But I now see that this comment may have been somewhat off-topic. ]]>

Emanuele, even if you have linear size pseudorandom functions of exponential hardness, it remains possible that a complexity measure computable in time would distinguish functions of circuit complexity from random functions. Indeed, the following complexity measure is computable in time and does perform such a distinguishing:

circuit complexity of

Then, of course, we are back to Tim’s question of whether the only complexity measures that do the distinguishing are those like the above one which shift all the difficulty of the lower bound proof into showing that a given function has large measure.

]]>I don’t feel confident about that either! I just mean that the arguments I was trying seemed to force me to give up all hope of proving anything better, but in the end even superlinear seemed out of reach too. (In fact, in later instalments I have some speculations about linear-sized pseudorandom functions, which sound pretty similar to what you are referring to: I suggest first applying a clever linear-sized code and then doing a small amount of extra scrambling randomly.)

]]>It seems to me that for such a derandomization to work, one would need to have a pseudorandom generator that is indistinguishable from a random generator by any quadratic. But I don’t see how constructing such a generator is any different from solving the original problem. My guess is that we are talking about different problems: perhaps you are talking about correlations like whereas I am talking about correlations closer to which would of course be best possible.

Ah, actually, I think I understand. You’re saying that to get one just uses the fact that a generic cubic should have a small norm. I agree that that would be easier to do by using random functions and derandomizing them. What I am saying (which doesn’t contradict you) is that the trivial argument that I gave in the second paragraph of my previous comment in this sequence gives a best possible result (more or less) for purely random functions but does not derandomize. So when you said “your argument” you were referring not to that argument but to the one that used iterated Cauchy-Schwarz.

]]>Tim:

I don’t feel confident that there would be something to gain in considering superlinear instead of superpolynomial. I’d think it’s only a matter of optimizing the constructions mentioned in Luca’s comment to obtain that the natural-proofs obstacle applies to linear size circuits as well.

In particular there is a recent result that shows how to construct pseudorandom functions using linear-size circuits (“cryptography with constant computational overhead”). (From a cursory glance there might be a loss in security in their result which does not quite give the optimal connection, I have not checked that carefully, but to me it seems to indicate that linear size circuits are a difficult target already.)

Regarding the remark about purely random functions:

It seems that your argument only exploits a certain “hitting-the-subcube” property of , i.e., you want that over the choice of with high probability the bias over is small (or something like that). I guess this is easier to prove when you take to be a purely random function. As long as that’s the only property you need, that can be derandomized. Indeed, if I am not misunderstanding, that’s exactly what some previous bounds do. (Perhaps a minor point is that derandomizing a purely random function may give slightly worse parameters than derandomizing a cubic, say. So there might be some slight advantage in this, or at least a different tradeoff, but I am not sure about this and in any case it seems to have minimal consequences.)

Responding to Emanuele’s last comment but one, I wrote something stupid. I think the bound you give for can be improved by a factor of 2, but what I should have said is that you can take Or at least, I’m pretty sure of this. So when you get which is indeed the bound you get from quadratics. And then the exponent goes down by a factor of 2 each time.

Hang on, I’m being even more stupid than I thought. I keep getting confused between the degree of the polynomial I am thinking about and the degrees of the polynomials I am trying not to correlate with. So you were indeed right all along and is the correct factor.

I’m not sure I understand your remark about purely random functions: I thought it was fairly obvious that they didn’t correlate, just by a counting argument. But let me check, since I haven’t. The probability of correlating by should be and the number of quadratics is at most So it looks as though we can organize for the best correlation with a quadratic to be about In other words, within a log factor of the best possible bound. I don’t see how one could derandomize that, since precisely the same argument can be used to show that a random function has small correlation with all polynomially computable functions.

Probably I am misunderstanding what you write, though.

]]>I’m very interested in what you write. The first part explains why some of the ideas I was playing with began to seem as though they couldn’t, even in principle, give superpolynomial bounds — which led me to focus more on superlinear bounds (which forced me to think more about circuit complexity). This comes up in a later instalment, but I’ll insert a note with a link to this comment of yours.

