CS 225: Pseudorandomness
Spring 2002
SYLLABUS
Description  Topics 
Prerequisites
 Grading  Readings  Related
Courses
Course email address: cs225@eecs.harvard.edu
Course website: http://www.courses.fas.harvard.edu/~cs225/
Course Description
Over the past few decades, randomization has become one of the most
pervasive paradigms in computer science. Its widespread use includes:

Algorithm Design: For a number of important algorithmic problems
(such as testing whether a number is prime), the only efficient algorithms
known are randomized.

Cryptography: Randomness is woven into the very way we define security.

Combinatorial Constructions: Many useful combinatorial objects,
such as errorcorrecting codes and expander graphs (see below), can be
constructed simply by generating them at random.

Interactive Proofs: Randomization, together with interactive communication,
can also add dramatic efficiency improvements and novel properties (such
as "zero knowledge") to classical "written" mathematical proofs.
So randomness appears to be extremely useful in these settings,
but we still do not know to what extent it is really necessary.
Thus, in this course we will ask:
Main Question: Can we reduce or even eliminate the need for randomness
in the above settings?
Why do we want to do this? First, essentially all
of the applications of randomness assume we have a source of perfect randomness
one that gives "coin tosses" that are completely unbiased and independent
of each other. It is unclear whether physical sources of perfect
randomness exist and are inexpensive to access. Second, randomized
constructions of objects such as errorcorrecting codes and expander graphs
often do not provide us with efficient algorithms for using them; indeed,
even writing down a description of a randomly selected object can be infeasible.
Finally, and most fundamentally, our understanding of computation would
be incomplete without understanding the power that randomness provides.
In this course, we will address the Main Question via a powerful paradigm
known as pseudorandomness. This is the theory of efficiently
generating objects that "look random", despite being constructed using
little or no randomness. Specifically, we will study several kinds
of "pseudorandom" objects, such as:

Pseudorandom Generators: These are procedures which stretch a short
"seed" of truly random bits into a long string of "pseudorandom" bits which
cannot be distinguished from truly random by any efficient algorithm.
They can be used to reduce and even eliminate the randomness used by any
efficient algorithm. They are also a fundamental tool in cryptography.

Randomness Extractors: These are procedures which extract almost
uniformly distributed bits from sources of biased and correlated bits.
Their original motivation was to allow us to use randomized algorithms
even with imperfect physical sources of randomness, but they have also
turned out to have a wide variety of other applications.

Expander Graphs: These are graphs which are sparse but nevertheless
highly connected. They have been used to address many fundamental
problems in computer science, on topics such as network design, complexity
theory, coding theory, cryptography, and computational group theory.

ErrorCorrecting Codes: These are methods for encoding messages
so that even if many of the symbols are corrupted, the original message
can still be decoded. We will focus on "list decoding", where there
are so many corruptions that uniquely decoding the original message is
impossible, but it is still possible to produce a short list of possible
candidates.
Each of the above objects has been the center of a large and beautiful
body of research, and until recently these corpora were largely distinct.
An exciting recent development has been the realization that all four of
these objects are almost the same when intepreted appropriately.
Their intimate connections will be a major focus of the course, tying together
the variety of constructions and applications of these objects we will
cover.
The course will reach the cuttingedge of current research in this area,
covering some results from within the last year. At the same time,
the concepts we will cover are general and useful enough that hopefully
anyone with an interest in the theory of computation or combinatorics could
find the material appealing.
Tentative List of Topics

Randomized Algorithms:

examples

complexity classes (BPP, RP, RL,...)

basic properties, e.g. error reduction

Basic tools & notions:

tail inequalities

pairwise independence, almost kwise independence

method of conditional expectations

entropy measures

Pseudorandom generators (BlumMicaliYao defn):

computational indistinguishability and its properties

hardcore bits

construction from oneway permutations

pseudorandom functions

applications: cryptography, learning, complexity

Pseudorandom generators (NisanWigderson defn):

construction from hard Boolean functions ("nearly disjoint subsets" generator)

evidence that P=BPP

derandomizing constantdepth circuits

construction based on multivariate polynomials (after extractors)

