P/poly

In computational complexity theory, P/poly is a complexity class representing problems that can be solved by small circuits. More precisely, it is the set of formal languages that have polynomial-size circuit families. It can also be defined equivalently in terms of Turing machines with advice, extra information supplied to the Turing machine along with its input, that may depend on the input length but not on the input itself. In this formulation, P/poly is the class of decision problems that can be solved by a polynomial-time Turing machine with advice strings of length polynomial in the input size. ^{[1] [2]} These two different definitions make P/poly central to circuit complexity and non-uniform complexity.

For example, the popular Miller–Rabin primality test can be formulated as a P/poly algorithm: the "advice" is a list of candidate values to test. It is possible to precompute a list of ${\displaystyle O(n)}$ values such that every composite ${\displaystyle n}$-bit number will be certain to have a witness ${\displaystyle a}$ in the list. ^[3] For example, to correctly determine the primality of 32-bit numbers, it is enough to test ${\displaystyle a\in \{2,7,61\}}$. ^{[4] [5]} The existence of short lists of candidate witnesses follows from the fact that for each composite ${\displaystyle n}$, three out of four candidate values successfully detect that ${\displaystyle n}$ is composite. From this, a simple counting argument similar to the one in the proof that BPP${\displaystyle \subset }$P/poly below shows that there exists a suitable list of candidate values for every input size, and more strongly that most long-enough lists of candidate values will work correctly, although finding a list that is guaranteed to work may be expensive. ^[3]

P/poly, unlike other polynomial-time classes such as P or BPP , is not generally considered a practical class for computing. Indeed, it contains every undecidable unary language, none of which can be solved in general by real computers. On the other hand, if the input length is bounded by a relatively small number and the advice strings are short, it can be used to model practical algorithms with a separate expensive preprocessing phase and a fast processing phase, as in the Miller–Rabin example.

Formal definition

The complexity class P/poly can be defined in terms of SIZE as follows:

${\displaystyle {\mathsf {P/poly}}=\cup _{c\in \mathbb {N} }{\mathsf {SIZE}}(n^{c}).}$

where ${\displaystyle {\mathsf {SIZE}}(n^{c})}$ is the set of decision problems that can be solved by polynomial-sized circuit families.

Alternatively, ${\displaystyle {\mathsf {P/poly}}}$ can be defined using Turing machines that "take advice". Such a machine has, for each n, an advice string ${\displaystyle \alpha _{n}}$, which it is allowed to use in its computation whenever the input has size n.

Let ${\displaystyle T,a:\mathbb {N} \rightarrow \mathbb {N} }$ be functions. The class of languages decidable by time-T(n) Turing machines with ${\displaystyle a(n)}$ advice, denoted ${\displaystyle {\mathsf {DTIME}}(T(n))/a(n)}$, contains every language L such that there exists a sequence ${\displaystyle \{\alpha _{n}\}_{n\in \mathbb {N} }}$ of strings with ${\displaystyle \alpha _{n}\in \{0,1\}^{a(n)}}$ and a TM M satisfying

${\displaystyle M(x,\alpha _{n})=1\Leftrightarrow x\in L}$

for every ${\displaystyle x\in \{0,1\}^{n}}$, where on input ${\displaystyle (x,\alpha _{n})}$ the machine M runs for at most ${\displaystyle O(T(n))}$ steps. ^[6]

Importance of P/poly

P/poly is an important class for several reasons. For theoretical computer science, there are several important properties that depend on P/poly:

• If NP ⊆ P/poly then PH (the polynomial hierarchy) collapses to ${\displaystyle \Sigma _{2}^{\mathsf {P}}}$. This result is the Karp–Lipton theorem; furthermore, NP ⊆ P/poly implies AM = MA ^[7]
• If PSPACE ⊆ P/poly then ${\displaystyle {\mathsf {PSPACE}}=\Sigma _{2}^{\mathsf {P}}\cap \Pi _{2}^{\mathsf {P}}}$, even PSPACE = MA.

Proof: Consider a language L from PSPACE. It is known that there exists an interactive proof system for L, where actions of the prover can be carried out by a PSPACE machine. By assumption, the prover can be replaced by a polynomial-size circuit. Therefore, L has a MA protocol: Merlin sends the circuit as proof, and Arthur can simulate the IP protocol himself without any additional help.

• If P ^#P ⊆ P/poly then P^#P = MA. ^[8] The proof is similar to above, based on an interactive protocol for permanent and #P-completeness of permanent.
• If EXPTIME ⊆ P/poly then ${\displaystyle {\mathsf {EXPTIME}}=\Sigma _{2}^{\mathsf {P}}\cap \Pi _{2}^{\mathsf {P}}}$ (Meyer's theorem), even EXPTIME = MA.
• If NEXPTIME ⊆ P/poly then NEXPTIME = EXPTIME, even NEXPTIME = MA. Conversely, NEXPTIME = MA implies NEXPTIME ⊆ P/poly ^[9]
• If EXP^NP ⊆ P/poly then ${\displaystyle {\mathsf {EXP^{NP}}}=\Sigma _{2}^{\mathsf {P}}\cap \Pi _{2}^{\mathsf {P}}}$ (Buhrman, Homer) ^[10]
• It is known that MA_EXP, an exponential version of MA , is not contained in P/poly.

Proof: If MA_EXP ⊆ P/poly then PSPACE = MA (see above). By padding, EXPSPACE = MA_EXP, therefore EXPSPACE ⊆ P/poly but this can be proven false with diagonalization.

