## News on Intermediate Problems

* The Minimum Circuit Size Problem goes front and center *

Eric Allender, Bireswar Das, Cody Murray, and Ryan Williams have proved new results about problems in the range between and -complete. According to the wide majority view of complexity the range is vast, but it is populated by scant few natural computational problems. Only Factoring, Discrete Logarithm, Graph Isomorphism (GI), and the Minimum Circuit Size Problem (MCSP) regularly get prominent mention. There are related problems like group isomorphism and others in subjects such as lattice-based cryptosystems. We covered many of them some years back.

Today we are delighted to report recent progress on these problems.

MCSP is the problem: given a string of length and a number , is there a Boolean circuit with or fewer wires such that

For of other lengths , , we catenate the values of for the first strings in under the standard order. Since every -ary Boolean function has circuits of size which are encodable in bits, MCSP belongs to with linear witness size.

Several Soviet mathematicians studied MCSP in the late 1950s and 1960s. Leonid Levin is said to have desired to prove it -complete before publishing his work on -completeness. MCSP seemed to stand aloof until Valentine Kabanets and Jin-Yi Cai connected it to Factoring and Discrete Log via the “Natural Proofs” theory of Alexander Razborov and Steven Rudich. Eric and Harry Buhrman and Michal Koucký and Dieter van Melkebeek and Detlef Ronneburger improved their results in a 2006 paper to read:

Theorem 1Discrete Log is in and Factoring is in .

Now Eric and Bireswar have completed the triad of relations to the other intermediate problems:

Theorem 2Graph Isomorphism is in . Moreover, every promise problem in belongs to as defined for promise problems.

Cody and Ryan show on the other hand that proving -hardness of MCSP under various reductions would entail proving breakthrough lower bounds:

Theorem 3

- If then , so .
- If then .
- If then (so ), and also has circuit lower bounds high enough to de-randomize .
- In any many-one reduction from (let alone ) to , no random-access machine can compute any desired bit of in time.

The last result is significant because it is unconditional, and because most familiar -completeness reductions are *local* in the sense that one can compute any desired bit of in only time (with random access to ).

## Why MCSP is Hard to Harden

The genius of MCSP is that it connects two levels of scaling—input lengths and —in the briefest way. The circuits can have exponential size from the standpoint of . This interplay of scaling is basic to the theory of pseudorandom generators, in terms of conditions under which they can stretch a seed of bits into bits, and to generators of pseudorandom functions .

An issue articulated especially by Cody and Ryan is that reductions to MCSP carry seeds of being *self-defeating*. The ones we know best how to design involve “gadgets” whose size scales as not . For instance, in a reduction from we tend to design gadgets for individual clauses in the given 3CNF formula —each of which has constant-many variables and encoded size. But if involves only -sized gadgets and the connections between gadgets need only lookup, then when the reduction outputs , the string will be the graph of a -sized circuit. This means that:

- if then the answer is trivially “yes”;
- if then the answer can be found in time—or at worst quasipolynomial in time—by exhaustively trying all circuits of size .

The two horns of this dilemma leave little room to make a non-trivial reduction to MCSP. Log-space and reductions are (to different degrees) unable to avoid the problem. The kind of reduction that could avoid it might involve, say, -many clauses per gadget in an indivisible manner. But doing this would seem to require obtaining substantial non-local knowledge about in the first place.

Stronger still, if the reduction is from a *polynomially sparse* language in place of , then even this last option becomes unavailable. Certain relations among exponential-time classes imply the existence of hard sparse sets in . The hypothesis that MCSP is hard for these sets impacts these relations, for instance yielding the conclusion.

A paradox that at first sight seems stranger emerges when the circuits are allowed *oracle gates*. Such gates may have any arity and output 1 if and only if the string formed by the inputs belongs to the associated *oracle set* . For any we can define to be the minimum size problem for such circuits relative to . It might seem axiomatic that when is a powerful oracle such as then should likewise be -complete. However, giving such an oracle makes it easier to have small circuits for meaningful problems. This compresses the above dilemma even more. In a companion paper by Eric with Kabanets and Dhiraj Holden they show that is not complete under logspace reductions, nor even hard for under uniform reductions. More strikingly, they show that if it is hard for under logspace reductions, then .

Nevertheless, when it comes to various flavors of bounded-error randomized Turing reductions, MCSP packs enough hardness to solve Factoring and Discrete Log and GI. We say some more about how this works.

## Randomized Reductions to MCSP

What MCSP does well is efficiently distinguish strings having -sized circuits from the vast majority having no -sized circuits, where . The dense latter set is a good distinguisher between pseudorandom and uniform distributions on . Since one-way functions suffice to construct pseudorandom generators, MCSP turns into an oracle for inverting functions to an extent codified in Eric’s 2006 joint paper:

Theorem 4Let be a dense language of strings having no -sized circuits, and let be computable in polynomial time with of polynomially-related lengths. Then we can find a polynomial-time probabilistic oracle TM and such that for all and ,

Here is selected uniformly from and is uniform over the random bits of the machine. We have restricted and more than their result requires for ease of discussion.

