\documentclass{article}
\usepackage{amssymb,psbox}
\newcommand{\by}{\times}
\newcommand{\state}[1]{\left| #1 \right\rangle}
\newcommand{\tensor}{\otimes}
\newcommand{\field}{{\cal Z}/ (p-1)}
\newcommand{\ceiling}[1]{\left\lceil #1 \right\rceil}
\newcommand{\pcppolypoly}{\mathbf{PCP\left(\emph{poly,poly}\right)}}
\newenvironment{proof-outline}{\noindent{\bf Outline of Proof}\hspace*{1em}}{\bigskip}
%\newtheorem{claim}{Claim}
%\newenvironment{proof}{\begin{trivlist}\item \textbf{Proof:}}{ $\Box$ \end{trivlist}}
\input{preamble}
\begin{document}
\lecture{19}{24 April 2001}{Daniel Spielman}{Ken McCracken}
In this lecture we begin the proof of the following theorem:
\begin{theorem} $\mathbf{NEXP} \subseteq \pcppolypoly$ \end{theorem}
%\Large{In this lecture we begin the proof of the following theorem: }
%\theorem{$NEXP \subseteq PCP(poly,poly)$}
The lecture is divided into three parts:
\begin{itemize}
\addtocounter{enumi}{0}
\item
%sec:lc
Section 1 presents a review of $\epsilon$-reductions through arithmetization techniques from last lecture's proof that PSPACE is contained in IP.
\item
%sec:ics
Section 2 provides an introduction to the EXP-complete language Implicit-Circuit-Sat as well as a proof outline for using Implicit-Circuit-Sat to show $\mathbf{NEXP} \subseteq \pcppolypoly$.
\item
%sec:mlp
Section 3 contains an introduction to multilinear polynomials and applications to the Implicit-Circuit-Sat proof which contains the satisfying assignments of the circuit.
\item
%sec:mlt
Section 4 introduces the multilinearity test to be used in arithmetization of said proof.
\end{itemize}
\addtocounter{section}{0}
\section{Last Class}
\label{sec:lc}
Last class we proved that $\mathbf{PSPACE} \subseteq \mathbf{IP}$. Recall the
proof strategy. Namely, for a $\mathbf{PSPACE} \ TM \ M$ with input $w$ consider the graph (e.g. tableau)
of configurations of $M$ on $w$. We presented the $\{0,1\}$-function
$FT_k \left(q_1, q_2 \right) = FromTo \left(q_1, q_2, k \right) \equiv 1 \Leftrightarrow \exists \ path \ p \ from \ state \ q_1 \ to \ q_2 \ of \ length \ at \ most \ k$.
The proof merely asked if there's a path
$FromTo \left(q_start, q_accept, 2^{\abs{w}} \right)$.
Recall the main parts of an $\epsilon$-reduction:
%\begin{displaymath}
%\{
%\begin{array}{l}
%\begin{flushleft}
\begin{itemize}
\item The two-for-one lemma.
\item The $\Sigma$ protocol, where: $\Sigma_{\left(x_1, ..., x_n \right) \in \{0,1\}^n} \ f \left(x_1, \ldots, x_n \right) = s$ was solved by checking, for \ random $c_i \in \{ 1, \ldots, \ceiling{\frac{d}{\epsilon}} \}$, if $f \left( c_1, \dots, c_n \right) = r$.
\end{itemize}
%\end{flushleft}
%\end{array}
%\end{displaymath}
Arithmetization was used with $\epsilon$-reductions from from
$FT_k \left(x, y \right) = s \rightarrow FT_{\left( \frac{k}{2} \right)} \left(u, v \right) = r$.
This divide-and-conquer technique brought us to statements of the form
$FT_1 \left(u, v \right) = r$, which could evaluate in poly time.
We will use a similar technique in approaching the proof of the statement
$\mathbf{NEXP} \subseteq \pcppolypoly$.
\section{Implicit Circuit Sat and The Proof Outline}
\label{sec:ics}
We use the definition
$L \in \pcppolypoly \ if \ \exists \ a \ probabilistic \ poly \ time \ OTM \ V^? \ s.t.$ \\
\begin{tabular}{ll}
\ \ \ \ \ \ & $w \in L \Rightarrow \exists \ \Pi \ s.t. \ Pr[ V^{\Pi} \left( w \right) accepts ] = 1$ \\
& $w \notin L \Rightarrow \forall \ \Pi \ Pr[ V^{\Pi} \left( w \right) accepts ] < \frac{1}{2}$
\end{tabular} \\
It is easy now to show
\begin{lemma} $\mathbf{PSPACE} \subseteq \pcppolypoly$ \end{lemma}
\begin{proof-sketch}
Consider an $\mathbf{IP}$ problem in which a prover $P$ is a function from
the dialog history thus far to the
next statement. The act of parsing $\Pi$ turns it into a prover. The
verifier $V$ replaces its interactions with the prover with queries to the
oracle. The result is that
$\mathbf{IP} \subseteq \pcppolypoly$. Since
$\mathbf{PSPACE} \subseteq \mathbf{IP}$ the lemma holds.
