\documentclass[11pt]{article}%
\usepackage{amsmath}
\usepackage{amsfonts}
\usepackage{amssymb}
\usepackage{graphicx}
\usepackage{fullpage}
\usepackage{hyperref}
\usepackage{tikz}
\usepackage[pdf]{pstricks}%
\setcounter{MaxMatrixCols}{30}
%TCIDATA{OutputFilter=latex2.dll}
%TCIDATA{Version=5.50.0.2960}
%TCIDATA{CSTFile=LaTeX article (bright).cst}
%TCIDATA{Created=Saturday, January 17, 2015 16:15:48}
%TCIDATA{LastRevised=Monday, May 15, 2017 14:22:58}
%TCIDATA{}
%TCIDATA{}
%TCIDATA{BibliographyScheme=Manual}
%TCIDATA{}
%TCIDATA{Language=American English}
%BeginMSIPreambleData
\providecommand{\U}[1]{\protect\rule{.1in}{.1in}}
%EndMSIPreambleData
\usetikzlibrary{positioning}
\newtheorem{theorem}{Theorem}
\newtheorem{acknowledgement}[theorem]{Acknowledgement}
\newtheorem{algorithm}[theorem]{Algorithm}
\newtheorem{axiom}[theorem]{Axiom}
\newtheorem{case}[theorem]{Case}
\newtheorem{claim}[theorem]{Claim}
\newtheorem{conclusion}[theorem]{Conclusion}
\newtheorem{condition}[theorem]{Condition}
\newtheorem{conjecture}[theorem]{Conjecture}
\newtheorem{corollary}[theorem]{Corollary}
\newtheorem{criterion}[theorem]{Criterion}
\newtheorem{definition}[theorem]{Definition}
\newtheorem{example}[theorem]{Example}
\newtheorem{exercise}[theorem]{Exercise}
\newtheorem{lemma}[theorem]{Lemma}
\newtheorem{notation}[theorem]{Notation}
\newtheorem{problem}[theorem]{Problem}
\newtheorem{proposition}[theorem]{Proposition}
\newtheorem{remark}[theorem]{Remark}
\newtheorem{solution}[theorem]{Solution}
\newtheorem{summary}[theorem]{Summary}
\newenvironment{proof}[1][Proof]{\noindent\textbf{#1.} }{\ \rule{0.5em}{0.5em}}
\begin{document}
\title{$\mathsf{P}\overset{?}{=}\mathsf{NP}$}
\author{Scott Aaronson\thanks{University of Texas at Austin. \ Email:
aaronson@cs.utexas.edu. \ Supported by a Vannevar Bush / NSSEFF Fellowship
from the US Department of Defense. \ Much of this work was done while the
author was supported by an NSF Alan T.\ Waterman award.}}
\date{}
\maketitle
\begin{abstract}
In 1955, John Nash sent a remarkable letter to the National Security Agency,
in which---seeking to build theoretical foundations for cryptography---he all
but formulated what today we call the $\mathsf{P}\overset{?}{=}\mathsf{NP}$
problem, considered one of the great open problems of science. \ Here I survey
the status of this\ problem in 2017, for a broad audience of mathematicians,
scientists, and engineers. \ I offer a personal perspective on what it's
about, why it's important, why it's reasonable to conjecture that
$\mathsf{P}\neq\mathsf{NP}$\ is both true\ and provable, why proving it is so
hard, the landscape of related problems, and crucially, what progress has been
made in the last half-century toward solving those problems. \ The discussion
of progress includes diagonalization and circuit lower bounds; the
relativization, algebrization, and natural proofs barriers; and the recent
works of Ryan Williams and Ketan Mulmuley, which (in different ways) hint at a
duality between impossibility proofs and algorithms.
\end{abstract}
\tableofcontents
\section{Introduction\label{INTRO}}
\begin{quotation}
\noindent\textquotedblleft Now my general conjecture is as follows: for almost
all sufficiently complex types of enciphering, especially where the
instructions given by different portions of the key interact complexly with
each other in the determination of their ultimate effects on the enciphering,
the mean key computation length increases exponentially with the length of the
key, or in other words, the information content of the key ... The nature of
this conjecture is such that I cannot \textit{prove} it, even for a special
type of ciphers. \ Nor do I expect it to be proven.\textquotedblright%
\ \textbf{---John Nash, 1955} \cite{nash:crypto}
\end{quotation}
In 1900, David Hilbert challenged mathematicians to design a \textquotedblleft
purely mechanical procedure\textquotedblright\ to determine the truth or
falsehood of any mathematical statement. \ That goal turned out to be
impossible. \ But the \textit{question}---does such a procedure exist, and why
or why not?---helped launch two related revolutions that shaped the twentieth
century:\ one in science and philosophy, as the results of G\"{o}del, Church,
Turing, and Post made the limits of reasoning itself a subject of mathematical
analysis;\ and the other in technology, as the electronic computer achieved,
not all of Hilbert's dream, but enough of it to change the daily experience of
most people on earth.
Although there's no \textquotedblleft purely mechanical
procedure\textquotedblright\ to determine if a mathematical statement $S$ is
true or false, there \textit{is} a mechanical procedure to determine if $S$
has a proof of some bounded length $n$: simply enumerate over all proofs of
length at most $n$, and check if any of them prove $S$. \ This method,
however, takes exponential time. \ The $\mathsf{P}\overset{?}{=}\mathsf{NP}%
$\ problem\ asks whether there's a \textit{fast} algorithm to find such a
proof (or to report that no proof of length at most $n$ exists), for a
suitable meaning of the word \textquotedblleft fast.\textquotedblright\ \ One
can think of $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ as a modern refinement of
Hilbert's 1900 question. \ The problem was explicitly posed in the early 1970s
in the works of Cook and Levin, though versions were stated
earlier---including by G\"{o}del in 1956, and as we see above, by John Nash in 1955.
Think of a large jigsaw puzzle with (say) $10^{1000}$ possible ways of
arranging the pieces, or an encrypted message with a similarly huge number of
possible decrypts, or an airline with astronomically many ways of scheduling
its flights, or a neural network with millions of weights that can be set
independently. \ All of these examples share two key features:
\begin{enumerate}
\item[(1)] a finite but exponentially-large space of possible solutions; and
\item[(2)] a fast, mechanical way to check whether any claimed solution is
\textquotedblleft valid.\textquotedblright\ \ (For example, do the puzzle
pieces now fit together in a rectangle? \ Does the proposed airline schedule
achieve the desired profit? \ Does the neural network correctly classify the
images in a test suite?)
\end{enumerate}
We're asking whether, under the above conditions, there's a general method to
\textit{find} a valid solution whenever one exists, and which is enormously
faster than just trying all the possibilities one by one, from now till the
end of the universe, like in Jorge Luis Borges' Library of Babel.
Notice that Hilbert's goal has been amended in two ways. \ On the one hand,
the new task is \textquotedblleft easier\textquotedblright\ because we've
restricted ourselves to questions with only finitely many possible answers,
each of which is easy to verify or rule out. \ On the other hand, the task is
\textquotedblleft harder\textquotedblright\ because we now insist on a
\textit{fast} procedure: one that avoids the exponential explosion inherent in
the brute-force approach.
Of course, to discuss such things mathematically, we need to pin down the
meanings of \textquotedblleft fast\textquotedblright\ and \textquotedblleft
mechanical\textquotedblright\ and \textquotedblleft easily
checked.\textquotedblright\ \ As we'll see, the $\mathsf{P}\overset{?}{=}%
\mathsf{NP}$\ question corresponds to one natural choice for how to define
these concepts, albeit not the only imaginable choice. \ For the impatient,
$\mathsf{P}$\ stands for \textquotedblleft Polynomial Time,\textquotedblright%
\ and is the class of all decision problems (that is, infinite sets of
yes-or-no questions) solvable by a standard digital computer---or for
concreteness, a Turing machine---using a polynomial amount of time. \ By
\textquotedblleft polynomial time,\textquotedblright\ we mean that the machine
uses a number of steps that's upper-bounded by the length of the input
question (i.e., the number of bits needed to write it down) raised to some
fixed power, as opposed (say) to growing exponentially with the length.
\ Meanwhile,\ $\mathsf{NP}$\ stands for \textquotedblleft Nondeterministic
Polynomial Time,\textquotedblright\ and is the class of all decision problems
for which, if the answer is \textquotedblleft yes,\textquotedblright\ then
there's a polynomial-size proof that a Turing machine can \textit{verify} in
polynomial time. \ It's immediate that $\mathsf{P}\subseteq\mathsf{NP}$, so
the question is whether this containment is proper (and hence $\mathsf{P}%
\neq\mathsf{NP}$),\ or whether $\mathsf{NP}\subseteq\mathsf{P}$\ (and hence
$\mathsf{P}=\mathsf{NP}$).
\subsection{The Importance of $\mathsf{P}\protect\overset{?}{=}\mathsf{NP}%
$\label{IMP}}
Before getting formal, it seems appropriate to say something about the
significance of the $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ question.
\ $\mathsf{P}\overset{?}{=}\mathsf{NP}$, we might say, shares with Hilbert's
original question the character of a \textquotedblleft math problem that's
more than a math problem\textquotedblright:\ a question that reaches inward to
ask about mathematical reasoning itself, and also outward to everything from
philosophy to natural science to practical computation.
To start with the obvious, essentially all the cryptography that we currently
use on the Internet---for example, for sending credit card numbers---would be
broken if $\mathsf{P}=\mathsf{NP}$ (and if, moreover, the algorithm were
efficient in practice, a caveat we'll return to later). \ Though he was
writing 16 years before $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ was explicitly
posed, this is the point Nash was making in the passage with which we began.
The reason is that, in most cryptography, the problem of finding the
decryption key is an $\mathsf{NP}$\ search problem: that is, we know
mathematically how to \textit{check} whether a valid key has been found. \ The
only exceptions are cryptosystems like the one-time pad and quantum key
distribution, which don't rely on any computational assumptions (but have
other disadvantages, such as the need for huge pre-shared keys or for special
communication hardware).
The metamathematical import of $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ was also
recognized early. \ It was articulated, for example, in Kurt G\"{o}del's
now-famous 1956 letter to John von Neumann, which sets out what we now call
the $\mathsf{P}\overset{?}{=}\mathsf{NP}$ question. \ G\"{o}del wrote:
\begin{quotation}
\noindent If there actually were a machine with [running time] $\sim Kn$ (or
even only with $\sim Kn^{2}$) [for some constant $K$ independent of $n$], this
would have consequences of the greatest magnitude. \ That is to say, it would
clearly indicate that, despite the unsolvability of the Entscheidungsproblem
[Hilbert's problem of giving a complete decision procedure for mathematical
statements], the mental effort of the mathematician in the case of yes-or-no
questions could be completely [added in a footnote: apart from the postulation
of axioms] replaced by machines. \ One would indeed have to simply select an
$n$ so large that, if the machine yields no result, there would then also be
no reason to think further about the problem.
\end{quotation}
Expanding on G\"{o}del's observation, some modern commentators have explained
the importance of $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ as follows. \ It's
well-known that $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ is one of the seven
Clay Millennium Problems (alongside the Riemann Hypothesis, the Yang-Mills
mass gap, etc.), for which a solution commands a million-dollar prize
\cite{cook:clay}. \ But even among those problems, $\mathsf{P}\overset{?}{=}%
\mathsf{NP}$\ has a special status. \ For if someone discovered that
$\mathsf{P}=\mathsf{NP}$, and if moreover the algorithm was efficient in
practice, that person could solve not merely one Millennium Problem but
\textit{all seven of them}---for she'd simply need to program her computer to
search for formal proofs of the other six conjectures.\footnote{Here we're
using the observation that, once we fix a formal system (say, first-order
logic plus the axioms of ZF set theory), deciding whether a given statement
has a proof at most $n$ symbols long in that system is an $\mathsf{NP}%
$\ problem, which can therefore be solved in time polynomial in $n$ assuming
$\mathsf{P}=\mathsf{NP}$. \ We're also assuming that the other six Clay
conjectures have ZF proofs that are not too enormous: say, $10^{12}$ symbols
or fewer, depending on the exact running time of the assumed algorithm. \ In
the case of the Poincar\'{e} Conjecture, this can almost be taken to be a
fact, modulo the translation of Perelman's proof \cite{perelman}\ into the
language of ZF.} \ Of course, if (as most computer scientists believe)
$\mathsf{P}\neq\mathsf{NP}$,\ a proof of \textit{that} would have no such
world-changing implications, but even the fact that such a proof could
\textit{rule out} those implications underscores the enormity of what we're asking.
I should be honest about the caveats. \ While theoretical computer scientists
(including me!) have not always been above poetic flourish, $\mathsf{P}%
\overset{?}{=}\mathsf{NP}$\ is not quite equivalent to the questions of
\textquotedblleft whether human creativity can be automated,\textquotedblright%
\ or \textquotedblleft whether anyone who can appreciate a symphony is Mozart,
anyone who can recognize a great novel is Jane Austen.\textquotedblright%
\ \ Apart from the obvious point that\ \textit{no} purely mathematical
question could fully capture these imponderables, there are also more specific issues.
For one thing, while $\mathsf{P}\overset{?}{=}\mathsf{NP}$ has tremendous
relevance to artificial intelligence, it says nothing about the
\textit{differences}, or lack thereof, between humans and machines. \ Indeed,
$\mathsf{P}\neq\mathsf{NP}$ would represent a limitation on \textit{all}
classical digital computation, one that might plausibly apply to human brains
just as well as to electronic computers. \ Nor does $\mathsf{P}\neq
\mathsf{NP}$ rule out the possibility of robots taking over the world. \ To
defeat humanity, presumably the robots wouldn't need to solve arbitrary
$\mathsf{NP}$\ problems in polynomial time: they'd merely need to be smarter
than \textit{us}, and to have imperfect heuristics better than the imperfect
heuristics that \textit{we} picked up from a billion years of evolution!
\ Conversely, while a proof of $\mathsf{P}=\mathsf{NP}$ might hasten a robot
uprising, it wouldn't guarantee one. \ For again, what $\mathsf{P}%
\overset{?}{=}\mathsf{NP}$ asks is not whether \textit{all} creativity can be
automated, but only \textit{creativity whose fruits can quickly be verified by
computer programs.}
To illustrate, suppose we wanted to program a computer to create new
Mozart-quality symphonies and Shakespeare-quality plays. \ If $\mathsf{P}%
=\mathsf{NP}$ via a practical algorithm, then these feats would reduce to the
seemingly easier problem of writing a computer program to \textit{recognize}
great works of art. \ And interestingly, $\mathsf{P}=\mathsf{NP}$\ might
\textit{also} help with the recognition problem: for example, by letting us
train a neural network that reverse-engineered the expressed artistic
preferences of hundreds of human experts. \ But how well that neural network
would perform is an empirical question outside the scope of mathematics.
\subsection{Objections to $\mathsf{P}\protect\overset{?}{=}\mathsf{NP}%
$\label{OBJ}}
After modest exposure to the $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ problem,
some people come up with what they consider an irrefutable objection to its
phrasing or importance. \ Since the same objections tend to recur, in this
section I'll collect the most frequent ones and make some comments about them.
\subsubsection{The Asymptotic Objection}
\textbf{Objection:} $\mathsf{P}\overset{?}{=}\mathsf{NP}$ talks only about
asymptotics---i.e., whether the running time of an algorithm grows
polynomially or exponentially with the size $n$ of the question that was
asked, as $n$ goes to infinity. \ It says nothing about the number of steps
needed for concrete values of $n$ (say, a thousand or a million), which is all
anyone would ever care about in practice.
\textbf{Response:} It was realized early in the history of computer science
that \textquotedblleft number of steps\textquotedblright\ is not a robust
measure of hardness, because it varies too wildly from one machine model to
the next (from Macs to PCs and so forth), and also depends heavily on
low-level details of how the problem is encoded. \ The asymptotic complexity
of a problem could be seen as \textit{that contribution to its hardness that
is clean and mathematical}, and that survives the vicissitudes of technology.
\ Of course, real-world software design requires thinking about many
non-asymptotic contributions to a program's efficiency, from compiler overhead
to the layout of the cache (as well as many considerations that have nothing
to do with efficiency at all). \ But any good programmer knows that
asymptotics matter as well.
More specifically, many people object to theoretical computer science's
identification of \textquotedblleft polynomial\textquotedblright\ with
\textquotedblleft efficient\textquotedblright\ and \textquotedblleft
exponential\textquotedblright\ with \textquotedblleft
inefficient,\textquotedblright\ given that for any practical value of $n$, an
algorithm that takes $1.0000001^{n}$ steps is clearly preferable to an
algorithm that takes $n^{1000}$\ steps. \ This would be a strong objection, if
such algorithms were everyday phenomena. \ Empirically, however, computer
scientists found that there \textit{is} a strong correlation between
\textquotedblleft solvable in polynomial time\textquotedblright\ and
\textquotedblleft solvable efficiently in practice,\textquotedblright\ with
most (but not all) problems in $\mathsf{P}$\ that they care about solvable in
linear or quadratic or cubic time, and most (but not all) problems outside
$\mathsf{P}$\ that they care about requiring $c^{n}$\ time via any known
algorithm, for some $c$ significantly larger than $1$. \ Furthermore, even
when the first polynomial-time algorithm discovered for some problem takes
(say) $n^{6}$\ or $n^{10}$\ time, it often happens that later advances lower
the exponent, or that the algorithm runs much faster in practice than it can
be guaranteed to run in theory. \ This is what happened, for example, with
linear programming, primality testing, and Markov Chain Monte Carlo algorithms.
Having said that, \textit{of course} the goal is not just to answer some
specific question like $\mathsf{P}\overset{?}{=}\mathsf{NP}$, but\ to learn
the truth about efficient computation, whatever it might be. \ If
practically-important $\mathsf{NP}$\ problems turn out to be solvable in
$n^{1000}$\ time but not in $n^{999}$ time, or in $1.0000001^{n}$ time, then
so be it. \ From this perspective, one could argue that $\mathsf{P}%
\overset{?}{=}\mathsf{NP}$\ simply serves as a marker of ignorance: in effect
we're saying, \textquotedblleft if we can't even answer \textit{this}, then
surely we can't answer the more refined questions either.\textquotedblright
\subsubsection{The Polynomial-Time Objection}
\textbf{Objection:} But why should we draw the border of efficiency at the
polynomial functions, as opposed to any other class of functions---for
example, functions upper-bounded by $n^{2}$, or functions of the form
$n^{\log^{c}n}$ (called \textit{quasipolynomial} functions)?
\textbf{Response:} There's a good theoretical answer to this: it's because
polynomials are the smallest class of functions that contains the linear
functions, and that's closed under basic operations like addition,
multiplication, and composition. \ For this reason, they're the smallest class
that ensures that we can compose \textquotedblleft efficient
algorithms\textquotedblright\ a constant number of times, and still get an
algorithm that's efficient overall. \ For the same reason, polynomials are
\textit{also} the smallest class that ensures that our \textquotedblleft set
of efficiently solvable problems\textquotedblright\ is independent of the
low-level details of the machine model.
Having said that, much of algorithms research \textit{is} about lowering the
order of the polynomial, for problems already known to be in $\mathsf{P}$, and
theoretical computer scientists \textit{do} use looser notions like
quasipolynomial time whenever they're needed.
\subsubsection{The Kitchen-Sink Objection}
\textbf{Objection:} $\mathsf{P}\overset{?}{=}\mathsf{NP}$ is limited, because
it talks only about discrete, deterministic algorithms that find exact
solutions in the worst case---and also, because it ignores the possibility of
natural processes that might exceed the limits of Turing machines, such as
analog computers, biological computers, or quantum computers.
\textbf{Response:} For every assumption mentioned above, there's now a major
branch of theoretical computer science that studies what happens when one
relaxes the assumption: for example, randomized algorithms, approximation
algorithms, average-case complexity, and quantum computing. \ I'll discuss
some of these branches in Section \ref{VAR}. \ Briefly, though, there are deep
reasons why many of these ideas are thought to leave the original
$\mathsf{P}\overset{?}{=}\mathsf{NP}$\ problem in place. \ For example,
according to the $\mathsf{P}=\mathsf{BPP}$\ conjecture (see Section
\ref{DERAND}), randomized algorithms\ yield no more power than $\mathsf{P}$,
while careful analyses of noise, energy expenditure, and the like suggest that
the same is true for analog computers (see \cite{aar:np}). \ Meanwhile, the
famous \textit{PCP Theorem} and its offshoots (see Section \ref{BELIEFS}) have
shown that, for many $\mathsf{NP}$\ problems, there can't\ even be a
polynomial-time algorithm to \textit{approximate} the answer to within a
reasonable factor, unless $\mathsf{P}=\mathsf{NP}$.
In other cases, new ideas\ have led to major, substantive
\textit{strengthenings} of the\ $\mathsf{P}\neq\mathsf{NP}$\ conjecture (see
Section \ref{VAR}): for example, that there exist $\mathsf{NP}$\ problems that
are hard even on random inputs, or hard even for a quantum computer.
\ Obviously, proving $\mathsf{P}\neq\mathsf{NP}$\ itself is a prerequisite to
proving any of these strengthened versions.
There's one part of this objection that's so common that it requires some
separate comments. \ Namely, people say that even if $\mathsf{P}%
\neq\mathsf{NP}$, \textit{in practice} we can almost always find good enough
solutions to the problems we care about, for example by using heuristics like
simulated annealing or genetic algorithms, or by using special structure or
symmetries in real-life problem instances.
Certainly there are cases where this assumption is true. \ But there are also
cases where it's false: indeed, the entire field of cryptography is about
\textit{making} the assumption false! \ In addition, I believe our practical
experience is biased by the fact that we don't even \textit{try} to solve
search problems that we \textquotedblleft know\textquotedblright\ are
hopeless---yet that wouldn't be hopeless in a world where $\mathsf{P}%
=\mathsf{NP}$\ (and where the algorithm was efficient in practice). \ For
example, presumably no one would try using brute-force search to look for a
formal proof of the Riemann Hypothesis one billion lines long or shorter, or a
$10$-megabyte program that reproduced most of the content of Wikipedia within
a reasonable time (possibly needing to encode many of the principles of human
intelligence in order to do so). \ Yet both of these are \textquotedblleft
merely\textquotedblright\ $\mathsf{NP}$\ search problems, and things one could
seriously contemplate in a world where $\mathsf{P}=\mathsf{NP}$.
\subsubsection{The Mathematical Snobbery Objection}
\textbf{Objection:} $\mathsf{P}\overset{?}{=}\mathsf{NP}$ is not a
\textquotedblleft real\textquotedblright\ math problem, because it talks about
Turing machines, which are arbitrary human creations, rather than about
\textquotedblleft natural\textquotedblright\ mathematical objects like
integers or manifolds.
\textbf{Response:} The simplest reply is that $\mathsf{P}\overset{?}{=}%
\mathsf{NP}$ is not about Turing machines at all, but about
\textit{algorithms}, which seem every bit as central to mathematics as
integers or manifolds. \ Turing machines are just one particular formalism for
expressing algorithms, as the Arabic numerals are one formalism for integers.
\ And just like the Riemann Hypothesis is still the Riemann Hypothesis in
base-$17$ arithmetic, so essentially \textit{every} formalism for
deterministic digital computation ever proposed gives rise to the same
complexity classes $\mathsf{P}$\ and $\mathsf{NP}$, and the same question
about whether they're equal. \ (This observation is known as the
\textit{Extended Church-Turing Thesis}.)
This objection might also reflect lack of familiarity with recent progress in
complexity theory,\ which has drawn on Fourier analysis, arithmetic
combinatorics, representation theory, algebraic geometry, and dozens of other
subjects about which yellow books\footnote{Because I was asked:
\textquotedblleft yellow books\textquotedblright\ are the Springer mathematics
books that line many mathematicians' offices.} are written. \ Furthermore, in
Section \ref{GCT}, we'll see Geometric Complexity Theory (GCT): a staggeringly
ambitious program for proving $\mathsf{P}\neq\mathsf{NP}$\ that throws almost
the entire arsenal of modern mathematics at the problem, including geometric
invariant theory, plethysms, quantum groups, and Langlands-type
correspondences---and that relates $\mathsf{P}\overset{?}{=}\mathsf{NP}$, at
least conjecturally, to other questions that mathematicians have been trying
to answer for a century.\ \ Even if GCT's specific conjectures don't pan out,
they illustrate how progress toward proving $\mathsf{P}\neq\mathsf{NP}$\ could
involve deep insights from many parts of mathematics.
\subsubsection{The Sour Grapes Objection}
\textbf{Objection:} $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ is \textit{so} hard
that it's impossible to make anything resembling progress on it, at least at
this stage in human history---and for that reason, it's unworthy of serious
effort or attention. \ Indeed, we might as well treat such questions as if
their answers were formally independent of set theory, as for all we know they
are (a possibility discussed further in Section \ref{IND}).
\textbf{Response:} One of the main purposes of this survey is to explain what
we know now, relevant to the $\mathsf{P}\overset{?}{=}\mathsf{NP}$ problem,
that we didn't know $10$ or $20$ or $30$ years ago. \ It's true that, if
\textquotedblleft progress\textquotedblright\ entails having a solution
already in sight, or being able to estimate the time to a solution, I know of
no progress of \textit{that} kind! \ But by the same standard, one would have
to say there was no \textquotedblleft progress\textquotedblright\ toward
Fermat's Last Theorem in 1900---even as mathematicians, partly motivated by
Fermat's problem, were laying foundations of algebraic number theory that
\textit{did} eventually lead to Wiles's proof. \ In this survey, I'll try to
convey how, over the last few decades, insights about circuit lower bounds,
relativization and arithmetization, pseudorandomness and natural proofs, the
\textquotedblleft duality\textquotedblright\ between lower bounds and
algorithms, the permanent and determinant manifolds, and more\ have
transformed our understanding of what a\ $\mathsf{P}\neq\mathsf{NP}$\ proof
could look like.
I should point out that, even supposing $\mathsf{P}\overset{?}{=}\mathsf{NP}$
is \textit{never} solved, it's already been remarkably fruitful as an
\textquotedblleft aspirational\textquotedblright\ or \textquotedblleft
flagship\textquotedblright\ question, helping to shape research in algorithms,
cryptography, learning theory, derandomization, quantum computing, and other
areas that theoretical computer scientists work on. \ Furthermore, later we'll
see examples of how progress in some of those other areas unexpectedly ended
up tying back to the quest to prove $\mathsf{P}\neq\mathsf{NP}$.
\subsubsection{The Obviousness Objection}
\textbf{Objection:} It's intuitively obvious that $\mathsf{P}\neq\mathsf{NP}$.
\ For that reason, a proof of $\mathsf{P}\neq\mathsf{NP}$---confirming that
indeed, we can't do something that no reasonable person would ever have
imagined we could do---gives almost no useful information.
\textbf{Response:} This objection is perhaps less common among mathematicians
than others, since were it upheld, it would generalize to \textit{almost all}
of mathematics! \ Like with most famous unsolved math problems, the quest to
prove $\mathsf{P}\neq\mathsf{NP}$ is \textquotedblleft less about the
destination than the journey\textquotedblright: there might or might not be
surprises in the answer itself, but there will \textit{certainly} be huge
surprises (indeed, there have already been huge surprises) along the way.
\ More concretely: to make a sweeping statement like $\mathsf{P}%
\neq\mathsf{NP}$, about what polynomial-time algorithms \textit{can't} do,
will require an unprecedented understanding of what they \textit{can} do.
\ This will almost certainly entail the discovery of many new polynomial-time
algorithms, some of which could have practical relevance. \ In Section
\ref{PROG}, we'll see much more subtle examples of the \textquotedblleft
duality\textquotedblright\ between algorithms and impossibility proofs, with
progress on each informing the other.
Of course, to whatever extent you regard $\mathsf{P}=\mathsf{NP}$\ as a live
possibility, the Obviousness Objection isn't open to you.
\subsubsection{The Constructivity Objection}
\textbf{Objection:} Even if $\mathsf{P}=\mathsf{NP}$, the proof could be
nonconstructive---in which case it wouldn't have any of the amazing
implications discussed in Section \ref{IMP}, because we wouldn't know the algorithm.
\textbf{Response:} A nonconstructive proof that an algorithm exists is indeed
a theoretical possibility, though one that's reared its head only a few times
in the history of computer science.\footnote{The most celebrated examples of
nonconstructive proofs that algorithms exist all come from the
\textit{Robertson-Seymour graph minors theory}, one of the great achievements
of\ $20^{th}$-century combinatorics (for an accessible introduction, see for
example Fellows \cite{fellows}). \ The Robertson-Seymour theory typically
deals with \textit{parameterized} problems: for example, \textquotedblleft
given a graph $G$, decide whether $G$ can be embedded on a sphere with $k$
handles.\textquotedblright\ \ In those cases, typically a fast algorithm
$A_{k}$\ can be abstractly shown to exist for every value of $k$. \ The
central problem is that each $A_{k}$\ requires hard-coded data---in the above
example, a finite list of obstructions to the desired embedding---that no one
knows how to find given $k$, and whose size might also grow astronomically as
a function of $k$. \ On the other hand, once the finite obstruction set for a
given $k$ was known, one could then use it to solve the problem for any graph
$G$ in time $O\left( \left\vert G\right\vert ^{3}\right) $, where the
constant hidden by the big-$O$ depended on $k$.
