We show that any randomized algorithm that runs in space S and time T and uses poly(S) random bits can be simulated using only O(S) random bits in space S and time T poly(S). A deterministic simulation in space S follows. Of independent interest is our main technical tool: a procedure which extracts randomness from a defective random source using a small additional number of truly random bits. 1

We establish hardness versus randomness trade-offs for a broad class of randomized procedures. In particular, we create efficient nondeterministic simulations of bounded round Arthur-Merlin games using a language in exponential time that cannot be decided by polynomial size oracle circuits with access to satisfiability. We show that every language with a bounded round Arthur-Merlin game has subexponential size membership proofs for infinitely many input lengths unless exponential time coincides with the third level of the polynomial-time hierarchy (and hence the polynomial-time hierarchy collapses). This provides the first strong evidence that graph nonisomorphism has subexponential size proofs. We set up a general framework for derandomization which encompasses more than the traditional model of randomized computation. For a randomized procedure to fit within this framework, we only require that for any fixed input the complexity of checking whether the procedure succeeds on a given ...

. Define the MODm -degree of a boolean function F to be the smallest degree of any polynomial P , over the ring of integers modulo m, such that for all 0-1 assignments ~x, F (~x) = 0 iff P (~x) = 0. We obtain the unexpected result that the MODm -degree of the OR of N variables is O( r p N ), where r is the number of distinct prime factors of m. This is optimal in the case of representation by symmetric polynomials. The MOD n function is 0 if the number of input ones is a multiple of n and is one otherwise. We show that the MODm -degree of both the MOD n and :MOD n functions is N\Omega\Gamma1/ exactly when there is a prime dividing n but not m. The MODm -degree of the MODm function is 1; we show that the MODm -degree of :MODm is N\Omega\Gamma30 if m is not a power of a prime, O(1) otherwise. A corollary is that there exists an oracle relative to which the MODmP classes (such as \PhiP) have this structure: MODmP is closed under complementation and union iff m is a prime power, and...

We obtain the first non-trivial time-space tradeoff lower bound for functions f : {0, 1}^n → {0, 1} on general branching programs by exhibiting a Boolean function f that requires exponential size to be computed by any branching program of length (1 + ε)n, for some constant ε > 0. We also give the first separation result between the syntactic and semantic read-k models [BRS93] for k > 1 by showing that polynomial-size semantic read-twice branching programs can compute functions that require exponential size on any syntactic read-k branching program. We also show...

A pseudo-random function is a fundamental cryptographic primitive that is essential for encryption, identification and authentication. We present a new cryptographic primitive called pseudorandom synthesizer and show how to use it in order to get a parallel construction of a pseudo-random function. We show several NC 1 implementations of synthesizers based on concrete intractability assumptions as factoring and the Diffie-Hellman assumption. This yields the first parallel pseudorandom functions (based on standard intractability assumptions) and the only alternative to the original construction of Goldreich, Goldwasser and Micali. In addition, we show parallel constructions of synthesizers based on other primitives such as weak pseudo-random functions or trapdoor one-way permutations. The security of all our constructions is similar to the security of the underlying assumptions. The connection with problems in Computational Learning Theory is discussed. A preliminary version of this...

Abstract. We construct a function in AC 0 that cannot be computed by a depth-2 majority circuit of size less than exp(Θ(n 1/5)). This solves an open problem due to Krause and Pudlák (1994) and matches Allender’s classic result (1989) that AC 0 can be efficiently simulated by depth-3 majority circuits. To obtain our result, we develop a novel technique for proving lower bounds on communication complexity. This technique, the Degree/Discrepancy Theorem, is of independent interest. It translates lower bounds on the threshold degree of a Boolean function into upper bounds on the discrepancy of a related function. Upper bounds on the discrepancy, in turn, immediately imply lower bounds on communication and circuit size. In particular, our work yields the first known function in AC 0 with exponentially small discrepancy, exp(−Ω(n 1/5)). Key words. Majority circuits, constant-depth AND/OR/NOT circuits, communication complexity, discrepancy, threshold degree of Boolean functions. AMS subject classifications. 03D15, 68Q15, 68Q17