As for the second, I’ll think about it. I find this concept of a property that is useless because it is too universal an interesting one. Is there some way of formalizing it (and hence proving results that say that such-and-such a property cannot give a proof because it leads to a simple reformulation of the problem)? Informally, there seems to be a serious barrier there: natural proofs tell you that your property cannot be too simple, and this one tells you that it cannot be too “complex” — except that that’s not quite what I want to say. Somehow the second barrier should rule out things like properties that are defined inductively in terms of Boolean operations.

]]>Under standard assumptions, for every time bound there is a distributions over functions such that each function is computable by a formula of size and such that functions from the family are indistinguishable from truly random functions by probabilistic distinguishers running in time .

(A sufficient assumption is that factoring -digit composites of a certain type requires time at least for a constant .)

In particular, there is a family of polynomial size formulas such that their norm (which is computable in time roughly ) has approximately the same distribution as the norm of truly random functions.

This means that, to avoid the natural proof barrier, it is not enough to have a property that is not computable in time polynomial in ; the property should also be not computable in time .

Another, more “philosophical,” obstacle is that if one has a property that distinguishes functions of formula size from random functions, then the computation of the property must not only just take time at least , but it must also “encode” the computation of a factoring algorithm operating on integers with digits. More generally, it must encode computations of inverting algorithms for all one-way functions computable by formulas of size of . This means that the property is already a nearly universal computation, and then exhibiting a specific function in NP which does not satisfy the property, has nearly “all” the difficulty of proving a lower bound for NP.

]]>@Emanuele: Oops, yeah, I meant to write Ajtai when I wrote Yao. Thanks. And yes, the motivation for Sergey’s problem is 3-party communication complexity… unfortunately I don’t remember the exact details.

]]>Regarding the question on Gauss sum and Weil’s results, just for the record let me say that I don’t know: I think a few people thought about Weil’s bound but did not see how to make progress on the GF(2) problem.

From a biased computer science perspective, perhaps it may not be too surprising that the GF(2) problem may be different from the problem in larger domains.

]]>Regarding your correction, there has to be something very simple I don’t see:

Are we thinking of the bound ?

Then your example achieves just which indeed corresponds to , right?

Perhaps some of (my?) confusion comes from the fact that actually is a bit better than what is stated in some papers, which Cauchy-Schwarz times to handle degree .

Anyway, in your argument, shouldn’t be easier to take to be a truly random function, rather than a random cubic? I would guess that if you can make the proof go through in that case then you can derandomize it (that’s what some of the known bounds do).

Ryan: I was wondering if you have some specific motivation for the cylinder intersection problem you mention. Is it connected to some problem in 3-party communication complexity? (By the way, I think superpoly lower bounds for bounded-depth circuits are due to Ajtai independently of FSS, then Yao improved them to get oracles that separate PH, i.e., superquasipolynomial bounds, I think.)

(I hope the latex will show up right; I wish there was a way to preview comments before posting them.)

]]>A very minor correction to what you say. I think the bound to beat is For example, here’s a sketch of how to obtain a bound of in the case of quadratic correlation. Let be a random cubic, by which I mean that for some random collection of triples. Now let Then by two applications of Cauchy-Schwarz one can show that

The exponent on the right-hand side is a trilinear function of plus a function of and only. The randomness of should make the expectation over zero almost always. Indeed (and this is the bit where I am being sketchy and possibly even incorrect, but I hope not) I believe the probability (over and ) that it is 1 rather than 0 is pretty close to the trivial minimum of . If that argument works, it gives for quadratic correlation and in general it gives . (It can also be regarded as the natural generalization of the argument that gives in the linear case.) Sorry, I forgot to say that the above argument works if you add an arbitrary quadratic to , which is how one deduces something about quadratic correlation.

One might object that a random cubic doesn’t give a uniform family of functions, but I suspect that one could derandomize it somehow.

Another question I wanted to ask. It seems that in the case of the Gauss sum much better bounds are known than you get from iterated Cauchy-Schwarz arguments. For instance, I think you can get by using Weil’s results. I would guess that the same is true if you replace by any polynomial of degree If so, then it is slightly surprising if there isn’t some analogue for but perhaps there are good reasons for its being a genuinely different problem. (For instance, the number of quadratics is superpolynomial in so one might expect correlation results to be harder to prove.)

