A Sum of Squares View on Algorithms, Complexity, and Cryptoanalysis

A Sum of Squares View on Algorithms, Complexity, and Cryptoanalysis
Slide Note
Embed
Share

This content delves into the Sum of Squares approach, offering a unique perspective on algorithms, complexity theory, and cryptoanalysis. It explores the practical applications, success stories, lower bound achievements, and its role in cryptography. Discover how Sum of Squares provides a powerful framework for algorithm design and analysis, showcasing its impact on various challenging problems in computing and beyond.

  • Algorithms
  • Complexity
  • Cryptoanalysis
  • Sum of Squares
  • Lower Bounds
aalyaw
aalyaw Follow

Uploaded on Feb 24, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. A Sum of Squares View on Algorithms, Complexity, and Cryptoanalysis Sam Hopkins Miller Fellow, UC Berkeley

  2. What is Sum of Squares? Prosaic view A family of convex relaxations for polynomial optimization problems Glamorous view Optimal meta-algorithm offering new lens on algorithms and complexity

  3. What is Sum of Squares? Today s view A language, toolkit, and set of abstractions for algorithm design with convex programming, enabling rigorous analysis of a particular set of powerful convex programs.

  4. Huge Algorithmic Success Offers best known poly-time algos for: Constraint satisfaction Cut problems (sparsest cut, min cut, ) Khot s unique games Tensor problems (higher-order linear algebra) Robust/heavy-tailed statistics (statistics with nasty data) High-dimensional clustering Matrix completion/Netflix problem Sparse PCA, finding hidden sparse vectors Community detection Best separable state (detecting quantum entanglement) The list just keeps growing!

  5. Growing Lower Bound Success Can prove unconditional lower bounds to support existing hardness results and/or to support hardness conjectures. Strong lower bounds known in support of: Feige s random-SAT hypothesis Planted clique (some more exotic problems)

  6. SoS and Cryptography Cryptoanalysis: SoS is weapon of choice for designing poly-time algorithms for hard combinatorial/analytic problems. (NOT usually algebraic problems.) Justifying assumptions: SoS lower bounds (impossibility results) are evidence for hardness against all polynomial time algorithms.

  7. Starting to Enter the Crypto Scene In 2017-18, several proposals for indistinguishability obfuscation based on blockwise 2-local or degree-2 PRGs [Lin-Tessaro, Ananth-Jain-Sahai, Agrawal, Lin- Matt] Do blockwise 2-local PRGs exist? NO! [BBKK 17], attack via SoS Do degree-2 PRGs exist? All existing proposals largely refuted [BHJKS 19], attack via SoS

  8. Agenda What is sum of squares? Raghavendra s Theorem: evidence for optimality among polynomial time algorithms (in restricted settings) Technical Vignette: solving degree-2 equations

  9. What is Sum of Squares? Today s view A language, toolkit, and set of abstractions for algorithm design with convex programming, enabling rigorous analysis of a particular set of powerful convex programs. Philosophy/Methodology round and relax, identifiability to algorithms, Marley s theorem , Toolkit quadratic sampling, conditioning, global correlation, pseudocalibration, Language pseudodistribution , SoS proof , Linear Programs max flow, compressed sensing, Semidefinite Programs max cut, Netflix problem, Hierarchies Sherali-Adams, SoS

  10. What is Sum of Squares? Today s view A language, toolkit, and set of abstractions for algorithm design with convex programming, enabling rigorous analysis of a particular set of powerful convex programs. Philosophy/Methodology round and relax, identifiability to algorithms, Marley s theorem , Toolkit quadratic sampling, conditioning, global correlation, pseudocalibration, Language pseudodistribution , SoS proof , Linear Programs max flow, compressed sensing, Semidefinite Programs max cut, Netflix problem, Hierarchies Sherali-Adams, SoS

  11. Convex Programming Convex set Non-convex set Can find a point in and minimize a convex function over any sufficiently simple convex set in polynomial time. Extremely useful in algorithm design

  12. Which convex sets? Polytopes a.k.a. LPs Max flow ? ??,?? 0 ? = ?1,?2, ,?? Single pixel camera

  13. Beyond Polytopes: Semidefinite Programs (SDP) Max Cut Given graph G, find subset of nodes cutting most edges. Random cut: cuts of edges ( 1/2-approximation ) ? ?? ?,? 0,?? ? = 1 (all eigenvalues real, nonegative, sum to 1) ?11 ?21 ?31 ?12 ?22 ?32 ?13 ?23 ?33 LP: 1 ? = 2 SDP [GW 95]: 0.878 (!!!)