To attack GI we set things up so that “” and “” represent a graph and a permutation of its vertices, respectively. More precisely “” means a particular adjacency matrix, and we define to mean the adjacency matrix obtained by permuting according to . By Theorem 4, using the MCSP oracle to supply , one obtains and such that for all and -vertex graphs ,

Since is 1-to-1 we can simplify this while also tying “” symbolically to :

Now given an instance of GI via adjacency matrices, do the following for some constant times independent trials:

- Pick and uniformly at random and put .
- Run to obtain a permutation .
- Accept if , which means .

This algorithm has one-sided error since it will never accept if and are not isomorphic. If they are isomorphic, then arises as with the same distribution over permutations that it arises as , so Equation (1) applies equally well with in place of . Hence finds the correct with probability at least on each trial, yielding the theorem .

The proof for is more detailed but similar in using the above idea. There are many further results in the paper by Cody and Ryan and in the oracle-circuit paper.

## Open Problems

These papers also leave a lot of open problems. Perhaps more importantly, they attest that these open problems are attackable. Can any kind of many-one reducibility stricter than reduce every language in to MCSP? Can we simply get from the assumption ? The most interesting holistic aspect is that we know new lower bounds follow if MCSP is easy, and now we know that new lower bounds follow if MCSP is hard. If we assume that MCSP stays intermediate, can we prove lower bounds that combine with the others to yield some non-trivial unconditional result?

## The Right Stuff of Emptiness

* How ∅ versus {ε} can be a life-and-death difference*

Cropped from source |

Jeff Skiles was the co-pilot on US Airways Flight 1549 from New York’s LaGuardia Airport headed for Charlotte on January 15, 2009. The Airbus A320 lost power in both engines after striking birds at altitude about 850 meters and famously ditched in the Hudson River with no loss of life. As Skiles’s website relates, he had manual charge of the takeoff but upon his losing his instrument panel when the engines failed,

“Captain Chesley Sullenberger took over flying the plane and tipped the nose down to retain airspeed.”

Skiles helped contact nearby airports for emergency landing permission but within 60 seconds Sullenberger and he determined that the Hudson was the only option. His front page does not say he did anything else.

Today we tell some stories about the technical content of forms of emptiness.

Read more…

## Ada the Amplifier

* Plus updated links to our Knuth and TED talks *

Ada Lovelace was nuts. Some have used this to minimize her contributions to the stalled development of Charles Babbage’s “Analytical Engine” in the 1840s. Judging from her famously over-the-top “Notes” to her translation of the only scientific paper (known as the “Sketch”) published on Babbage’s work in his lifetime, we think the opposite. It took nuttily-driven intensity to carry work initiated by Babbage several square meters of print beyond what he evidently bargained for.

This month we have been enjoying Walter Isaacson’s new book *The Innovators*, which leads with her example, and have some observations to add.

Read more…

## Still A Brilliant Idea

* An apology and correction *

Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith are the inventors of differential privacy, as formulated in their 2006 paper “Calibrating Noise to Sensitivity in Private Data Analysis,” in the proceedings of the 2006 Theory of Cryptography Conference.

Today Ken and I want to talk about differential privacy again.

Read more…

## Cynthia Dwork and a Brilliant Idea

* Differential Privacy *

Taekwondo source |

Cynthia Dwork is a computer scientist who is a Distinguished Scientist at Microsoft Research. She has done great work in many areas of theory, including security and privacy.

Today Ken and I wish to talk about the notion of differential privacy and Dwork’s untiring advocacy of it.

Read more…

## Where Hard Meets Easy

* Some hard to compute functions are easy modulo a number *

Georgia Tech source |

Joseph Ford was a physicist at Georgia Tech. He earned his undergrad degree here in 1952, and after earning his PhD at Johns Hopkins, went to work for two years at Union Carbide in Niagara Falls before joining the University of Miami and then coming back to Tech. He was possibly lured back into academia by considering a paradox studied by Enrico Fermi, John Pasta, Stanislaw Ulam, and Mary Tsingou in the mid-1950s. The paradox is that periodic rather than ergodic motion can often result in complicated systems.

Today we wish to present a simple observation about hard-to-compute functions.

Read more…

## Why is Congruence Hard to Learn?

* Gears and rings… *

Flickr source: |

Denys Fisher was a British engineer and maker of board games and other toys. In 1965 he invented the Spirograph toy. Some speculate that he was influenced by the designs of the artist, composer, and film animator John Whitney, whose opening sequence for Alfred Hitchcock’s 1958 film “Vertigo” is considered the first use of computer graphics in cinema. The Spirograph toy involves drawing with a pen guided by a gear with *m* teeth going around inside a ring or around a track or other gear with *x* teeth. The kind of design you get depends on how *x* relates to *m*.

Today Ken and I want to talk about a basic notion of mathematics and theory that is simple to define, very useful, and yet seems to be tough for some students to get.

Read more…