Listdecodable errorcorrecting codes:

constructions based on multivariate polynomials

application to worstcase vs. avgcase complexity

Expander Graphs

measures of expansion: vertex expansion, 2nd eigenvalue...

probabilistic existence

construction based on zigzag graph product

applications

Extractors:

weak random sources

the Leftover Hash Lemma

connection to and construction from pseudorandom generators

connection to listdecodable codes &construction from multivariate
polynomials

connection to expander graphs

applications

Randomness Conductors:

construction from zigzag product

expansion close to the degree

Derandomization in the uniform setting:

BPP vs. EXP, MA vs. NEXP

some unconditional derandomizations

Pseudorandom generators for spacebounded computation:

constructions from hashing, extractors

RL vs. L

applications: universal traversal sequences, data stream computations
Prerequisites
This is an advanced graduate course, so I will be assuming that you have
general "mathematical maturity" and a good undergraduate background in
the theory of computation. One concrete guideline is that you should
have had a minimum of two other courses in the theory of computation, including
at least one graduate course. If you have particularly strong math
background, then there can be a bit more flexibility with this.
In terms of topics, I will be assuming familiarity with the following.
In all cases (especially complexity theory), the more background you have,
the better.

Complexity Theory: P, NP, NPcompleteness, reductions (as
in CS 121).

Randomized Algorithms: You should have seen several examples of
randomized algorithms, as in CS 124 or CS 226.

Algebra: The basics of groups, (finite) fields, vector spaces,
eigenvectors/eigenvalues. Any of CS 226, Math 122123, AM 106 should
be sufficient.

Other: Basic discrete probability, graph theory & combinatorics.
Grading & Problem Sets
The requirements of the course:

Biweekly problem sets

Taking "scribe notes" for 13 lectures (depending on how many students
are in the class), and typing them up in LaTeX.

Possible takehome final exam (depending on how many undergraduates are
in the class).
The biweekly problem sets will typically be due on Mondays by 5 PM. (Location
TBA.) You are allowed 12 late days for the semester, of which at most 7
can be used on any individual problem set. (1 late day = 24 hours exactly).
The problem sets will be challenging, so be sure to start them early.
You are encouraged to discuss the course material and the homework problems
with each other in small groups (23 people). Discussion of
homework problems may include brainstorming and verbally walking through
possible solutions, but should not include one person telling the others
how to solve the problem. In addition, each person must write up
their solutions independently, and these writeups should not be checked
against each other or passed around.
Readings
There is no required text for the course. Indeed, much of the material
we will be covering is not written in any textbook. However, you
may find the following references useful. Most of them should be
in the libraries, on reserve.

Oded Goldreich. Modern
Cryptography, Probabilistic Proofs, and Pseudorandomness.This book
contains an excellent overview of the theory of pseudorandomness (as of
a couple of years ago). It is written surveystyle, so it doesn't
contain many details, but it is great as a starting point and can
lead to relevant papers. I've ordered it at the Coop.

Peter Bro Miltersen. Derandomizing
Complexity Classes. A book chapter to appear in the Handbook
of Randomization, currently on available online. A nice detailed
presentation of many of the objects we will be studying. A good place
for an alternative viewpoint to the lectures.

Rajeev Motwani and Prabhakar Raghavan. Randomized
Algorithms. For more background on and examples of randomized algorithms.

Michael Sipser. Introduction
to the Theory of Computation. Contains all of the complexity theory
background you'll need in this course.

Christos Papadimitriou. Computational
Complexity. Also good for more background on complexity,
more advanced than Sipser's text.

Noga Alon and Joel Spencer. The
Probabilistic Method (2nd ed). Describes the usefulness of randomness
in combinatorics, with some discussion of pseudorandomness and derandomization.

Oded Goldreich. Foundations
of Cryptography (Vol I). Covers the first definition of pseudorandom
generators we'll study, pseudorandom functions, and their applications
in cryptography.

Michael Luby. Pseudorandomness
and Cryptographic Applications. Covers the construction
of pseudorandom generators from any oneway function, which is beyond the
scope of our course and Goldreich's book.

There are many texts on algebra. I don't have a specific recommendation,
but I recommend looking for a book on finite fields with applications in
CS.
Related Courses This Term