\par
Robertson-Seymour theory also provides a few examples of non-parameterized
problems that are abstractly proved to be in $\mathsf{P}$\ but with no bound
on the exponent, or abstractly proved to be $O\left( n^{3}\right) $\ or
$O\left( n^{2}\right) $\ but with no bound on the constant. \ Thus, one
can't rule out the possibility that the same would happen with an
$\mathsf{NP}$-complete problem, and Donald Knuth \cite{knuth:nuts}\ has
explicitly speculated that $\mathsf{P}=\mathsf{NP}$\ will be proven in that
way. \ To me, however, it's unclear whether he speculates this because there's
a positive reason for thinking it true, or just because it would be cool and
interesting if it \textit{were} true.} \ Even then, however, once we knew that
an algorithm \textit{existed}, we'd have a massive inducement to try to find
it. \ The same is true if, for example, the first proof of $\mathsf{P}%
=\mathsf{NP}$\ only gave an $n^{1000}$ algorithm, but we suspected that an
$n^{2}$\ algorithm existed.\footnote{As an amusing side note, there's a trick
called \textit{Levin's universal search} \cite{levin:pnp}, in which one
\textquotedblleft dovetails\textquotedblright\ over all Turing machines
$M_{1},M_{2},\ldots$\ (that is, for all $t$, runs $M_{1},\ldots,M_{t}$\ for
$t$ steps each), halting when and if any $M_{i}$\ outputs a valid solution to
one's $\mathsf{NP}$\ search problem. \ If we know $\mathsf{P}=\mathsf{NP}$,
then we know this particular algorithm will find a valid solution, whenever
one exists, in polynomial time---because clearly \textit{some} $M_{i}$\ does
so, and all the machines other than $M_{i}$\ increase the total running time
by \textquotedblleft only\textquotedblright\ a polynomial factor! \ With more
work, one can even decrease this to a constant factor. \ Admittedly, however,
the polynomial or constant factor will be so enormous as to negate this
algorithm's practical use.}
\subsection{Further Reading}
There were at least four previous major survey articles about $\mathsf{P}%
\overset{?}{=}\mathsf{NP}$: Michael Sipser's 1992 \textquotedblleft The
History and Status of the $\mathsf{P}$\ versus $\mathsf{NP}$%
\ Question\textquotedblright\ \cite{sipser:pnp}; Stephen Cook's 2000
\textquotedblleft The $\mathsf{P}$\ versus $\mathsf{NP}$%
\ Problem\textquotedblright\ \cite{cook:clay}, which was written for the
announcement of the Clay Millennium Prize; Avi Wigderson's 2006
\textquotedblleft$\mathsf{P}$, $\mathsf{NP}$, and Mathematics---A
Computational Complexity Perspective\textquotedblright%
\ \cite{wigderson:survey1}; and Eric Allender's 2009 \textquotedblleft A
Status Report on the $\mathsf{P}$\ versus $\mathsf{NP}$%
\ Question\textquotedblright\ \cite{allender:pnp}.\ \ All four are excellent,
so it's only with trepidation that I add another entry to the crowded arena.
\ I hope that, if nothing else, this survey shows how much has continued to
occur through 2017. \ I cover several major topics that either didn't exist a
decade ago, or existed only in much more rudimentary form: for example, the
algebrization barrier, \textquotedblleft ironic complexity
theory\textquotedblright\ (including Ryan Williams's $\mathsf{NEXP}%
\not \subset \mathsf{ACC}$\ result), the \textquotedblleft chasm at depth
three\textquotedblright\ for the permanent, and the Mulmuley-Sohoni Geometric
Complexity Theory program.
The seminal papers that set up the intellectual framework for $\mathsf{P}%
\overset{?}{=}\mathsf{NP}$, posed it, and demonstrated its importance include
those of Edmonds \cite{edmonds}, Rabin \cite{rabin:automata}, Cobham
\cite{cobham}, Cook \cite{cook}, Karp \cite{karp}, and Levin \cite{levin:pnp}%
.\footnote{As this survey was being completed, Bruce Kapron \cite{cookkapron}
posted on the Internet mimeographed notes, from a course taught by Stephen
Cook at Berkeley in 1967, in which $\mathsf{P}\neq\mathsf{NP}$\ is explicitly
conjectured. \ This might be the first time the conjecture, in the precise
form we know it today (up to the names of the classes), was made in print, for
some definition of \textquotedblleft in print.\textquotedblright} \ See also
Trakhtenbrot \cite{trakhtenbrot}\ for a survey of Soviet thought about
\textit{perebor}, as brute-force search was referred to in Russian in the
1950s and 60s.
The classic text that introduced the wider world to $\mathsf{P}$,
$\mathsf{NP}$, and $\mathsf{NP}$-completeness, and that gave a canonical (and
still-useful) list of hundreds of $\mathsf{NP}$-complete problems, is Garey
and Johnson \cite{gj}. \ Some recommended computational complexity theory
textbooks---in rough order from earliest to most recent, in the material they
cover---are Sipser \cite{sipser:book}, Papadimitriou \cite{papa:book},
Sch\"{o}ning \cite{gems}, Moore and Mertens \cite{mooremertens}, and Arora and
Barak \cite{arorabarak}. \ Surveys on particular aspects of complexity theory
will be recommended where relevant throughout the survey.
Those seeking a nontechnical introduction to $\mathsf{P}\overset{?}{=}%
\mathsf{NP}$\ might enjoy Lance Fortnow's charming book \textit{The Golden
Ticket} \cite{fortnow:ticket}, or his 2009 popular article for
\textit{Communications of the ACM} \cite{fortnow:pnp}. \ My own
\textit{Quantum Computing Since Democritus} \cite{aar:qcsd}\ gives something
between a popular and a technical treatment.
\section{Formalizing $\mathsf{P}\protect\overset{?}{=}\mathsf{NP}$\ and
Central Related Concepts\label{FORMAL}}
The $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ problem is normally phrased in
terms of \textit{Turing machines}: a theoretical model of computation proposed
by Alan Turing in 1936, which involves a one-dimensional tape divided into
discrete squares, and a finite control that moves back and forth on the tape,
reading and writing symbols. \ For a formal definition, see, e.g., Sipser
\cite{sipser:book} or Cook \cite{cook:clay}.
In this survey, I won't define Turing machines, for the simple reason that
\textit{if you know any programming language---C, Java, Python, etc.---then
you already know something that's equivalent to Turing machines for our
purposes.} \ More precisely, the \textit{Church-Turing Thesis}\ holds that
virtually any model of computation one can define will be equivalent to Turing
machines, in the sense that Turing machines can simulate that model and vice
versa. \ A modern refinement, the \textit{Extended Church-Turing Thesis}, says
that moreover, these simulations will incur at most a polynomial overhead in
time and memory. \ Nowadays, most computer scientists and physicists
conjecture that \textit{quantum computation} provides a counterexample to the
Extended Church-Turing Thesis---possibly the only counterexample that can be
physically realized. \ In Section \ref{QUANTUM}, I'll say a bit about how this
changes the story. \ It's also conceivable that access to a true random-number
generator would let us violate the Extended Church-Turing Thesis, although
most computer scientists conjecture that it doesn't, for reasons that I'll
explain in Section \ref{DERAND}. \ On the other hand, as long as we're talking
only about \textit{classical, digital, deterministic} computation, the
Extended Church-Turing Thesis remains on extremely solid ground.
If we accept this, then there's a well-defined notion of \textquotedblleft
solvable in polynomial time,\textquotedblright\ which is independent of the
low-level details of the computer's architecture: the instruction set, the
specific rules for accessing memory, etc. \ This licenses us to ignore those
details. \ The main caveat here is that there must be no \textit{a-priori}
limit on how much memory the computer can address, even though any program
that runs for finite time will only address a finite amount of
memory.\footnote{The reason for this caveat is that, if a programming language
were inherently limited to (say) 64K of memory, there would be only finitely
many possible program behaviors, so in principle we could just cache
everything in a giant lookup table. \ Many programming languages do impose a
finite upper bound on the addressable memory, but they could easily be
generalized to remove this restriction (or one could consider programs that
store information on external I/O devices).}$^{,}$\footnote{I should stress
that, once we specify which computational models we have in mind---Turing
machines, Intel machine code, etc.---the polynomial-time equivalence of those
models is typically a \textit{theorem}, though a rather tedious one. \ The
\textquotedblleft thesis\textquotedblright\ of the Extended Church-Turing
Thesis, the part not susceptible to proof, is that all \textit{other}
\textquotedblleft reasonable\textquotedblright\ models of digital computation
will also be equivalent to those models.}
We can now define $\mathsf{P}$\ and $\mathsf{NP}$, in terms of Turing machines
for concreteness---but, because of the Extended Church-Turing Thesis, the
reader is free to substitute other computing formalisms such as Lisp programs,
$\lambda$-calculus, stylized assembly language, or cellular automata.
A \textit{language}---the term is historical, coming from when theoretical
computer science was closely connected to linguistics---just means a set of
binary strings, $L\subseteq\left\{ 0,1\right\} ^{\ast}$, where $\left\{
0,1\right\} ^{\ast}$ is the set of all binary strings of all (finite)
lengths. \ Of course a language can be infinite, even though every string in
the language is finite. \ One example is the language consisting of all
palindromes: for instance, $00$, $11$, $0110$, $11011$, etc., but not $001$ or
$1100$. \ A more interesting example is the language consisting of all binary
encodings of prime numbers: for instance, $10$, $11$, $101$,\ and $111$, but
not $100$.
A binary string $x\in\left\{ 0,1\right\} ^{\ast}$, for which we want to know
whether $x\in L$, is called an \textit{instance} of the general problem of
deciding membership in $L$. \ Given a Turing machine $M$ and an instance $x$,
we let $M\left( x\right) $\ denote $M$ run on input $x$ (say, on a tape
initialized to $\cdots0\#x\#0\cdots$, or $x$ surrounded by delimiters and
blank or $0$ symbols). \ We say that $M\left( x\right) $\textit{\ accepts}
if it eventually halts and enters an \textquotedblleft
accept\textquotedblright\ state, and\ we say that $M$ \textit{decides} the
language $L$ if for all $x\in\left\{ 0,1\right\} ^{\ast}$,%
\[
x\in L\text{ }\Longleftrightarrow\text{\ }M\left( x\right) \text{ accepts.}%
\]
The machine $M$ may also contain a \textquotedblleft reject\textquotedblright%
\ state, which $M$ enters to signify that it has halted without accepting.
\ Let $\left\vert x\right\vert $\ be the length of $x$ (i.e., the number of
bits). \ Then we say $M$ is \textit{polynomial-time} if there exists a
polynomial $p$ such that $M\left( x\right) $\ halts, either accepting or
rejecting, after at most $p\left( \left\vert x\right\vert \right) $\ steps,
for all $x\in\left\{ 0,1\right\} ^{\ast}$.
Now $\mathsf{P}$, or Polynomial-Time, is the class of all languages $L$ for
which there exists a Turing machine $M$ that decides $L$ in polynomial time.
\ Also, $\mathsf{NP}$,\ or Nondeterministic Polynomial-Time, is the class of
languages $L$ for which there exists a polynomial-time Turing machine $M$, and
a polynomial $p$, such that for all $x\in\left\{ 0,1\right\} ^{\ast}$,%
\[
x\in L~\Longleftrightarrow~\exists w\in\left\{ 0,1\right\} ^{p\left(
\left\vert x\right\vert \right) }~M\left( x,w\right) ~\text{accepts.}%
\]
In other words, $\mathsf{NP}$\ is the class of languages $L$\ for which,
whenever $x\in L$, there exists a polynomial-size \textquotedblleft witness
string\textquotedblright\ $w$, which enables a polynomial-time
\textquotedblleft verifier\textquotedblright\ $M$\ to recognize that indeed
$x\in L$. \ Conversely, whenever $x\not \in L$, there must be no $w$ that
causes $M\left( x,w\right) $\ to accept.
There's an earlier definition of $\mathsf{NP}$, which explains its ungainly
name. \ Namely, we can define a \textit{nondeterministic Turing machine} as a
Turing machine that \textquotedblleft when it sees a fork in the road, takes
it\textquotedblright: that is, that's allowed to transition from a single
state at time $t$\ to multiple possible states at time $t+1$. \ We say that a
machine \textquotedblleft accepts\textquotedblright\ its input $x$, if there
\textit{exists} a list of valid transitions between states, $s_{1}\rightarrow
s_{2}\rightarrow s_{3}\rightarrow\cdots$, that the machine could make on input
$x$\ that terminates in an accepting state $s_{\operatorname*{Accept}}$. \ The
machine \textquotedblleft rejects\textquotedblright\ if there's no such
accepting path. \ The \textquotedblleft running time\textquotedblright\ of
such a machine is the maximum number of steps taken along \textit{any} path,
until the machine either accepts or rejects.\footnote{Or one could consider
the \textit{minimum} number of steps along any accepting path; the resulting
class will be the same.} \ We can then define $\mathsf{NP}$\ as the class of
all languages $L$\ for which there exists a nondeterministic Turing machine
that decides $L$ in polynomial time. \ It's clear that $\mathsf{NP}$,\ so
defined, is equivalent to the more intuitive verifier definition that we gave
earlier. \ In one direction, if we have a polynomial-time verifier $M$, then a
nondeterministic Turing machine can create paths corresponding to all possible
witness strings $w$, and accept if and only if there exists a $w$\ such that
$M\left( x,w\right) $\ accepts. \ In the other direction, if we have a
nondeterministic Turing machine $M^{\prime}$, then a verifier can take as its
witness string $w$\ a description of a claimed path that causes $M^{\prime
}\left( x\right) $\ to accept, then check that the path indeed does so.
Clearly $\mathsf{P}\subseteq\mathsf{NP}$, since an $\mathsf{NP}$\ verifier $M$
can just ignore its witness $w$, and try to decide in polynomial time whether
$x\in L$ itself. \ The central conjecture is that this containment is strict.
\begin{conjecture}
$\mathsf{P}\neq\mathsf{NP}$.
\end{conjecture}
\subsection{$\mathsf{NP}$-Completeness\label{NPCOMPLETE}}
A further concept, not part of the statement of $\mathsf{P}\overset{?}{=}%
\mathsf{NP}$\ but central to any discussion of it, is $\mathsf{NP}%
$\textit{-completeness}. \ To explain this requires a few more definitions.
\ An \textit{oracle Turing machine} is a Turing machine that, at any time, can
submit an instance $x$ to an \textquotedblleft oracle\textquotedblright:\ a
device that, in a single time step, returns a bit indicating whether $x$
belongs to some given language $L$. \ Though it sounds fanciful, this notion
is what lets us relate different computational problems to each other, and as
such is one of the central concepts in computer science. \ An oracle that
answers all queries consistently with $L$\ is called an $L$\textit{-oracle},
and we write $M^{L}$ to denote the (oracle) Turing machine $M$ with
$L$-oracle. \ We can then define $\mathsf{P}^{L}$, or $\mathsf{P}%
$\ \textit{relative to} $L$, as the class of all languages $L^{\prime}$\ for
which there exists an oracle machine $M$ such that $M^{L}$\ decides
$L^{\prime}$ in polynomial time. \ If $L^{\prime}\in\mathsf{P}^{L}$, then we
also write $L^{\prime}\leq_{\mathsf{P}}^{T}L$, which means \textquotedblleft%
$L^{\prime}$\ is polynomial-time Turing-reducible to $L$.\textquotedblright%
\ \ Note that polynomial-time Turing-reducibility is indeed a partial order
relation (i.e., it's transitive and reflexive).
A language $L$ is $\mathsf{NP}$\textit{-hard} (technically, $\mathsf{NP}%
$-hard\ under Turing reductions\footnote{In practice, often one only needs a
special kind of Turing reduction called a \textit{many-one reduction} or
\textit{Karp reduction}, which is a polynomial-time algorithm that maps every
yes-instance of $L^{\prime}$\ to a yes-instance of $L$, and every no-instance
of $L^{\prime}$\ to a no-instance of $L$. \ The additional power of Turing
reductions---to make multiple queries to the $L$-oracle (with later queries
depending on the outcomes of earlier ones), post-process the results of those
queries, etc.---is needed only in a minority of cases. \ For that reason, most
sources define $\mathsf{NP}$-hardness\ in terms of many-one reductions.
\ Nevertheless, for conceptual simplicity, throughout this survey I'll talk in
terms of Turing reductions.}) if $\mathsf{NP}\subseteq\mathsf{P}^{L}$.
\ Informally, $\mathsf{NP}$-hard means\ \textquotedblleft at least as hard as
any $\mathsf{NP}$\ problem, under partial ordering by
reductions.\textquotedblright\ \ That is, if we had a black box for an
$\mathsf{NP}$-hard problem, we could use it to solve all $\mathsf{NP}%
$\ problems in polynomial time. \ Also, $L$ is $\mathsf{NP}$\textit{-complete}%
\ if $L$ is $\mathsf{NP}$-hard\ \textit{and} $L\in\mathsf{NP}$. \ Informally,
$\mathsf{NP}$-complete\ problems are the hardest problems in $\mathsf{NP}$, in
the sense that an efficient algorithm for any of them would yield efficient
algorithms for all $\mathsf{NP}$\ problems. \ (See Figure \ref{npfig}.)
\begin{figure}[ptb]
\centering
\label{npfig}
\par
\psset{xunit=.5pt,yunit=.5pt,runit=.5pt}
\begin{pspicture}(460.9444806,411.65766078)
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(148.10283945,298.08432875)
\lineto(152.08721445,298.08432875)
\lineto(161.78448008,279.78843031)
\lineto(161.78448008,298.08432875)
\lineto(164.65557383,298.08432875)
\lineto(164.65557383,276.21421156)
\lineto(160.67119883,276.21421156)
\lineto(150.9739332,294.51011)
\lineto(150.9739332,276.21421156)
\lineto(148.10283945,276.21421156)
\lineto(148.10283945,298.08432875)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(173.50323008,295.65268812)
\lineto(173.50323008,287.43491468)
\lineto(177.2239332,287.43491468)
\curveto(178.60088633,287.43491468)(179.66533945,287.79136)(180.41729258,288.50425062)
\curveto(181.1692457,289.21714125)(181.54522227,290.23276625)(181.54522227,291.55112562)
\curveto(181.54522227,292.85971937)(181.1692457,293.87046156)(180.41729258,294.58335218)
\curveto(179.66533945,295.29624281)(178.60088633,295.65268812)(177.2239332,295.65268812)
\lineto(173.50323008,295.65268812)
\closepath
\moveto(170.5442457,298.08432875)
\lineto(177.2239332,298.08432875)
\curveto(179.67510508,298.08432875)(181.52569102,297.52768812)(182.77569102,296.41440687)
\curveto(184.03545664,295.31089125)(184.66533945,293.6897975)(184.66533945,291.55112562)
\curveto(184.66533945,289.3929225)(184.03545664,287.76206312)(182.77569102,286.6585475)
\curveto(181.52569102,285.55503187)(179.67510508,285.00327406)(177.2239332,285.00327406)
\lineto(173.50323008,285.00327406)
\lineto(173.50323008,276.21421156)
\lineto(170.5442457,276.21421156)
\lineto(170.5442457,298.08432875)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(186.52569102,285.63315687)
\lineto(194.42119883,285.63315687)
\lineto(194.42119883,283.23081312)
\lineto(186.52569102,283.23081312)
\lineto(186.52569102,285.63315687)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(210.53448008,291.99057875)
\lineto(210.53448008,289.4710475)
\curveto(209.77276133,289.89096937)(209.00615977,290.20346937)(208.23467539,290.4085475)
\curveto(207.47295664,290.62339125)(206.70147227,290.73081312)(205.92022227,290.73081312)
\curveto(204.17217539,290.73081312)(202.81475352,290.1741725)(201.84795664,289.06089125)
\curveto(200.88115977,287.95737562)(200.39776133,286.40464125)(200.39776133,284.40268812)
\curveto(200.39776133,282.400735)(200.88115977,280.84311781)(201.84795664,279.72983656)
\curveto(202.81475352,278.62632093)(204.17217539,278.07456312)(205.92022227,278.07456312)
\curveto(206.70147227,278.07456312)(207.47295664,278.17710218)(208.23467539,278.38218031)
\curveto(209.00615977,278.59702406)(209.77276133,278.91440687)(210.53448008,279.33432875)
\lineto(210.53448008,276.84409437)
\curveto(209.78252695,276.49253187)(209.00127695,276.22886)(208.19073008,276.05307875)
\curveto(207.38994883,275.8772975)(206.53545664,275.78940687)(205.62725352,275.78940687)
\curveto(203.15655039,275.78940687)(201.19365977,276.56577406)(199.73858164,278.11850843)
\curveto(198.28350352,279.67124281)(197.55596445,281.76596937)(197.55596445,284.40268812)
\curveto(197.55596445,287.07846937)(198.28838633,289.18296156)(199.75323008,290.71616468)
\curveto(201.22783945,292.24936781)(203.24444102,293.01596937)(205.80303477,293.01596937)
\curveto(206.63311289,293.01596937)(207.44365977,292.92807875)(208.23467539,292.7522975)
\curveto(209.02569102,292.58628187)(209.79229258,292.33237562)(210.53448008,291.99057875)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(221.60869883,290.73081312)
\curveto(220.16338633,290.73081312)(219.0208082,290.16440687)(218.18096445,289.03159437)
\curveto(217.3411207,287.9085475)(216.92119883,286.36557875)(216.92119883,284.40268812)
\curveto(216.92119883,282.4397975)(217.33623789,280.89194593)(218.16631602,279.75913343)
\curveto(219.00615977,278.63608656)(220.1536207,278.07456312)(221.60869883,278.07456312)
\curveto(223.0442457,278.07456312)(224.18194102,278.64096937)(225.02178477,279.77378187)
\curveto(225.86162852,280.90659437)(226.28155039,282.44956312)(226.28155039,284.40268812)
\curveto(226.28155039,286.3460475)(225.86162852,287.88413343)(225.02178477,289.01694593)
\curveto(224.18194102,290.15952406)(223.0442457,290.73081312)(221.60869883,290.73081312)
\closepath
\moveto(221.60869883,293.01596937)
\curveto(223.95244883,293.01596937)(225.79326914,292.25425062)(227.13115977,290.73081312)
\curveto(228.46905039,289.20737562)(229.1379957,287.09800062)(229.1379957,284.40268812)
\curveto(229.1379957,281.71714125)(228.46905039,279.60776625)(227.13115977,278.07456312)
\curveto(225.79326914,276.55112562)(223.95244883,275.78940687)(221.60869883,275.78940687)
\curveto(219.2551832,275.78940687)(217.40948008,276.55112562)(216.07158945,278.07456312)
\curveto(214.74346445,279.60776625)(214.07940195,281.71714125)(214.07940195,284.40268812)
\curveto(214.07940195,287.09800062)(214.74346445,289.20737562)(216.07158945,290.73081312)
\curveto(217.40948008,292.25425062)(219.2551832,293.01596937)(221.60869883,293.01596937)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(246.3645582,289.4710475)
\curveto(247.03838633,290.681985)(247.84405039,291.57553968)(248.78155039,292.15171156)
\curveto(249.71905039,292.72788343)(250.82256602,293.01596937)(252.09209727,293.01596937)
\curveto(253.80108164,293.01596937)(255.11944102,292.41538343)(256.04717539,291.21421156)
\curveto(256.97490977,290.02280531)(257.43877695,288.32358656)(257.43877695,286.11655531)
\lineto(257.43877695,276.21421156)
\lineto(254.72881602,276.21421156)
\lineto(254.72881602,286.02866468)
\curveto(254.72881602,287.60093031)(254.4504957,288.7679225)(253.89385508,289.52964125)
\curveto(253.33721445,290.29136)(252.48760508,290.67221937)(251.34502695,290.67221937)
\curveto(249.94854258,290.67221937)(248.84502695,290.20835218)(248.03448008,289.28061781)
\curveto(247.2239332,288.35288343)(246.81865977,287.088235)(246.81865977,285.4866725)
\lineto(246.81865977,276.21421156)
\lineto(244.10869883,276.21421156)
\lineto(244.10869883,286.02866468)
\curveto(244.10869883,287.61069593)(243.83037852,288.77768812)(243.27373789,289.52964125)
\curveto(242.71709727,290.29136)(241.85772227,290.67221937)(240.69561289,290.67221937)
\curveto(239.31865977,290.67221937)(238.22490977,290.20346937)(237.41436289,289.26596937)
\curveto(236.60381602,288.338235)(236.19854258,287.07846937)(236.19854258,285.4866725)
\lineto(236.19854258,276.21421156)
\lineto(233.48858164,276.21421156)
\lineto(233.48858164,292.62046156)
\lineto(236.19854258,292.62046156)
\lineto(236.19854258,290.07163343)
\curveto(236.81377695,291.07749281)(237.55108164,291.81968031)(238.41045664,292.29819593)
\curveto(239.26983164,292.77671156)(240.29033945,293.01596937)(241.47198008,293.01596937)
\curveto(242.66338633,293.01596937)(243.67412852,292.713235)(244.50420664,292.10776625)
\curveto(245.34405039,291.5022975)(245.96416758,290.62339125)(246.3645582,289.4710475)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(265.43682383,278.67514906)
\lineto(265.43682383,269.97397718)
\lineto(262.72686289,269.97397718)
\lineto(262.72686289,292.62046156)
\lineto(265.43682383,292.62046156)
\lineto(265.43682383,290.13022718)
\curveto(266.00323008,291.10678968)(266.7161207,291.82944593)(267.5754957,292.29819593)
\curveto(268.44463633,292.77671156)(269.47979258,293.01596937)(270.68096445,293.01596937)
\curveto(272.67315195,293.01596937)(274.28936289,292.22495375)(275.52959727,290.6429225)
\curveto(276.77959727,289.06089125)(277.40459727,286.98081312)(277.40459727,284.40268812)
\curveto(277.40459727,281.82456312)(276.77959727,279.744485)(275.52959727,278.16245375)
\curveto(274.28936289,276.5804225)(272.67315195,275.78940687)(270.68096445,275.78940687)
\curveto(269.47979258,275.78940687)(268.44463633,276.02378187)(267.5754957,276.49253187)
\curveto(266.7161207,276.9710475)(266.00323008,277.69858656)(265.43682383,278.67514906)
\closepath
\moveto(274.6067457,284.40268812)
\curveto(274.6067457,286.38511)(274.19658945,287.93784437)(273.37627695,289.06089125)
\curveto(272.56573008,290.19370375)(271.44756602,290.76011)(270.02178477,290.76011)
\curveto(268.59600352,290.76011)(267.47295664,290.19370375)(266.65264414,289.06089125)
\curveto(265.84209727,287.93784437)(265.43682383,286.38511)(265.43682383,284.40268812)
\curveto(265.43682383,282.42026625)(265.84209727,280.86264906)(266.65264414,279.72983656)
\curveto(267.47295664,278.60678968)(268.59600352,278.04526625)(270.02178477,278.04526625)
\curveto(271.44756602,278.04526625)(272.56573008,278.60678968)(273.37627695,279.72983656)
\curveto(274.19658945,280.86264906)(274.6067457,282.42026625)(274.6067457,284.40268812)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(281.8723707,299.00718031)
\lineto(284.5676832,299.00718031)
\lineto(284.5676832,276.21421156)
\lineto(281.8723707,276.21421156)
\lineto(281.8723707,299.00718031)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(304.22588633,285.09116468)
\lineto(304.22588633,283.77280531)
\lineto(291.8333082,283.77280531)
\curveto(291.9504957,281.91733656)(292.50713633,280.50132093)(293.50323008,279.52475843)
\curveto(294.50908945,278.55796156)(295.90557383,278.07456312)(297.6926832,278.07456312)
\curveto(298.72783945,278.07456312)(299.72881602,278.20151625)(300.69561289,278.4554225)
\curveto(301.67217539,278.70932875)(302.63897227,279.09018812)(303.59600352,279.59800062)
\lineto(303.59600352,277.0491725)
\curveto(302.62920664,276.63901625)(301.6379957,276.32651625)(300.6223707,276.1116725)
\curveto(299.6067457,275.89682875)(298.57647227,275.78940687)(297.53155039,275.78940687)
\curveto(294.91436289,275.78940687)(292.83916758,276.55112562)(291.30596445,278.07456312)
\curveto(289.78252695,279.59800062)(289.0208082,281.6585475)(289.0208082,284.25620375)
\curveto(289.0208082,286.94175062)(289.74346445,289.07065687)(291.18877695,290.6429225)
\curveto(292.64385508,292.22495375)(294.60186289,293.01596937)(297.06280039,293.01596937)
\curveto(299.26983164,293.01596937)(301.0129957,292.30307875)(302.29229258,290.8772975)
\curveto(303.58135508,289.46128187)(304.22588633,287.53257093)(304.22588633,285.09116468)
\closepath
\moveto(301.53057383,285.88218031)
\curveto(301.51104258,287.35678968)(301.09600352,288.5335475)(300.28545664,289.41245375)
\curveto(299.48467539,290.29136)(298.42022227,290.73081312)(297.09209727,290.73081312)
\curveto(295.58819102,290.73081312)(294.38213633,290.30600843)(293.4739332,289.45639906)
\curveto(292.5754957,288.60678968)(292.05791758,287.41050062)(291.92119883,285.86753187)
\lineto(301.53057383,285.88218031)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(311.31573008,297.27866468)
\lineto(311.31573008,292.62046156)
\lineto(316.86748789,292.62046156)
\lineto(316.86748789,290.525735)
\lineto(311.31573008,290.525735)
\lineto(311.31573008,281.619485)
\curveto(311.31573008,280.28159437)(311.49639414,279.42221937)(311.85772227,279.04136)
\curveto(312.22881602,278.66050062)(312.97588633,278.47007093)(314.0989332,278.47007093)
\lineto(316.86748789,278.47007093)
\lineto(316.86748789,276.21421156)
\lineto(314.0989332,276.21421156)
\curveto(312.01885508,276.21421156)(310.5833082,276.59995375)(309.79229258,277.37143812)
\curveto(309.00127695,278.15268812)(308.60576914,279.56870375)(308.60576914,281.619485)
\lineto(308.60576914,290.525735)
\lineto(306.62823008,290.525735)
\lineto(306.62823008,292.62046156)
\lineto(308.60576914,292.62046156)
\lineto(308.60576914,297.27866468)