In the multiparty communication game introduced by Chandra, Furst, and Lipton [CFL] (1983), k players wish to evaluate collaboratively a function f(x0 , ..., xk\Gamma1 ) for which player i sees all inputs except x i : The players have unlimited computational power. The objective is to minimize the amount of communication. We consider a restricted version of the multiparty communication game which we call the simultaneous messages model. The difference is that in this model, each of the k players simultaneously sends a message to a referee, who sees none of the input. The referee then announces the function value. We demonstrate an exponential gap between the Simultaneous Messages and the Communication models for up to (log n) 1\Gammaffl players, for any ffl ? 0: The separation is obtained by comparing the respective complexities of the generalized addressing function, GAFG;k , in each model. In addition, we give a nontrivial protocol for GAFG;k for G = Z t 2 ; which is very eff...

We present a new approach to constructing pseudorandom generators that fool lowdegree polynomials over finite fields, based on the Gowers norm. Using this approach, we obtain the following main constructions of explicitly computable generators G: F s → F n that fool polynomials over a prime field F: 1. a generator that fools degree-2 (i.e., quadratic) polynomials to within error 1/n, with seed length s = O(log n), 2. a generator that fools degree-3 (i.e., cubic) polynomials to within error ɛ, with seed length s = O(log |F | n) + f(ɛ, F) where f depends only on ɛ and F (not on n), 3. assuming the “Gowers inverse conjecture, ” for every d a generator that fools degree-d polynomials to within error ɛ, with seed length s = O(d · log |F | n) + f(d, ɛ, F) where f depends only on d, ɛ, and F (not on n). We stress that the results in (1) and (2) are unconditional, i.e. do not rely on any unproven assumption. Moreover, the results in (3) rely on a special case of the conjecture which may be easier to prove. Our generator for degree-d polynomials is the component-wise sum of d generators for degree-1 polynomials (on independent seeds). Prior to our work, generators with logarithmic seed length were only known for degree-1 (i.e., linear) polynomials (Naor and Naor; SIAM J. Comput., 1993). In fact, over small fields such as F2 = {0, 1}, our results constitute the first progress on these problems since the long-standing generator by Luby, Veličković and Wigderson (ISTCS 1993), whose seed length is much bigger: s = exp � Ω � √ log n � � , even for the case of degree-2 polynomials over F2.

We prove the first time-space lower bound tradeoffs for randomized computation of decision problems.

We present fast and e#cient parallel algorithms for finding the connected components of an undirected graph. These algorithms run on the exclusive-read, exclusive-write (EREW) PRAM. On a graph with<F3.492e+05> n<F3.822e+05> vertices and<F3.492e+05> m<F3.822e+05> edges, our randomized algorithm runs in<F3.492e+05><F3.822e+05> O(log<F3.492e+05><F3.822e+05> n) time using<F3.492e+05> (m<F3.822e+05> +<F3.492e+05> n<F2.77e+05><F2.072e+05> 1+#<F3.822e+05><F3.492e+05> )/<F3.822e+05> log<F3.492e+05> n<F3.822e+05> EREW processors (for any fixed<F3.492e+05> # ><F3.822e+05> 0). A variant uses<F3.492e+05> (m<F3.822e+05> +<F3.492e+05><F3.822e+05><F3.492e+05> n)/<F3.822e+05> log<F3.492e+05> n<F3.822e+05> processors and runs in<F3.492e+05><F3.822e+05> O(log<F3.492e+05> n<F3.822e+05> log log<F3.492e+05><F3.822e+05> n) time. A deterministic version of the algorithm runs in<F3.492e+05><F3.822e+05> O(log<F2.77e+05><F2.072e+05><F2.77e+05> 1.5<F3.492e+05><F3.822e+05> n) time using<F3.492e+...