\end{proof-sketch}
Now we return to the more interesting case of proving Theorem 1. Note first
that for $\pcppolypoly$ the proof $\Pi$ may be at most exponential in length,
since we need to be able to ask for a specific bit of the proof in poly time.
\begin{theorem} Implicit-Circuit-Sat is $\mathbf{NEXP}$-complete \end{theorem}
\begin{proof-idea}
Follow the same reasoning as in proofs that SAT is $\mathbf{NP}$-complete,
using $\mathbf{NEXP}$ machinery to solve the exponentially large problem.
\end{proof-idea}
If $w$ is the input to Implicit-Circuit-Sat, $C\left(w \right)$ describes an
exponentially large circuit. Moreover, if $\Pi$ is a proof containing a
satisfying assignment $A$ then $A$ has exponentially many variables. If the
variables to $C$ are $\{x_1, \ldots, x_{2^n} \}$ then $A$ defines the mapping
$x_i \rightarrow {0,1}$ for all $i$.
The input to Implicit Circuit Sat is a circuit computing the function
$C\left( x_1, \ldots, x_{2^n} \right) \Rightarrow \{0,1\}^{3n+3}$. Such a
circuit describes an instance of SAT with $2^n$ clauses.
We are asking if the 3cnf of expenential length that $C$ describes is
satisfiable. But a poly time machine can't even read the satisfying
assignment within its bounds.
\begin{bf}Idea:\end{bf} Let $\phi \left( C \right)$ be the 3cnf instance described by $C$
\begin{lemma}
$\exists$ a $\mathbf{PSPACE}$ OTM $M^?$ s.t. $M^A\left(C \right)$ accepts
$\Leftrightarrow$ A is a satisfying assignment of the variables in
$\phi\left( C \right)$.
\end{lemma}
\begin{proof-sketch}
We consider the special case of Implicit-3Sat, which is also
$\mathbf{NEXP}$-complete. This problem takes input
$\left(x_1, \ldots, x_n \right) \in \{1, \ldots, 2^n \}$ and ouputs a
description of a clause of the 3cnf formula it represents. That is, it
outputs the three variables in the clause including any negations. A
$\mathbf{PSPACE}$ Turing machine can, with access to the oracle $A$ containing
the satisfying assignments, solve $C\left( w \right)$. It can iterate
through every one of the clauses and
verify that the corresponding assignments from $A$ satisfy the clause. If
any clause isn't satisfied, reject. If no iteration has rejected we can
accept.
\end{proof-sketch}
\begin{proof-outline}
We return to Lemma 1. We now apply the prover-verifier ideas from the proof
that $\mathbf{PSPACE} \subseteq \pcppolypoly$.
In our case, the proof $\Pi$ should contain:
\begin{itemize}
\item $A$, the satisfying assignment of $\phi \left( C \right)$.
\item The table for the prover in $\mathbf{IP}$ that shows $M^A \left( C \right)$ accepts.
\end{itemize}
At the very end of whatever analysis we do, the verifier evaluates some
polynomial at some point. Womehow that involves checking A in just one place.
Recall that in the PSPACE proof, we evaluate $FT_1\left(x,y\right)$ where x
and y are states. We evaluated this polynomial for $x,y \in F^n$, instead of
over all $\{0,1\}^n$. The field F was helpful because it placed less
constraints on the computational complexity of the problem.
Our problem in this case comes from dealing with the proof A:\\
\begin{tabular}{ll}
\ \ \ \ \ \ & Problem 1. A enters into the transition function. The transition function is no longer a \\
& \ \ \ \ short description. Before we had 6 cells from the tableau from state x to state y to \\
& \ \ \ \ check if the move was valid. \\
& Problem 2. We need some way to arithmetize A as we arithmetized our function FT. \\
& Problem 3. Philosophy: If you change 1 bit of A, it can switch from a satisfying \\
& \ \ \ \ assignment to an unsatisfying one. You will never see this in your poly time machine. \\
& \ \ \ \ To overcome this predicament we will introduce error correcting code. \\
\end{tabular} \\
\end{proof-outline}
\section{Multilinear Polynomials}
\label{sec:mlp}
We introduce multilinear polynomials as an approximation to use to arithmetize
our exponential-length proof A. Once we can arithmetize it, it becomes
tractable to reduce the problem of Implicit-Circuit-Sat using
$\epsilon$-reductions that a $\pcppolypoly$ machine can handle within its
time and oracle constraints.