  14. What is Sum of Squares? Today s view A language, toolkit, and set of abstractions for algorithm design with convex programming, enabling rigorous analysis of a particular set of powerful convex programs. Philosophy/Methodology round and relax, identifiability to algorithms, Marley s theorem , Toolkit quadratic sampling, conditioning, global correlation, pseudocalibration, Language pseudodistribution , SoS proof , Linear Programs max flow, compressed sensing, Semidefinite Programs max cut, Netflix problem, Hierarchies Sherali-Adams, SoS

  15. How to design LP/SDP-based algorithms 1. Look at your problem 2. Be extremely clever, invent LP/SDP relaxation 3. Be extremely clever, analyze your relaxation 4. Publish paper

  16. Approximating complex sets by simple ones To approximate max-cut: ? 1,1? Cuts Need to approximate ?? :? 1,1?

  17. Approximating complex sets by simple ones How would you know which constraints to add?

  18. [Shor 87, Nesterov 00, Parillo 00, Lasserre 01] How to choose your SDP? SoS (prosaic): principled way to produce hierarchy of SDP approximations to nasty (nonconvex) sets. Choose your own complexity! And attendant running time (And suffer the consequences/reap the rewards) [Bandeira-Kunisky 18]

  19. Polynomials and SoS Given set defined by polynomial (in)equalities e.g. {?? :?? 2= 1} Degree-? SoS: SDP with ?? variables and constraints increasing strength, increasing complexity And language, toolkit to reason about them

  20. What is Sum of Squares? Today s view A language, toolkit, and set of abstractions for algorithm design with convex programming, enabling rigorous analysis of a particular set of powerful convex programs. Philosophy/Methodology round and relax, identifiability to algorithms, Marley s theorem , Toolkit quadratic sampling, conditioning, global correlation, pseudocalibration, Language pseudodistribution , SoS proof , Linear Programs max flow, compressed sensing, Semidefinite Programs max cut, Netflix problem, Hierarchies Sherali-Adams, SoS

  21. Agenda What is sum of squares? Raghavendra s Theorem (and a little beyond): evidence for optimality among polynomial time algorithms (in restricted settings) Technical Vignette: solving degree-2 equations

  22. Evidence for Optimality 2 kinds of evidence: Soft: subsumes LP, SDP, spectral algorithms captures guarantees of best algs in wide variety of settings (caveat: not algebraic settings) Hard: Raghavendra s theorem

  23. Formalizing optimality: CSPs Constraint satisfaction problem: predicate ? 1? { 1}, variables ?1, ??, clauses ?(?1,?17,?74), etc e.g. 3SAT: ?1 ?3 ?17 ?10 ?5 ?123 Goal: find ? 0,1? to satisfy as many constraints as possible Approximation: ?-approximation algorithm finds ? satisfying ? ??? of the constraints

  24. Raghavendras Theorem Approximating CSPs polynomials. e.g. ?? Approximate nasty set defined by 2= 1 iff ?? { 1}, polynomialize ? Raghavendra 08: Under unique games conjecture, degree-2 SoS is optimal polynomial-time approximation. For every predicate ?, if degree-2 SoS fails to ?-approx. then ? + ? -approximating is NP hard! [Chan 08]: removes reliance on unique games for large subset of CSPs [Lee-Raghavendra-Steurer 15]: SoS is unconditionally optimal among SDPs for CSPs

  25. Agenda What is sum of squares? (with a little advertising) Raghavendra s Theorem (and a little beyond): evidence for optimality among polynomial time algorithms (in restricted settings) Technical Vignette: solving degree-2 equations

  26. Example algorithm: solving systems of quadratic equations Quadratic PRG with polynomial stretch simplification of PRG needed by iO constructions of [Ananth-Jain-Sahai, Agrawal, Lin-Matt] ?1? , ,??? are ?-variable quadratic polys coefficients in [ ?? 1,?? 1] ? ?1+? : polynomial stretch Weak PRG: ??,??? , ??,??? + ?? are indistinguishable for reasonable random ?,??

