Pseudorandom Generators for Unbounded-Width Permutation Branching Programs

by William Hoza, Edward Pyne, and Salil Vadhan

Oded's comments

An explicit construction that outperforms a random construction is always fascinating (being better than random). So I was naturally curious about this announcement, and it seems that the answer (re how can it be?) is in the nature of the specific model of computation.

This model of computation includes all tests that output 1 if the second half of the tested input equals is a predetermined permutation f of the first half of input (i.e., if the input has the fom $(x,f(x))$).

Such tests $T$ output 1 with exponentially small probability on a uniformly random input. But a random function acting as a PRG with a short seed will be contained within $T^{-1}(1)$, wvhp, because (wvhp) each half of the PRG's output determines the seed, which implies that the first half of the PRG's output determines the second half (wvhp).

Intuitively, the INW generator fools these tests, because it injects fresh randomness between the first and second half of its output, and so the second half is not highly predictable given the second half.

The original abstract

We prove that the Impagliazzo-Nisan-Wigderson (STOC 1994) pseudorandom generator (PRG) fools ordered (read-once) permutation branching programs of unbounded width with a seed length of $\widetilde{O}(\log d + \log n \cdot \log(1/\varepsilon))$, assuming the program has only one accepting vertex in the final layer. Here, $n$ is the length of the program, $d$ is the degree (equivalently, the alphabet size), and $\varepsilon$ is the error of the PRG. In contrast, we show that a randomly chosen generator requires seed length $\Omega(n \log d)$ to fool such unbounded-width programs. Thus, this is an unusual case where an explicit construction is "better than random."

Except when the program's width $w$ is very small, this is an improvement over prior work. For example, when $w = \text{poly}(n)$ and d = 2, the best prior PRG for permutation branching programs was simply Nisan's PRG (Combinatorica 1992), which fools general ordered branching programs with seed length $O(\log(wn/\varepsilon) \log n)$. We prove a seed length lower bound of $\widetilde{\Omega}(\log d + \log n \cdot \log(1/\varepsilon))$ for fooling these unbounded-width programs, showing that our seed length is near-optimal. In fact, when $\varepsilon \leq 1 / \log n$, our seed length is within a constant factor of optimal. Our analysis of the INW generator uses the connection between the PRG and the derandomized square of Rozenman and Vadhan (RANDOM 2005) and the recent analysis of the latter in terms of unit-circle approximation by Ahmadinejad et al. (FOCS 2020).

Available from ECCC TR20-138.

Back to list of Oded's choices.