We can view A as a function $\{0,1\}^n \rightarrow \{0,1\}$. We represent
this function by a multilinear polynomial $\hat{A}$, which we call the
\emph{multilinear extension} of A.
In a multilinear polynomial P, if we look at the degree in each variable, it
is at most 1. We define P as follows
\begin{displaymath}
\begin{array}{c}
P \equiv \Sigma_{\left(d_1, \ldots, d_n \right) \in \{0,1\}} \alpha_{d_1, \ldots, d_n} x_1^{d_1} x_2^{d_2} \ldots x_n^{d_n}
\end{array}
\end{displaymath}
Note this is the sum of $2^n$ monomials. We have that $\exists$ a unique
multilinear polynomial $P\left( \right) \mid P\left( \bar{x} \right) = A\left( \bar{x} \right) \forall \bar{x} \in \{0,1\}^n$.
Hence our proof $\Pi$ should contain a table of values of P at all
$\bar{x} \in F^n$. We denote this table by $\hat{A}$, the multilinear
extension of A. We can now ask for $\hat{A}$ beyond $\{0,1\}$.
\vspace{20pt}
\hspace{20pt}
\PSbox{configs.ps}{5in}{1.5in}
%\vspace{5pt}
In figure 1 we now have our normal configurations to check from time step 1 to
step 2 but we also have a query tape to our function $\hat{A}$.
Hence we are interested in the value of
$1-\left( y - \hat{A} \left( x_1, \ldots, x_n \right) \right)^2$. In the
0,1-case, this equals 1 if $y=\hat{A}\left( x_1, \ldots, x_n \right)$ and 0
otherwise. We can be convinced that $\hat{A}$ is mostly a polynomial. This
will handle Problems 1 and 2 mentioned earlier. The goal will therefore be
to build $\hat{A}$ into the transition function. We will be able to evaluate
$\hat{A}$ in poly time if it is multilinear. Once we have our table, we can
evaluate $FT_1$ at any point by table lookup into $\hat{A}$.
\section{The Multilinearity Test}
\label{sec:mlt}
We now present the idea of using a multilinearity test to determine whether or
not $\hat{A}$ is, in fact, multilinear. Once we know this we can use it in
our reductions to $FT_1$. We will come back to multilinearity tests next
lecture and apply it to our proof of Lemma 1.
It is important that we evaluate $\hat{A}$ at a random place to determine its
multilinearity. The test procedure is as follows. Given an input table
$\hat{A}$, query it in a poly number of places using a poly number of random
bits. Then we have \\
\begin{displaymath}
\begin{array}{ll}
\ \ \ \ \ \ & if \ Pr[test accepts] > \frac{1}{2} \Rightarrow \exists ! \ multilinear \ polynomial \ P \ \mid Pr_{x \in F^n} [\hat{A} \left(x\right) \neq P\left(x\right) ] < \frac{1}{n^k} \\
& if \ \hat{A} \ is \ multilinear \ \Rightarrow \ Pr[accepts] = 1 \\
\end{array}
\end{displaymath} \\
\begin{bf} Example \end{bf} of a multilinearity test in one variable. Given
$A: F \rightarrow F$ on which to test for multilinearity.
\newpage
\hspace{10pt} For $i=1$ to $n^k$:
\hspace{20pt} Query $A\left(0\right)$, $A\left(1\right)$, $A\left(r\right)$ where r is randomly chosen from F.
\hspace{20pt} Verify that it looks linear here. That is, test if $A\left(r\right)=r\cdot\left(A\left(1\right) - A\left(0\right)\right)+A\left(0\right)$.
\hspace{20pt} Reject if it ever fails.
\hspace{10pt} If A always passes the test, then A is close to linear. Accept.
\vspace{10pt}
We will describe in more detail how this test is used in the next lecture.
