Pseudorandom generators
for group products
Michal Koucký
Institute of Mathematics, Prague
Prajakta Nimbhorkar
IMSC, Chenai
Pavel Pudlák
IM, Prague
Branching programs
0
i
1
1
0
1
0
pij = Pr[ reaching j from i ]

j
w
t
models randomized space bounded computation
space s → width w ≈ 2O( s )
2
Goal: Estimate probabilities pij (up-to additive error ε) in
small space.
Possible solution: Find a small set F  {0,1}t so that pij’s
are well approximated by taking a random path
according to a random sample from F.
Want: A single set F working for all branching programs
of length n, width n, and all i and j.
→ a random set F of size 2O(log n + log 1/ε) will do.
3
Goal: Find an explicit set F  {0,1}n , i.e.,
F : {0,1}l → {0,1}n
computable in small space, where l ≈ O(log n + log 1/ε).
Our result: Explicit F : {0,1}l → {0,1}n , where
l = O( (2O(w log w) + log 1/ε) ∙ log n )
that works for all permutation branching programs of
width w and length n.

permutation b.p. … in each layer the 0-edges form a permutation
and 1-edges form a permutation.
4
Equivalent formulation for group products [MZ]: A fixed
group G and elements g1, g2, …, gn  G approximate
the distribution R on G given by
r1 r2
rn
g1 ∙ g2
∙ ∙ ∙ gn
where r1, r2, … rn R {0,1}
We have: F : {0,1}l → {0,1}n so that r1, r2, …, rn given by
the output of F approximate R well for any choice of
g1, g2, …, gn  G. l = O( (|G|O(1)+ log 1/ε) ∙ log n )

For G=({0,1},+) → ε-biased spaces.
5
Known results:
 width n and length n



l = O( log2 n )
l = O( log2 n )
width w and length n (permutation/regular)




[Nisan92]
[INW94]
[BV10]
[BRRY10]
ours
l = O( (w4 log log n + log 1/ε ) log n )
l = O( (log w + log log n + log 1/ε ) log n)
l = O( (2O(w log w) + log 1/ε) log n )
other combinatorial structures

[LRTV10, MZ09, GMRZ11]

…
l = O( log n + logO(1) 1/ε)
cyclic groups
6
Techniques:
Convolution *
R1, R2 probability distributions on G
R1 * R2 probability distribution on G s.t. for any g  G
R1 * R2 (g) = ∑h G R1(h) ∙ R2(h-1 g)
Examples:


r1
rn/2
g1 ∙ ∙ ∙ gn/2
r1
r2
g1 * g2 *
*
rn/2+1
gn/2+1
∙ ∙ ∙
rn
gn
rn
* g
n
7
Recursive convolution (~INW):
a1
an/2
g1 ∙ ∙ ∙ gn/2
*
an/2+1
gn/2+1
∙ ∙ ∙
an
gn
D1
D2
a1… an/2 and an/2+1 … an obtained using Fn/2 : {0,1}l → {0,1}n/2
1.
Fn (s,s’) = Fn/2(s) ◦ Fn/2(s’)
→ D1 * D2
leads to Fn : {0,1}O( n ) → {0,1}n
2.
Fn (s,d) = Fn/2(s) ◦ Fn/2( s(d) )
→ D1 *γ D2
leads to Fn : {0,1}O( k log n ) → {0,1}n
s(d) … d-th neighbor of s in a k-regular expander on 2l
vertices
8

 D1 * D2 – D1 *γ D2  < γ
D1 *γ D2
Thm: If R1, R2, … RN are distributions obtained from
group products, F is a formula built from R1, R2, … RN
using *, and F’ is obtained from F by replacing * with
*γ then
c|G|11
 DF – DF’  < γ 2
*
R1
*γ
*
*
R2
R3
F
R4
R1
*γ
*γ
R2
R3
R4
F’
9
Proof ideas:
D1, D2, R1, R2 distr. on G
D1 = R1 + ε1
where
∑hG ε1(h) = 0
D2 = R2 + ε2
∑hG ε2(h) = 0

D1 * D2 = R1 * R2 + ε1 * R2 + R1 * ε2 + ε1 * ε2

D1 *γ D2 =
1.
2.
3.
…
where  εγ  < γ
+ εγ
If R2 is uniform then ε1 * R2 = 0.
If R2 is close to uniform then ε1 * R2 is close to 0.
If the support of R2 is the whole group G then
 ε1 * R2  < (1-δ)  ε1  .
10
Open problems


Improve dependence on the width of the branching
program/group size, and on the error ε.
Remove restrictions on the branching programs
11