), we uniformly select a seed \(s\in \{0,1\}^{O(\log n)}\) for the aforementioned small-bias generator G, and construct the corresponding Arithmetic circuit \(A_n^{(s)}:\mathrm{GF}(2)^n\rightarrow \mathrm{GF}(2)\), in which or-gates of \(C_n\) are replaced by \(O(c\log n)\)-way multiplications of linear combinations of the original gates that are determined by G(s). For any fixed x, we may have \(\mathrm{Pr}_s[A_n^{(s)}(x)\!\ne \!C_n(x)]=1/\mathrm{poly}(n)\). Note that the depth of \(A_n^{(s)}\) is only O(1) times larger than the depth of \(C_n\), where the constant is determined by various (local) manipulations (which include replacing and-gates by or-gates, computing inner products of gates’ values and generator outputs, and adding \(O(\log n)\)-wise multiplication gates). Furthermore, \(A_n^{(s)}\) uses multiplication gates of \(O(c\log n)\) arity, its size is at most \(O(\log n)^d\cdot n^{c}\), and it computes a polynomial of degree \(O(c\log n)^d\).

The next step is to embed \(\mathrm{GF}(2)\) in an extension field of size greater than the foregoing degree so that the standard process of self-correction of polynomials can be performed. Hence, \(A_n^{(s)}\) is now viewed as an arithmetic circuit over \(\mathcal{F}=\mathrm{GF}(2^\ell )\) (i.e., \(A_n^{(s)}:\mathcal{F}^{n}\rightarrow \mathcal{F}\)), where \(\ell =d\log \log n + O(d)\), since we need \(2^\ell \ge O(c\cdot \log n)^d\). Now, a worst-case to average-case reduction is applied to \(A_n^{(s)}\) (i.e., evaluating \(A_n^{(s)}\) on the worst case reduces to evaluating \(A_n^{(s)}\) correctly on at least a \(51\%\) fraction of the instances).

Lastly, we wish to get back to a class of Boolean problems. We can do so as follows. First, we replace each (unbounded) \(\mathrm{GF}(2^\ell )\)-addition gate by \(\ell \) parity gates (which add-up the \(\ell \) corresponding bits in the sequence of field elements). Next, we replace each \(\mathcal{F}\)-multiplication gate of arity at most \(m=O(\log n)\) by a \(\mathcal{F}\)-multiplication gate of arity \(\sqrt{m}\) that is fed by \(\sqrt{m}\) multiplication gates that cover the original m wires. Finally, we implement each of the latter gates by a small Boolean circuit of depth two (via a look-up table of size \(|\mathcal{F}|^{\sqrt{m}}=\exp (\ell \cdot {\sqrt{m}})=\exp ({\widetilde{O}}({\sqrt{\log n}}))=n^{o(1)}\)). Hence, given the Arithmetic circuit \(A_n^{(s)}:\mathrm{GF}(2^\ell )^{n}\rightarrow \mathrm{GF}(2^\ell )\), we obtain a Boolean circuit \(B_n^{(s)}:\{0,1\}^{n\ell }\rightarrow \{0,1\}^\ell \) that emulates \(A_n^{(s)}\). Furthermore, using the small circuits that produce the output bits of the small-bias generator G on seed \(s\in \{0,1\}^k\), where \(k=O(\log n)\), we obtain a Boolean circuit \(B_n:\{0,1\}^{n\ell +k}\rightarrow \{0,1\}^\ell \) such that \(B_n(y,s)=B_n^{(s)}(y)\). Recalling that the aforementioned circuits that compute the bits of G have constant depth and size \(n^{o(1)}\), it follows that \(B_n\) has depth \(O(d)+O(1)\) and size \(n^{c+o(1)}\).

We are almost done, except that we need to reduce the evaluation of \(B_n:\{0,1\}^{n\ell +k}\rightarrow \{0,1\}^\ell \) to the evaluation of a Boolean circuit that has a single output bit, and we need this reduction to work in the average-case setting. We can do so by using the Boolean circuit \(B'_n:\{0,1\}^{n\ell +k+\ell }\rightarrow \{0,1\}\) that, on input \((z,r)\in \{0,1\}^{n\ell +k}\times \{0,1\}^\ell \), returns the inner product mod 2 of \(B_n(z)\) and r. Note that the depth of \(B'_n\) exceeds the depth of \(B_n\) only by a constant term, and that we can correctly retrieve \(B_n(z)\) (with high probability) if we can obtain the correct value of \(B'_n(z,r)\) correctly on \(0.76\%\) of the r’s. Recalling that evaluating \(C_n\) on x was reduced to evaluating \(B_n\) correctly on \(0.51\%\) of the instances, it follows that it suffices to compute \(B'_n\) correctly on a \(\rho \) fraction of the instances, provided that \(\rho \ge 1-0.24\cdot 0.49\). (Of course, 0.24 and 0.49 stand for any constants smaller than 0.25 and 0.5 respectively.)

To summarize, evaluating \(C_n:\{0,1\}^n\rightarrow \{0,1\}\) on the worst case reduces to evaluating \(B'_n:\{0,1\}^{\log \log n+O(\log n)}\rightarrow \{0,1\}\) on at least \(1-0.24\cdot 0.49\approx 0.88\) fraction of the instances. Using an adequate indexing of the gates in \(B'_n\), the uniformity of \(B'_n\) follows from the uniformity of \(C_n\), since all modifications we have performed are local.    \(\blacksquare \)