\lineto(311.31573008,297.27866468)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(334.46026133,285.09116468)
\lineto(334.46026133,283.77280531)
\lineto(322.0676832,283.77280531)
\curveto(322.1848707,281.91733656)(322.74151133,280.50132093)(323.73760508,279.52475843)
\curveto(324.74346445,278.55796156)(326.13994883,278.07456312)(327.9270582,278.07456312)
\curveto(328.96221445,278.07456312)(329.96319102,278.20151625)(330.92998789,278.4554225)
\curveto(331.90655039,278.70932875)(332.87334727,279.09018812)(333.83037852,279.59800062)
\lineto(333.83037852,277.0491725)
\curveto(332.86358164,276.63901625)(331.8723707,276.32651625)(330.8567457,276.1116725)
\curveto(329.8411207,275.89682875)(328.81084727,275.78940687)(327.76592539,275.78940687)
\curveto(325.14873789,275.78940687)(323.07354258,276.55112562)(321.54033945,278.07456312)
\curveto(320.01690195,279.59800062)(319.2551832,281.6585475)(319.2551832,284.25620375)
\curveto(319.2551832,286.94175062)(319.97783945,289.07065687)(321.42315195,290.6429225)
\curveto(322.87823008,292.22495375)(324.83623789,293.01596937)(327.29717539,293.01596937)
\curveto(329.50420664,293.01596937)(331.2473707,292.30307875)(332.52666758,290.8772975)
\curveto(333.81573008,289.46128187)(334.46026133,287.53257093)(334.46026133,285.09116468)
\closepath
\moveto(331.76494883,285.88218031)
\curveto(331.74541758,287.35678968)(331.33037852,288.5335475)(330.51983164,289.41245375)
\curveto(329.71905039,290.29136)(328.65459727,290.73081312)(327.32647227,290.73081312)
\curveto(325.82256602,290.73081312)(324.61651133,290.30600843)(323.7083082,289.45639906)
\curveto(322.8098707,288.60678968)(322.29229258,287.41050062)(322.15557383,285.86753187)
\lineto(331.76494883,285.88218031)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(218.50225352,198.37436781)
\lineto(223.81475352,198.37436781)
\lineto(236.74444102,173.97983656)
\lineto(236.74444102,198.37436781)
\lineto(240.57256602,198.37436781)
\lineto(240.57256602,169.21421156)
\lineto(235.26006602,169.21421156)
\lineto(222.33037852,193.60874281)
\lineto(222.33037852,169.21421156)
\lineto(218.50225352,169.21421156)
\lineto(218.50225352,198.37436781)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(252.36944102,195.13218031)
\lineto(252.36944102,184.17514906)
\lineto(257.33037852,184.17514906)
\curveto(259.16631602,184.17514906)(260.58558685,184.65040948)(261.58819102,185.60093031)
\curveto(262.59079518,186.55145114)(263.09209727,187.90561781)(263.09209727,189.66343031)
\curveto(263.09209727,191.40822198)(262.59079518,192.75587823)(261.58819102,193.70639906)
\curveto(260.58558685,194.65691989)(259.16631602,195.13218031)(257.33037852,195.13218031)
\lineto(252.36944102,195.13218031)
\closepath
\moveto(248.42412852,198.37436781)
\lineto(257.33037852,198.37436781)
\curveto(260.59860768,198.37436781)(263.0660556,197.63218031)(264.73272227,196.14780531)
\curveto(266.41240977,194.67645114)(267.25225352,192.51499281)(267.25225352,189.66343031)
\curveto(267.25225352,186.78582614)(266.41240977,184.61134698)(264.73272227,183.13999281)
\curveto(263.0660556,181.66863864)(260.59860768,180.93296156)(257.33037852,180.93296156)
\lineto(252.36944102,180.93296156)
\lineto(252.36944102,169.21421156)
\lineto(248.42412852,169.21421156)
\lineto(248.42412852,198.37436781)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(234.40850352,70.13218031)
\lineto(234.40850352,59.17514906)
\lineto(239.36944102,59.17514906)
\curveto(241.20537852,59.17514906)(242.62464935,59.65040948)(243.62725352,60.60093031)
\curveto(244.62985768,61.55145114)(245.13115977,62.90561781)(245.13115977,64.66343031)
\curveto(245.13115977,66.40822198)(244.62985768,67.75587823)(243.62725352,68.70639906)
\curveto(242.62464935,69.65691989)(241.20537852,70.13218031)(239.36944102,70.13218031)
\lineto(234.40850352,70.13218031)
\closepath
\moveto(230.46319102,73.37436781)
\lineto(239.36944102,73.37436781)
\curveto(242.63767018,73.37436781)(245.1051181,72.63218031)(246.77178477,71.14780531)
\curveto(248.45147227,69.67645114)(249.29131602,67.51499281)(249.29131602,64.66343031)
\curveto(249.29131602,61.78582614)(248.45147227,59.61134698)(246.77178477,58.13999281)
\curveto(245.1051181,56.66863864)(242.63767018,55.93296156)(239.36944102,55.93296156)
\lineto(234.40850352,55.93296156)
\lineto(234.40850352,44.21421156)
\lineto(230.46319102,44.21421156)
\lineto(230.46319102,73.37436781)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(184.0208082,389.08432875)
\lineto(188.0051832,389.08432875)
\lineto(197.70244883,370.78843031)
\lineto(197.70244883,389.08432875)
\lineto(200.57354258,389.08432875)
\lineto(200.57354258,367.21421156)
\lineto(196.58916758,367.21421156)
\lineto(186.89190195,385.51011)
\lineto(186.89190195,367.21421156)
\lineto(184.0208082,367.21421156)
\lineto(184.0208082,389.08432875)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(209.42119883,386.65268812)
\lineto(209.42119883,378.43491468)
\lineto(213.14190195,378.43491468)
\curveto(214.51885508,378.43491468)(215.5833082,378.79136)(216.33526133,379.50425062)
\curveto(217.08721445,380.21714125)(217.46319102,381.23276625)(217.46319102,382.55112562)
\curveto(217.46319102,383.85971937)(217.08721445,384.87046156)(216.33526133,385.58335218)
\curveto(215.5833082,386.29624281)(214.51885508,386.65268812)(213.14190195,386.65268812)
\lineto(209.42119883,386.65268812)
\closepath
\moveto(206.46221445,389.08432875)
\lineto(213.14190195,389.08432875)
\curveto(215.59307383,389.08432875)(217.44365977,388.52768812)(218.69365977,387.41440687)
\curveto(219.95342539,386.31089125)(220.5833082,384.6897975)(220.5833082,382.55112562)
\curveto(220.5833082,380.3929225)(219.95342539,378.76206312)(218.69365977,377.6585475)
\curveto(217.44365977,376.55503187)(215.59307383,376.00327406)(213.14190195,376.00327406)
\lineto(209.42119883,376.00327406)
\lineto(209.42119883,367.21421156)
\lineto(206.46221445,367.21421156)
\lineto(206.46221445,389.08432875)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(222.44365977,376.63315687)
\lineto(230.33916758,376.63315687)
\lineto(230.33916758,374.23081312)
\lineto(222.44365977,374.23081312)
\lineto(222.44365977,376.63315687)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(248.28350352,377.11655531)
\lineto(248.28350352,367.21421156)
\lineto(245.58819102,367.21421156)
\lineto(245.58819102,377.02866468)
\curveto(245.58819102,378.58139906)(245.28545664,379.74350843)(244.67998789,380.51499281)
\curveto(244.07451914,381.28647718)(243.16631602,381.67221937)(241.95537852,381.67221937)
\curveto(240.50030039,381.67221937)(239.35283945,381.20835218)(238.5129957,380.28061781)
\curveto(237.67315195,379.35288343)(237.25323008,378.088235)(237.25323008,376.4866725)
\lineto(237.25323008,367.21421156)
\lineto(234.54326914,367.21421156)
\lineto(234.54326914,390.00718031)
\lineto(237.25323008,390.00718031)
\lineto(237.25323008,381.07163343)
\curveto(237.89776133,382.05796156)(238.65459727,382.79526625)(239.52373789,383.2835475)
\curveto(240.40264414,383.77182875)(241.41338633,384.01596937)(242.55596445,384.01596937)
\curveto(244.44073008,384.01596937)(245.86651133,383.43003187)(246.8333082,382.25815687)
\curveto(247.80010508,381.0960475)(248.28350352,379.38218031)(248.28350352,377.11655531)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(261.14483164,375.46128187)
\curveto(258.96709727,375.46128187)(257.4583082,375.21225843)(256.61846445,374.71421156)
\curveto(255.7786207,374.21616468)(255.35869883,373.36655531)(255.35869883,372.16538343)
\curveto(255.35869883,371.20835218)(255.67119883,370.44663343)(256.29619883,369.88022718)
\curveto(256.93096445,369.32358656)(257.79033945,369.04526625)(258.87432383,369.04526625)
\curveto(260.36846445,369.04526625)(261.56475352,369.57261)(262.46319102,370.6272975)
\curveto(263.37139414,371.69175062)(263.8254957,373.10288343)(263.8254957,374.86069593)
\lineto(263.8254957,375.46128187)
\lineto(261.14483164,375.46128187)
\closepath
\moveto(266.5208082,376.57456312)
\lineto(266.5208082,367.21421156)
\lineto(263.8254957,367.21421156)
\lineto(263.8254957,369.70444593)
\curveto(263.21026133,368.70835218)(262.44365977,367.9710475)(261.52569102,367.49253187)
\curveto(260.60772227,367.02378187)(259.48467539,366.78940687)(258.15655039,366.78940687)
\curveto(256.47686289,366.78940687)(255.13897227,367.25815687)(254.14287852,368.19565687)
\curveto(253.15655039,369.1429225)(252.66338633,370.40757093)(252.66338633,371.98960218)
\curveto(252.66338633,373.83530531)(253.2786207,375.22690687)(254.50908945,376.16440687)
\curveto(255.74932383,377.10190687)(257.59502695,377.57065687)(260.04619883,377.57065687)
\lineto(263.8254957,377.57065687)
\lineto(263.8254957,377.83432875)
\curveto(263.8254957,379.07456312)(263.41533945,380.03159437)(262.59502695,380.7054225)
\curveto(261.78448008,381.38901625)(260.64190195,381.73081312)(259.16729258,381.73081312)
\curveto(258.22979258,381.73081312)(257.31670664,381.61850843)(256.42803477,381.39389906)
\curveto(255.53936289,381.16928968)(254.6848707,380.83237562)(253.8645582,380.38315687)
\lineto(253.8645582,382.87339125)
\curveto(254.85088633,383.25425062)(255.80791758,383.53745375)(256.73565195,383.72300062)
\curveto(257.66338633,383.91831312)(258.56670664,384.01596937)(259.44561289,384.01596937)
\curveto(261.81865977,384.01596937)(263.5911207,383.400735)(264.7629957,382.17026625)
\curveto(265.9348707,380.9397975)(266.5208082,379.07456312)(266.5208082,376.57456312)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(281.59405039,381.10093031)
\curveto(281.29131602,381.27671156)(280.95928477,381.40366468)(280.59795664,381.48178968)
\curveto(280.24639414,381.56968031)(279.85576914,381.61362562)(279.42608164,381.61362562)
\curveto(277.90264414,381.61362562)(276.73076914,381.11557875)(275.91045664,380.119485)
\curveto(275.09990977,379.13315687)(274.69463633,377.71225843)(274.69463633,375.85678968)
\lineto(274.69463633,367.21421156)
\lineto(271.98467539,367.21421156)
\lineto(271.98467539,383.62046156)
\lineto(274.69463633,383.62046156)
\lineto(274.69463633,381.07163343)
\curveto(275.26104258,382.06772718)(275.99834727,382.80503187)(276.90655039,383.2835475)
\curveto(277.81475352,383.77182875)(278.91826914,384.01596937)(280.21709727,384.01596937)
\curveto(280.40264414,384.01596937)(280.60772227,384.00132093)(280.83233164,383.97202406)
\curveto(281.05694102,383.95249281)(281.30596445,383.91831312)(281.57940195,383.869485)
\lineto(281.59405039,381.10093031)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(294.71905039,381.13022718)
\lineto(294.71905039,390.00718031)
\lineto(297.41436289,390.00718031)
\lineto(297.41436289,367.21421156)
\lineto(294.71905039,367.21421156)
\lineto(294.71905039,369.67514906)
\curveto(294.15264414,368.69858656)(293.4348707,367.9710475)(292.56573008,367.49253187)
\curveto(291.70635508,367.02378187)(290.67119883,366.78940687)(289.46026133,366.78940687)
\curveto(287.47783945,366.78940687)(285.86162852,367.5804225)(284.61162852,369.16245375)
\curveto(283.37139414,370.744485)(282.75127695,372.82456312)(282.75127695,375.40268812)
\curveto(282.75127695,377.98081312)(283.37139414,380.06089125)(284.61162852,381.6429225)
\curveto(285.86162852,383.22495375)(287.47783945,384.01596937)(289.46026133,384.01596937)
\curveto(290.67119883,384.01596937)(291.70635508,383.77671156)(292.56573008,383.29819593)
\curveto(293.4348707,382.82944593)(294.15264414,382.10678968)(294.71905039,381.13022718)
\closepath
\moveto(285.53448008,375.40268812)
\curveto(285.53448008,373.42026625)(285.93975352,371.86264906)(286.75030039,370.72983656)
\curveto(287.57061289,369.60678968)(288.69365977,369.04526625)(290.11944102,369.04526625)
\curveto(291.54522227,369.04526625)(292.66826914,369.60678968)(293.48858164,370.72983656)
\curveto(294.30889414,371.86264906)(294.71905039,373.42026625)(294.71905039,375.40268812)
\curveto(294.71905039,377.38511)(294.30889414,378.93784437)(293.48858164,380.06089125)
\curveto(292.66826914,381.19370375)(291.54522227,381.76011)(290.11944102,381.76011)
\curveto(288.69365977,381.76011)(287.57061289,381.19370375)(286.75030039,380.06089125)
\curveto(285.93975352,378.93784437)(285.53448008,377.38511)(285.53448008,375.40268812)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linewidth=0.79511738,linecolor=curcolor]
{
\newpath
\moveto(326.56734751,63.99997816)
\curveto(326.56734751,29.42560533)(287.57025341,1.39753828)(239.4649,1.39753828)
\curveto(191.35954659,1.39753828)(152.36245249,29.42560533)(152.36245249,63.99997816)
\curveto(152.36245249,98.57435099)(191.35954659,126.60241804)(239.4649,126.60241804)
\curveto(287.57025341,126.60241804)(326.56734751,98.57435099)(326.56734751,63.99997816)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linewidth=1,linecolor=curcolor]
{
\newpath
\moveto(406.4649,165.49997816)
\curveto(406.4649,74.3730029)(331.24873794,0.49999342)(238.4649,0.49999342)
\curveto(145.68106206,0.49999342)(70.4649,74.3730029)(70.4649,165.49997816)
\curveto(70.4649,256.62695342)(145.68106206,330.4999629)(238.4649,330.4999629)
\curveto(331.24873794,330.4999629)(406.4649,256.62695342)(406.4649,165.49997816)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linewidth=1.58789456,linecolor=curcolor]
{
\newpath
\moveto(460.24715,411.25230078)
\curveto(240.45544,7.44450078)(0.68267,411.25230078)(0.68267,411.25230078)
}
}
\end{pspicture}
\caption{$\mathsf{P}$, $\mathsf{NP}$, $\mathsf{NP}$-hard, and $\mathsf{NP}%
$-complete}%
\end{figure}
A priori, it's not completely obvious that $\mathsf{NP}$-hard\ or
$\mathsf{NP}$-complete problems even exist. \ The great discovery of
theoretical computer science in the 1970s was that hundreds of problems of
practical importance fall into these classes---giving order to what had
previously looked like a random assortment of incomparable hard problems.
\ Indeed, among the real-world $\mathsf{NP}$ problems that aren't known to be
in $\mathsf{P}$, the great majority (though not all of them) are known to be
$\mathsf{NP}$-complete.
More concretely, consider the following languages:
\begin{itemize}
\item \textsc{3Sat} is the language consisting of all Boolean formulas
$\varphi$\ over $n$ variables, which consist of ANDs of \textquotedblleft%
$3$-clauses\textquotedblright\ (i.e., ORs of up to $3$ variables or their
negations), such that there exists at least one assignment that satisfies
$\varphi$. \ (Or strictly speaking, all \textit{encodings} of such formulas as
binary strings, under some fixed encoding scheme whose details don't normally
matter.) \ Here's an example, for which one can check that there's \textit{no}
satisfying assignment:%
\[
\left( x\vee y\vee z\right) \wedge\left( \overline{x}\vee\overline{y}%
\vee\overline{z}\right) \wedge\left( x\vee\overline{y}\right) \wedge\left(
\overline{x}\vee y\right) \wedge\left( y\vee\overline{z}\right)
\wedge\left( \overline{y}\vee z\right)
\]
This translates to: at least one of $x,y,z$\ is true, at least one of
$x,y,z$\ is false, $x=y$, and $y=z$.
\item \textsc{HamiltonCycle} is the language consisting of all undirected
graphs, for which there exists a cycle that visits each vertex exactly once:
that is, a Hamilton cycle. \ (Again, here we mean all \textit{encodings} of
graphs as bit strings, under some fixed encoding scheme. \ For a string to
belong to \textsc{HamiltonCycle}, it must be a valid encoding of some graph,
\textit{and} that graph must contain a Hamilton cycle.)
\item \textsc{TSP} (Traveling Salesperson Problem) is the language consisting
of all encodings of ordered pairs $\left\langle G,k\right\rangle $, such that
$G$ is a graph with positive integer weights, $k$ is a positive integer, and
$G$ has a Hamilton cycle of total weight at most $k$.
\item \textsc{Clique} is the language consisting of all encodings of
undirected graphs $G$, and positive integers $k$, such that $G$ contains a
clique (i.e., a subset of vertices all connected to each other) with at least
$k$ vertices.
\item \textsc{SubsetSum} is the language consisting of all encodings of
positive integer tuples $\left\langle a_{1},\ldots,a_{k},b\right\rangle $, for
which there exists a subset of the $a_{i}$'s that sums to $b$.
\item \textsc{Col}\ is the language consisting of all encodings of undirected
graphs $G$, and positive integers $k$, such that $G$ is $k$\textit{-colorable}
(that is, each vertex of $G$ can be colored one of $k$ colors, so that no two
adjacent vertices are colored the same).
\end{itemize}
All of these languages are easily seen to be in $\mathsf{NP}$: for example,
\textsc{3Sat}\ is in $\mathsf{NP}$\ because we can simply give a satisfying
assignment to $\varphi$\ as a yes-witness, \textsc{HamiltonCycle} is in
$\mathsf{NP}$ because we can give the Hamilton cycle, etc. \ The famous
\textit{Cook-Levin Theorem} says that one of these problems---\textsc{3Sat}%
---is also $\mathsf{NP}$-hard, and hence $\mathsf{NP}$-complete.
\begin{theorem}
[Cook-Levin Theorem \cite{cook,levin:pnp}]\label{cooklevin}\textsc{3Sat} is
$\mathsf{NP}$-complete.
\end{theorem}
A proof of Theorem \ref{cooklevin}\ can be found in any theory of computing
textbook (for example, \cite{sipser:book}). \ Here I'll confine myself to
saying that Theorem \ref{cooklevin}\ can be proved in three steps, each of
them routine from today's standpoint:
\begin{enumerate}
\item[(1)] One constructs an artificial language that's \textquotedblleft%
$\mathsf{NP}$-complete essentially by definition\textquotedblright: for
example,%
\[
L=\left\{ \left( \left\langle M\right\rangle ,x,0^{s},0^{t}\right) :\exists
w\in\left\{ 0,1\right\} ^{s}~\text{such that }M\left( x,w\right)
~\text{accepts in }\leq t\text{\ steps}\right\} ,
\]
where $\left\langle M\right\rangle $\ is a description of the Turing machine
$M$. \ (Here $s$\ and $t$ are encoded in so-called \textquotedblleft unary
notation,\textquotedblright\ to prevent a polynomial-size input from
corresponding to an exponentially-large witness string or exponential amount
of time, and thereby keep $L$\ in $\mathsf{NP}$.)
\item[(2)] One then reduces $L$ to the \textsc{CircuitSat} problem, where
we're given as input a description of a Boolean circuit $C$\ built of AND, OR,
and NOT gates, and asked whether there exists an assignment $x\in\left\{
0,1\right\} ^{n}$\ for the input bits such that $C\left( x\right) =1$. \ To
give this reduction, in turn, is more like electrical engineering than
mathematics: given a Turing machine $M$, one simply builds up a Boolean logic
circuit that simulates the action of $M$ on the input $\left( x,w\right)
$\ for $t$ time steps, whose size is polynomial in the parameters $\left\vert
\left\langle M\right\rangle \right\vert $, $\left\vert x\right\vert $, $s$,
and $t$, and which outputs $1$ if and only if $M$\ ever enters its accept state.
\item[(3)] Finally, one reduces \textsc{CircuitSat}\ to \textsc{3Sat}, by
creating a new variable for each gate in the Boolean circuit $C$, and then
creating clauses to enforce that the variable for each gate $G$ equals the
AND, OR, or NOT (as appropriate) of the variables for $G$'s inputs. \ For
example, one can express the constraint $a\wedge b=c$\ by%
\[
\left( a\vee\overline{c}\right) \wedge\left( b\vee\overline{c}\right)
\wedge\left( \overline{a}\vee\overline{b}\vee c\right) .
\]
One then constrains the variable for the final output gate to be $1$, yielding
a \textsc{3Sat}\ instance $\varphi$\ that is satisfiable if and only if the
\textsc{CircuitSat}\ instance was (i.e., iff there existed an $x$\ such that
$C\left( x\right) =1$).
\end{enumerate}
Note that the algorithms to reduce $L$ to \textsc{CircuitSat}\ and
\textsc{CircuitSat}\ to \textsc{3Sat}---i.e., to convert $M$ to $C$ and $C$ to
$\varphi$---run in polynomial time (actually linear time), so we indeed
preserve $\mathsf{NP}$-hardness. \ Also, the reason for the $3$\ in
\textsc{3Sat}\ is simply that an AND or OR gate has one output bit and two
input bits, so it relates three bits in total. \ The analogous \textsc{2Sat}%
\ problem turns out to be in $\mathsf{P}$.
Once one knows that \textsc{3Sat} is $\mathsf{NP}$-complete, \textquotedblleft
the floodgates are open.\textquotedblright\ \ One can then prove that
countless other $\mathsf{NP}$\ problems are $\mathsf{NP}$-complete\ by
reducing \textsc{3Sat}\ to them, and then reducing those problems to others,
and so on. \ The first indication of how pervasive $\mathsf{NP}$-completeness
really was came from\ Karp \cite{karp} in 1972. \ He showed, among many other results:
\begin{theorem}
[Karp \cite{karp}]\textsc{HamiltonCycle}, \textsc{TSP}, \textsc{Clique},
\textsc{SubsetSum}, and\ \textsc{Col}\ are all $\mathsf{NP}$-complete.
\end{theorem}
Today, so many combinatorial search problems have been proven $\mathsf{NP}%
$-complete that, whenever one encounters a new such problem, a useful rule of
thumb is that it's \textquotedblleft$\mathsf{NP}$-complete unless it has a
good reason not to be\textquotedblright!
Note that, if any $\mathsf{NP}$-complete problem is in $\mathsf{P}$, then all
of them are, and $\mathsf{P}=\mathsf{NP}$ (since every $\mathsf{NP}$\ problem
can first be reduced to the $\mathsf{NP}$-complete one, and then solved in
polynomial time). \ Conversely, if any $\mathsf{NP}$-complete problem is not
in $\mathsf{P}$, then none of them are, and $\mathsf{P\neq NP}$.
One application of $\mathsf{NP}$-completeness is to reduce the number of
logical quantifiers needed to state the $\mathsf{P\neq NP}$\ conjecture, and
thereby make it intuitively easier to grasp. \ A $\Sigma_{k}$%
\textit{-sentence} is a sentence with $k$ quantifiers over integers (or
objects that can be encoded as integers), beginning with an existential
($\exists$) quantifier; a $\Pi_{k}$\textit{-sentence} also has $k$%
\ quantifiers, but begins with a universal ($\forall$) quantifier. \ Let
$\mathcal{T}$\ be the set of all Turing machines, and let $\mathcal{P}$\ be
the set of all polynomials. \ Also, given a language $L$, let $L\left(
x\right) $\ be the \textit{characteristic function} of $L$: that is,
$L\left( x\right) =1$\ if $x\in L$\ and $L\left( x\right) =0$\ otherwise.
\ Then a \textquotedblleft na\"{\i}ve\textquotedblright\ statement of
$\mathsf{P\neq NP}$\ would be as a $\Sigma_{3}$-sentence:%
\[
\exists L\in\mathsf{NP}~\forall M\in\mathcal{T},~p\in\mathcal{P}~\exists
x~\left( M\left( x\right) \neq L\left( x\right) \vee M\left( x\right)
\text{ runs for}>p\left( \left\vert x\right\vert \right) \text{
steps}\right) .
\]
(Here, by quantifying over all languages in $\mathsf{NP}$, we really mean
quantifying over all verification algorithms that define such languages.)
\ But once we know that \textsc{3Sat}\ (for example) is $\mathsf{NP}%
$-complete, we can state $\mathsf{P\neq NP}$\ as just a $\Pi_{2}$-sentence:%
\[
\forall M\in\mathcal{T},~p\in\mathcal{P}~\exists x~\left( M\left( x\right)
\neq\text{\textsc{3Sat}}\left( x\right) \vee M\left( x\right) \text{ runs
for}>p\left( \left\vert x\right\vert \right) \text{ steps}\right) .
\]
In words, we can pick any $\mathsf{NP}$-complete problem we like; then
$\mathsf{P}\neq\mathsf{NP}$\ is equivalent to the statement that \textit{that}
problem is not in $\mathsf{P}$.
\subsection{Other Core Concepts}
A few more concepts give a fuller picture of the $\mathsf{P}\overset{?}{=}%
\mathsf{NP}$\ question, and will be referred to later in the survey. \ In this
section, I'll restrict myself to concepts that were explored in the 1970s,
around the same time as $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ itself was
formulated, and that are covered alongside $\mathsf{P}\overset{?}{=}%
\mathsf{NP}$ in undergraduate textbooks. \ Other important concepts, such as
nonuniformity, randomness, and one-way functions, will be explained as needed
in Section \ref{VAR}.
\subsubsection{Search, Decision, and Optimization}
For technical convenience, $\mathsf{P}$\ and $\mathsf{NP}$\ are defined in
terms of languages or \textquotedblleft decision problems,\textquotedblright%
\ which have a single yes-or-no bit as the desired output (i.e., given an
input $x$, is $x\in L$?). \ To put practical problems into this decision
format, typically we ask something like: \textit{does there exist} a solution
that satisfies the following list of constraints? \ But of course, in real
life we don't merely want to know whether a solution exists; we want to
\textit{find} a solution whenever there is one! \ And given the many examples
in mathematics where explicitly finding an object is harder than proving its
existence, one might worry that this would also occur here. \ Fortunately,
though, shifting our focus from decision problems to search problems\ doesn't
change the $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ question at all, because of
the following classic observation.
\begin{proposition}
\label{searchdec}If $\mathsf{P}=\mathsf{NP}$, then for every language
$L\in\mathsf{NP}$ (defined by a verifier $M$), there's a polynomial-time
algorithm that, for all $x\in L$, actually finds a witness $w\in\left\{
0,1\right\} ^{p\left( n\right) }$\ such that $M\left( x,w\right) $ accepts.
\end{proposition}
\begin{proof}
The idea is to learn the bits of an accepting witness $w=w_{1}\cdots
w_{p\left( n\right) }$\ one by one, by asking a series of $\mathsf{NP}$
decision questions. \ For example:
\begin{itemize}
\item Does there exist a $w$\ such that $M\left( x,w\right) $ accepts and
$w_{1}=0$?
\end{itemize}
If the answer is \textquotedblleft yes,\textquotedblright\ then next ask:
\begin{itemize}
\item Does there exist a $w$\ such that $M\left( x,w\right) $ accepts,
$w_{1}=0$, and $w_{2}=0$?
\end{itemize}
Otherwise, next ask:
\begin{itemize}
\item Does there exist a $w$\ such that $M\left( x,w\right) $ accepts,
$w_{1}=1$, and $w_{2}=0$?
\end{itemize}
Continue in this manner until all $p\left( n\right) $\ bits of $w$\ have
been set. \ (This can also be seen as a binary search on the set
of\ $2^{p\left( n\right) }$\ possible witnesses.)
\end{proof}
Note that there \textit{are} problems for which finding a solution is believed
to be much harder than deciding whether one exists. \ A classic example, as it
happens, is the problem of finding a Nash equilibrium of a matrix game. \ Here
Nash's theorem guarantees that an equilibrium always exists, but an important
2006 result of Daskalakis et al.\ \cite{dgp}\ gave evidence that there's no
polynomial-time algorithm to \textit{find} an
equilibrium.\footnote{Technically, Daskalakis et al.\ showed that the search
problem of finding a Nash equilibrium is complete for a complexity class
called $\mathsf{PPAD}$. \ This could be loosely interpreted as saying that the
problem is \textquotedblleft as close to $\mathsf{NP}$-hard as it could
possibly be, subject to Nash's theorem showing why the decision version is
trivial.\textquotedblright} \ The upshot of Proposition \ref{searchdec}\ is
just that search and decision are equivalent for the $\mathsf{NP}%
$\textit{-complete} problems.
In practice, perhaps even more common than search problems are
\textit{optimization problems}, where we have some efficiently-computable cost
function, say $C:\left\{ 0,1\right\} ^{n}\rightarrow\left\{ 0,1,\ldots
,2^{p\left( n\right) }\right\} $, and the goal is to find a solution
$x\in\left\{ 0,1\right\} ^{n}$ that minimizes $C\left( x\right) $.
\ Fortunately, we can always reduce\ optimization problems to\ search and
decision problems, by simply asking to find a solution $x$ such that $C\left(
x\right) \leq K$, and doing a binary search to find the smallest $K$\ for
which such an $x$ still exists. \ So again, if $\mathsf{P}=\mathsf{NP}$\ then
all $\mathsf{NP}$\ optimization problems are solvable in polynomial time. \ On
the other hand, it's important to remember that, while \textquotedblleft is
there an $x$\ such that $C\left( x\right) \leq K$?\textquotedblright\ is an
$\mathsf{NP}$\ question, \textquotedblleft does $\min_{x}C\left( x\right)
=K$?\textquotedblright\ and \textquotedblleft does $x^{\ast}$\ minimize
$C\left( x\right) $?\textquotedblright\ are presumably \textit{not}
$\mathsf{NP}$\ questions in general, because no single $x$\ is a witness to a yes-answer.
More generally, the fact that decision, search, and optimization all hinge on
the same $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ question has meant that many
people, including experts, freely abuse language by referring to search and
optimization problems as \textquotedblleft$\mathsf{NP}$%
-complete.\textquotedblright\ \ Strictly they should call such problems
$\mathsf{NP}$-hard---we defined $\mathsf{NP}$-hardness for languages, but the
concept can be generalized to search and optimization problems---while
reserving \textquotedblleft$\mathsf{NP}$-complete\textquotedblright\ for
suitable associated decision problems.
