Incompressible Functions, Relative-Error Extractors, and the Power of Nondeterministic Reductions

Abstract

A circuit C compresses a function $${f : \{0,1\}^n\rightarrow \{0,1\}^m}$$f:{0,1}n?{0,1}m if given an input $${x\in \{0,1\}^n}$$x?{0,1}n, the circuit C can shrink x to a shorter l-bit string x? such that later, a computationally unbounded solver D will be able to compute f(x) based on x?. In this paper we study the existence of functions which are incompressible by circuits of some fixed polynomial size $${s=n^c}$$s=nc. Motivated by cryptographic applications, we focus on average-case $${(\ell,\epsilon)}$$(l,∈) incompressibility, which guarantees that on a random input $${x\in \{0,1\}^n}$$x?{0,1}n, for every size s circuit $${C:\{0,1\}^n\rightarrow \{0,1\}^{\ell}}$$C:{0,1}n?{0,1}l and any unbounded solver D, the success probability $${\Pr_x[D(C(x))=f(x)]}$$Prx[D(C(x))=f(x)] is upper-bounded by $${2^{-m}+\epsilon}$$2-m+∈. While this notion of incompressibility appeared in several works (e.g., Dubrov and Ishai, STOC 06), so far no explicit constructions of efficiently computable incompressible functions were known. In this work, we present the following results: (1)Assuming that E is hard for exponential size nondeterministic circuits, we construct a polynomial time computable boolean function $${f:\{0,1\}^n\rightarrow \{0,1\}}$$f:{0,1}n?{0,1} which is incompressible by size nc circuits with communication $${\ell=(1-o(1)) \cdot n}$$l=(1-o(1))·n and error $${\epsilon=n^{-c}}$$∈=n-c. Our technique generalizes to the case of PRGs against nonboolean circuits, improving and simplifying the previous construction of Shaltiel and Artemenko (STOC 14).(2)We show that it is possible to achieve negligible error parameter $${\epsilon=n^{-\omega(1)}}$$∈=n-?(1) for nonboolean functions. Specifically, assuming that E is hard for exponential size $${\Sigma_3}$$Σ3-circuits, we construct a nonboolean function $${f:\{0,1\}^n\rightarrow \{0,1\}^m}$$f:{0,1}n?{0,1}m which is incompressible by size nc circuits with $${\ell=\Omega(n)}$$l=Ω(n) and extremely small $${\epsilon=n^{-c} \cdot 2^{-m}}$$∈=n-c·2-m. Our construction combines the techniques of Trevisan and Vadhan (FOCS 00) with a new notion of relative error deterministic extractor which may be of independent interest.(3)We show that the task of constructing an incompressible boolean function $${f:\{0,1\}^n\rightarrow \{0,1\}}$$f:{0,1}n?{0,1} with negligible error parameter $${\epsilon}$$∈ cannot be achieved by "existing proof techniques". Namely, nondeterministic reductions (or even $${\Sigma_i}$$Σi reductions) cannot get $${\epsilon=n^{-\omega(1)}}$$∈=n-?(1) for boolean incompressible functions. Our results also apply to constructions of standard Nisan-Wigderson type PRGs and (standard) boolean functions that are hard on average, explaining, in retrospect, the limitations of existing constructions. Our impossibility result builds on an approach of Shaltiel and Viola (STOC 08).