Easy Witnesses

While doing the proof of IKW theorem in class, we came across the easy witness method introduced by Kabanets. The original usage of this method in Kabanets'00 paper was to show that any randomized algorithm in $\text{RP}$ can be simulated by a zero-error probabilistic algorithm in expected $2^{n^{\varepsilon }}$-time for some $\varepsilon >0$, such that no expected sub-exponential time algorithm can refute the simulation infinitely often (io). In other words, there is no algorithm of the form $R\left(1^n\right)\in \{0,1{\}}^n$ in this time class such that simulation makes a mistake on input $R\left(1^n\right)$ for almost all $n$.

Before going to prove this result, we look at something simpler first, which also introduces the easy witness method:

Theorem 1: At least one of the following holds:

1. For every $\varepsilon >0$, any language in $\text{RP}$ can be simulated in $\text{DTIME}\left(2^{n^{\varepsilon }}\right)$ such that no language in $\text{ZPP}$ can refute the simulation io.
2. $\text{BPP}=\text{ZPP}$.

Proof: Consider the set $S$ of easy witness strings. A string $\alpha \in S$ is an easy witness iff it has a concise description (ie. it is the truth table of some circuit with low complexity). For an algorithm $A$ and input $x$ in $\text{RP}$ we can test $A$ against all such strings and accept iff there is one that makes $A$ accept. The crucial insight is that if this algorithm makes frequent mistakes, then the set of random strings that makes $A$ accept have high circuit complexity. Thus if fix the input $x$, $A$ is a good hardness test for strings $r$, accepting only if $r$ has no small description. Notice that a significant fraction of strings have this property. Therefore using this as a source for Impagliazzo - Wigderson generator, we can derandomize BPP.

More formally, for given randomized algorithm $A(x,r)$ on input $x,\mid x\mid =n$ and random bits $r,\mid r\mid =m=n^a$ for some constant $a$, let $S^{\delta }\_$ be the set of truth tables of all $\lceil \log m\rceil$-variable Boolean functions with low circuit complexity (at most $m^{\delta }$). Hence $S^{\delta }\_$ contains strings of length $m$, and it can be enumerated in $\text{DTIME}\left(2^{n^{2\delta }}\right)$. Therefore checking for all $\alpha \in S^{\delta }\_$ if $R(x,\alpha )$ accepts takes time at most $\left(2^{n^{\varepsilon }}\right)$ for $\delta =\varepsilon /\left(2a\right)$. Let this algorithm be $B^{\varepsilon }\_A$.

If this algorithm $B^{\varepsilon }\_A$ works for every $A\in \text{RP}$ and $\varepsilon >0$, then (1) holds and we are done. Otherwise, there exists $A$,$\varepsilon >0$ and an expected polynomial time refuter $R\left(1^n\right)\in \{0,1{\}}^n$ such that, for almost all $n$, $B^{\varepsilon }\_A$ does not accept whereas $A\left(R\right(1^n),r)$ accepts for some $r$. Therefore $A\left(R\right(1^n),r)$ can be viewed as a Boolean circuit $C^{\text{hard}}\left(r\right)$ which accepts almost all $m$-bit strings and all accepted strings are truth tables of a $\log m$-variable Boolean function with the smallest circuit size at least $m^{\varepsilon /\left(2a\right)}$. Since $R\left(1^n\right)$ halts in polynomial time with high probability, we have an algorithm in $\text{ZPP}$ which can construct such circuits $C^{\text{hard}}$.

Given such a circuit $C^{\text{hard}}$, we can guess a string uniformly at random $\beta \in \{0,1{\}}^m$ which $C^{\text{hard}}$ accepts. Reminding ourselves of IW result:


Impagliazzo-Wigderson Generator: Given $r\in \{0,1{\}}^{n^c}$, truth table of a circuit on $c\log n$-Boolean variables with circuit complexity at least $n^{\varepsilon c}$, there exists $c,d\in \mathbb{N}$ and a polynomial time computable generator $G_r\left(s\right):\{0,1{\}}^{d\log n}\to \{0,1{\}}^n$ with hardness $H\left(G_r\right)>n$.