One of the most interesting reasons that P/poly is important is the property that if NP is not a subset of P/poly, then P ≠ NP. This observation was the center of many attempts to prove P ≠ NP. It is known that for a random oracle A, NP^A is not a subset of P^A/poly with probability 1. ^[1]

P/poly is also used in the field of cryptography. Security is often defined 'against' P/poly adversaries. Besides including most practical models of computation like BPP, this also admits the possibility that adversaries can do heavy precomputation for inputs up to a certain length, as in the construction of rainbow tables.

Although not all languages in P/poly are sparse languages, there is a polynomial-time Turing reduction from any language in P/poly to a sparse language. ^[11]

Bounded-error probabilistic polynomial is contained in P/poly

Adleman's theorem states that BPP ⊆ P/poly, where BPP is the set of problems solvable with randomized algorithms with two-sided error in polynomial time. A weaker result was initially proven by Leonard Adleman, namely, that RP ⊆ P/poly; ^[12] and this result was generalized to BPP ⊆ P/poly by Bennett and Gill. ^[13] Variants of the theorem show that BPL is contained in L/poly and AM is contained in NP/poly .

Proof

Let L be a language in BPP, and let M(x,r) be a polynomial-time algorithm that decides L with error ≤ 1/3 (where x is the input string and r is a set of random bits).

Construct a new machine M'(x,R), which runs M 48n times and takes a majority vote of the results (where n is the input length and R is a sequence of 48n independently random rs). Thus, M' is also polynomial-time, and has an error probability ≤ 1/eⁿ by the Chernoff bound (see BPP). If we can fix R then we obtain an algorithm that is deterministic.

If ${\displaystyle {\mbox{Bad}}(x)}$ is defined as ${\displaystyle \{R:M{'}(x,R){\text{ is incorrect}}\}}$, we have:

${\displaystyle \forall x\,{\mbox{Prob}}_{R}[R\in {\mbox{Bad}}(x)]\leq {\frac {1}{e^{n}}}.}$

The input size is n, so there are 2ⁿ possible inputs. Thus, by the union bound, the probability that a random R is bad for at least one input x is

${\displaystyle {\mbox{Prob}}_{R}[\exists x\,R\in {\mbox{Bad}}(x)]\leq {\frac {2^{n}}{e^{n}}}<1.}$

In words, the probability that R is bad for some x is less than 1, therefore there must be an R that is good for all x. Take such an R to be the advice string in our P/poly algorithm.

References

1. Lutz, Jack H.; Schmidt, William J. (1993), "Circuit size relative to pseudorandom oracles", Theoretical Computer Science , 107 (1): 95–119, doi:10.1016/0304-3975(93)90256-S, MR   1201167
2. Lecture notes on computational complexity by Peter Bro Miltersen (PDF), archived from the original (PDF) on 2012-02-23, retrieved 2009-12-25
3. Goldreich, Oded; Wigderson, Avi (2002), "Derandomization that is rarely wrong from short advice that is typically good", in Rolim, José D. P.; Vadhan, Salil P. (eds.), Randomization and Approximation Techniques, 6th International Workshop, RANDOM 2002, Cambridge, MA, USA, September 13-15, 2002, Proceedings, Lecture Notes in Computer Science, vol. 2483, Springer, pp. 209–223, doi:10.1007/3-540-45726-7_17, ECCC   TR02-39
4. Caldwell, Chris, "2.3: Strong probable-primality and a practical test", Finding primes & proving primality
5. Jaeschke, Gerhard (1993), "On strong pseudoprimes to several bases", Mathematics of Computation, 61 (204): 915–926, doi: 10.2307/2153262 , MR   1192971 ; see p. 926.
6. Arora, Sanjeev; Barak, Boaz (2009), Computational complexity. A modern approach, Cambridge University Press, ISBN   978-0-521-42426-4, Zbl   1193.68112
7. Arvind, Vikraman; Köbler, Johannes; Schöning, Uwe; Schuler, Rainer (1995), "If NP has polynomial-size circuits, then MA = AM", Theoretical Computer Science , 137 (2): 279–282, doi: 10.1016/0304-3975(95)91133-B , MR   1311226
8. Babai, László; Fortnow, Lance; Lund, Carsten (1991), "Nondeterministic exponential time has two-prover interactive protocols", Computational Complexity, 1 (1): 3–40, doi:10.1007/BF01200056, MR   1113533, archived from the original on 2012-03-31, retrieved 2011-10-02
9. Impagliazzo, Russell; Kabanets, Valentine; Wigderson, Avi (2002), "In search of an easy witness: exponential time vs. probabilistic polynomial time" (PDF), Journal of Computer and System Sciences , 65 (4): 672–694, doi:10.1016/S0022-0000(02)00024-7, MR   1964649
10. A Note on the Karp-Lipton Collapse for the Exponential Hierarchy
11. Jin-Yi Cai. Lecture 11: P/poly, Sparse Sets, and Mahaney's Theorem. CS 810: Introduction to Complexity Theory. The University of Wisconsin–Madison. September 18, 2003.
12. Adleman, L. M. (1978), "Two theorems on random polynomial time", Proceedings of the Nineteenth Annual IEEE Symposium on Foundations of Computer Science, pp. 75–83, doi:10.1109/SFCS.1978.37
13. Charles H. Bennett, John Gill. Relative to a Random Oracle A, P^A ≠ NP^A ≠ co-NP^A with probability 1.