\subsubsection{The Twilight Zone: Between $\mathsf{P}$\ and $\mathsf{NP}%
$-complete}
We say a language $L$ is $\mathsf{NP}$-\textit{intermediate} if $L\in
\mathsf{NP}$, but $L$\ is neither in $\mathsf{P}$\ nor $\mathsf{NP}$-complete.
\ Based on experience, one might hope not only that $\mathsf{P}\neq
\mathsf{NP}$, but that there'd be a \textit{dichotomy}, with all $\mathsf{NP}%
$\ problems either in $\mathsf{P}$\ or else $\mathsf{NP}$-complete. \ However,
a classic result by Ladner \cite{ladner}\ rules that possibility out.
\begin{theorem}
[Ladner \cite{ladner}]\label{ladnerthm}If $\mathsf{P}\neq\mathsf{NP}$, then
there exist $\mathsf{NP}$-intermediate languages.
\end{theorem}
While Theorem \ref{ladnerthm}\ is theoretically important, the $\mathsf{NP}%
$-intermediate\ problems that it yields are extremely artificial (requiring
diagonalization to construct). \ On the other hand, as we'll see, there are
also problems of real-world importance---particularly in cryptography,
algebra, and number theory---that are believed to be $\mathsf{NP}%
$-intermediate, and a\ proof of $\mathsf{P}\neq\mathsf{NP}$\ could leave the
status of those problems open. \ (Of course, a proof of $\mathsf{P}%
=\mathsf{NP}$\ would mean there were \textit{no} $\mathsf{NP}$-intermediate
problems, since every $\mathsf{NP}$\ problem would then be both $\mathsf{NP}%
$-complete\ and in $\mathsf{P}$.)
\subsubsection{$\mathsf{coNP}$ and the Polynomial Hierarchy\label{PH}}
Let $\overline{L}=\left\{ 0,1\right\} ^{\ast}\setminus L$\ be the
\textit{complement} of $L$: that is, the set of strings not in $L$. \ Then the
complexity class%
\[
\mathsf{coNP}:=\left\{ \overline{L}:L\in\mathsf{NP}\right\}
\]
consists of the complements of all languages in $\mathsf{NP}$. \ Note that
this is \textit{not} the same as $\overline{\mathsf{NP}}$, the set of all
non-$\mathsf{NP}$ languages! \ Rather, $L\in\mathsf{coNP}$\ means that
whenever $x\notin L$, there's a short proof of non-membership that can be
efficiently verified. \ If $L\in\mathsf{NP}$, then $\overline{L}%
\in\mathsf{coNP}$ and vice versa. \ Likewise, if $L$ is $\mathsf{NP}%
$-complete, then $\overline{L}$\ is $\mathsf{coNP}$-complete (that is, in
$\mathsf{coNP}$\ and $\mathsf{NP}$-hard) and vice versa. \ So for example,
along with the $\mathsf{NP}$-complete\ satisfiability we have the
$\mathsf{coNP}$-complete \textit{un}satisfiability, along with the
$\mathsf{NP}$-complete\ \textsc{HamiltonCycle} we have the $\mathsf{coNP}%
$-complete\ $\overline{\text{\textsc{HamiltonCycle}}}$\ (consisting of all
encodings of graphs that \textit{lack} a Hamilton cycle), etc.
A natural question is whether $\mathsf{NP}$\ is \textit{closed under
complement}: that is, whether $\mathsf{NP}=\mathsf{coNP}$. \ If $\mathsf{P}%
=\mathsf{NP}$, then certainly $\mathsf{P}=\mathsf{coNP}$, and hence
$\mathsf{NP}=\mathsf{coNP}$\ also. \ On the other hand, we could imagine a
world where $\mathsf{NP}=\mathsf{coNP}$\ even though $\mathsf{P}%
\neq\mathsf{NP}$. \ In that world, there would always be short proofs of
\textit{un}satisfiability (or of the \textit{non}existence of cliques,
Hamilton cycles, etc.), but those proofs could be intractable to find. \ A
generalization of the $\mathsf{P}\neq\mathsf{NP}$\ conjecture says that this
doesn't happen:
\begin{conjecture}
$\mathsf{NP}\neq\mathsf{coNP}$.
\end{conjecture}
A further generalization of $\mathsf{P}$, $\mathsf{NP}$, and $\mathsf{coNP}$
is the \textit{polynomial hierarchy} $\mathsf{PH}$. \ Defined by analogy with
the \textit{arithmetic hierarchy} in computability theory, $\mathsf{PH}$\ is
an infinite sequence of classes whose zeroth level equals $\mathsf{P}$,\ and
whose $k^{th}$ level (for $k\geq1$) consists of all problems that are in
$\mathsf{P}^{L}$\ or $\mathsf{NP}^{L}$\ or $\mathsf{coNP}^{L}$, for some
language $L$ in the $\left( k-1\right) ^{st}$ level. \ More succinctly, we
write $\mathsf{\Sigma}_{0}^{\mathsf{P}}=\mathsf{P}$, and%
\[
\mathsf{\Delta}_{k}^{\mathsf{P}}=\mathsf{P}^{\mathsf{\Sigma}_{k-1}%
^{\mathsf{P}}},~~~~~\mathsf{\Sigma}_{k}^{\mathsf{P}}=\mathsf{NP}%
^{\mathsf{\Sigma}_{k-1}^{\mathsf{P}}},~~~~~\mathsf{\Pi}_{k}^{\mathsf{P}%
}=\mathsf{coNP}^{\mathsf{\Sigma}_{k-1}^{\mathsf{P}}}%
\]
for all $k\geq1$.\footnote{In defining the $k^{th}$\ level of the hierarchy,
we could also have given oracles for $\mathsf{\Pi}_{k-1}^{\mathsf{P}}$ rather
than $\Sigma_{k-1}^{\mathsf{P}}$: it doesn't matter. \ Note also that
\textquotedblleft an oracle for complexity class $\mathcal{C}$%
\textquotedblright\ should be read as \textquotedblleft an oracle for any
$\mathcal{C}$-complete language $L$.\textquotedblright} \ A more intuitive
definition of $\mathsf{PH}$\ is as the class of languages that are definable
using a polynomial-time predicate with a constant number of alternating
universal and existential quantifiers: for example, $L\in\mathsf{\Pi}%
_{2}^{\mathsf{P}}$\ if and only if there exists a polynomial-time machine $M$
and polynomial $p$ such that for all $x$,%
\[
x\in L~\Longleftrightarrow~\forall w\in\left\{ 0,1\right\} ^{p\left(
\left\vert x\right\vert \right) }\exists z\in\left\{ 0,1\right\} ^{p\left(
\left\vert x\right\vert \right) }~M\left( x,w,z\right) ~\text{accepts.}%
\]
$\mathsf{NP}$ is then the special case with just one existential quantifier,
over witness strings $w$.
If $\mathsf{P}=\mathsf{NP}$, then the entire $\mathsf{PH}$ \textquotedblleft
recursively unwinds\textquotedblright\ down to $\mathsf{P}$: for example,%
\[
\mathsf{\Sigma}_{2}^{\mathsf{P}}=\mathsf{NP}^{\mathsf{NP}}=\mathsf{NP}%
^{\mathsf{P}}=\mathsf{NP}=\mathsf{P.}%
\]
Moreover, one can show that if $\mathsf{\Sigma}_{k}^{\mathsf{P}}=\mathsf{\Pi
}_{k}^{\mathsf{P}}$\ or $\mathsf{\Sigma}_{k}^{\mathsf{P}}=\mathsf{\Sigma
}_{k+1}^{\mathsf{P}}$\ for any $k$, then all the levels above the $k^{th}%
$\ come \textquotedblleft crashing down\textquotedblright\ to $\mathsf{\Sigma
}_{k}^{\mathsf{P}}=\mathsf{\Pi}_{k}^{\mathsf{P}}$. \ So for example, if
$\mathsf{NP}=\mathsf{coNP}$,\ then $\mathsf{PH}=\mathsf{NP}=\mathsf{coNP}$\ as
well. \ On the other hand, a collapse at the $k^{th}$ level isn't known to
imply a collapse at any \textit{lower} level. \ Thus, we get an infinite
sequence of stronger and stronger conjectures: first $\mathsf{P}%
\neq\mathsf{NP}$, then $\mathsf{NP}\neq\mathsf{coNP}$, then $\mathsf{\Sigma
}_{2}^{\mathsf{P}}\neq\mathsf{\Pi}_{2}^{\mathsf{P}}$, and so on. \ In the
limit, we can conjecture the following:
\begin{conjecture}
\label{phinfinite}All the levels of $\mathsf{PH}$\ are distinct---i.e., the
infinite hierarchy is strict.
\end{conjecture}
This is a generalization of $\mathsf{P}\neq\mathsf{NP}$\ that many computer
scientists believe---an intuition being that it would seem strange for the
hierarchy to collapse at, say, the $37^{th}$\ level, without collapsing all
the way down to $\mathsf{P}$\ or $\mathsf{NP}$. \ Conjecture \ref{phinfinite}
has many important consequences that aren't known to follow from
$\mathsf{P}\neq\mathsf{NP}$\ itself.
It's also interesting to consider $\mathsf{NP}\cap\mathsf{coNP}$, which is the
class of languages that admit short, easily-checkable proofs for both
membership \textit{and} non-membership. \ Here's yet another strengthening of
the $\mathsf{P}\neq\mathsf{NP}$\ conjecture:
\begin{conjecture}
$\mathsf{P\neq NP}\cap\mathsf{coNP}$.
\end{conjecture}
Of course, if $\mathsf{NP}=\mathsf{coNP}$, then the $\mathsf{P\overset{?}{=}%
NP}\cap\mathsf{coNP}$\ question becomes equivalent to the original
$\mathsf{P}\overset{?}{=}\mathsf{NP}$\ question. \ But it's conceivable that
$\mathsf{P}=\mathsf{NP}\cap\mathsf{coNP}$\ even if $\mathsf{NP}\neq
\mathsf{coNP}$.
\begin{figure}[ptb]
\centering
\label{phfig}
\par
\psset{xunit=.5pt,yunit=.5pt,runit=.5pt}
\begin{pspicture}(213.34820695,235.54919986)
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(104.66213711,50.86783076)
\lineto(104.66213711,43.33487178)
\lineto(108.07278164,43.33487178)
\curveto(109.33498867,43.33487178)(110.31073737,43.66161331)(111.00002773,44.31509639)
\curveto(111.6893181,44.96857946)(112.03396328,45.89956904)(112.03396328,47.10806514)
\curveto(112.03396328,48.30760941)(111.6893181,49.23412308)(111.00002773,49.88760615)
\curveto(110.31073737,50.54108922)(109.33498867,50.86783076)(108.07278164,50.86783076)
\lineto(104.66213711,50.86783076)
\closepath
\moveto(101.94973477,53.09683467)
\lineto(108.07278164,53.09683467)
\curveto(110.31968919,53.09683467)(112.01605964,52.58658076)(113.16189297,51.56607295)
\curveto(114.31667813,50.55451696)(114.8940707,49.06851435)(114.8940707,47.10806514)
\curveto(114.8940707,45.12971227)(114.31667813,43.63475784)(113.16189297,42.62320185)
\curveto(112.01605964,41.61164587)(110.31968919,41.10586787)(108.07278164,41.10586787)
\lineto(104.66213711,41.10586787)
\lineto(104.66213711,33.04922725)
\lineto(101.94973477,33.04922725)
\lineto(101.94973477,53.09683467)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(149.40041836,117.51089717)
\lineto(149.40041836,115.20132685)
\curveto(148.70217617,115.58625524)(147.99945807,115.87271357)(147.29226406,116.06070185)
\curveto(146.59402188,116.25764196)(145.88682786,116.35611201)(145.17068203,116.35611201)
\curveto(143.56830573,116.35611201)(142.32400234,115.8458581)(141.43777188,114.82535029)
\curveto(140.55154141,113.8137943)(140.10842617,112.39045446)(140.10842617,110.55533076)
\curveto(140.10842617,108.72020706)(140.55154141,107.29239131)(141.43777188,106.2718835)
\curveto(142.32400234,105.26032751)(143.56830573,104.75454951)(145.17068203,104.75454951)
\curveto(145.88682786,104.75454951)(146.59402188,104.84854365)(147.29226406,105.03653193)
\curveto(147.99945807,105.23347204)(148.70217617,105.52440628)(149.40041836,105.90933467)
\lineto(149.40041836,103.62661982)
\curveto(148.71112799,103.3043542)(147.99498216,103.06265498)(147.25198086,102.90152217)
\curveto(146.51793138,102.74038935)(145.73464688,102.65982295)(144.90212734,102.65982295)
\curveto(142.63731615,102.65982295)(140.83799974,103.37149287)(139.50417813,104.79483271)
\curveto(138.17035651,106.21817256)(137.5034457,108.13833857)(137.5034457,110.55533076)
\curveto(137.5034457,113.00813024)(138.17483242,114.93724808)(139.51760586,116.34268428)
\curveto(140.86933112,117.74812047)(142.71788255,118.45083857)(145.06326016,118.45083857)
\curveto(145.8241651,118.45083857)(146.56716641,118.37027217)(147.29226406,118.20913935)
\curveto(148.01736172,118.05695837)(148.72007982,117.82421097)(149.40041836,117.51089717)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(159.55178555,116.35611201)
\curveto(158.22691576,116.35611201)(157.17955247,115.83690628)(156.4096957,114.79849482)
\curveto(155.63983893,113.76903519)(155.25491055,112.35464717)(155.25491055,110.55533076)
\curveto(155.25491055,108.75601435)(155.63536302,107.33715042)(156.39626797,106.29873896)
\curveto(157.16612474,105.26927933)(158.21796393,104.75454951)(159.55178555,104.75454951)
\curveto(160.86770352,104.75454951)(161.91059089,105.27375524)(162.68044766,106.3121667)
\curveto(163.45030443,107.35057816)(163.83523281,108.76496618)(163.83523281,110.55533076)
\curveto(163.83523281,112.33674352)(163.45030443,113.74665563)(162.68044766,114.78506709)
\curveto(161.91059089,115.83243037)(160.86770352,116.35611201)(159.55178555,116.35611201)
\closepath
\moveto(159.55178555,118.45083857)
\curveto(161.70022305,118.45083857)(163.38764167,117.75259639)(164.61404141,116.35611201)
\curveto(165.84044115,114.95962764)(166.45364102,113.02603389)(166.45364102,110.55533076)
\curveto(166.45364102,108.09357946)(165.84044115,106.15998571)(164.61404141,104.75454951)
\curveto(163.38764167,103.35806514)(161.70022305,102.65982295)(159.55178555,102.65982295)
\curveto(157.39439622,102.65982295)(155.70250169,103.35806514)(154.47610195,104.75454951)
\curveto(153.25865404,106.15998571)(152.64993008,108.09357946)(152.64993008,110.55533076)
\curveto(152.64993008,113.02603389)(153.25865404,114.95962764)(154.47610195,116.35611201)
\curveto(155.70250169,117.75259639)(157.39439622,118.45083857)(159.55178555,118.45083857)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(170.64309414,123.09683467)
\lineto(174.29543789,123.09683467)
\lineto(183.18459805,106.32559443)
\lineto(183.18459805,123.09683467)
\lineto(185.81643398,123.09683467)
\lineto(185.81643398,103.04922725)
\lineto(182.16409023,103.04922725)
\lineto(173.27493008,119.82046748)
\lineto(173.27493008,103.04922725)
\lineto(170.64309414,103.04922725)
\lineto(170.64309414,123.09683467)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(193.92678555,120.86783076)
\lineto(193.92678555,113.33487178)
\lineto(197.33743008,113.33487178)
\curveto(198.59963711,113.33487178)(199.57538581,113.66161331)(200.26467617,114.31509639)
\curveto(200.95396654,114.96857946)(201.29861172,115.89956904)(201.29861172,117.10806514)
\curveto(201.29861172,118.30760941)(200.95396654,119.23412308)(200.26467617,119.88760615)
\curveto(199.57538581,120.54108922)(198.59963711,120.86783076)(197.33743008,120.86783076)
\lineto(193.92678555,120.86783076)
\closepath
\moveto(191.2143832,123.09683467)
\lineto(197.33743008,123.09683467)
\curveto(199.58433763,123.09683467)(201.28070807,122.58658076)(202.42654141,121.56607295)
\curveto(203.58132656,120.55451696)(204.15871914,119.06851435)(204.15871914,117.10806514)
\curveto(204.15871914,115.12971227)(203.58132656,113.63475784)(202.42654141,112.62320185)
\curveto(201.28070807,111.61164587)(199.58433763,111.10586787)(197.33743008,111.10586787)
\lineto(193.92678555,111.10586787)
\lineto(193.92678555,103.04922725)
\lineto(191.2143832,103.04922725)
\lineto(191.2143832,123.09683467)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(27.41409023,122.34683467)
\lineto(31.06643398,122.34683467)
\lineto(39.95559414,105.57559443)
\lineto(39.95559414,122.34683467)
\lineto(42.58743008,122.34683467)
\lineto(42.58743008,102.29922725)
\lineto(38.93508633,102.29922725)
\lineto(30.04592617,119.07046748)
\lineto(30.04592617,102.29922725)
\lineto(27.41409023,102.29922725)
\lineto(27.41409023,122.34683467)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(50.69778164,120.11783076)
\lineto(50.69778164,112.58487178)
\lineto(54.10842617,112.58487178)
\curveto(55.3706332,112.58487178)(56.3463819,112.91161331)(57.03567227,113.56509639)
\curveto(57.72496263,114.21857946)(58.06960781,115.14956904)(58.06960781,116.35806514)
\curveto(58.06960781,117.55760941)(57.72496263,118.48412308)(57.03567227,119.13760615)
\curveto(56.3463819,119.79108922)(55.3706332,120.11783076)(54.10842617,120.11783076)
\lineto(50.69778164,120.11783076)
\closepath
\moveto(47.9853793,122.34683467)
\lineto(54.10842617,122.34683467)
\curveto(56.35533372,122.34683467)(58.05170417,121.83658076)(59.1975375,120.81607295)
\curveto(60.35232266,119.80451696)(60.92971523,118.31851435)(60.92971523,116.35806514)
\curveto(60.92971523,114.37971227)(60.35232266,112.88475784)(59.1975375,111.87320185)
\curveto(58.05170417,110.86164587)(56.35533372,110.35586787)(54.10842617,110.35586787)
\lineto(50.69778164,110.35586787)
\lineto(50.69778164,102.29922725)
\lineto(47.9853793,102.29922725)
\lineto(47.9853793,122.34683467)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(73.53884609,97.48428584)
\lineto(75.53103359,97.48428584)
\lineto(80.37966641,88.33633662)
\lineto(80.37966641,97.48428584)
\lineto(81.81521328,97.48428584)
\lineto(81.81521328,86.54922725)
\lineto(79.82302578,86.54922725)
\lineto(74.97439297,95.69717646)
\lineto(74.97439297,86.54922725)
\lineto(73.53884609,86.54922725)
\lineto(73.53884609,97.48428584)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(86.23904141,96.26846553)
\lineto(86.23904141,92.15957881)
\lineto(88.09939297,92.15957881)
\curveto(88.78786953,92.15957881)(89.32009609,92.33780146)(89.69607266,92.69424678)
\curveto(90.07204922,93.05069209)(90.2600375,93.55850459)(90.2600375,94.21768428)
\curveto(90.2600375,94.87198115)(90.07204922,95.37735225)(89.69607266,95.73379756)
\curveto(89.32009609,96.09024287)(88.78786953,96.26846553)(88.09939297,96.26846553)
\lineto(86.23904141,96.26846553)
\closepath
\moveto(84.75954922,97.48428584)
\lineto(88.09939297,97.48428584)
\curveto(89.32497891,97.48428584)(90.25027188,97.20596553)(90.87527188,96.6493249)
\curveto(91.50515469,96.09756709)(91.82009609,95.28702021)(91.82009609,94.21768428)
\curveto(91.82009609,93.13858271)(91.50515469,92.32315303)(90.87527188,91.77139521)
\curveto(90.25027188,91.2196374)(89.32497891,90.9437585)(88.09939297,90.9437585)
\lineto(86.23904141,90.9437585)
\lineto(86.23904141,86.54922725)
\lineto(84.75954922,86.54922725)
\lineto(84.75954922,97.48428584)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(94.27370938,90.88516475)
\curveto(94.27370938,92.33047725)(94.57156094,93.41690303)(95.16726406,94.14444209)
\curveto(95.76785,94.87198115)(96.65652188,95.23575068)(97.83327969,95.23575068)
\curveto(99.00515469,95.23575068)(99.88894375,94.87198115)(100.48464688,94.14444209)
\curveto(101.08523281,93.41690303)(101.38552578,92.33047725)(101.38552578,90.88516475)
\lineto(101.38552578,86.54922725)
\lineto(100.12576016,86.54922725)
\lineto(100.12576016,90.70205928)
\curveto(100.12576016,91.89346553)(99.94509609,92.74551631)(99.58376797,93.25821162)
\curveto(99.22243984,93.77578975)(98.63894375,94.03457881)(97.83327969,94.03457881)
\curveto(97.02273281,94.03457881)(96.43679531,93.77578975)(96.07546719,93.25821162)
\curveto(95.71413906,92.74551631)(95.533475,91.89346553)(95.533475,90.70205928)
\lineto(95.533475,86.54922725)
\lineto(94.27370938,86.54922725)
\lineto(94.27370938,90.88516475)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(110.64333828,94.43741084)
\lineto(110.64333828,93.17764521)
\curveto(110.26247891,93.38760615)(109.87917813,93.54385615)(109.49343594,93.64639521)
\curveto(109.11257656,93.75381709)(108.72683438,93.80752803)(108.33620938,93.80752803)
\curveto(107.46218594,93.80752803)(106.783475,93.52920771)(106.30007656,92.97256709)
\curveto(105.81667813,92.42080928)(105.57497891,91.64444209)(105.57497891,90.64346553)
\curveto(105.57497891,89.64248896)(105.81667813,88.86368037)(106.30007656,88.30703975)
\curveto(106.783475,87.75528193)(107.46218594,87.47940303)(108.33620938,87.47940303)
\curveto(108.72683438,87.47940303)(109.11257656,87.53067256)(109.49343594,87.63321162)
\curveto(109.87917813,87.7406335)(110.26247891,87.8993249)(110.64333828,88.10928584)
\lineto(110.64333828,86.86416865)
\curveto(110.26736172,86.6883874)(109.87673672,86.55655146)(109.47146328,86.46866084)
\curveto(109.07107266,86.38077021)(108.64382656,86.3368249)(108.189725,86.3368249)
\curveto(106.95437344,86.3368249)(105.97292813,86.7250085)(105.24538906,87.50137568)
\curveto(104.51785,88.27774287)(104.15408047,89.32510615)(104.15408047,90.64346553)
\curveto(104.15408047,91.98135615)(104.52029141,93.03360225)(105.25271328,93.80020381)
\curveto(105.99001797,94.56680537)(106.99831875,94.95010615)(108.27761563,94.95010615)
\curveto(108.69265469,94.95010615)(109.09792813,94.90616084)(109.49343594,94.81827021)
\curveto(109.88894375,94.7352624)(110.27224453,94.60830928)(110.64333828,94.43741084)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(116.18044766,93.80752803)
\curveto(115.45779141,93.80752803)(114.88650234,93.5243249)(114.46658047,92.95791865)
\curveto(114.04665859,92.39639521)(113.83669766,91.62491084)(113.83669766,90.64346553)
\curveto(113.83669766,89.66202021)(114.04421719,88.88809443)(114.45925625,88.32168818)
\curveto(114.87917813,87.76016475)(115.45290859,87.47940303)(116.18044766,87.47940303)
\curveto(116.89822109,87.47940303)(117.46706875,87.76260615)(117.88699063,88.3290124)
\curveto(118.3069125,88.89541865)(118.51687344,89.66690303)(118.51687344,90.64346553)
\curveto(118.51687344,91.61514521)(118.3069125,92.38418818)(117.88699063,92.95059443)
\curveto(117.46706875,93.5218835)(116.89822109,93.80752803)(116.18044766,93.80752803)
\closepath
\moveto(116.18044766,94.95010615)
\curveto(117.35232266,94.95010615)(118.27273281,94.56924678)(118.94167813,93.80752803)
\curveto(119.61062344,93.04580928)(119.94509609,91.99112178)(119.94509609,90.64346553)
\curveto(119.94509609,89.30069209)(119.61062344,88.24600459)(118.94167813,87.47940303)
\curveto(118.27273281,86.71768428)(117.35232266,86.3368249)(116.18044766,86.3368249)
\curveto(115.00368984,86.3368249)(114.08083828,86.71768428)(113.41189297,87.47940303)
\curveto(112.74783047,88.24600459)(112.41579922,89.30069209)(112.41579922,90.64346553)
\curveto(112.41579922,91.99112178)(112.74783047,93.04580928)(113.41189297,93.80752803)
\curveto(114.08083828,94.56924678)(115.00368984,94.95010615)(116.18044766,94.95010615)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(122.23025234,97.48428584)
\lineto(124.22243984,97.48428584)
\lineto(129.07107266,88.33633662)
\lineto(129.07107266,97.48428584)
\lineto(130.50661953,97.48428584)
\lineto(130.50661953,86.54922725)
\lineto(128.51443203,86.54922725)
\lineto(123.66579922,95.69717646)
\lineto(123.66579922,86.54922725)
\lineto(122.23025234,86.54922725)
\lineto(122.23025234,97.48428584)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(134.93044766,96.26846553)
\lineto(134.93044766,92.15957881)
\lineto(136.79079922,92.15957881)
\curveto(137.47927578,92.15957881)(138.01150234,92.33780146)(138.38747891,92.69424678)
\curveto(138.76345547,93.05069209)(138.95144375,93.55850459)(138.95144375,94.21768428)
\curveto(138.95144375,94.87198115)(138.76345547,95.37735225)(138.38747891,95.73379756)
\curveto(138.01150234,96.09024287)(137.47927578,96.26846553)(136.79079922,96.26846553)
\lineto(134.93044766,96.26846553)
\closepath
\moveto(133.45095547,97.48428584)
\lineto(136.79079922,97.48428584)
\curveto(138.01638516,97.48428584)(138.94167813,97.20596553)(139.56667813,96.6493249)
\curveto(140.19656094,96.09756709)(140.51150234,95.28702021)(140.51150234,94.21768428)
\curveto(140.51150234,93.13858271)(140.19656094,92.32315303)(139.56667813,91.77139521)
\curveto(138.94167813,91.2196374)(138.01638516,90.9437585)(136.79079922,90.9437585)
\lineto(134.93044766,90.9437585)
\lineto(134.93044766,86.54922725)
\lineto(133.45095547,86.54922725)
\lineto(133.45095547,97.48428584)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(93.33254727,182.11783076)
\lineto(93.33254727,174.58487178)
\lineto(96.7431918,174.58487178)
\curveto(98.00539883,174.58487178)(98.98114753,174.91161331)(99.67043789,175.56509639)
\curveto(100.35972826,176.21857946)(100.70437344,177.14956904)(100.70437344,178.35806514)
\curveto(100.70437344,179.55760941)(100.35972826,180.48412308)(99.67043789,181.13760615)
\curveto(98.98114753,181.79108922)(98.00539883,182.11783076)(96.7431918,182.11783076)
\lineto(93.33254727,182.11783076)
\closepath
\moveto(90.62014492,184.34683467)
\lineto(96.7431918,184.34683467)
\curveto(98.99009935,184.34683467)(100.68646979,183.83658076)(101.83230313,182.81607295)
\curveto(102.98708828,181.80451696)(103.56448086,180.31851435)(103.56448086,178.35806514)
\curveto(103.56448086,176.37971227)(102.98708828,174.88475784)(101.83230313,173.87320185)
\curveto(100.68646979,172.86164587)(98.99009935,172.35586787)(96.7431918,172.35586787)
\lineto(93.33254727,172.35586787)
\lineto(93.33254727,164.29922725)
\lineto(90.62014492,164.29922725)
\lineto(90.62014492,184.34683467)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(106.2721835,188.33017207)
\lineto(108.64620693,188.33017207)
\lineto(114.42416104,177.42886592)
\lineto(114.42416104,188.33017207)
\lineto(116.13485439,188.33017207)
\lineto(116.13485439,175.29922725)
\lineto(113.76083096,175.29922725)
\lineto(107.98287686,186.2005334)
\lineto(107.98287686,175.29922725)
\lineto(106.2721835,175.29922725)
\lineto(106.2721835,188.33017207)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(121.40658291,186.88131953)
\lineto(121.40658291,181.98489619)
\lineto(123.62350186,181.98489619)
\curveto(124.44393643,181.98489619)(125.07817308,182.19727819)(125.52621182,182.62204219)
\curveto(125.97425055,183.04680618)(126.19826992,183.65194941)(126.19826992,184.43747187)
\curveto(126.19826992,185.21717565)(125.97425055,185.81940954)(125.52621182,186.24417353)
\curveto(125.07817308,186.66893753)(124.44393643,186.88131953)(123.62350186,186.88131953)
\lineto(121.40658291,186.88131953)
\closepath
\moveto(119.64352139,188.33017207)
\lineto(123.62350186,188.33017207)
\curveto(125.08399176,188.33017207)(126.18663255,187.99850703)(126.93142422,187.33517695)
\curveto(127.68203457,186.67766556)(128.05733975,185.71176387)(128.05733975,184.43747187)
\curveto(128.05733975,183.15154251)(127.68203457,182.17982213)(126.93142422,181.52231074)
\curveto(126.18663255,180.86479935)(125.08399176,180.53604365)(123.62350186,180.53604365)
\lineto(121.40658291,180.53604365)
\lineto(121.40658291,175.29922725)
\lineto(119.64352139,175.29922725)
\lineto(119.64352139,188.33017207)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linewidth=1,linecolor=curcolor]
{
\newpath
\moveto(148.8179942,44.54916621)
\curveto(148.8179942,22.44734125)(130.17338768,4.53027201)(107.1741,4.53027201)
\curveto(84.17481232,4.53027201)(65.5302058,22.44734125)(65.5302058,44.54916621)
\curveto(65.5302058,66.65099117)(84.17481232,84.56806041)(107.1741,84.56806041)
\curveto(130.17338768,84.56806041)(148.8179942,66.65099117)(148.8179942,44.54916621)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linewidth=0.99999998,linecolor=curcolor]
{
\newpath
\moveto(208.46093052,73.64281618)
\curveto(196.57639742,32.69117274)(154.74604967,0.7385728)(115.03023384,2.27468673)
\curveto(75.31441802,3.81080066)(52.75270556,38.25393338)(64.63723866,79.20557681)
\curveto(76.52177176,120.15722024)(118.35211952,152.10982019)(158.06793534,150.57370625)
\curveto(197.78375117,149.03759232)(220.34546362,114.59445961)(208.46093052,73.64281618)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linewidth=1.00000002,linecolor=curcolor]
{
\newpath
\moveto(73.99422281,5.09933832)
\curveto(32.69677054,16.84554004)(0.47435252,58.18899815)(2.02343783,97.44253655)
\curveto(3.57252314,136.69607495)(38.30650469,158.99517725)(79.60395696,147.24897554)
\curveto(120.90140923,135.50277382)(153.12382725,94.15931571)(151.57474194,54.90577731)
\curveto(150.02565663,15.65223891)(115.29167509,-6.6468634)(73.99422281,5.09933832)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linewidth=1.01201046,linecolor=curcolor]
{
\newpath
\moveto(212.84219845,100.67410518)
\curveto(212.84219845,45.35279622)(165.30912167,0.50601435)(106.6741,0.50601435)
\curveto(48.03907833,0.50601435)(0.50600155,45.35279622)(0.50600155,100.67410518)
\curveto(0.50600155,155.99541413)(48.03907833,200.842196)(106.6741,200.842196)
\curveto(165.30912167,200.842196)(212.84219845,155.99541413)(212.84219845,100.67410518)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(111.68469532,213.54919673)
\curveto(111.68469532,212.50781119)(110.89644995,211.66360141)(109.9241,211.66360141)
\curveto(108.95175005,211.66360141)(108.16350468,212.50781119)(108.16350468,213.54919673)
\curveto(108.16350468,214.59058227)(108.95175005,215.43479205)(109.9241,215.43479205)
\curveto(110.89644995,215.43479205)(111.68469532,214.59058227)(111.68469532,213.54919673)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linewidth=0.72880948,linecolor=curcolor]
{
\newpath
\moveto(111.68469532,213.54919673)
\curveto(111.68469532,212.50781119)(110.89644995,211.66360141)(109.9241,211.66360141)
\curveto(108.95175005,211.66360141)(108.16350468,212.50781119)(108.16350468,213.54919673)
\curveto(108.16350468,214.59058227)(108.95175005,215.43479205)(109.9241,215.43479205)
\curveto(110.89644995,215.43479205)(111.68469532,214.59058227)(111.68469532,213.54919673)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(111.68469532,223.29919673)
\curveto(111.68469532,222.25781119)(110.89644995,221.41360141)(109.9241,221.41360141)
\curveto(108.95175005,221.41360141)(108.16350468,222.25781119)(108.16350468,223.29919673)
\curveto(108.16350468,224.34058227)(108.95175005,225.18479205)(109.9241,225.18479205)
\curveto(110.89644995,225.18479205)(111.68469532,224.34058227)(111.68469532,223.29919673)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linewidth=0.72880948,linecolor=curcolor]
{
\newpath
\moveto(111.68469532,223.29919673)
\curveto(111.68469532,222.25781119)(110.89644995,221.41360141)(109.9241,221.41360141)
\curveto(108.95175005,221.41360141)(108.16350468,222.25781119)(108.16350468,223.29919673)
\curveto(108.16350468,224.34058227)(108.95175005,225.18479205)(109.9241,225.18479205)
\curveto(110.89644995,225.18479205)(111.68469532,224.34058227)(111.68469532,223.29919673)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linestyle=none,fillstyle=solid,fillcolor=curcolor]
{
\newpath
\moveto(111.68469532,233.29919673)
\curveto(111.68469532,232.25781119)(110.89644995,231.41360141)(109.9241,231.41360141)
\curveto(108.95175005,231.41360141)(108.16350468,232.25781119)(108.16350468,233.29919673)
\curveto(108.16350468,234.34058227)(108.95175005,235.18479205)(109.9241,235.18479205)
\curveto(110.89644995,235.18479205)(111.68469532,234.34058227)(111.68469532,233.29919673)
\closepath
}
}
{
\newrgbcolor{curcolor}{0 0 0}
\pscustom[linewidth=0.72880948,linecolor=curcolor]
{
\newpath
\moveto(111.68469532,233.29919673)
\curveto(111.68469532,232.25781119)(110.89644995,231.41360141)(109.9241,231.41360141)
\curveto(108.95175005,231.41360141)(108.16350468,232.25781119)(108.16350468,233.29919673)
\curveto(108.16350468,234.34058227)(108.95175005,235.18479205)(109.9241,235.18479205)
\curveto(110.89644995,235.18479205)(111.68469532,234.34058227)(111.68469532,233.29919673)
\closepath
}
}
\end{pspicture}
\caption{The polynomial hierarchy}%
\end{figure}
\subsubsection{Factoring and Graph Isomorphism\label{FACGI}}
As an application of these concepts, let's consider two $\mathsf{NP}%
$\ languages that are believed to be $\mathsf{NP}$-intermediate (if they
aren't simply in $\mathsf{P}$). \ First, \textsc{Fac}---a language variant of
the factoring\ problem---consists of all ordered pairs of positive integers
$\left\langle N,k\right\rangle $\ such that $N$ has a nontrivial divisor at
most $k$. \ Clearly a polynomial-time algorithm for \textsc{Fac}\ can be
converted into a polynomial-time algorithm to output the prime factorization
(by repeatedly doing binary search to peel off $N$'s smallest divisor), and
vice versa. \ Second, \textsc{GraphIso}---that is, graph
isomorphism---consists of all encodings of pairs of undirected graphs
$\left\langle G,H\right\rangle $, such that $G\cong H$. \ It's easy to see to
see that \textsc{Fac}\ and \textsc{GraphIso}\ are both in $\mathsf{NP}$.