  27. Natural candidate: random polynomials What if ?1, ,?? are random? Then can invert! Can be sparse or dense! Theorem [BHJKS 19]: Exists poly-time SoS alg s.t. if ?is a nice distribution on quadratic ?-variable polynomials (nonzero, coefficients pairwise indep.) ?1, ,?? ? i.i.d. ? ? log??(1) Then w.h.p. can invert ? {??? }.

  28. Inverting quadratic PRGs by SoS Given: ?1, ,??,?1= ?1? , ??= ??? for some ? ?? 1, ,?? 1 Goal: find ? Nasty set defined by polynomial equations: ? ??? = ?? (Almost) our algorithm: output any point in degree-2 SoS relaxation of ? ??? = ??

  29. Inverting quadratic PRGs by SoS Given: ?1, ,??,?1= ?1? , ??= ??? for some ? ?? 1, ,?? 1 Goal: find ? 2= 1 ? Nasty set defined by polynomial equations: ? ??? = ??, ? 2= 1 Our algorithm: output any point in degree-2 SoS relaxation of ? ??? = ??, ? 2= 1

  30. Inverting degree-2 PRGs by SoS degree-2 SoS relaxation of ? ??? = ??, ?2= 1 define some matrices: ??,?? = ??(?) the SDP: ? ?? ? ??,? = ??,?? ? = ?,? ? contains ?? since ?? ?? = ?2= 1 Extensively studied in literature on matrix sensing, matrix completion, Netflix problem Prior work: if ??,?are incoherent then only feasible ? is ?? . We show: if ?? s i.i.d. from nice distribution, ? random, ? ?, then whp ??,?are incoherent [Gross 09, Recht-Fazel-Parillo 07]

  31. Conclusion Philosophy/Methodology round and relax, identifiability to algorithms, Marley s theorem , Toolkit quadratic sampling, conditioning, global correlation, pseudocalibration, Language pseudodistribution , SoS proof , Linear Programs max flow, compressed sensing, Semidefinite Programs max cut, Netflix problem, Hierarchies Sherali-Adams, SoS SoS is a powerful family of algorithms/tools with broad range of applications Some evidence for optimality among polynomial time algorithms Breaks existing constructions of quadratic PRGs for iO

  32. Thanks! Resources: Barak-Steurer lecture notes: https://www.sumofsquares.org/public/index.html Raghavendra-Schramm-Steurer survey: https://arxiv.org/abs/1807.11419 My thesis: http://www.samuelbhopkins.com/thesis.pdf

  33. Lower Bounds Known: lower bounds in support of major average-case complexity hypotheses -- Feige shypothesis on random SAT [Grigoriev 01, Schoenebeck 08] -- planted clique [Barak-H-Kelner-Kothari-Moitra- Potechen 16]

  34. Example: Planted Clique Distinguish ? ? ?,1 2 from ? ? ?,1 2+ ?-clique. Brute-force: ? log?, ?? log ?time Polynomial time: ? Sudakov 98] ? spectral alg, degree-2 SoS [Alon-Krivlevech- Conjecture: no poly-time alg tolerates ? ? Central conjecture in average-case complexity One-way functions [JP 00], Nash equilibrium [HK 11, ABC 13], sparse principal component analysis [BR 13], compressed sensing [KZ 14],

  35. Example: Planted Clique Evidence for the planted clique conjecture? Gadget reductions make gadget-y instances What about SoS lower bounds? (Caveat: do not know Raghavendra-style optimality for average-case problems)

  36. Example: Planted Clique If ? log?, max clique would distinguish ? ?,1 ? ?,1 2+ ?-clique 2 vs Polynomial optimization formulation of max-clique: 2= ?? max ? ??? s.t. ????= 0 if ? not adj. to ?, ?? Theorem [BHKKMP 16]: Degree ?(log?)SoS relaxation of max-clique on ? ? ?,1 2 has value ? 1 2 ? 1.