\end{document}
\end{input}
\section{Calculable Quantum Fourier Transforms}
\label{sec:actual}
So, which quantum transforms can we actually compute? When $N=2^n$,
i.e. the size of the matrix is a power of 2, it is easy to compute
the function:
$$x \longrightarrow \frac{1}{\sqrt{N}} \sum_{y=0}^{2^n -1} e^{\frac{2
\pi i x y}{N}} \state{y}$$
Here's how it's done. Write $x$ and $y$ in binary notation:
\begin{eqnarray*}
x& =& 2^{n-1} x_1 + 2^{n-2} x_2 + \ldots 2 x_{n-1} + x_n \\
y& =& 2^{n-1} y_1 + 2^{n-2} y_2 + \ldots 2 y_{n-1} + y_n
\end{eqnarray*}
Then
\begin{eqnarray*}
xy \bmod 2^n &=& y_1 \left(2^{n-1} x_n\right)\\
&& + y_2 \left(2^{n-2} x_n + 2^{n-1} x_{n-1}\right)\\
&& \vdots\\
&& + y_n \left(x_n + 2 x_{n-1} + \ldots 2^{n-1} x_1 \right)
\end{eqnarray*}
So, letting $\omega = e^{\frac{2i\pi}{N}}$, we can write the transform
as:
\begin{eqnarray*}
(x_1, \ldots x_n) \longrightarrow &\frac{1}{\sqrt{N}}& \left(
\state{0} + \omega^{x_n 2^{n-1}} \state{1} \right)\\
&\tensor& \left(\state{0} + \omega^{x_{n-1} 2^{n-1} + x_n 2^{n-2}}
\state{1} \right)\\
& \vdots & \\
& \tensor& \left( \state{0} + \omega^{x_n + 2 x_{n-1} + \ldots +x_1
2^{n-1}} \state{1} \right)
\end{eqnarray*}
So, for bit $y_n$ of the output, we can construct the sequence of
gates:
\begin{center}
\begin{picture}(250,100)
\put(0,10){$x_n$}
\put(0,20){$x_{n-1}$}
\put(0,30){$\vdots$}
\put(0,45){$x_3$}
\put(0,55){$x_2$}
\put(0,65){$x_1$}
\put(40,60){\framebox(10,10){H}}
\put(70,60){\framebox(35,15){$R_{\omega^{2^{n-2}}}$}}
\put(120,60){\framebox(35,15){$R_{\omega^{2^{n-3}}}$}}
\put(200,60){\framebox(35,15){$R_{\omega^{2^{n}}}$}}
\put(15,10){\line(1,0){240}}
\put(25,20){\line(1,0){230}}
\put(15,45){\line(1,0){240}}
\put(15,55){\line(1,0){240}}
\put(15,65){\line(1,0){25}}
\put(50,65){\line(1,0){20}}
\put(105,65){\line(1,0){15}}
\put(155,65){\line(1,0){15}}
\put(185,65){\line(1,0){15}}
\put(235,65){\line(1,0){20}}
\put(172,65){$\ldots$}
\put(88,60){\line(0,-1){5}}
\put(138,60){\line(0,-1){15}}
\put(218,60){\line(0,-1){50}}
\put(88,55){\circle*{2}}
\put(138,45){\circle*{2}}
\put(218,10){\circle*{2}}
\put(260,65){$y_n$}
\end{picture}
\end{center}
where $R_{\omega^i}$ is the gate represented by the unary transform
$$\left(
\begin{array}{cc}
1 & 0 \\
0 & \omega^i \\
\end{array}
\right)
$$
We then obtain bit $y_{n-1}$ in a similar way from
bits $x_{2}, \ldots, x_{n}$, and so on.
\section{Sufficiency of these Transforms}
\label{sec:last}
[\textbf{Scribe note:} Due to time constraints, the lecturer gave only
a proof sketch of this.] Since we can only use transforms where the
size is a power of 2, that's exactly what we do when actually
performing Shor's algorithm. Replace $QFT_{p-1}$ with $QFT_{2^n}$,
where $30 (p-1) \log p < 2^n < 60 (p-1) \log p$. Then, if we get
$(c,d)$ out of the first algorithm, there is a non-negligible chance
that we get:
%
$$ \left( \ceiling{\frac{2^n}{p-1} c}, \ceiling{\frac{2^n}{p-1} d} \right)$$
How much of a chance? We will see the pair on the right with
probability at least $\frac{1}{10 \log p}\Pr[(c,d)]$. So, by using
these larger transformations, we map each possible output of the
original algorithm to something in a larger domain.
Another way to see this is to look at the results of
$$QFT_{2^n} \left( QFT_{p-1}^{-1} \left( \state{c} \right) \right)$$
Before we measure, we get out some superposition
$$ \sum_{c' = 0}^{2^n} \beta_{c'} \state{c'}$$
where $\beta_{c'}$ is distributed nicely. If you graph the
distribution\footnote{ Which I can't do easily in LaTeX...} of
$\beta_{c'}$, you'll see that it is close to zero almost everywhere,
with all the non-zero amplitudes in a nice bell-like distribution
centered at $\ceiling{\frac{2^n c}{p-1}}$, with a width of
$\frac{2^n}{p-1}$.
In other words, using the calculable transformations instead of the
exact transformations will give you results ``close'' to those from
the exact algorithm.
\end{document}