More interestingly, \textsc{Fac}\ is actually in $\mathsf{NP}\cap
\mathsf{coNP}$. \ For one can prove that $\left\langle N,k\right\rangle
\notin$\textsc{Fac}\ by exhibiting the unique prime factorization of $N$, and
showing that it only involves primes greater than $k$.\footnote{This requires
one nontrivial result, that every prime number has a succinct certificate---or
in other words, that primality testing is in $\mathsf{NP}$ \cite{pratt}.
\ Since 2002, it is even known that primality testing is in $\mathsf{P}%
$\ \cite{aks}.} \ But this has the striking consequence that \textit{factoring
can't be }$\mathsf{NP}$\textit{-complete\ unless }$\mathsf{NP}=\mathsf{coNP}$.
\ The reason is the following.
\begin{proposition}
[\cite{brassard:note}]If any $\mathsf{NP}\cap\mathsf{coNP}$\ language is
$\mathsf{NP}$-complete, then $\mathsf{NP}=\mathsf{coNP}$, and hence
$\mathsf{PH}$\ collapses to $\mathsf{NP}$.
\end{proposition}
\begin{proof}
Suppose $L\in\mathsf{NP}\cap\mathsf{coNP}$. \ Then $\mathsf{P}^{L}%
\subseteq\mathsf{NP}\cap\mathsf{coNP}$, since one can prove the validity of
every answer to every query to the $L$-oracle (whether the answer is `yes' or
`no'). \ So if $\mathsf{NP}\subseteq\mathsf{P}^{L}$, then\ $\mathsf{NP}%
\subseteq\mathsf{NP}\cap\mathsf{coNP}$\ and hence $\mathsf{NP}=\mathsf{coNP}$.
\end{proof}
The best currently-known classical algorithm for \textsc{Fac}, the so-called
\textit{number field sieve}, is conjectured (and empirically observed) to
factor an $n$-digit integer in $2^{O\left( n^{1/3}\log^{2/3}n\right) }%
$\ time. \ See for example Pomerance \cite{pomerance}.
\textsc{GraphIso} is not quite known to be in $\mathsf{NP}\cap\mathsf{coNP}$.
\ However, it's known to be in $\mathsf{NP}\cap\mathsf{coAM}$, where
$\mathsf{coAM}$\ is a certain probabilistic generalization of $\mathsf{coNP}$.
\ Klivans and van Melkebeek \cite{kvm}\ showed that, under a plausible
assumption about pseudorandom generators, we would have $\mathsf{coNP}%
=\mathsf{coAM}$\ and hence \textsc{GraphIso}$\in\mathsf{NP}\cap\mathsf{coNP}$.
\ Even with no assumptions, Boppana, H\aa stad, Zachos \cite{bhz}\ proved the following.
\begin{theorem}
[\cite{bhz}]If \textsc{GraphIso}\ (or any other language in $\mathsf{coAM}$)
is $\mathsf{NP}$-complete, then $\mathsf{PH}$\ collapses to $\mathsf{\Sigma
}_{2}^{\mathsf{P}}$.
\end{theorem}
As this survey was being written, Babai \cite{babai:giwow}\ announced the
following breakthrough result.
\begin{theorem}
[Babai \cite{babai:giwow}]\label{babaigi}\textsc{GraphIso}\ is solvable in
quasipolynomial (that is, $n^{\log^{O\left( 1\right) }n}$)
time.\footnote{This was Babai's original claim; then, on January 4, 2017, he
posted an announcement scaling back the running time claim to
$2^{2^{\widetilde{O}\left( \sqrt{\log n}\right) }}$, because of an error
discovered by Harald Helfgott. \ On January 9, 2017, however, Babai posted
another announcement reinstating the original running time claim.}
\end{theorem}
The best previously-known bound, due to Babai and Luks \cite{babailuks}\ from
1983, had been $2^{O\left( \sqrt{n\log n}\right) }$. \ Of course, Theorem
\ref{babaigi} gives even more dramatic evidence that \textsc{GraphIso}\ is not
$\mathsf{NP}$-complete: if it was, then \textit{all} $\mathsf{NP}$\ problems
would be solvable in quasipolynomial\ time as well. \ Based on
experience---namely, that known algorithms can solve \textsc{GraphIso}
extremely quickly for almost any graphs we can generate in practice---some
computer scientists have conjectured for decades that \textsc{GraphIso} is in
$\mathsf{P}$, and certainly Theorem \ref{babaigi} is consistent with that
conviction, but there remain significant obstacles to proving it.\footnote{In
particular, \textit{group isomorphism}---that is, the problem of deciding
whether two groups of order $n$, given by their multiplication tables, are
isomorphic---is clearly solvable in $\sim n^{\log n}$\ time and clearly
reducible to \textsc{GraphIso}, but no algorithm for it better than $\sim
n^{\log n}$\ is known.}
\subsubsection{Space Complexity\label{SPACE}}
$\mathsf{PSPACE}$ is the class of languages $L$ decidable by a Turing machine
that uses a polynomial number of bits of \textit{space} or \textit{memory},
with no restriction on the number of time steps. \ Certainly $\mathsf{P}%
\subseteq\mathsf{PSPACE}$, since in $t$\ time steps, a serial algorithm can
access at most $t$\ memory cells. \ More generally, it's not hard to see that
$\mathsf{P}\subseteq\mathsf{NP}\subseteq\mathsf{PH}\subseteq\mathsf{PSPACE}$,
since in an expression like $\forall x\exists y~\varphi\left( x,y\right) $,
a $\mathsf{PSPACE}$\ machine can loop over all possible values for $x$\ and
$y$, using exponential time but reusing the same memory for each $x,y$\ pair.
\ However, \textit{none} of these containments have been proved to be strict.
The following conjecture---asserting that polynomial space is strictly
stronger than polynomial time---is perhaps second only to $\mathsf{P\neq NP}%
$\ itself in notoriety.
\begin{conjecture}
$\mathsf{P}\neq\mathsf{PSPACE}$.
\end{conjecture}
If $\mathsf{P}\neq\mathsf{NP}$, then certainly $\mathsf{P}\neq\mathsf{PSPACE}%
$\ as well, but the converse isn't known.
Just like there are hundreds of important $\mathsf{NP}$-complete\ problems,
there are many important $\mathsf{PSPACE}$-complete problems as well. \ As a
striking example, deciding which player has the win from a given board
position, in two-player games of perfect information such as chess, checkers,
or Go (when suitably generalized to $n\times n$\ boards), is almost always a
$\mathsf{PSPACE}$-complete problem:\footnote{A caveat here is that the game
needs to end after a polynomial number of moves---as would presumably be
imposed by the timers in tournament play! \ If, by contrast, we allow chess
endgames that last for $\exp\left( n\right) $ moves, then the computational
complexity of chess is known to jump from $\mathsf{PSPACE}$\ up to
$\mathsf{EXP}$\ \cite{fraenkel}. \ This has the interesting consequence that,
with no time limit, optimal play in $n\times n$\ chess \textit{provably}
requires exponential time: no complexity hypothesis is needed.} see for
example \cite{storer}. \ Note that there's no obvious $\mathsf{NP}$\ witness
for (say) White having a win in chess, since one would need to specify White's
response to every possible line of play by Black. \ So even if $\mathsf{P=NP}%
$, chess might still be hard: again, the relevant question is $\mathsf{P}%
\overset{?}{=}\mathsf{PSPACE}$.
One can also define a nondeterministic variant of $\mathsf{PSPACE}$, called
$\mathsf{NPSPACE}$. \ But a 1970 result called \textit{Savitch's Theorem}
\cite{savitch}\ shows that actually $\mathsf{PSPACE}=\mathsf{NPSPACE}%
$.\footnote{A further surprising result from 1987, called the
\textit{Immerman-Szelepcs\'{e}nyi Theorem} \cite{immerman:nl,szelep}, says
that the class of languages decidable by a nondeterministic machine in
$f\left( n\right) $\ space is closed under complement,\ for every
\textquotedblleft reasonable\textquotedblright\ memory bound $f\left(
n\right) $. \ (By contrast, Savitch's Theorem produces a quadratic blowup
when simulating nondeterministic space by deterministic space, and it remains
open whether that blowup can be removed.) \ This further illustrates how space
complexity behaves differently than we expect time complexity to behave.}
\ The reasons for this are extremely specific to space, and don't seem to
suggest any avenue to proving $\mathsf{P}=\mathsf{NP}$, the analogous
statement for time.
\subsubsection{Counting Complexity\label{COUNTING}}
Given an $\mathsf{NP}$\ search problem, besides asking whether a solution
exists, it's also natural to ask how many solutions there are. \ To capture
this, in 1979 Valiant \cite{valiant}\ defined the class $\mathsf{\#P}%
$\ (pronounced \textquotedblleft sharp-P\textquotedblright, not
\textquotedblleft hashtag-P\textquotedblright!) of combinatorial counting
problems. \ Formally, a function $f:\left\{ 0,1\right\} ^{\ast}%
\rightarrow\mathbb{N}$\ is in $\mathsf{\#P}$\ if and only if there's a
polynomial-time Turing machine $M$, and a polynomial $p$, such that for all
$x\in\left\{ 0,1\right\} ^{\ast}$,%
\[
f\left( x\right) =\left\vert \left\{ w\in\left\{ 0,1\right\} ^{p\left(
\left\vert x\right\vert \right) }:M\left( x,w\right) \text{ accepts}%
\right\} \right\vert .
\]
Note that, unlike $\mathsf{P}$,\ $\mathsf{NP}$, and so on, $\mathsf{\#P}$\ is
not a class of languages (i.e., decision problems). \ However, there are two
ways we can compare $\mathsf{\#P}$\ to language classes.
The first is by considering $\mathsf{P}^{\mathsf{\#P}}$: that is, $\mathsf{P}%
$\ with a $\mathsf{\#P}$\ oracle. \ We then have $\mathsf{NP}\subseteq
\mathsf{P}^{\mathsf{\#P}}\subseteq\mathsf{PSPACE}$, as well as the following
highly non-obvious inclusion, called \textit{Toda's Theorem}.
\begin{theorem}
[Toda \cite{toda}]\label{todathm}$\mathsf{PH}\subseteq\mathsf{P}%
^{\mathsf{\#P}}$.
\end{theorem}
The second way is by considering a complexity class called $\mathsf{PP}%
$\ (Probabilistic Polynomial-Time). \ $\mathsf{PP}$\ can be defined as the
class of languages $L\subseteq\left\{ 0,1\right\} ^{\ast}$\ for which there
exist $\mathsf{\#P}$\ functions $f$ and $g$ such that for all inputs
$x\in\left\{ 0,1\right\} ^{\ast}$,%
\[
x\in L\text{ }\Longleftrightarrow\text{\ }f\left( x\right) \geq g\left(
x\right) \text{.}%
\]
Equivalently, $\mathsf{PP}$\ is the class of languages $L$\ for which there
exists a probabilistic polynomial-time algorithm that merely needs to guess
whether $x\in L$, for each input $x$, with \textit{some} probability greater
than $1/2$. \ It's not hard to see that $\mathsf{NP}\subseteq\mathsf{PP}%
\subseteq\mathsf{P}^{\mathsf{\#P}}$. \ More interestingly, one can use binary
search to show that $\mathsf{P}^{\mathsf{PP}}=\mathsf{P}^{\mathsf{\#P}}$, so
in that sense $\mathsf{PP}$\ is \textquotedblleft almost as strong as
$\mathsf{\#P}$.\textquotedblright
In practice, for any known $\mathsf{NP}$-complete problem (\textsc{3Sat},
\textsc{Clique}, \textsc{SubsetSum}, etc.), the counting version of that
problem (denoted \textsc{\#3Sat}, \textsc{\#Clique}, \textsc{\#SubsetSum},
etc.) is $\mathsf{\#P}$-complete. \ Indeed, it's open whether there's any
$\mathsf{NP}$-complete problem\ that violates this rule. \ However, the
converse statement is false. \ For example, the problem of deciding whether a
graph has a perfect matching---that is, a set of edges that touches each
vertex exactly once---is in $\mathsf{P}$, but Valiant \cite{valiant}\ showed
that counting the \textit{number} of perfect matchings is $\mathsf{\#P}$-complete.
The $\mathsf{\#P}$-complete\ problems are believed to be \textquotedblleft
genuinely much harder\textquotedblright\ than the $\mathsf{NP}$-complete
problems, in the sense that---in contrast to the situation with $\mathsf{PH}%
$---even if $\mathsf{P}=\mathsf{NP}$\ we'd still have no idea how to prove
$\mathsf{P}=\mathsf{P}^{\mathsf{\#P}}$. \ On the other hand, we do have the
following nontrivial result.
\begin{theorem}
[Stockmeyer \cite{stockmeyer}]Suppose $\mathsf{P}=\mathsf{NP}$. \ Then in
polynomial time, we could approximate any $\mathsf{\#P}$\ function to within a
factor of $1\pm\frac{1}{p\left( n\right) }$, for any polynomial $p$.
\end{theorem}
\subsubsection{Beyond Polynomial Resources\label{BEYONDPOLY}}
Of course, we can consider many other time and space bounds besides
polynomial. \ Before entering into this, I should offer a brief digression on
the use of asymptotic notation in theoretical computer science, since such
notation will also be used later in the survey.
\begin{itemize}
\item $f\left( n\right) $ is $O\left( g\left( n\right) \right) $\ if
there exist nonnegative constants $A,B$\ such that\ $f\left( n\right) \leq
Ag\left( n\right) +B$\ for all $n$ (i.e., $g$\ is an asymptotic upper bound
on $f$).
\item $f\left( n\right) $ is $\Omega\left( g\left( n\right) \right)
$\ if $g\left( n\right) $\ is $O\left( f\left( n\right) \right)
$\ (i.e., $g$\ is an asymptotic \textit{lower} bound on $f$).
\item $f\left( n\right) $ is $\Theta\left( g\left( n\right) \right)
$\ if $f\left( n\right) $\ is $O\left( g\left( n\right) \right) $ and
$g\left( n\right) $\ is $O\left( f\left( n\right) \right) $ (i.e., $f$
and $g$ grow at the same asymptotic rate).
\item $f\left( n\right) $ is $o\left( g\left( n\right) \right) $ if for
all positive $A$, there exists a $B$ such that $f\left( n\right) \leq
Ag\left( n\right) +B$\ for all $n$ (i.e., $g$\ is a \textit{strict}
asymptotic upper bound on $f$).\footnote{If $f\left( n\right) $\ is
$O\left( g\left( n\right) \right) $\ but not $\Theta\left( g\left(
n\right) \right) $, that does \textit{not} necessarily mean that $f\left(
n\right) $\ is $o\left( g\left( n\right) \right) $: for example, consider
$f\left( n\right) =2n\left( n/2-\left\lfloor n/2\right\rfloor \right)
$\ and $g\left( n\right) =n$. \ Of course, such examples don't arise often
in practice.}
\end{itemize}
Now let $\mathsf{TIME}\left( f\left( n\right) \right) $ be the class of
languages decidable in $O\left( f\left( n\right) \right) $\ time, let
$\mathsf{NTIME}\left( f\left( n\right) \right) $ be the class\ decidable
in nondeterministic $O\left( f\left( n\right) \right) $\ time---that is,
with a witness of size $O\left( f\left( n\right) \right) $\ that's
verified in\ $O\left( f\left( n\right) \right) $\ time---and let
$\mathsf{SPACE}\left( f\left( n\right) \right) $\ be the class decidable
in $O\left( f\left( n\right) \right) $\ space.\footnote{Unlike
$\mathsf{P}$\ or $\mathsf{PSPACE}$, classes like $\mathsf{TIME}\left(
n^{2}\right) $ and\ $\mathsf{SPACE}\left( n^{3}\right) $\ can be sensitive
to whether we're using Turing machines, RAM machines, or some other model of
computation. \ Thus, I'll specify which I'm talking about whenever it's
relevant.} \ We can then write $\mathsf{P}=\bigcup_{k}\mathsf{TIME}\left(
n^{k}\right) $\ and $\mathsf{NP}=\bigcup_{k}\mathsf{NTIME}\left(
n^{k}\right) $\ and $\mathsf{PSPACE}=\bigcup_{k}\mathsf{SPACE}\left(
n^{k}\right) $. \ It's also interesting to study the exponential versions of
these classes:%
\begin{align*}
\mathsf{EXP} & =\bigcup_{k}\mathsf{TIME}\left( 2^{n^{k}}\right) ,\\
\mathsf{NEXP} & =\bigcup_{k}\mathsf{NTIME}\left( 2^{n^{k}}\right) ,\\
\mathsf{EXPSPACE} & =\bigcup_{k}\mathsf{SPACE}\left( 2^{n^{k}}\right) .
\end{align*}
Note that by \textquotedblleft exponential,\textquotedblright\ here we mean
not just $2^{O\left( n\right) }$,\ but $2^{p\left( n\right) }$\ for any
polynomial $p$.
Just like we have $\mathsf{P}\subseteq\mathsf{NP}\subseteq\mathsf{NP}%
^{\mathsf{NP}}\subseteq\cdots\subseteq\mathsf{PSPACE}$, so we also have%
\[
\mathsf{EXP}\subseteq\mathsf{NEXP}\subseteq\mathsf{NEXP}^{\mathsf{NP}%
}\subseteq\cdots\subseteq\mathsf{EXPSPACE}.
\]
Along with $\mathsf{P}\subseteq\mathsf{PSPACE}$ (Section \ref{SPACE}), there's
another fundamental relation between time and space classes:
\begin{proposition}
$\mathsf{PSPACE}\subseteq\mathsf{EXP}$.\label{poincareprop}
\end{proposition}
\begin{proof}
Consider a deterministic machine whose state can be fully described by
$p\left( n\right) $\ bits of information (e.g., the contents of a
polynomial-size Turing machine tape, plus a few extra bits for the location
and internal state of tape head). \ Clearly such a machine has at most
$2^{p\left( n\right) }$\ possible states. \ Thus, after $2^{p\left(
n\right) }$\ steps, either the machine has halted, or else it's entered an
infinite loop and will never accept. \ So to decide whether the machine
accepts, it suffices to simulate it for $2^{p\left( n\right) }$\ steps.
\end{proof}
More generally, we get an infinite interleaved hierarchy of deterministic,
nondeterministic, and space classes:%
\[
\mathsf{P}\subseteq\mathsf{NP}\subseteq\mathsf{PH}\subseteq\mathsf{PSPACE}%
\subseteq\mathsf{EXP}\subseteq\mathsf{NEXP}\subseteq\mathsf{EXPSPACE}%
\subseteq\cdots
\]
There's also a \textquotedblleft higher-up\textquotedblright\ variant of the
$\mathsf{P}\neq\mathsf{NP}$\ conjecture, which not surprisingly is
\textit{also} open:
\begin{conjecture}
$\mathsf{EXP\neq NEXP}$.
\end{conjecture}
We can at least prove a close relationship between the
$\mathsf{P\overset{?}{=}NP}$ and $\mathsf{EXP\overset{?}{=}NEXP}$\ questions,
via a trick called \textit{padding}\ or \textit{upward translation}:
\begin{proposition}
\label{padprop}If $\mathsf{P}=\mathsf{NP}$,\ then $\mathsf{EXP}=\mathsf{NEXP}$.
\end{proposition}
\begin{proof}
Let $L\in\mathsf{NEXP}$, and let its verifier run in $2^{p\left( n\right) }%
$\ time for some polynomial $p$. \ Then consider the language%
\[
L^{\prime}=\left\{ x0^{2^{p\left( \left\vert x\right\vert \right) }}:x\in
L\right\} ,
\]
which consists of the inputs in $L$, but \textquotedblleft padded out with an
exponential number of trailing zeroes.\textquotedblright\ \ Then $L^{\prime
}\in\mathsf{NP}$, since verifying that $x\in\left\{ 0,1\right\} ^{n}$\ is in
$L$\ takes $2^{p\left( n\right) }$ time, which is linear in $n+2^{p\left(
n\right) }$\ (the length of $x0^{2^{p\left( \left\vert x\right\vert \right)
}}$). \ So by assumption, $L^{\prime}\in\mathsf{P}$\ as well. \ But this means
that $L\in\mathsf{EXP}$, since given $x\in\left\{ 0,1\right\} ^{n}$ (an
input for $L$), we can simply pad $x$\ out with $2^{p\left( n\right) }%
$\ trailing zeroes ourselves, then run the algorithm for $L^{\prime}$ that
takes time polynomial in $n+2^{p\left( n\right) }$.
\end{proof}
For the same reason, if $\mathsf{P}=\mathsf{PSPACE}$,\ then $\mathsf{EXP}%
=\mathsf{EXPSPACE}$. \ On the other hand, padding only works in one direction:
as far as anyone knows today, we could have $\mathsf{P}\neq\mathsf{NP}$ even
if $\mathsf{EXP}=\mathsf{NEXP}$.
One last remark: just as we can scale $\mathsf{PSPACE}$\ up to
$\mathsf{EXPSPACE}$ and so on, we can also scale $\mathsf{PSPACE}$ down to
$\mathsf{LOGSPACE}$, which is the class of languages $L$ decidable by a Turing
machine that uses only $O\left( \log n\right) $\ bits of read/write memory,
in addition to a read-only memory that stores the $n$-bit input itself. \ We
can also define a nondeterministic counterpart, $\mathsf{NLOGSPACE}%
$.\footnote{In the literature, $\mathsf{LOGSPACE}$\ and $\mathsf{NLOGSPACE}%
$\ are\ often simply called $\mathsf{L}$\ and $\mathsf{NL}$\ respectively.}
\ We then have:
\begin{proposition}
\label{nlogspaceprop}$\mathsf{NLOGSPACE}\subseteq\mathsf{P.}$
\end{proposition}
\begin{proof}
An $\mathsf{NLOGSPACE}$\ machine has, say, $k\log_{2}n$ bits of read/write
memory, and therefore $2^{k\log_{2}n}=n^{k}$\ possible configurations of that
memory. \ The machine accepts a given input $x$, if and only if there exists a
path from its initial configuration to an accepting configuration. \ But this
is just the reachability problem for a directed graph with $n^{k}$\ vertices.
\ Reachability is well-known to be solvable in polynomial time, for example by
using depth-first search.
\end{proof}
Thus%
\[
\mathsf{LOGSPACE}\subseteq\mathsf{NLOGSPACE}\subseteq\mathsf{P}\subseteq
\mathsf{NP.}%
\]
Each of these inclusions is believed to be strict---with the possible
exception of the first, about which opinion is divided. \ To date, however, no
one has even ruled out the possibility that $\mathsf{LOGSPACE}=\mathsf{NP}%
$.\bigskip
To summarize, $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ is just the tip of an
iceberg; there seems to be an extremely rich structure both below and above
the $\mathsf{NP}$-complete problems. \ Until we can prove $\mathsf{P}%
\neq\mathsf{NP}$, however, most of that structure will remain conjectural.
\section{Beliefs About $\mathsf{P}\protect\overset{?}{=}\mathsf{NP}%
$\label{BELIEFS}}
Just as Hilbert's question turned out to have a negative answer, so too in
this case, most computer scientists conjecture that $\mathsf{P}\neq
\mathsf{NP}$: that there exist rapidly checkable problems that \textit{aren't}
rapidly solvable, and for which brute-force search is close to the best we can
do. \ This is not a unanimous opinion. \ At least one famous computer
scientist, Donald Knuth \cite{knuth:nuts}, has professed a belief that
$\mathsf{P}=\mathsf{NP}$, while another, Richard Lipton \cite{lipton:pnp},
professes agnosticism. \ Also, in a poll of mathematicians and theoretical
computer scientists\ conducted by William Gasarch \cite{gasarch} in 2002,
there were $61$\ respondents who said $\mathsf{P}\neq\mathsf{NP}$, but also
$9$\ who said $\mathsf{P}=\mathsf{NP}$. \ (In a followup poll that Gasarch
\cite{gasarch2}\ conducted in 2012, there were $126$\ respondents who said
$\mathsf{P}\neq\mathsf{NP}$, and again $9$\ who said $\mathsf{P}=\mathsf{NP}%
$.) \ Admittedly, it can be hard to tell whether declarations that
$\mathsf{P}=\mathsf{NP}$\ are meant seriously, or are merely attempts to be
contrarian. \ However, we can surely agree with Knuth and Lipton that we're
far from understanding the limits of efficient computation, and that there are
further surprises in store.