]]>Sorry, I still cannot get that paragraph to show right. One last try.

What I meant to say is that alpha is related to constructions of small-bias generators, that for degree two I would guess something can be done using the fact that the polynomials can be diagonalized up to a linear transformation of the variables, and that for degree bigger than two I think that any bound better than alpha = 1 would be interesting.

*[I’ve corrected the first attempt now, and deleted the failed attempt to correct it.]*

@Emanuele: Yeah, it’s basically the case [Yao90] that ACC0 is contained in MAJ o MAJ o MAJ. I think Yao showed that bounded-depth circuits with arbitrary AND, OR, NOT, and MOD gates of quasipoly size are computable by MAJ o MAJ o AND_{polylog} circuits of quasipoly size. So the lower bound scene looks grim even once you step up from THR o THR to MAJ o MAJ o MAJ. In that sense, I think THR o THR lower bounds are a bit of a dead end, since even if you get them, you would despair of extending things to the next level. (Still, I think it’s a kind of fun and possibly tractable dead end.) Correlation bounds for log-degree polynomials seems a bit more open-ended to me.

]]>Hi Tim,

for quadratics, there is a result by Frederic Green that computes exactly the correlation between parity and polynomials modulo 3 (the input is still {0,1}^n).

( http://mathcs.clarku.edu/~fgreen/papers/quad.pdf ).

To my knowledge, no such exact result is known in any other case. His paper also discusses some of the difficulties in extending his result.

For polynomials modulo 2, I am not aware of any result which improves on the exp(- \alpha n/2^d) bound for any d > 2, I think that it would be exciting to prove any bound that is better than 2^(- n/2^d).

As is well-known, this n/2^d in the exponent comes from the iterated Cauchy-Schwarz approach. The same loss appears in the best known lower bounds in multiparty communication complexity, so I think it would be great if one could understand this better.

]]>Yes it was indeed just a question of whether your remark applied to beating rather than . I think the proof you refer to must be exactly the kind of argument I had in mind: previous experience suggests that where I say “Hahn-Banach”, computer scientists say “min-max”.

A quick question: what is the best-known explicit function for not correlating with quadratics?

Also, apologies that your comments take a while to appear. For some reason they are being treated as spam (the above one perhaps because it had two links). I don’t know if there’s some way I can mark you as a legitimate commenter — I’ll look into it.

]]>A collection of short comments:

. Tim: the proof you sketched of Emanuele’s parenthetical is right, I believe. Regarding your question about circuit lower bounds implying correlation bounds, perhaps Emanuele was referring to super-quasipolynomial lower bounds?

. The correlation problem(s) mentioned in Emanuele’s survey are very scary to me — a lot of heavyweights have worked on them since maybe Babai-Nisan-Szegedy in the late ’80s. I’m glad Emanuele is enthusiastic though; it’s true that there’s been tremendous progress on understanding low-degree polynomials lately, and no killer reason why a correlation bound for degree log(n) couldn’t be proved.

. On that note, here is a nice problem Sergey Yekhanin told me (I hope I’m stating it correctly): Show that a cylinder intersection in of density has a much larger than fraction of 2 x 2 x 2 hypercubes. Being a cylinder intersection means that is present iff , , and all hold, where are predicates on .

. Ran Raz has the latest on formula size bounds for the determinant: http://www.wisdom.weizmann.ac.il/~ranraz/publications/Pmultlin.ps

[. On attributions: n^2 formula-size lower bound for Parity was Khrapchenko, I believe, and superpoly size for bounded-depth circuits was first Furst-Saxe-Sipser (and sometimes Yao is credited too).]

]]>Hi Tim,

thanks for the interest (and the blog).

I am not sure I completely understand your first question, but let me try to answer anyway.

All I meant is that a polynomial of degree log n has only quasipolynomially many (n^{O(log n)}) terms and so it can be computed by a circuit of size (n^{O(log n)}).