If we use this $\beta$ to construct the generator $G_{\beta }$ of IW mapping $\{0,1{\}}^{d\log k}$ to $\{0,1{\}}^k$, we get a generator $G_{\beta }$ with hardness greater than $k$ for sufficiently large $k$. Constructing these takes expected polynomial time, and last step takes deterministic polynomial time, therefore for every $L\in \text{BPP}$, we have $L\in \text{ZPP}$. QED

Instead of IW generator, we can use Babai-Fortnow-Nisan-Wigderson generator, to arrive at the following result.

Theorem 2: At least one of the following holds:

1. Any language in $\text{RP}$ can be simulated in $\text{DTIME}\left(2^{(\log n{)}^{\log \log n}}\right)$ such that no language in $\text{ZPP}$ can refute the simulation io.
2. $\text{BPP}\subseteq \text{ZPSUBEXP}$ where $\text{ZPSUBEXP}$ denotes the class of languages with an expected sub exponential time algorithm.

Instead of fiddling with the generator, we can increase the power of refuter. In Theorem 1, when first condition fails, we can allow the refuter to take expected sub exponential time. After changing the circuit size and parameters appropriately, we have the following result:

Theorem 3: At least one of the following holds:

1. For every $\varepsilon >0$, any language in $\text{RP}$ can be simulated in $\text{DTIME}\left(2^{n^{\varepsilon }}\right)$ such that no language in $\text{ZPSUBEXP}$ can refute the simulation io.
2. $\text{BPP}\subseteq \text{ZPSUBEXP}$.

Noting that $\text{DTIME}\left(2^{n^{\varepsilon }}\right)$ and $\text{ZPSUBEXP}$ are in $\text{ZPTIME}\left(2^{n^{\varepsilon }}\right)$, and $\text{RP}\subseteq \text{BPP}$, we can replace the above with an unconditional result:

Corollary 1: For every $\varepsilon >0$, any language in $\text{RP}$ can be simulated in $\text{ZPTIME}\left(2^{n^{\varepsilon }}\right)$ such that no language in $\text{ZPSUBEXP}$ can refute the simulation io.

Notice that above results imply that we can get analogous results to the ones obtained in IW paper:

In IW, assuming $\text{BPP}\ne \text{EXP}$, deterministic subexponential time bound was shown for $\text{BPP}$. Using the machinery developed above, we can answer a weaker question: What happens when $\text{ZPP}\ne \text{EXP}$?

Theorem 4: If $\text{ZPP}\ne \text{EXP}$, then any language in $\text{RP}$ can be simulated in $\text{DTIME}\left(2^{n^{\varepsilon }}\right)$ for all $\varepsilon >0$ such that no language in $\text{ZPP}$ can refute the simulation io.

Proof: Assume otherwise. Then by Theorem 1, $\text{BPP}=\text{ZPP}$. But for some $\varepsilon >0$, $\text{BPP}$ is a proper subset of $\text{DTIME}\left(2^{n^{\varepsilon }}\right)$ for $\text{BPP}$ refuters (by Time Hierarchy Theorem). Using IW theorem, this implies
$\text{BPP}=\text{EXP}=\text{ZPP}$. QED

The gap theorem of IW (either no derandomization of BPP is possible, or BPP can be simulated in deterministic $2^{n^{\varepsilon }}$ time for every $\varepsilon >0$) can be shown for ZPP as follows:

Theorem 5: Either $\text{ZPP}=\text{EXP}$ or for every $\varepsilon >0$, any language in $\text{RP}$ can be simulated in $\text{DTIME}\left(2^{n^{\varepsilon }}\right)$ for all $\varepsilon >0$ such that no language in $\text{ZPP}$ can refute the simulation io.

Proof: Assume $\text{ZPP}=\text{EXP}=\text{RP}$. By Time Hierarchy Theorem, for every $\varepsilon >0$, $\text{EXP}$ is not in $\text{DTIME}\left(2^{n^{\varepsilon }}\right)$ with $\text{ZPP}$ refuters. Thus at most one of the conditions holds. By Theorem 4, at least one of the conditions holds. The result follows. QED

Notice that "easy witness'' method applies even when the refuters are allowed to be non-deterministic Turing machines, and by essentially using the same proof structure, we can obtain the following result:

Theorem 6: At least one of the following holds:

1. For every $\varepsilon >0$, any language in $\text{NP}$ can be simulated in $\text{DTIME}\left(2^{n^{\varepsilon }}\right)$ such that no language in $\text{NP}$ can refute the simulation io.
2. $\text{BPP}\subseteq \text{NP}$.