In this section, I'd like to explain why, \textit{despite} our limited
understanding, many of us feel roughly as confident about $\mathsf{P}%
\neq\mathsf{NP}$\ as we do about (say) the Riemann Hypothesis, or other
conjectures in math---not to mention empirical sciences---that most experts
believe without proof.\footnote{I like to joke that, if computer scientists
had been physicists, we'd simply have declared $\mathsf{P}\neq\mathsf{NP}$\ to
be an observed law of Nature, analogous to the laws of thermodynamics.\ \ A
Nobel Prize would even be given for the discovery of that law. \ (And in the
unlikely event that someone later proved $\mathsf{P}=\mathsf{NP}$, a second
Nobel Prize would be awarded for the law's overthrow.)}
The first point is that, when we ask whether $\mathsf{P}=\mathsf{NP}$, we're
not asking whether heuristic optimization methods (such as \textsc{Sat}%
-solvers) can \textit{sometimes} do well in practice, or whether there are
\textit{sometimes} clever ways to avoid exponential search. \ If you believe,
for example, that there's \textit{any} cryptographic one-way function---that
is, any transformation of inputs $x\rightarrow f\left( x\right) $ that's
easy to compute but hard to invert (see Section \ref{CRYPTO})---then that's
enough for $\mathsf{P}\neq\mathsf{NP}$. \ Such an $f$ need not have any
\textquotedblleft nice\textquotedblright\ mathematical structure: it could
simply be, say, the evolution function of some arbitrary cellular automaton,
or a scrambling operation applied over and over $1000$ times, to the point
where all known cryptanalytic methods can do no better than to scratch the surface.
Sometimes amateurs become convinced that they can prove $\mathsf{P}%
=\mathsf{NP}$\ because of insight into the structure of a particular
$\mathsf{NP}$-complete problem, such as \textsc{3Sat}\ or \textsc{SubsetSum}.
\ However, this is a bit like thinking that one can solve a math problem
because the problem is written in German rather than French. \ In other words,
it fails to grapple with the central insight of $\mathsf{NP}$-completeness:
that for the purposes of $\mathsf{P\overset{?}{=}NP}$, \textit{all} these
problems are just re-encodings of one another.
It's sometimes claimed that, when we consider $\mathsf{P\overset{?}{=}NP}$,
there's a \textquotedblleft symmetry of ignorance\textquotedblright: yes, we
have no idea how to solve $\mathsf{NP}$-complete problems in polynomial time,
but we \textit{also} have no idea how to prove that impossible, and therefore
anyone's free to believe whatever they like. \ In my opinion, what breaks the
symmetry is the \textit{immense, well-known difficulty of proving lower
bounds}. \ Simply put: even if we suppose $\mathsf{P}\neq\mathsf{NP}$, I don't
believe there's any great mystery about why a proof has remained elusive. \ A
rigorous impossibility proof is often a tall order, and many times in
history---e.g., with Fermat's Last Theorem, the Kepler Conjecture, or the
problem of squaring the circle---such a proof was requested \textit{centuries}
before mathematical understanding had advanced to the point where it became a
realistic possibility. \ And as we'll see in Section \ref{PROG}, today we know
something about the difficulty of proving even \textquotedblleft
baby\textquotedblright\ versions of $\mathsf{P}\neq\mathsf{NP}$; about the
barriers that have been overcome and the others that remain.
By contrast, if $\mathsf{P}=\mathsf{NP}$, then there's at least a
\textit{puzzle} about why the entire software industry, over half a century,
has failed to uncover any promising leads for, say, a fast algorithm to invert
arbitrary one-way functions (just the algorithm itself, not necessarily a
proof of correctness). \ The puzzle is heightened when we realize that, in
many real-world cases---such as linear programming, primality testing, and
network routing---fast methods to handle a problem in practice \textit{did}
come decades before a full theoretical understanding of why the methods worked.
Another reason to believe $\mathsf{P}\neq\mathsf{NP}$\ comes from the
hierarchy theorems, which we'll meet in Section \ref{LOGIC}. \ Roughly
speaking, these theorems imply that \textquotedblleft most\textquotedblright%
\ pairs of complexity classes are unequal; the trouble, in most cases, is
merely that we can't prove this for \textit{specific} pairs! \ For example, in
the chain of complexity classes $\mathsf{P}\subseteq\mathsf{NP}\subseteq
\mathsf{PSPACE}\subseteq\mathsf{EXP}$, we know that $\mathsf{P}\neq
\mathsf{EXP}$, which implies that \textit{at least one} of $\mathsf{P}%
\neq\mathsf{NP}$, $\mathsf{NP}\neq\mathsf{PSPACE}$, and $\mathsf{PSPACE}%
\neq\mathsf{EXP}$ must hold. \ So we might say: given the provable reality of
a rich lattice of unequal complexity classes, one needs to offer a special
argument if one thinks two classes collapse, but not necessarily if one thinks
they're different.
To my mind, however, the strongest argument for $\mathsf{P}\neq\mathsf{NP}%
$\ involves the thousands of problems that have been shown to be $\mathsf{NP}%
$-complete, and the thousands of other problems that have been shown to be in
$\mathsf{P}$. \ If just one of these problems had turned out to be both
$\mathsf{NP}$-complete\ \textit{and} in $\mathsf{P}$, that would've
immediately implied $\mathsf{P}=\mathsf{NP}$. \ Thus, we could argue, the
$\mathsf{P}\neq\mathsf{NP}$ hypothesis has had thousands of chances to be
\textquotedblleft falsified by observation.\textquotedblright\ \ Yet somehow,
in every case, the $\mathsf{NP}$-completeness reductions and the
polynomial-time algorithms \textquotedblleft miraculously\textquotedblright%
\ avoid meeting each other---a phenomenon that I once described as the
\textquotedblleft invisible fence\textquotedblright\ \cite{aar:elecfence}.
This phenomenon becomes particularly striking when we consider
\textit{approximation algorithms} for $\mathsf{NP}$-hard problems, which
return not necessarily an optimal solution but a solution within some factor
of optimal. \ To illustrate, there's a simple polynomial-time algorithm that,
given a \textsc{3Sat}\ instance $\varphi$, finds an assignment that satisfies
at least a $7/8$\ fraction of the clauses.\footnote{Strictly speaking, this is
for the variant of \textsc{3Sat}\ in which every clause must have
\textit{exactly} $3$ literals, rather than at most $3$.
\par
Also note that, if we allow the use of randomness, then we can satisfy\ a
$7/8$\ fraction of the clauses \textit{in expectation} by just setting each of
the $n$ variables uniformly at random! \ This is because a clause with $3$
literals has $2^{3}-1=7$ ways to be satisfied, and only one way to be
unsatisfied. \ A deterministic polynomial-time algorithm that's
\textit{guaranteed} to satisfy at least $7/8$\ of the clauses requires only a
little more work.} \ Conversely, in 1997 Johan H\aa stad \cite{hastad}\ proved
the following striking result.
\begin{theorem}
[H\aa stad \cite{hastad}]\label{pcp}Suppose there's a polynomial-time
algorithm that, given as input a satisfiable \textsc{3Sat}\ instance $\varphi
$, outputs an assignment that satisfies at least a $7/8+\varepsilon$\ fraction
of the clauses, where $\varepsilon>0$ is any constant. \ Then $\mathsf{P}%
=\mathsf{NP}$.
\end{theorem}
Theorem \ref{pcp}\ is one (strong) version of the \textit{PCP Theorem}
\cite{almss,arorasafra}, which is considered one of the crowning achievements
of theoretical computer science. \ The PCP Theorem yields many other examples
of \textquotedblleft sharp $\mathsf{NP}$%
-completeness\ thresholds,\textquotedblright\ where as we numerically adjust
the required solution quality, an optimization problem undergoes a sudden
\textquotedblleft phase transition\textquotedblright\ from being in
$\mathsf{P}$\ to being $\mathsf{NP}$-complete. \ Other times there's a gap
between the region of parameter space known to be in $\mathsf{P}$\ and the
region known to be $\mathsf{NP}$-complete. \ One of the major aims of
contemporary research is to close those gaps, for example by proving the
so-called \textit{Unique Games Conjecture} \cite{khot}.
We see a similar \textquotedblleft invisible fence\textquotedblright%
\ phenomenon in Leslie Valiant's program of \textquotedblleft accidental
algorithms\textquotedblright\ \cite{valiant:accidental}. \ The latter are
polynomial-time algorithms, often for planar graph problems, that exist for
certain parameter values but not for others, for reasons that are utterly
opaque if one doesn't understand the strange cancellations that the algorithms
exploit. \ A prototypical result is the following:
\begin{theorem}
[Valiant \cite{valiant:accidental}]\label{mod7thm}Let \textsc{Planar3Sat}\ be
the special case of\ \textsc{3Sat}\ in which the bipartite graph of clauses
and variables (with an edge between a variable and a clause whenever one
occurs in the other) is planar. \ Now consider the following problem: given an
instance of\ \textsc{Planar3Sat}\ which is monotone (i.e., has no negations),
and in which each variable occurs in exactly two clauses, count the number of
satisfying assignments mod $k$. \ This problem is in $\mathsf{P}$\ for $k=7$,
but is $\mathsf{NP}$-hard under randomized reductions for $k=2$%
.\footnote{Indeed, a natural conjecture would be that the problem is
$\mathsf{NP}$-hard for \textit{all} $k\neq7$,\ but this remains open (Valiant,
personal communication). \ Note also that a problem $A$\ being
\textquotedblleft$\mathsf{NP}$-hard under randomized
reductions\textquotedblright\ means that all of $\mathsf{NP}$\ is decidable by
a polynomial-time randomized algorithm with an oracle for $A$.}
\end{theorem}
Needless to say (because otherwise you would've heard!), in not one of these
examples have the \textquotedblleft$\mathsf{P}$\ region\textquotedblright\ and
the \textquotedblleft$\mathsf{NP}$-complete\ region\textquotedblright\ of
parameter space been discovered to overlap. \ For example, in Theorem
\ref{mod7thm}, the $\mathsf{NP}$-hardness proof\ just happens to break down if
we ask about the number of solutions mod $7$, the case where an algorithm is
known. \ If $\mathsf{P}=\mathsf{NP}$ then this is, at the least, an
unexplained coincidence. \ If $\mathsf{P}\neq\mathsf{NP}$, on the other hand,
then it makes perfect sense.
\subsection{Independent of Set Theory?\label{IND}}
Since the 1970s, there's been speculation that $\mathsf{P\neq NP}$\ might be
independent (that is, neither provable nor disprovable) from the standard
axiom systems for mathematics, such as Zermelo-Fraenkel set theory. \ To be
clear, this would mean that either
\begin{enumerate}
\item[(1)] a polynomial-time algorithm for $\mathsf{NP}$-complete problems
doesn't exist, but we can never prove it (at least not in our usual formal
systems), or else
\item[(2)] a polynomial-time algorithm for $\mathsf{NP}$-complete problems
\textit{does} exist, but either we can never prove that it works, or we can
never prove that it halts in polynomial time.
\end{enumerate}
Since $\mathsf{P\neq NP}$\ is an arithmetical statement (a $\Pi_{2}%
$-sentence), we can't simply excise it from mathematics, as some would do with
questions in transfinite set theory, like the Continuum Hypothesis (CH) or the
Axiom of Choice (AC). \ At the end of the day, a polynomial-time algorithm for
\textsc{3Sat} either exists or it doesn't! \ But that doesn't imply that we
can prove which.
In 2003, I wrote a survey article \cite{aar:pnp}\ about whether
$\mathsf{P\overset{?}{=}NP}$\ is formally independent, which somehow never got
around to offering any opinion about the \textit{likelihood} of that
eventuality! \ So for the record: I regard the independence of $\mathsf{P}%
=\mathsf{NP}$ as unlikely, just as I do for the Riemann hypothesis, Goldbach's
conjecture, and other unsolved problems of \textquotedblleft
ordinary\textquotedblright\ mathematics. \ At the least, I'd say that the
independence of $\mathsf{P\overset{?}{=}NP}$ has the status right now of a
\textquotedblleft free-floating speculation\textquotedblright\ with little or
no support from past mathematical experience.
There have been celebrated independence results over the past century, but as
far as I know they all fall into five classes, none of which would encompass
the independence of $\mathsf{P\overset{?}{=}NP}$\ from ZF set theory:
\begin{enumerate}
\item[(1)] Independence of statements that are themselves about formal
systems: for example, that assert their own unprovability in a given system,
or the system's consistency. \ This is the class produced by G\"{o}del's
incompleteness theorems.\footnote{I put statements that assert, e.g., the
algorithmic incompressibility of a sufficiently long bit string into this
class as well.}
\item[(2)] Independence of statements in transfinite set theory, such as CH
and AC. \ Unlike \textquotedblleft ordinary\textquotedblright\ mathematical
statements---$\mathsf{P}\neq\mathsf{NP}$, the Riemann hypothesis, etc.---the
set-theoretic statements can't be phrased in the language of elementary
arithmetic; only questions about their \textit{provability} from various axiom
systems are arithmetical. \ For that reason, one can question whether CH, AC,
and so on need to have definite truth-values at all, independent of the axiom
system. \ In any case, the independence of set-theoretic principles seems
different in kind, and less \textquotedblleft threatening,\textquotedblright%
\ than the independence of arithmetical statements.\footnote{Note also that,
by arguments going back to G\"{o}del, and generalized by the so-called
\textit{Shoenfield absoluteness theorem} \cite{shoenfield}, if an arithmetical
statement, such as $\mathsf{P}\neq\mathsf{NP}$, is provable in ZF using the
Axiom of Choice or the Continuum Hypothesis, then it's also provable in ZF
alone. \ Indeed, this is true more generally, if we replace CH or AC with
\textit{any} statement proven independent of ZF via the forcing method.}
\item[(3)] Independence from ZFC (ZF plus the Axiom of Choice) of various
statements about metric spaces, measure theory, and projective sets. \ The
statements about projective sets can nevertheless be proven if one assumes the
existence of a suitable large cardinal. \ In other cases, such as the
so-called \textit{Borel determinacy theorem} \cite{martin}, the statement can
be proven in ZFC, but one really does need close to the full power of ZFC
\cite{friedman:det}. \ These statements, while different from those in class
(2), are open to the same objection: namely, that they're about uncountable
sets, so their independence seems less \textquotedblleft
threatening\textquotedblright\ than that of purely arithmetical statements.
\item[(4)] Independence from \textquotedblleft weak\textquotedblright%
\ systems, which don't encompass all accepted mathematical reasoning.
\ Goodstein's Theorem \cite{goodstein}, and the non-losability of the
Kirby-Paris hydra game \cite{kirbyparis}, are two examples of interesting
arithmetical statements that can be proved using small amounts of set theory
(or ordinal induction), but not within Peano arithmetic. \ The celebrated
Robertson-Seymour Graph Minor Theorem (see \cite{fellows}), while not strictly
arithmetical (since it quantifies over infinite lists of graphs), is another
example of an important result that can be proven using ordinal induction, but
that provably \emph{can't} be proven using axioms of similar strength to Peano
arithmetic. \ For more see Friedman, Robertson, and Seymour \cite{frs}.
\item[(5)] Independence from ZFC of unusual combinatorial statements. \ Harvey
Friedman \cite{friedman:ind} has produced striking examples of such
statements, which he claims are \textquotedblleft perfectly
natural\textquotedblright---i.e., they would eventually appear in the normal
development of mathematics. \ There is no consensus on such claims yet. \ In
any case, the relevance of Friedman's statements to computational complexity
is remote at present.
\end{enumerate}
Of course, it's possible that $\mathsf{P\overset{?}{=}NP}$\ is independent of
ZF, but that the relative consistency of $\mathsf{P=NP}$\ and $\mathsf{P\neq
NP}$\ with ZF is \textit{itself} independent of ZF, and so on ad infinitum!
\ But we can at least say that, if $\mathsf{P\neq NP}$ (or for that matter,
the Riemann hypothesis, Goldbach's conjecture, etc.) were \textit{proven}
independent of ZF, it would be an unprecedented development: the first example
of an independence result that didn't fall into one of the five classes
above.\footnote{If a $\Pi_{1}$-sentence like the Goldbach Conjecture or the
Riemann Hypothesis is independent of ZF, then it's true. \ This is because if
it's false, then it has a refutation in ZF (and much less) via any
counterexample. \ However, this line of reasoning doesn't apply to $\Pi_{2}%
$-sentences like $\mathsf{P\neq NP}$. \ A counterexample to the $\Pi_{2}%
$-sentence only provides a true $\Pi_{1}$-sentence, one which might not be
provable in ZF.}
The proof of independence would also have to be unlike any known independence
proof. \ The techniques used to prove statements such as Goodstein's Theorem
independent of Peano arithmetic, actually prove independence from the stronger
theory $\operatorname*{PA}+\Pi_{1}$: that is, Peano arithmetic plus the set of
all true arithmetical $\Pi_{1}$-sentences (sentences with a single universal
quantifier and no existential quantifiers). \ However, as Ben-David and Halevi
\cite{bendavidhalevi}\ noticed, if $\mathsf{P\neq NP}$\ could likewise be
proven independent of $\operatorname*{PA}+\Pi_{1}$, that would mean that no
$\Pi_{1}$-sentence of $\operatorname*{PA}$\ implying $\mathsf{P\neq NP}%
$\ could hold. \ As a consequence, they deduce, for example, that
$\mathsf{NP}$-complete problems would have to be solvable in $n^{\log\log
\log\log n}$ time, and even in $n^{\alpha\left( n\right) }$\ time (where
$\alpha\left( n\right) $\ is the inverse Ackermann function\footnote{The
Ackermann function, $A\left( n\right) $, can be defined as $f\left(
n,n\right) $, where $f\left( n,k\right) =f\left( n-1,f\left(
n,k-1\right) \right) $\ with boundary conditions $f\left( n,0\right)
=f\left( n-1,1\right) $\ and $f\left( 0,k\right) =k+1$. \ This is one of
the fastest-growing functions encountered in mathematics. \ Meanwhile, the
\textit{inverse} Ackermann function, $\alpha\left( n\right) $, is a monotone
nondecreasing function with $\alpha\left( A\left( n\right) \right) =n$:
hence, one of the slowest-growing functions one encounters.
\par
More generally, Ben-David and Halevi\ \cite{bendavidhalevi}\ showed that if
$\mathsf{P\neq NP}$\ is unprovable in $\operatorname*{PA}+\Pi_{1}$, then
$\mathsf{NP}$-complete problems are solvable in $n^{f^{-1}\left( n\right) }%
$\ time, where $f\left( n\right) $\ is any function in the \textquotedblleft
Wainer hierarchy\textquotedblright: a hierarchy of fast-growing functions,
containing the Ackermann function, that can be proved to be total in
$\operatorname*{PA}$.
\par
By contrast, in 1969 McCreight and Meyer \cite{mccreightmeyer} proved a
theorem one of whose striking corollaries is the following: \textit{there
exists a single computable time bound} $g$\textit{ (for which they give the
algorithm), such that} $\mathsf{P=NP}$\ \textit{if and only if} \textsc{3Sat}%
\ \textit{is solvable in} $g\left( n\right) $\ \textit{time.} \ Their bound
$g\left( n\right) $ is \textquotedblleft just barely\textquotedblright%
\ superpolynomial, and is constructed via a diagonalization procedure.
\par
The McCreight-Meyer Theorem explains, in particular, why Ben-David and
Halevi's result doesn't show that if $\mathsf{P\neq NP}$\ is unprovable in
$\operatorname*{PA}+\Pi_{1}$, then $\mathsf{NP}$-complete problems are
solvable in $n^{\beta\left( n\right) }$ time for \textit{every} unbounded
computable function $\beta$. \ Namely, if it showed that, then it would
actually show that $\operatorname*{PA}+\Pi_{1}$\ decides the
$\mathsf{P\overset{?}{=}NP}$\ problem.}), for infinitely many input lengths
$n$. \ In that sense, we would \textquotedblleft almost\textquotedblright%
\ have $\mathsf{P}=\mathsf{NP}$.
As Section \ref{PROG}\ will discuss, there are various formal
\textit{barriers}---including the relativization, algebrization, and natural
proofs\ barriers---that explain why certain existing techniques can't be
powerful enough to prove $\mathsf{P\neq NP}$. \ These barriers can be
interpreted as proofs that $\mathsf{P}\neq\mathsf{NP}$ is unprovable from
certain systems of axioms: namely, axioms that capture the power of the
techniques in question (relativizing, algebrizing, or naturalizing techniques)
\cite{aiv,ikk,razborov:ba}.\footnote{This is literally true for the
relativization and algebrization barriers. \ For natural proofs, one can use
the barrier to argue that $\mathsf{P}\neq\mathsf{NP}$\ is unprovable from
certain axioms of \textquotedblleft bounded arithmetic,\textquotedblright\ but
as far as I know there's no known axiom set that \textit{precisely} captures
the power of natural proofs.} \ In all these cases, however, the axiom systems
are known not to capture all techniques in complexity theory: there are
existing results that go beyond them. \ Thus, these barriers indicate
weaknesses in certain techniques, rather than in the foundations of mathematics.
\section{Why Is Proving $\mathsf{P\neq NP}$\ Difficult?\label{DIF}}
Let's suppose that $\mathsf{P\neq NP}$. \ Then given the disarming simplicity
of the statement, why is proving it so hard? \ As mentioned above, complexity
theorists have identified three technical barriers, called
\textit{relativization} \cite{bgs}, \textit{natural proofs} \cite{rr}, and
\textit{algebrization} \cite{awig}, that any proof of $\mathsf{P}%
\neq\mathsf{NP}$\ will need to overcome. \ They've also shown that it's
possible to surmount each of these barriers, though there are few results that
surmount all of them simultaneously. \ The barriers will be discussed
alongside progress toward proving $\mathsf{P}\neq\mathsf{NP}$\ in Section
\ref{PROG}.
However, we can also say something more conceptual, and possibly more
illuminating, about the meta-question of why it's so hard to prove hardness.
\ In my view, the central reason why proving $\mathsf{P}\neq\mathsf{NP}$\ is
hard is simply that, in case after case, there \textit{are} amazingly clever
ways to avoid brute-force search, and the diversity of those ways rivals the
diversity of mathematics itself. \ And even if, as I said in Section
\ref{BELIEFS}, there seems to be an \textquotedblleft invisible
fence\textquotedblright\ separating the $\mathsf{NP}$-complete\ problems from
the slight variants of those problems that are in $\mathsf{P}$---still, almost
any \textit{argument} we can imagine for why the $\mathsf{NP}$%
-complete\ problems are hard would, if it worked, also apply to the variants
in $\mathsf{P}$.
To illustrate, we saw in Section \ref{NPCOMPLETE}\ that \textsc{3Sat}\ is
$\mathsf{NP}$-complete. \ We also saw that \textsc{2Sat}, which is like
\textsc{3Sat}\ except with two variables per clause rather than three, is in
$\mathsf{P}$: indeed, \textsc{2Sat} is solvable in linear time. \ Other
variants of satisfiability that are in $\mathsf{P}$\ include\ \textsc{HornSat}%
\ (where each clause is an $\operatorname*{OR}$\ of arbitrarily many
non-negated variables and at most one negated variable), and \textsc{XorSat}
(where each clause is a linear equation mod $2$, such as $x_{2}\oplus
x_{7}\oplus x_{9}\equiv1\left( \operatorname{mod}2\right) $).
Likewise, even though it's $\mathsf{NP}$-complete\ to decide whether a given
graph is $3$-colorable, we can decide in linear time whether a graph is
$2$-colorable. \ Also, even though \textsc{SubsetSum} is $\mathsf{NP}%
$-complete, we can easily decide whether there's a subset of $a_{1}%
,\ldots,a_{k}$\ summing to $b$\ in time that's nearly linear in $a_{1}%
+\cdots+a_{k}$. \ In other words, if each $a_{i}$\ is required to be encoded
in \textquotedblleft unary\textquotedblright\ notation (that is, as a list of
$a_{i}$\ ones) rather than in binary, then \textsc{SubsetSum}\ is in
$\mathsf{P}$.
As a more interesting example, finding the maximum clique in a graph is
$\mathsf{NP}$-complete, as are finding the minimum vertex cover, the chromatic
number, and so on. \ Yet in the 1960s, Edmonds \cite{edmonds} famously showed
the following.
\begin{theorem}
[Edmonds \cite{edmonds}]Given an undirected graph $G$, there's a
polynomial-time algorithm to find a \textit{maximum matching}: that is, a
largest possible set of edges no two of which share a vertex.
\end{theorem}
To a casual observer, matching doesn't look terribly different from the other
graph optimization problems, but it \textit{is} different.
Or consider linear, semidefinite, and convex programming. \ These techniques
yield hundreds of optimization problems that seem similar to known
$\mathsf{NP}$-complete problems,\ and yet are solvable in $\mathsf{P}$. \ A
few examples are finding maximum flows, finding equilibria of two-player
zero-sum games, training linear classifiers, and optimizing over quantum
states and unitary transformations.\footnote{I won't have much to say about
linear programming (LP) or semidefinite programming (SDP) in this survey, so
perhaps this is as good a place as any to mention that today, we know a great
deal\ about the impossibility of solving $\mathsf{NP}$-complete problems in
polynomial time by formulating them as \textquotedblleft
natural\textquotedblright\ LPs. \ This story starts in 1987, with a preprint
by Swart \cite{swart}\ that claimed to prove $\mathsf{P}=\mathsf{NP}$\ by
reducing the Traveling Salesperson Problem to an LP with $O\left(
n^{8}\right) $\ variables and constraints. \ Swart's preprint inspired a
landmark paper by Yannakakis \cite{yannakakis} (making it possibly the most
productive failed $\mathsf{P}=\mathsf{NP}$\ proof in history!), in which
Yannakakis showed that there is no \textquotedblleft
symmetric\textquotedblright\ LP with $n^{o\left( n\right) }$ variables and
constraints that has the \textquotedblleft Traveling Salesperson
Polytope\textquotedblright\ as its projection onto a subset of the variables.
\ This ruled out Swart's approach. \ Yannakakis also showed that the polytope
corresponding to the maximum matching problem has no symmetric LP of
subexponential size, but the polytope for the minimum spanning tree problem
\textit{does} have a polynomial-size LP. \ In general, expressibility by such
an LP is sufficient for a problem to be in $\mathsf{P}$, but not necessary.
\par
Later, in 2012, Fiorini et al.\ \cite{fiorini} substantially improved
Yannakakis's result, getting rid of the symmetry requirement. \ There have
since been other major results in this direction: in 2014,
Rothvo\ss \ \cite{rothvoss}\ showed that the perfect matching polytope
requires exponentially-large LPs (again with no symmetry requirement), while
in 2015, Lee, Raghavendra, and Steurer \cite{lrs}\ extended many of these
lower bounds from linear to semidefinite programs.
\par
Collectively, these results rule out one \textquotedblleft
natural\textquotedblright\ approach to proving $\mathsf{P}=\mathsf{NP}$:
namely, to start from famous $\mathsf{NP}$-hard optimization problems like
\textsc{TSP}, and then find a polynomial-size LP or SDP that projects onto the
polytope whose extreme points are the valid solutions. \ Of course, we can't
yet rule out the possibility that LPs or SDPs could help prove $\mathsf{P}%
=\mathsf{NP}$\ in some more indirect way (or via some $\mathsf{NP}%
$-hard\ problem other than the specific ones that were studied); ruling
\textit{that} out seems essentially tantamount to proving $\mathsf{P}%
\neq\mathsf{NP}$\ itself.}
We can also give examples of \textquotedblleft shocking\textquotedblright%
\ algorithms for problems that are clearly in $\mathsf{P}$. \ Most famously,
the problem of multiplying two $n\times n$\ matrices, $C=AB$, seems like it
should \textquotedblleft obviously\textquotedblright\ require $\sim n^{3}%
$\ steps: $\sim n$ steps for each of the $n^{2}$\ entries of the product
matrix $C$.\ \ But in 1968, Strassen \cite{strassen}\ discovered an algorithm
that takes only $O\left( n^{\log_{2}7}\right) $ steps. \ There's since been
a long sequence of further improvements, culminating in an $O\left(
n^{2.376}\right) $\ algorithm by Coppersmith and Winograd \cite{copperwino},
and its recent improvements to $O\left( n^{2.374}\right) $\ by Stothers
\cite{stothers}\ and to $O\left( n^{2.373}\right) $\ by Vassilevska Williams
\cite{vassilevska}, with a minuscule further improvement by Le Gall
\cite{legall:mm}. \ Thus, letting $\omega$\ be the \textit{matrix
multiplication exponent} (i.e., the least $\omega$\ such that $n\times
n$\ matrices can be multiplied in $n^{\omega+o\left( 1\right) }$\ time), we
know today that $\omega\in\left[ 2,2.373\right] $. \ Some computer
scientists conjecture that $\omega=2$; but in any case, just like with
attempts to prove $\mathsf{P}\neq\mathsf{NP}$, an obvious obstruction to
proving $\omega>2$ is that the proof had better \textit{not} yield $\omega=3$,
or even a \textquotedblleft natural-looking\textquotedblright\ bound like
$\omega\geq2.5$.
The scope of polynomial-time algorithms might seem like a trite observation,
incommensurate with the challenge of explaining why it's so hard to prove
$\mathsf{P}\neq\mathsf{NP}$. \ Yet we have evidence to the contrary. \ Over
the decades, there have been hundreds of flawed proofs announced for
$\mathsf{P}\neq\mathsf{NP}$. \ The attempt that received the most attention
thus far, including coverage in \textit{The New York Times} and other major
media outlets, was that of Deolalikar \cite{deolalikar} in 2010. \ But in
every such case that I'm aware of, \textit{the proof could ultimately be
rejected on the ground that, if it worked, then it would also yield
superpolynomial lower bounds for problems known to be in} $\mathsf{P}$.
With some flawed $\mathsf{P}\neq\mathsf{NP}$\ proofs, this is easy to see: for
example, perhaps the author proves that \textsc{3Sat} must take exponential
time, by some argument that's fearsome in technical details, but ultimately
boils down to \textquotedblleft there are $2^{n}$ possible assignments to the
variables, and clearly any algorithm must spend at least one step rejecting
each of them.\textquotedblright\ \ A general-purpose refutation of such
arguments is simply that, if they worked, then they'd work equally well for
\textsc{2Sat}. \ Alternatively, one could point out that, as we'll see in
Section \ref{RUNTIME}, it's known how to solve \textsc{3Sat}\ in $\left(
4/3\right) ^{n}$\ time. \ So a $\mathsf{P}\neq\mathsf{NP}$ proof had
\textit{better} not imply a $\Omega\left( 2^{n}\right) $\ lower bound for
\textsc{3Sat}.