Is the question about the difference between n^{O(1)} and n^{O(log n)}?

If so, indeed the circuit has slightly superpolynomial size. On the other hand, it has a very simple structure (just a threshold of polynomials).

Regarding the proof: indeed one can have a majority-like function by just repeating polynomials (i.e., the weights in the threshold only have polynomial magnitude).

If I understand it correctly, the proof you describe is similar to the one I have in mind.

The paper by Goldmann, Håstad, and Razborov

http://people.cs.uchicago.edu/~razborov/files/pt1.ps (Theorem 10) has a simple proof using the min max theorem: if for every distribution D on inputs one can find a polynomial that correlates well (1/n) with f with respect to D, then by min max there is a distribution on polynomials that for every input x correlates well with f(x). By concentration of measure, the sum of poly(n) independent polynomials has exponentially large correlation with f (and so some choice of the polynomials will work for every input x).

I am absolutely thrilled at the idea of having a polymath project on correlation bounds for polynomials! I would definitely like to be involved.

I think Ryan’s problem about threshold of thresholds would be great too.

I have thought more about polynomials, so my opinion is severely biased, but let me try to comment more on the two problems.

Let me stress right away the obvious thing that I feel I have absolutely no clue of which problem is more interesting or easier.

The threshold of thresholds problem looks “close” to being related to the “natural-proofs barrier:” It seems that it is known how to compute pseudorandom functions using only 4 levels of majority gates (http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.27.5547&rep=rep1&type=pdf), and in general, I think, few levels of majorities can do amazing things. On the other hand, polynomials may be “further” away. (Or maybe not? An interesting point here might be trying to see if low-degree polynomials correlate with pseudorandom functions, which might have bearing on this research via an extension of the Razborov-Rudich approach. I tried this a bit but in vain.) Finally, for polynomials we can already say something for high degree, and correlation bounds with respect to the uniform distribution would give pseudorandom generators as a bonus.

Anyway, I think any project on low-level lower bounds would be exciting.

]]>I am very interested by what you write (and also by the survey paper you mention, which I discovered and printed out in between writing and posting this instalment). I would like to understand it better, so let me ask you two questions.

I don’t see why it matters if f can be written as a threshold of polynomials of degree logn, because those polynomials don’t seem to me to be obviously computable in polynomial time. But perhaps there is some clever argument here that I don’t know, since the number of polynomials of degree logn appears to be comparable to the number of polynomial-size circuits.

Assuming, however, that it does matter. is the proof of the result you mention in parentheses something like this? I am guessing that “threshold of few such polynomials” means a reasonably general linear combination and not just some majority-like function. (Probably you can get them to be roughly equivalent by repeating polynomials.) Anyhow, if f is not a linear combination, with certain natural properties, of few such polynomials, then the Hahn-Banach theorem should give some kind of linear functional that separates f from all those polynomials and also has some other properties. That, I can imagine, would translate into a distribution with respect to which f does not correlate with any low-degree polynomial.

The problem of trying to obtain improved correlation results for the function you mention looks very interesting. I am particularly interested that you think it is a problem that is highly relevant to circuit lower bounds but potentially easier. For similar reasons I liked Ryan’s problem about threshold circuits. In both cases, I wonder whether they might make good Polymath projects.

]]>I thought I’d point out a recent survey on correlation bounds for polynomials: http://www.ccs.neu.edu/home/viola/papers/viola-sigact-gf2.pdf.

Let me also take advantage of this to mention a few things:

Exhibiting an explicit function (on n bits) that has small correlation (1/n) with polynomials of low degree (log n) is necessary to prove circuit lower bounds (if for every distribution you can find a low-degree polynomial that correlates with f, then f can be written as a threshold of few such polynomials).

We have no reason to believe that this is hard to do (in particular, Razborov-Rudich is not known to apply to polynomials). In fact, Razborov and Smolensky did prove some correlation bounds for high-degree polynomials. While their bounds are worse than 1/n, there is no excuse like “we cannot say anything about these things.”

Here’s a candidate hard function: divide the input in blocks of sqrt(n) bits. Take Mod3 in each block, take parity of the results.

]]>