  37. Evolution of Convex Programming Linear programming Max flow Compressed sensing

  38. What is Sum of Squares? A specific family of convex programs A language, toolkit, and set of abstractions for algorithm design with convex programming A universal meta-algorithm

  39. notes What is sum of squares? Why is it relevant to cryptographers? Algorithms for cryptoanalysis Lens for hardness Example problems Max cut Raghavendra theorem Planted clique Do an example? What problem? Tensor completion? Solving degree-2 equations? Relation to LPs/SDPs/spectral algorithms Language for semidefinite programming Unification of algorithm design using small set of organizing principles Gives recipe for algorithm design good for cryptoanalysis Meta-algorithms provide framework for hardness

Related


Time Complexity in Algorithm Analysis

Time Complexity in Algorithm Analysis

sky
Near-Optimal Quantum Algorithms for String Problems - Summary and Insights

Near-Optimal Quantum Algorithms for String Problems - Summary and Insights

lark
Biometrical Techniques in Animal Breeding: Analysis of Variance in Completely Randomized Design

Biometrical Techniques in Animal Breeding: Analysis of Variance in Completely Randomized Design

thisbe
The Pythagorean Theorem and Right-Angled Triangles

The Pythagorean Theorem and Right-Angled Triangles

inez
Rhombi and Squares in Geometry

Rhombi and Squares in Geometry

gaia
Least-Squares Regression Line in Statistics

Least-Squares Regression Line in Statistics

fynley
Combining Graph Algorithms with Data Structures and Algorithms in CSE 373 by Kasey Champion

Combining Graph Algorithms with Data Structures and Algorithms in CSE 373 by Kasey Champion

maliyah
Sorting Techniques: Complexity, Stability, and Cases

Sorting Techniques: Complexity, Stability, and Cases

jazlyn
Analysis of Variance (ANOVA) in Animal Genetics & Breeding

Analysis of Variance (ANOVA) in Animal Genetics & Breeding

zack
Randomized Algorithms: A Deep Dive into Las Vegas and Monte Carlo Algorithms

Randomized Algorithms: A Deep Dive into Las Vegas and Monte Carlo Algorithms

nieve
Decomposition of Treatment Sums of Squares

Decomposition of Treatment Sums of Squares

boston
Distributed Algorithms for Leader Election in Anonymous Systems

Distributed Algorithms for Leader Election in Anonymous Systems

gude_za
Solving Maximum Contiguous Subarray Sum Problem with Dynamic Programming

Solving Maximum Contiguous Subarray Sum Problem with Dynamic Programming

kensing
Mathematical Analysis of Algorithms in CMPE371 - Fall 2023-2024

Mathematical Analysis of Algorithms in CMPE371 - Fall 2023-2024

crandall_m
Squares and Square Roots

Squares and Square Roots

dyer_sey
Squares and Square Roots: Concepts and Applications

Squares and Square Roots: Concepts and Applications

mulvaney_r
Perfect Squares and Square Roots

Perfect Squares and Square Roots

chiag
Exploring Tilted Squares and Finding Areas on a Grid

Exploring Tilted Squares and Finding Areas on a Grid

arrielle
Mathematics: Squares, Square Roots, and Area Formulas

Mathematics: Squares, Square Roots, and Area Formulas

clapham_d
Quantum Algorithms for Least Squares Regression

Quantum Algorithms for Least Squares Regression

mys_l
Various Types of Precision Measuring Tools

Various Types of Precision Measuring Tools

amilliana
Insights into Computational Complexity Hierarchy and SAT Algorithms

Insights into Computational Complexity Hierarchy and SAT Algorithms

wjwa

More Related Content