In the case of Deolalikar's $\mathsf{P}\neq\mathsf{NP}$\ attempt
\cite{deolalikar}, the details were more complicated, but the bottom line
ended up being similar.\ \ Deolalikar appealed to certain statistical
properties of the set of satisfying assignments of a \textit{random}
\textsc{3Sat} instance. \ The claim was that, for reasons having to do with
logical definability, those statistical properties precluded \textsc{3Sat}%
\ from having a polynomial-time algorithm. \ During an intense online
discussion, however, skeptics pointed out that random \textsc{XorSat}---which
we previously mentioned as a satisfiability variant in $\mathsf{P}$---gives
rise to solution sets indistinguishable from those of random \textsc{3Sat},
with respect to the properties Deolalikar was using: see for example
\cite{deolalikar:wrong}. \ This implied that there must be one or more bugs in
the proof, though it still left the task of finding them (which was done later).
None of this means that proving $\mathsf{P}\neq\mathsf{NP}$\ is impossible.
\ \textit{A priori}, it might also have been hard to imagine a proof of the
unsolvability of the halting problem, but of course we know that such a proof
exists. \ As we'll see in Section \ref{LOGIC}, a central difference between
the two cases is that methods from logic---namely, diagonalization and
self-reference---worked to prove the unsolvability of the halting problem, but
there's a precise sense in which these methods \textit{can't} work (at least
not by themselves) to prove $\mathsf{P}\neq\mathsf{NP}$. \ A related
difference comes from the \textit{quantitative} character of $\mathsf{P}%
\neq\mathsf{NP}$: somehow, any proof will need to explain why polynomial-time
algorithm for \textsc{3Sat}\ is impossible, even though a $\left( 4/3\right)
^{n}$\ algorithm actually exists. \ In some sense, this need to make
quantitative distinctions---to say that, yes, brute-force search \textit{can}
be beaten, but only by this much for this problem and by that much for that
one---puts a lower bound on the sophistication of any $\mathsf{P}%
\neq\mathsf{NP}$\ proof.
\section{Strengthenings of the $\mathsf{P\neq NP}$\ Conjecture\label{VAR}}
I'll now survey various strengthenings of the $\mathsf{P}\neq\mathsf{NP}%
$\ conjecture, which are often needed for applications to cryptography,
quantum computing, fine-grained complexity, and elsewhere.\ \ Some of these
strengthenings will play a role when, in Section \ref{PROG}, we discuss the
main approaches to proving $\mathsf{P}\neq\mathsf{NP}$\ that have been tried.
\subsection{Different Running Times\label{RUNTIME}}
There's been a great deal of progress on beating brute-force search for many
$\mathsf{NP}$-complete problems, even if the resulting algorithms still take
exponential time. \ For example, Sch\"{o}ning proved the following in 1999.
\begin{theorem}
[Sch\"{o}ning \cite{schoning}]There's a randomized algorithm that solves
\textsc{3Sat}\ in $O(\left( 4/3\right) ^{n})$\ time.
\end{theorem}
For many $\mathsf{NP}$-complete\ problems like\ \textsc{HamiltonCycle}, for
which the obvious brute-force algorithm takes $\sim n!$\ time, it's also
possible to reduce the running time to $O\left( 2^{n}\right) $, or sometimes
even to $O\left( c^{n}\right) $\ for $c<2$, through clever tricks such as
\textit{dynamic programming} (discussed in Cormen et al.\ \cite{clrs},\ or any
other algorithms textbook).
How far can these algorithms be pushed? \ For example, is it possible that
\textsc{3Sat}\ could be solved in $2^{O\left( \sqrt{n}\right) }$\ time, as
various $\mathsf{NP}$\ problems like \textsc{Factoring} are known to be (see
Section \ref{FACGI})? \ An important conjecture called the Exponential Time
Hypothesis, or ETH, asserts that the answer is no:
\begin{conjecture}
[Exponential Time Hypothesis]Any deterministic algorithm for \textsc{3Sat}%
\ takes $\Omega\left( c^{n}\right) $\ steps, for some constant $c>1$.
\end{conjecture}
ETH is an ambitious strengthening of $\mathsf{P}\neq\mathsf{NP}$. \ Even
assuming $\mathsf{P}\neq\mathsf{NP}$, there's by no means a consensus in the
field that ETH is true---let alone still further strengthenings, like the
\textit{Strong} Exponential Time Hypothesis or SETH, which asserts that any
algorithm for $k$\textsc{Sat}\ requires $\Omega\left( \left( 2-\varepsilon
\right) ^{n}\right) $ time, for some $\varepsilon$\ that goes to zero as
$k\rightarrow\infty$. \ SETH, of course, goes even further out on a limb than
ETH does, and some algorithms researchers have been actively working to
disprove SETH (see \cite{williams:seth}\ for example).
One thing we \textit{do} know, however, is that if ETH or SETH hold, there are
numerous implications that are not known to follow from $\mathsf{P}%
\neq\mathsf{NP}$\ alone. \ One example concerns the problem of approximating
the value of a \textquotedblleft two-prover free game\textquotedblright: here
Impagliazzo, Moshkovitz, and I\ \cite{aim} gave an $n^{O\left( \log n\right)
}$-time algorithm, but we also proved that any $f\left( n\right) $-time
algorithm would imply a nearly $f\left( 2^{\sqrt{n}}\right) $-time algorithm
for \textsc{3Sat}. \ Thus, assuming ETH, our quasipolynomial-time algorithm is
essentially optimal, and our reduction from \textsc{3Sat}\ to free games is
\textit{also} essentially optimal.
A second example comes from recent work of Backurs and Indyk
\cite{backursindyk}, who studied the problem of \textsc{EditDistance}: that
is, given two strings, computing the minimum number of insertions, deletions,
and replacements needed to transform one string to the other. \ Here an
$O\left( n^{2}\right) $ algorithm\ has long been known \cite{wagnerfischer}.
\ In a 2015 breakthrough, Backurs and Indyk \cite{backursindyk} showed that
algorithm to be essentially optimal, assuming SETH.
Even more recently, Abboud et al.\ \cite{ahww}\ have shown that edit distance
requires nearly quadratic time under a \textquotedblleft
safer\textquotedblright\ conjecture:
\begin{theorem}
[Abboud et al.\ \cite{ahww}]\label{shaved}Suppose that the circuit
satisfiability problem, for circuits of depth $o\left( n\right) $, can't be
solved in $\left( 2-\varepsilon\right) ^{n}$\ time for any $\varepsilon>0$.
\ Then \textsc{EditDistance} requires $n^{2-o\left( 1\right) }$\ time.
\end{theorem}
In any case, we currently have no idea how to make similarly \textquotedblleft
fine-grained\textquotedblright\ statements about running times assuming only
$\mathsf{P}\neq\mathsf{NP}$.
\subsection{Nonuniform Algorithms and Circuits\label{NONUNIF}}
$\mathsf{P}\overset{?}{=}\mathsf{NP}$ asks whether there's a \textit{single}
algorithm that, for every input size $n$, solves an $\mathsf{NP}$-complete
problem like \textsc{3Sat}\ in time polynomial in $n$. \ But we could also
allow a different algorithm for each input size. \ For example, it often
happens in practice that a na\"{\i}ve algorithm works the fastest for inputs
up to a certain size (say $n=100$), then a slightly clever algorithm starts
doing better, then at $n\geq1000$ a \textit{very} clever algorithm starts to
outperform the slightly clever algorithm, and so on. \ In such a case, we
might not even know whether the sequence terminates with a \textquotedblleft
maximally clever algorithm,\textquotedblright\ or whether it goes on
forever.\footnote{The so-called \textit{Blum speedup theorem} \cite{blum}%
\ shows that we can artificially construct problems for which the sequence
continues forever, there being no single fastest algorithm. \ No
\textquotedblleft natural\textquotedblright\ problem is known to have this
behavior, though it's possible that some do. \ There are some natural
problems, such as $\mathsf{NP}\cap\mathsf{coNP}$ and $\mathsf{\#P}$-complete
problems, that are known \textit{not} to have this behavior. \ The reason is
that we can give an explicit algorithm for these problems that \textit{must}
be nearly asymptotically optimal, and that succeeds for all but finitely many
input lengths $n$: namely, an algorithm that simulates the
lexicographically-first $\log n$\ Turing machines until one of them supplies a
proof or interactive proof for the correct answer.}
To capture these situations, let $\mathsf{P/poly}$\ be the class of languages
$L$ for which there exists a polynomial-time Turing machine $M$, as well as an
infinite set of \textquotedblleft advice strings\textquotedblright%
\ $a_{1},a_{2},\ldots$, where $a_{n}$\ is $p\left( n\right) $\ bits long for
some polynomial $p$, such that for all $n$ and all $x\in\left\{ 0,1\right\}
^{n}$, we have%
\[
M\left( x,a_{n}\right) \text{ accepts}\Longleftrightarrow x\in L.
\]
An equivalent way to define $\mathsf{P/poly}$ is as the class of languages
recognized by a family of \textit{polynomial-size circuits}, one for each
input size $n$. \ In theoretical computer science, a circuit just means a
directed acyclic\footnote{Despite the term \textquotedblleft
circuit,\textquotedblright\ which comes from electrical engineering, circuits
in theoretical computer science are ironically \textit{free} of cycles; they
proceed from the inputs to the output via layers of logic gates.} graph
$C_{n}$\ of Boolean logic gates (such as AND, OR, NOT), with the input bits
$x_{1},\ldots,x_{n}$\ at the bottom, and an output bit determining
whether\ $x\in L$ at the top. \ The \textit{size} of a circuit is the number
of gates in it. \ The \textit{fanin} of a circuit is the maximum number of
input wires that can enter a gate $g$, while the \textit{fanout} is the
maximum number of output wires that can emerge from $g$ (that is, the number
of other gates that can depend directly on $g$'s output). \ For now, we're
considering circuits with a fanin of $2$ and unlimited fanout.
We call\ $\mathsf{P/poly}$ the \textit{nonuniform} generalization of
$\mathsf{P}$, where `nonuniform' just means that the circuit $C_{n}$\ could
have a different structure for each $n$ (i.e., there need not be an efficient
algorithm that outputs a description of $C_{n}$\ given $n$ as input).
\ Certainly $\mathsf{P}\subset\mathsf{P/poly}$, but there's no containment in
the other direction.\footnote{This is a rare instance where non-containment
can actually be \textit{proved}.\ \ For example, any unary language (i.e.,
language of the form $\left\{ 0^{n}:n\in S\right\} $) is clearly in
$\mathsf{P/poly}$, since the $n^{th}$\ circuit can just hardwire whether $n\in
S$. \ But there's an uncountable infinity of unary languages, whereas
$\mathsf{P}$ is countable, so almost all unary languages are outside
$\mathsf{P}$. \ Alternatively, we can observe that the unary language
$\left\{ 0^{n}:\text{the }n^{th}\text{\ Turing machine halts}\right\}
$\ can't be in $\mathsf{P}$, since it's simply a version of the halting
problem.}
Now, the nonuniform version of the $\mathsf{P}\neq\mathsf{NP}$\ conjecture is
the following.
\begin{conjecture}
$\mathsf{NP\not \subset P/poly}$.
\end{conjecture}
If $\mathsf{P}=\mathsf{NP}$, then certainly $\mathsf{NP}\subset\mathsf{P/poly}%
$,\ but the converse need not hold. \ About the closest we have to a converse
is the \textit{Karp-Lipton Theorem} \cite{kl}:
\begin{theorem}
\label{klthm}If $\mathsf{NP}\subset\mathsf{P/poly}$, then $\mathsf{PH}%
$\ collapses to $\mathsf{\Sigma}_{2}^{\mathsf{P}}$.
\end{theorem}
\begin{proof}
Consider a problem in $\Pi_{2}^{\mathsf{P}}$: say, \textquotedblleft for all
$x\in\left\{ 0,1\right\} ^{p\left( n\right) }$, does there exist a
$y\in\left\{ 0,1\right\} ^{p\left( n\right) }$\ such that $A\left(
x,y\right) $\ accepts?\textquotedblright, for some polynomial $p$ and
polynomial-time algorithm $A$. \ Assuming $\mathsf{NP}\subset\mathsf{P/poly}$,
we can solve that problem in $\mathsf{\Sigma}_{2}^{\mathsf{P}}$\ as follows:
\begin{itemize}
\item \textquotedblleft Does there exist a circuit $C$ such that for all $x$,
the algorithm $A\left( x,C\left( x\right) \right) $%
\ accepts?\textquotedblright
\end{itemize}
For if $\mathsf{NP}\subset\mathsf{P/poly}$\ and $\forall x\exists yA\left(
x,y\right) $ is true, then clearly there exists a polynomial-size circuit
$C$\ that takes $x$ as input, and outputs a $y$\ such that $A\left(
x,y\right) $ accepts. \ So we can simply use the existential quantifier in
our $\mathsf{\Sigma}_{2}^{\mathsf{P}}$\ algorithm to guess a description of
that circuit.
We conclude that, if $\mathsf{NP}\subset\mathsf{P/poly}$, then $\Pi
_{2}^{\mathsf{P}}\subseteq\mathsf{\Sigma}_{2}^{\mathsf{P}}$ (and by symmetry,
$\mathsf{\Sigma}_{2}^{\mathsf{P}}\subseteq\Pi_{2}^{\mathsf{P}}$). \ But this
is known to cause a collapse of the entire polynomial hierarchy to
$\mathsf{\Sigma}_{2}^{\mathsf{P}}$.
\end{proof}
In summary, while most complexity theorists conjecture that $\mathsf{NP}%
\not \subset \mathsf{P/poly}$, as far as we know it's a stronger conjecture
than $\mathsf{P}\neq\mathsf{NP}$. \ Indeed, it's even plausible that future
techniques could prove $\mathsf{P}\neq\mathsf{NP}$\ without proving
$\mathsf{NP}\not \subset \mathsf{P/poly}$: for example, as we'll discuss in
Section \ref{LOGIC}, we can currently prove $\mathsf{P}\neq\mathsf{EXP}$, but
can't currently prove $\mathsf{EXP}\not \subset \mathsf{P/poly}$, or even
$\mathsf{NEXP}\not \subset \mathsf{P/poly}$. \ Despite this, as we'll see in
Section \ref{PROG}, \textit{most} techniques that have been explored for
proving $\mathsf{P}\neq\mathsf{NP}$, would actually yield the stronger result
$\mathsf{NP}\not \subset \mathsf{P/poly}$\ if they worked. \ For that reason,
$\mathsf{P/poly}$\ plays a central role in work on the $\mathsf{P}%
\overset{?}{=}\mathsf{NP}$\ question.
There's one other aspect of circuit complexity that will play a role later in
this survey: \textit{depth}. \ The depth of a circuit simply means the length
of the longest path from an input bit to the output bit---or, if we think of
the logic gates as organized into layers, then the number of layers. \ There's
a subclass of $\mathsf{P/poly}$\ called $\mathsf{NC}^{1}$ (the $\mathsf{NC}%
$\ stands for \textquotedblleft Nick's Class,\textquotedblright\ after Nick
Pippenger), which consists of all languages that are decided by a family of
circuits that have polynomial size and \textit{also} depth $O\left( \log
n\right) $.\footnote{If each logic gate depends on at most $2$ inputs, then
$\log_{2}n$\ is the smallest depth that allows the output to depend on all $n$
input bits.} \ One can also think of $\mathsf{NC}^{1}$\ as the class of
problems solvable in logarithmic time (nonuniformly) using a polynomial number
of parallel processors. \ It's conjectured that $\mathsf{P}\not \subset
\mathsf{NC}^{1}$\ (that is, not all efficient algorithms can be parallelized),
but alas, even showing $\mathsf{NEXP}\not \subset \mathsf{NC}^{1}$ remains
open at present.
Another way to define $\mathsf{NC}^{1}$\ is as the class of languages
decidable by a family of polynomial-size Boolean \textit{formulas}. \ In
theoretical computer science, a formula just means a circuit where every gate
has fanout $1$\ (that is, where a gate cannot have its output fed as input to
multiple other gates). \ To see the equivalence: in one direction, by
replicating subcircuits wherever necessary, clearly any circuit of depth $d$
and size $s$ can be \textquotedblleft unraveled\textquotedblright\ into a
formula of depth $d$\ and size at most $2^{d}s$, which is still polynomial in
$n$ if $d=O\left( \log n\right) $\ and $s=n^{O\left( 1\right) }$. \ In the
other direction, there's an extremely useful fact proved by Spira
\cite{spira}, called \textquotedblleft depth reduction.\textquotedblright
\begin{proposition}
[Spira \cite{spira}]\label{brentprop}Given any Boolean formula of size $S$,
there is an equivalent formula of size $S^{O\left( 1\right) }$\ and depth
$O\left( \log S\right) $.\footnote{Bshouty, Cleve, and Eberly \cite{bce}%
\ showed that the size of the depth-reduced formula can even be taken to be
$O\left( S^{1+\varepsilon}\right) $, for any constant $\varepsilon>0$.}
\end{proposition}
Because of Proposition \ref{brentprop}, the minimum depth $D$\ of any formula
for a Boolean function $f$\ is simply $\Theta\left( \log S\right) $,\ where
$S$ is the minimum size of any formula for $f$. \ For circuits, by contrast,
size and depth are two independent variables, which might in general be
related only by $D\leq S\leq2^{D}$.
\subsection{Average-Case Complexity\label{OWF}}
If $\mathsf{P}\neq\mathsf{NP}$, that means that there are $\mathsf{NP}$
problems for which no Turing machine succeeds at solving \textit{all}
instances in polynomial time. \ But often, especially in cryptography, we need
more than that. \ It would be laughable to advertise a cryptosystem on the
grounds that there \textit{exist} messages that are hard to decode! \ So it's
natural to ask whether there are $\mathsf{NP}$ problems that are hard
\textquotedblleft in the average case\textquotedblright\ or \textquotedblleft
on random instances,\textquotedblright\ rather than merely in the worst
case.\ \ More pointedly, does the existence of such problems follow from
$\mathsf{P}\neq\mathsf{NP}$, or is it a different, stronger assumption?
The first step is to clarify what we mean by a \textquotedblleft random
instance.\textquotedblright\ \ For some $\mathsf{NP}$-complete problems, it
makes sense to ask about a \textit{uniform} random instance: for example, we
can consider \textsc{3Sat}\ with $n$ variables and $m=\alpha n$
uniformly-random clauses (for some constant $\alpha$), or \textsc{3Coloring}%
\ on an Erd\H{o}s-R\'{e}nyi random graph.\footnote{That is, a graph where
every two vertices are connected by an edge with independent probability $p$.}
\ In those cases, the difficulty tends to vary wildly with the problem and the
precise distribution. \ With \textsc{3Sat}, for example, if the
clause/variable ratio $\alpha$ is too small, then random instances are
trivially satisfiable, while if $\alpha$\ is too large, then they're trivially
unsatisfiable. \ But there's a \textquotedblleft sweet spot,\textquotedblright%
\ $\alpha\approx4.2667$, where random \textsc{3Sat}\ undergoes a phase
transition from satisfiable to unsatisfiable, and where the difficulty seems
to blow up accordingly. \ Even at the threshold, however, random
\textsc{3Sat}\ might still be much easier than worst-case \textsc{3Sat}: the
breakthrough \textit{survey propagation algorithm}\ \cite{survprop} can solve
random \textsc{3Sat}\ quickly, even for $\alpha$\ extremely close to the
threshold.\footnote{But making matters more complicated still, \ survey
propagation fails badly on random \textsc{4Sat}.} \ More generally, there's
been a great deal of work on understanding particular distributions over
instances, often using tools from statistical physics: for an accessible
introduction, see for example Moore and Mertens \cite{mooremertens}.
\ Unfortunately, there are almost no known reductions among these sorts of
distributional problems, which would let us say that if one of them is hard
then so is another. \ The reason is that almost any imaginable reduction from
problem $A$ to problem $B$ will map a random instance of $A$ to an extremely
special, \textit{non}-random instance of $B$.
This means that, if we want to pick random instances of\ $\mathsf{NP}%
$-complete problems\ and be confident they're hard, then we might need
carefully-tailored distributions. \ Levin \cite{levin:univ}, and Li and
Vit\'{a}nyi \cite{livitanyi:ipl},\ observed that there exists a
\textquotedblleft universal distribution\textquotedblright\ $\mathcal{D}%
$---independent of the specific problem---with the remarkable property that
\textit{any algorithm that fails on any instance, will also fail with high
probability with respect to instances drawn from} $\mathcal{D}$. \ Briefly,
one constructs $\mathcal{D}$\ by giving each string $x\in\left\{ 0,1\right\}
^{\ast}$\ a probability proportional to $2^{-K\left( x\right) }$, where
$K\left( x\right) $\ is the \textit{Kolmogorov complexity} of $x$: that is,
the number of bits in the shortest computer program whose output is $x$. \ One
then argues that, given any algorithm $A$, one can design a short computer
program that brute-force searches for the first instances on which
$A$\ fails---and for that reason, if there are any such instances, then
$\mathcal{D}$\ will assign them a high probability!
In this construction, the catch is that there's no feasible way actually to
\textit{sample} instances from the magical distribution $\mathcal{D}$. \ Thus,
given a family of distributions $\mathcal{D}=\left\{ \mathcal{D}_{n}\right\}
_{n\geq1}$, where $\mathcal{D}_{n}$\ is over $\left\{ 0,1\right\} ^{p\left(
n\right) }$ (for some polynomial $p$), call $\mathcal{D}$%
\ \textit{efficiently samplable}\ if there exists a Turing machine that takes
as input a positive integer $n$ and a uniformly random string $r\in\left\{
0,1\right\} ^{q\left( n\right) }$ (for some polynomial $q$), and that
outputs a sample from $\mathcal{D}_{n}$\ in time polynomial in $n$. \ Then the
real question, we might say, is whether there exist $\mathsf{NP}$-complete
problems that are hard on average with respect to efficiently samplable
distributions. \ More formally, does the following conjecture hold?
\begin{conjecture}
[$\mathsf{NP}$ Hard on Average]\label{avghard}There exists a language
$L\in\mathsf{NP}$, as well as an efficiently samplable family of distributions
$\mathcal{D}=\left\{ \mathcal{D}_{n}\right\} _{n\geq1}$, such that for all
polynomial-time algorithms $A$, there exists an $n$ such that%
\[
\Pr_{x\sim\mathcal{D}_{n}}\left[ A\left( x\right) =L\left( x\right)
\right] <0.51.
\]
Here $L\left( x\right) \in\left\{ 0,1\right\} $\ denotes the
characteristic function of $L$.
\end{conjecture}
Note that, if Conjecture \ref{avghard} holds, then for \textit{every}
$\mathsf{NP}$-hard language $L^{\prime}$, there exists an efficiently
samplable family of distributions $\mathcal{D}^{\prime}$\ such that
$L^{\prime}$\ is hard on average with respect to instances drawn from
$\mathcal{D}^{\prime}$. \ We can obtain this $\mathcal{D}^{\prime}$\ by simply
starting with a sample from $\mathcal{D}$, and then applying the reduction
from $L$\ to $L^{\prime}$.
It's a longstanding open problem whether\ $\mathsf{P}\neq\mathsf{NP}$ implies
Conjecture \ref{avghard}. \ There are $\mathsf{NP}$ problems---one famous
example being the discrete logarithm problem---that are known to have the
remarkable property of \textit{worst-case/average-case equivalence}. \ That
is, any polynomial-time algorithm for these problems that works on (say) 10\%
of instances implies a polynomial-time algorithm for \textit{all} instances;
and conversely, if the problem is hard at all then it's hard on average.
\ However, despite decades of work, no one has been able to show
worst-case/average-case equivalence for any $\mathsf{NP}$-complete problem
(with respect to any efficiently samplable distribution), and there are known
obstacles to such a result. \ For details, see for example the survey by
Bogdanov and Trevisan \cite{bt}.
\subsubsection{Cryptography and One-Way Functions\label{CRYPTO}}
One might hope that, even if we can't base secure cryptography solely on the
assumption that $\mathsf{P}\neq\mathsf{NP}$, at least we could base it on
Conjecture \ref{avghard}. \ But there's one more obstacle. \ In cryptography,
we don't merely need $\mathsf{NP}$\ problems for which it's easy to generate
hard instances: rather, we need $\mathsf{NP}$\ problems for which it's easy to
generate hard instances, \textit{along with secret solutions to those
instances}. \ This motivates the definition of a \textit{one-way function
(OWF)}, perhaps the central concept of modern cryptography. \ Let $f=\left\{
f_{n}\right\} _{n\geq1}$\ be a family of functions, with $f_{n}:\left\{
0,1\right\} ^{n}\rightarrow\left\{ 0,1\right\} ^{p\left( n\right) }$ for
some polynomial $p$. \ Then we call $f$ a one-way function family if
\begin{enumerate}
\item[(1)] $f_{n}$ is computable in time polynomial in $n$, but
\item[(2)] $f_{n}$ is hard to invert: that is, for all polynomial-time
algorithms $A$ and polynomials $q$, we have%
\[
\Pr_{x\sim\left\{ 0,1\right\} ^{n}}\left[ f_{n}\left( A\left(
f_{n}\left( x\right) \right) \right) =f_{n}\left( x\right) \right]
<\frac{1}{q\left( n\right) }%
\]
for all sufficiently large $n$.
\end{enumerate}
We then make the following conjecture.
\begin{conjecture}
\label{owfconj}There exists a one-way function family.
\end{conjecture}
Conjecture \ref{owfconj} is stronger than Conjecture \ref{avghard}, which in
turn is stronger than $\mathsf{P}\neq\mathsf{NP}$. \ Indeed, it's not hard to
show the following.
\begin{proposition}
\label{equiv}Conjecture \ref{owfconj} holds if and only if there exists a fast
way to generate hard random \textsc{3Sat}\ instances with \textquotedblleft
planted solutions\textquotedblright: that is, an efficiently samplable family
of distributions $\mathcal{D}=\left\{ \mathcal{D}_{n}\right\} _{n}$\ over
$\left( \varphi,x\right) $\ pairs, where $\varphi$\ is a satisfiable
\textsc{3Sat}\ instance and $x$\ is a satisfying assignment to $\varphi$, such
that for all polynomial-time algorithms $A$ and all polynomials $q$,%
\[
\Pr_{\varphi\sim\mathcal{D}_{n}}\left[ A\left( \varphi\right) \text{ finds
a satisfying assignment to }\varphi\right] <\frac{1}{q\left( n\right) }%
\]
for all sufficiently large $n$.
\end{proposition}
\begin{proof}
Given a one-way function family $f$, we can generate a hard random
\textsc{3Sat}\ instance with a planted solution by choosing $x\in\left\{
0,1\right\} ^{n}$ uniformly at random, computing $f_{n}\left( x\right) $,
and then using the Cook-Levin Theorem (Theorem \ref{cooklevin}) to construct a
\textsc{3Sat}\ instance that encodes the problem of finding a preimage of
$f_{n}\left( x\right) $. \ Conversely, given a polynomial-time algorithm
that takes as input a positive integer $n$ and a random string $r\in\left\{
0,1\right\} ^{p\left( n\right) }$ (for some polynomial $p$), and that
outputs a hard \textsc{3Sat}\ instance $\varphi_{r}$\ together with a planted
solution $x_{r}$\ to $\varphi_{r}$, the function $f_{n}\left( r\right)
:=\varphi_{r}$ will necessarily be one-way, since inverting $f_{n}$\ would let
us find a satisfying assignment to $\varphi_{r}$.
\end{proof}
Conjecture \ref{owfconj} turns out to suffice for building most of the
ingredients of private-key cryptography, notably including pseudorandom
generators \cite{hill}\ and pseudorandom functions \cite{ggm}. \ Furthermore,
while Conjecture \ref{owfconj}\ is formally stronger than $\mathsf{P}%
\neq\mathsf{NP}$, Proposition \ref{equiv}\ suggests that the two conjectures
are conceptually similar: \textquotedblleft all we're asking
for\textquotedblright\ is a hard $\mathsf{NP}$\ problem, together with a fast
way to generate hard solved instances of it!
This contrasts with the situation for \textit{public-key} cryptography---i.e.,
the kind of cryptography that doesn't require any secrets to be shared in
advance, and which is used for sending credit-card numbers over the web. \ To
create a secure public-key cryptosystem, we need something even stronger than
Conjecture \ref{owfconj}: for example, a \textit{trapdoor} OWF,\footnote{There
are closely-related objects, such as \textquotedblleft lossy\textquotedblright%
\ trapdoor OWFs (see \cite{lossytdowf}), that also suffice for building
public-key cryptosystems.}$^{,}$\footnote{By contrast, public-key
\textit{digital signature schemes}---that is, ways to authenticate a message
without a shared secret key---can be constructed under the sole assumption
that OWFs exist. \ See for example Rompel \cite{rompel}.} which is an OWF with
the additional property that it becomes easy to invert if we're given a secret
\textquotedblleft trapdoor\textquotedblright\ string generated along with the
function. \ We do, of course, have candidates for secure public-key
cryptosystems, which are based on problems such as factoring, discrete
logarithms (over both multiplicative groups and elliptic curves), and finding
planted short nonzero vectors in lattices. \ To date, however, all public-key
cryptosystems require \textquotedblleft sticking our necks
out,\textquotedblright\ and conjecturing the hardness of some specific
$\mathsf{NP}$ problem, something with much more structure than any known
$\mathsf{NP}$-complete problem.
In other words, for public-key cryptography, today one has to make conjectures
that go fundamentally beyond $\mathsf{P}\neq\mathsf{NP}$, or even the
existence of OWFs. \ Even if someone proved $\mathsf{P}\neq\mathsf{NP}$ or
Conjecture \ref{owfconj}, reasonable doubt could still remain about the
security of known public-key cryptosystems.
\subsection{Randomized Algorithms\label{RANDOM}}
Even assuming $\mathsf{P}\neq\mathsf{NP}$, we can still ask whether
$\mathsf{NP}$-complete problems can be solved in polynomial time with help
from random bits. \ This is a different question than whether $\mathsf{NP}%
$\ is hard on average: whereas before we were asking about algorithms that
solve \textit{most} instances (with respect to some distribution), now we're
asking about algorithms that solve \textit{all} instances, for \textit{most}
choices of some auxiliary random numbers.
Historically, algorithm designers have often resorted to randomness, to deal
with situations where \textit{most} choices that an algorithm could make are
fine, but any \textit{specific} choice will lead to terrible behavior on
certain inputs. \ For example, in Monte Carlo simulation, used throughout
science and engineering, we estimate the volume of a high-dimensional object
by just sampling random points, and then checking what fraction of them lie
inside. \ Another example concerns \textit{primality testing}: that is,
deciding the language%
\[
\text{\textsc{Primes}}=\left\{ N:N\text{ is a binary encoding of a prime
number}\right\} .
\]
In modern cryptosystems such as RSA, generating a key requires choosing large
random primes, so it's just as important that primality testing be
\textit{easy} as that the related factoring problem be hard! \ In the 1970s,
Rabin \cite{rabin}\ and Solovay and Strassen \cite{solovaystrassen}\ showed
how to decide \textsc{Primes}\ in time polynomial in $\log N$\ (i.e., the
number of digits of $N$). \ The catch was that their algorithms were
randomized:\ in addition to $N$, they required a second input $r$; and for
each $N$, the algorithms were guaranteed to succeed for most $r$'s but not all
of them. \ Miller \cite{miller}\ also proposed a deterministic polynomial-time
algorithm for \textsc{Primes}, but could only prove the algorithm correct
assuming the Extended Riemann Hypothesis. \ Finally, after decades of work on
the problem, in 2002 Agrawal, Kayal, and Saxena \cite{aks}\ gave an
unconditional proof that \textsc{Primes}\ is in $\mathsf{P}$. \ In other
words, if we only care about testing primality in polynomial time, and not
about the degree of the polynomial, then randomness was never needed after all.
A third example of the power of randomness comes from the \textit{polynomial
identity testing} (\textsc{PIT}) problem. \ Here we're given as input a
circuit or formula, composed of addition and multiplication gates, that
computes a polynomial $p:\mathbb{F}\rightarrow\mathbb{F}$ over a finite field
$\mathbb{F}$. \ The question is whether $p$\ is the identically-zero
polynomial---that is, whether the identity $p\left( x\right) =0$\ holds.
\ If $\deg\left( p\right) \ll\left\vert \mathbb{F}\right\vert $, then
algebra immediately suggests a way to solve this problem: simply pick an
$x\in\mathbb{F}$\ uniformly at random and check whether $p\left( x\right)
=0$. \ Since a nonzero polynomial $p$\ can vanish on at most $\deg\left(
p\right) $\ points, the probability that we'll \textquotedblleft get
unlucky\textquotedblright\ and choose one of those points is at most\ $\deg
\left( p\right) /\left\vert \mathbb{F}\right\vert $. \ To this day, no one
knows of any deterministic approach that achieves similar
performance.\footnote{At least, not for \textit{arbitrary} polynomials
computed by small formulas or circuits. \ A great deal of progress has been
made derandomizing \textsc{PIT} for restricted classes of polynomials. \ In
fact, the deterministic primality test of Agrawal, Kayal, and Saxena
\cite{aks} was based on a derandomization of one extremely special case of
\textsc{PIT}.} \ Derandomizing \textsc{PIT}---that is, replacing the
randomized algorithm by a comparably-efficient deterministic one---is
considered one of the frontier problems of theoretical computer science. \ For
details, see for example the survey of Shpilka and Yehudayoff \cite{shpilkay}.
\subsubsection{$\mathsf{BPP}$ and Derandomization\label{DERAND}}
What's the power of randomness more generally? \ Can \textit{every} randomized
algorithm be derandomized, as ultimately happened with \textsc{Primes}? \ To
explore these issues, complexity theorists study several randomized
generalizations of the class $\mathsf{P}$. \ We'll consider just one of
them:\ \textit{Bounded-Error Probabilistic Polynomial-Time}, or $\mathsf{BPP}%
$, is the class of languages $L\subseteq\left\{ 0,1\right\} ^{\ast}$ for
which there exists a polynomial-time Turing machine $M$, as well as a
polynomial $p$, such that for all inputs $x\in\left\{ 0,1\right\} ^{n}$,%
\[
\Pr_{r\in\left\{ 0,1\right\} ^{p\left( n\right) }}\left[ M\left(
x,r\right) =L\left( x\right) \right] \geq\frac{2}{3}.
\]
In other words, for every $x$, the machine $M$ must correctly decide whether
$x\in L$\ \textquotedblleft most of the time\textquotedblright\ (that is, for
most choices of $r$). \ Crucially, here we can easily replace the constant
$2/3$\ by any other number between $1/2$ and $1$,\ or even by a function like
$1-2^{-n}$. \ So for example, if we wanted to know $x\in L$ with
$0.999999$\ confidence, then we'd simply run $M$\ several times, with
different independent values of $r$, and then output the majority vote among
the results.
It's clear that $\mathsf{P}\subseteq\mathsf{BPP}\subseteq\mathsf{PSPACE}$.
\ More interestingly, Sipser \cite{sipser:bpp} and Lautemann \cite{lautemann}%
\ proved that $\mathsf{BPP}$\ is contained in $\mathsf{\Sigma}_{2}%
^{\mathsf{P}}\cap\mathsf{\Pi}_{2}^{\mathsf{P}}$\ (that is, the second level of
$\mathsf{PH}$). \ The Rabin-Miller and Solovay-Strassen algorithms imply that
\textsc{Primes~}$\in\mathsf{BPP}$.
Today, most complexity theorists conjecture that what happened to
\textsc{Primes} can happen to all of $\mathsf{BPP}$:
\begin{conjecture}
$\mathsf{P}=\mathsf{BPP}$.
\end{conjecture}
The reason for this conjecture is that it follows from the existence of good
enough \textit{pseudorandom generators}, which we could use to replace the
random string $r$ in any $\mathsf{BPP}$\ algorithm $M$\ by deterministic
strings that \textquotedblleft look random, as far as $M$\ can
tell.\textquotedblright\ \ Furthermore, work in the 1990s showed that, if we
grant certain plausible lower bounds on circuit size, then these pseudorandom
generators exist. \ Perhaps the most striking result along these lines is that
of Impagliazzo and Wigderson \cite{iw}:
\begin{theorem}
[Impagliazzo-Wigderson \cite{iw}]\label{pbpp}Suppose there exists a language
decidable in $2^{n}$\ time, which requires nonuniform circuits of size
$2^{\Omega\left( n\right) }$. \ Then $\mathsf{P}=\mathsf{BPP}$.
\end{theorem}
Of course, if $\mathsf{P}=\mathsf{BPP}$, then the question of whether
randomized algorithms can efficiently solve $\mathsf{NP}$-complete problems is
just the original $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ question in a
different guise. \ Ironically, however, the \textquotedblleft
obvious\textquotedblright\ approach to proving $\mathsf{P}=\mathsf{BPP}$\ is
to prove a strong circuit lower bound---and if we knew how to do that, perhaps
we could prove $\mathsf{P}\neq\mathsf{NP}$ as well!
Even if we don't assume $\mathsf{P}=\mathsf{BPP}$, it's easy to show that
deterministic \textit{nonuniform} algorithms (see Section \ref{NONUNIF}) can
simulate randomized algorithms:
\begin{proposition}
[Adleman \cite{adleman:bpp}]\label{adlemanprop}$\mathsf{BPP}\subset
\mathsf{P/poly}$.
\end{proposition}
\begin{proof}
Let the language $L$\ be decided by a $\mathsf{BPP}$\ algorithm that uses
$p\left( n\right) $ random bits. \ Then by using $q\left( n\right)
=O\left( n\cdot p\left( n\right) \right) $ random bits, running the
algorithm $O\left( n\right) $\ times with independent random bits each time,
and outputting the majority answer, we can push the probability of error on
any given input $x\in\left\{ 0,1\right\} ^{n}$\ from $1/3$\ down to (say)
$2^{-2n}$. \ Thus, the probability that there \textit{exists} an $x\in\left\{
0,1\right\} ^{n}$\ on which the algorithm errs is at most $2^{n}\left(
2^{-2n}\right) =2^{-n}$. \ This means, in particular, that there must be a
fixed choice for the random string $r\in\left\{ 0,1\right\} ^{q\left(
n\right) }$ that causes the algorithm to succeed on all $x\in\left\{
0,1\right\} ^{n}$. \ So to decide $L$\ in $\mathsf{P/poly}$, we simply
\textquotedblleft hardwire\textquotedblright\ that $r$\ as the advice.
\end{proof}
By combining Theorem \ref{klthm} with Proposition \ref{adlemanprop},\ we
immediately obtain that if $\mathsf{NP}\subseteq\mathsf{BPP}$, then the
polynomial hierarchy collapses to the second level. \ So the bottom line is
that the $\mathsf{NP}\subseteq\mathsf{BPP}$\ question is likely\ identical to
the $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ question, but is extremely tightly
related even if not.
\subsection{Quantum Algorithms\label{QUANTUM}}
The class $\mathsf{BPP}$ might not exhaust what the physical world lets us
efficiently compute, with quantum computing an obvious contender for going
further. \ In 1993, Bernstein and Vazirani \cite{bv}\ defined the complexity
class $\mathsf{BQP}$, or Bounded-Error Quantum Polynomial-Time, as a
quantum-mechanical generalization of $\mathsf{BPP}$. \ (Details of quantum
computing and $\mathsf{BQP}$\ are beyond the scope of this survey, but see
\cite{nc,aar:qcsd}.) \ Bernstein and Vazirani, along with Adleman, DeMarrais,
and Huang \cite{adh}, also showed some basic containments:%
\[
\mathsf{P}\subseteq\mathsf{BPP}\subseteq\mathsf{BQP}\subseteq\mathsf{PP}%
\subseteq\mathsf{P}^{\mathsf{\#P}}\subseteq\mathsf{PSPACE.}%
\]
In 1994, Shor \cite{shor}\ famously showed that the factoring and discrete
logarithm problems are in $\mathsf{BQP}$---and hence, that a scalable quantum
computer, if built, could break almost all currently-used public-key
cryptography. \ A more theoretical implication of Shor's results is that,
\textit{if} factoring or discrete logarithm is hard classically, then
$\mathsf{BPP}\neq\mathsf{BQP}$. \ To design his quantum algorithms, Shor had
to exploit extremely special properties of factoring and discrete logarithm,
which aren't known or believed to hold for $\mathsf{NP}$-complete problems.
The quantum analogue of the $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ question is
the question of whether $\mathsf{NP}\subseteq\mathsf{BQP}$: that is,
\textit{can quantum computers solve }$\mathsf{NP}$\textit{-complete problems
in polynomial time?}\footnote{One can also consider the $\mathsf{QMA}%
$-complete problems, which are a quantum generalization of the $\mathsf{NP}%
$-complete problems themselves (see \cite{bookatz}), but we won't pursue that
here.} \ Most quantum computing researchers conjecture that the answer is no:
\begin{conjecture}
\label{bqpconj}$\mathsf{NP}\not \subset \mathsf{BQP}$.
\end{conjecture}
Naturally, there's little hope of proving Conjecture \ref{bqpconj} at present,
since any proof would imply $\mathsf{P}\neq\mathsf{NP}$! \ We don't even know
today how to prove conditional statements (analogous to what we have for
$\mathsf{BPP}$\ and $\mathsf{P/poly}$): for example, that if $\mathsf{NP}%
\subseteq\mathsf{BQP}$\ then $\mathsf{PH}$ collapses. \ On the other hand, it
\textit{is} known that, if a fast quantum algorithm for $\mathsf{NP}$-complete
problems exists, then in some sense it will have to be extremely different
from Shor's or any other known quantum algorithm. \ For example, Bennett et
al.\ \cite{bbbv}\ showed that, if we ignore the structure of $\mathsf{NP}%
$-complete problems, and just consider the abstract task of searching an
unordered list, then quantum computers can provide at most a square-root
speedup over the classical running time. \ As Bennett et al.\ \cite{bbbv}%
\ noted, this implies that there exists an oracle $A$ such that $\mathsf{NP}%
^{A}\not \subset \mathsf{BQP}^{A}$. \ Note that the square-root speedup is
actually achievable, using \textit{Grover's algorithm} \cite{grover}. \ For
most $\mathsf{NP}$-complete problems, however, the fastest known quantum
algorithm will be obtained by simply layering Grover's algorithm on top of the
fastest known classical algorithm, yielding a quadratic speedup but no
more.\footnote{One can artificially design an $\mathsf{NP}$-complete
problem\ with a superpolynomial quantum speedup over the best known classical
algorithm by, for example, taking the language%
\begin{align*}
L & =\left\{ 0\varphi0\cdots0~|~\varphi\text{ is a satisfiable
\textsc{3Sat}\ instance of size }n^{0.01}\right\} \cup\\
& \left\{ 1x~|~x\text{ is a binary encoding of a positive integer with an
odd number of distinct prime factors}\right\} .
\end{align*}
Clearly $L$\ is $\mathsf{NP}$-complete, and a quantum algorithm can decide $L$
in $O\left( c^{n^{0.01}}\right) $\ time for some $c$, whereas the best known
classical algorithm will take $\sim\exp\left( n^{1/3}\right) $\ time.
\par
Conversely, there are also $\mathsf{NP}$-complete\ problems for which a
quadratic quantum speedup is unknown---say, because the best known classical
algorithm is based on dynamic programming, and it's unclear how to combine
that with Grover's algorithm. \ One possible example is the Traveling
Salesperson Problem, which is solvable in $O\left( 2^{n}\operatorname*{poly}%
\left( n\right) \right) $\ time using the Held-Karp dynamic programming
algorithm \cite{heldkarp}, whereas a na\"{\i}ve application of Grover's
algorithm yields only the worse bound $O(\sqrt{n!})$. \ As this survey was
being completed, work by Moylett et al.\ \cite{mlm} showed how to achieve a
quadratic quantum speedup over the best known classical algorithms, for
Traveling Salesperson on graphs of bounded degree $3$ or $4$. \ But it remains
unclear how broadly these techniques can be applied.} \ So for example, as far
as anyone knows today, even a quantum computer would need $2^{\Omega\left(
n\right) }$\ time to solve \textsc{3Sat}.
Of course, one can also wonder whether the physical world might provide
computational resources even \textit{beyond} quantum computing (based on black
holes? closed timelike curves? modifications to quantum mechanics?), and if
so, whether \textit{those} resources might enable the polynomial-time solution
of $\mathsf{NP}$-complete problems. \ If so, we might still have
$\mathsf{P}\neq\mathsf{NP}$---keep in mind that the classes $\mathsf{P}%
$\ and\ $\mathsf{NP}$\ have fixed mathematical definitions, which don't change
with the laws of physics---but we'd also have $\mathsf{NP}\subseteq
\mathcal{C}$, where $\mathcal{C}$\ is whichever class of problems is
efficiently solvable in the physical world.\footnote{For example, if the world
is governed by quantum mechanics as physicists currently understand it, then
$\mathcal{C}=\mathsf{BQP}$.} \ Such speculations are beyond the scope of this
article, but see for example \cite{aar:np}.
\section{Progress\label{PROG}}
One common view among mathematicians is that questions like $\mathsf{P}%
\overset{?}{=}\mathsf{NP}$, while undoubtedly important, are just too hard to
make progress on in the present state of mathematics. \ It's true that we seem
to be nowhere close to a solution, but in this section, I'll build a case that
the extreme pessimistic view is unwarranted. \ I'll explain what genuine
knowledge I think we have, relevant to proving $\mathsf{P}\neq\mathsf{NP}$,
that we didn't have thirty years ago or in many cases ten years ago. \ One
could argue that, if $\mathsf{P}\neq\mathsf{NP}$\ is a distant peak, then all
the progress has remained in the foothills. \ On the other hand, scaling the
foothills has \textit{already} been nontrivial, so anyone aiming for the
summit had better get acquainted with what's been done.
More concretely, I'll tell a story of the interaction between \textit{lower
bounds} and \textit{barriers}: on the one hand, actual successes in proving
superpolynomial or exponential lower bounds in interesting models of
computation; but on the other, explanations for why the techniques used to
achieve those successes don't extend to prove $\mathsf{P}\neq\mathsf{NP}$.
\ We'll see how the barriers influence the next generation of lower bound
techniques, which are sometimes specifically designed to evade the barriers,
or evaluated on their potential to do so.
With a single exception---namely, the Mulmuley-Sohoni Geometric Complexity
Theory program---I'll restrict my narrative to ideas that have already had
definite successes in proving new limits on computation. \ The drawback of
this choice is that in many cases, the ideas that are concrete enough to have
worked for \textit{something}, are also concrete enough that we understand why
they can't work for $\mathsf{P}\neq\mathsf{NP}$! \ My defense is that this
section would be unmanageably long, if it had to cover \textit{every} idea
about how $\mathsf{P}\neq\mathsf{NP}$\ might someday be proved.
I should, however, at least mention some important approaches to lower bounds
that will be missing from my subsequent narrative. \ The first is
\textit{descriptive complexity theory}; see for example the book of Immerman
\cite{immerman} for the standard introduction, or Fagin's personal perspective
on finite model theory \cite{fagin}\ for an approachable high-level overview.
\ Descriptive complexity characterizes many complexity classes in terms of
their logical expressive power: for example, $\mathsf{P}$\ corresponds to
sentences expressible in first-order logic with linear order and a least fixed
point; $\mathsf{NP}$\ to sentences expressible in existential second-order
logic; $\mathsf{PSPACE}$\ to sentences expressible in second-order logic with
transitive closure; and $\mathsf{EXP}$\ to sentences expressible in
second-order logic with a least fixed point.
The hope is that characterizing complexity classes in this way, with no
explicit mention of resource bounds, might make it easier to see which are
equal and which different. \ There are a few pieces of evidence for this hope.
\ Namely, descriptive complexity played an important role in the proof by
Immerman \cite{immerman:nl}\ that nondeterministic space is closed under
complement (though the independent proof by Szelepcs\'{e}nyi \cite{szelep}\ of
the same result didn't use these ideas). \ Descriptive complexity also played
a role in the proof by Ajtai \cite{ajtai:ac0}\ that \textsc{Parity} is not in
$\mathsf{AC}^{0}$\ (Theorem \ref{parityac0} in Section \ref{SMALLDEPTH}, to
follow)---though once again, the independent proof by Furst, Saxe, and Sipser
\cite{fss}\ didn't use these ideas. \ Finally, Fagin \cite{fagin:monadicnp}%
\ was able to show that a class called \textquotedblleft monadic $\mathsf{NP}%
$\textquotedblright---which (alas) isn't easy to define without the framework
of finite model theory---is not closed under complement. \ On its face, this
result looks tantalizingly close to $\mathsf{NP}\neq\mathsf{coNP}$ (but of
course is much easier!). \ Whether descriptive complexity can lead to new
separations between \textquotedblleft ordinary\textquotedblright\ complexity
classes, separations that aren't as easily obtainable without it, remains to
be seen.
The second approach is \textit{lower bounds via communication complexity}.
\ Given a Boolean function $f:\left\{ 0,1\right\} ^{n}\rightarrow\left\{
0,1\right\} $, consider the following communication game: Alice receives an
$n$-bit input $x=x_{1}\cdots x_{n}$\ such that $f\left( x\right) =0$, Bob
receives an input $y$\ such that $f\left( y\right) =1$, and their goal is to
agree on an index $i\in\left\{ 1,\ldots,n\right\} $\ such that $x_{i}\neq
y_{i}$. \ Let $C_{f}$\ be the communication complexity of this game: that is,
the minimum number of bits that Alice and Bob need to exchange to win the
game, if they use an optimal protocol (and where the communication cost is
maximized over all $x,y$\ pairs). \ Then in 1990, Karchmer and Wigderson
\cite{karchmerwigderson}\ showed the following remarkable connection.
\begin{theorem}
[Karchmer-Wigderson \cite{karchmerwigderson}]\label{kwthm}For any $f$, the
minimum depth of any Boolean circuit for $f$ is equal to $C_{f}$.
\end{theorem}
Combined with Proposition \ref{brentprop} (depth-reduction for formulas),
Theorem \ref{kwthm}\ implies that every Boolean function $f$\ requires
formulas of size at least $2^{C_{f}}$: in other words, \textit{communication
lower bounds imply formula-size lower bounds}. \ Now, communication complexity
is a well-established area of theoretical computer science with many strong
lower bounds; see for example the book by Kushilevitz and Nisan \cite{kn}.
\ Thus, we might hope that lower-bounding the communication cost of the
\textquotedblleft Karchmer-Wigderson game,\textquotedblright\ say for an
$\mathsf{NP}$-complete problem like \textsc{HamiltonCycle}, could be a viable
approach\ to proving $\mathsf{NP}\not \subset \mathsf{NC}^{1}$, which in turn
would be a huge step toward $\mathsf{P}\neq\mathsf{NP}$.
See Section \ref{MONO}\ for Karchmer and Wigderson's applications of a similar
connection to \textit{monotone} formula-size lower bounds. \ Also see Aaronson
and Wigderson \cite{awig} for further connections between communication
complexity and computational complexity, including even a \textquotedblleft
communication complexity lower bound\textquotedblright\ that if true would
imply $\mathsf{P}\neq\mathsf{NP}$. \ Of course, the question is whether these
translations merely shift the difficulty of complexity class separations to a
superficially different setting, or whether they set the stage for genuinely
new insights.
The third approach is \textit{lower bounds via derandomization}. \ In Section
\ref{DERAND}, we discussed the discovery in the 1990s that, if sufficiently
strong circuit lower bounds hold, then $\mathsf{P}=\mathsf{BPP}$: that is,
every randomized algorithm can be made deterministic with only a polynomial
slowdown. \ In the early 2000s, it was discovered that converse statements
often hold as well: that is, \textit{derandomizations of randomized algorithms
imply circuit lower bounds}. \ Probably the best-known result along these
lines is that of Kabanets and Impagliazzo \cite{ki}:
\begin{theorem}
[\cite{ki}]Suppose the polynomial identity testing problem from Section
\ref{RANDOM}\ is in $\mathsf{P}$. \ Then either $\mathsf{NEXP}\not \subset
\mathsf{P/poly}$, or else the permanent function has no polynomial-size
arithmetic circuits (see Section \ref{PERDET}).
\end{theorem}
As usual, the issue is that it's not clear whether we should interpret this
result as giving a plausible path toward proving circuit lower bounds (namely,
by derandomizing \textsc{PIT}), or simply as explaining why derandomizing
\textsc{PIT} will be hard (namely, because doing so will imply circuit lower
bounds)! \ In any case, Sections \ref{HYBAPP} and \ref{NEXPACC} will give
further examples where derandomization results would imply new circuit lower bounds.
The fourth approach could be called \textit{lower bounds via \textquotedblleft
innocent-looking\textquotedblright\ combinatorics problems}. \ Here's an
example: given an $n\times n$ matrix $A$, say over the finite field
$\mathbb{F}_{2}$, call $A$ \textit{rigid} if not only does $A$ have rank
$\Omega\left( n\right) $, but any matrix obtained by changing $O\left(
n^{1/10}\right) $\ entries in each row of $A$ also has rank $\Omega\left(
n\right) $. \ It's easy to show, via a counting argument, that almost all
matrices $A\in\mathbb{F}_{2}^{n\times n}$\ are rigid. \ On the other hand,
Valiant \cite{valiant:rigid}\ made the following striking observation in 1977:
if we manage to find any \textit{explicit example} of a rigid matrix, then we
also get an explicit example of a Boolean function that can't be computed by
any circuit of linear size and logarithmic depth.
For another connection in the same spirit, given a $3$-dimensional tensor
$A\in\mathbb{F}_{2}^{n\times n\times n}$, let the \textit{rank} of $A$\ be the
smallest $r$\ such that $A$\ can be written as the sum of $r$\ rank-one
tensors (that is, tensors of the form $t_{ijk}=x_{i}y_{j}z_{k}$). \ Then it's
easy to show, via a counting argument, that almost all tensors $A\in
\mathbb{F}_{2}^{n\times n\times n}$\ have rank $\Omega\left( n^{2}\right) $.
\ On the other hand, Strassen \cite{strassen:tensor}\ observed in 1973 that,
if we find any explicit example of a $3$-dimensional tensor with rank $r$,
then we also get an explicit example of a Boolean function with circuit
complexity $\Omega\left( r\right) $.\footnote{Going even further, Raz
\cite{raz:tensor}\ proved in 2010 that, if we manage to show that any explicit
$d$-dimensional tensor $A:\left[ n\right] ^{d}\rightarrow\mathbb{F}$ has
rank at least $n^{d\left( 1-o\left( 1\right) \right) }$, then we've also
shown that the\ $n\times n$\ permanent function has no polynomial-size
arithmetic formulas. \ It's easy to construct explicit $d$-dimensional tensors
with rank $n^{\left\lfloor d/2\right\rfloor }$, but the current record is an
explicit $d$-dimensional tensor with rank at least $2n^{\left\lfloor
d/2\right\rfloor }+n-O\left( d\log n\right) $ \cite{aft}.
\par
Note that, if we could show that the permanent had no $n^{O\left( \log
n\right) }$-size arithmetic formulas, that would imply Valiant's famous
Conjecture \ref{valiantconj}: that the permanent has no polynomial-size
arithmetic \textit{circuits}. \ However, Raz's technique seems incapable of
proving formula-size lower bounds better than $n^{\Omega\left( \log\log
n\right) }$.} \ Alas, proving that any explicit matrix is rigid, or that any
explicit tensor has superlinear rank, have turned out to be staggeringly hard
problems---as perhaps shouldn't surprise us, given the implications for
circuit lower bounds!
The rest of the section is organized as follows:
\begin{itemize}
\item Section \ref{LOGIC} covers logical techniques, which typically fall prey
to the relativization barrier.
\item Section \ref{CIRCUITLB}\ covers combinatorial techniques, which
typically fall prey to the natural proofs barrier.
\item Section \ref{HYBRID}\ covers \textquotedblleft hybrid\textquotedblright%
\ techniques (logic plus arithmetization), many of which fall prey to the
algebrization barrier.
\item Sections \ref{IRONIC} covers \textquotedblleft ironic complexity
theory\textquotedblright\ (as exemplified by the recent work of Ryan
Williams), or the use of nontrivial algorithms to prove circuit lower bounds.
\item Section \ref{ALGLB}\ covers arithmetic circuit lower bounds, which
\textit{probably} fall prey to arithmetic variants of the natural proofs
barrier (though this remains disputed).
\item Section \ref{GCT} covers Mulmuley and Sohoni's Geometric Complexity
Theory (GCT), an audacious program to tackle $\mathsf{P}\overset{?}{=}%
\mathsf{NP}$\ and related problems by reducing them to questions in algebraic
geometry and representation theory (and which is also an example of
\textquotedblleft ironic complexity theory\textquotedblright).
\end{itemize}
Note that, for the approaches covered in Sections \ref{IRONIC} and \ref{GCT},
no formal barriers are yet known.
\subsection{Logical Techniques\label{LOGIC}}
In the 1960s, Hartmanis and Stearns \cite{hs}\ realized that, by simply
\textquotedblleft scaling down\textquotedblright\ Turing's diagonalization
proof of the undecidability of the halting problem, we can at least\ prove
\textit{some} separations between complexity classes. \ In particular, we can
generally show that more of the same resource (time, memory, etc.) lets us
decide more languages than less of that resource. \ Here's a special case of
their so-called \textit{Time Hierarchy Theorem}.
\begin{theorem}
[Hartmanis-Stearns \cite{hs}]\label{pexpthm}$\mathsf{P}$ is strictly contained
in $\mathsf{EXP}$.
\end{theorem}
\begin{proof}
Let%
\[
L=\left\{ \left( \left\langle M\right\rangle ,x,0^{n}\right) :M\left(
x\right) \text{ halts in at most }2^{n}\text{\ steps}\right\} .
\]
Clearly $L\in\mathsf{EXP}$. \ On the other hand, suppose by contradiction that
$L\in\mathsf{P}$. \ Then there's some polynomial-time Turing machine $A$ such
that $A\left( z\right) $\ accepts if and only if $z\in L$. \ Let $A$\ run in
$p\left( n+\left\vert \left\langle M\right\rangle \right\vert +\left\vert
x\right\vert \right) $\ time. \ Then using $A$,\ we can easily produce
another machine $B$ that does the following:
\begin{itemize}
\item Takes input $\left( \left\langle M\right\rangle ,0^{n}\right) $.
\item Runs forever if $M\left( \left\langle M\right\rangle ,0^{n}\right)
$\ halts in at most $2^{n}$\ steps; otherwise halts.
\end{itemize}
Note that, if $B$ halts at all, then it halts after only $p\left(
2n+2\left\vert \left\langle M\right\rangle \right\vert \right) =n^{O\left(
1\right) }$\ steps.
Now consider what happens when $B$\ is run on input $\left( \left\langle
B\right\rangle ,0^{n}\right) $. \ If $B\left( \left\langle B\right\rangle
,0^{n}\right) $ runs forever, then $B\left( \left\langle B\right\rangle
,0^{n}\right) $\ halts. \ Conversely, if $B\left( \left\langle
B\right\rangle ,0^{n}\right) $\ halts, then for all sufficiently large $n$,
it halts in fewer than $2^{n}$\ steps, but that means that $B\left(
\left\langle B\right\rangle ,0^{n}\right) $\ runs forever. \ So we conclude
that $B$, and hence $A$, can't have existed.
\end{proof}
More broadly, the same argument shows that there are languages decidable in
$O\left( n^{2}\right) $\ time but not in $O\left( n\right) $\ time, in
$O\left( n^{100}\right) $\ time but not in $O\left( n^{99}\right) $ time,
and so on for almost every natural pair of runtime bounds. \ (Technically, we
have $\mathsf{TIME}\left( f\left( n\right) \right) \neq\mathsf{TIME}%
\left( g\left( n\right) \right) $\ for every $f,g$\ that are
\textit{time-constructible}---that is, there exist Turing machines that run
for $f\left( n\right) $\ and $g\left( n\right) $\ steps given $n$ as
input---and that are separated by more than a $\log n$\ multiplicative
factor.) \ Likewise, the \textit{Space Hierarchy Theorem} shows that there are
languages decidable in $O\left( f\left( n\right) \right) $\ space but not
in $O\left( g\left( n\right) \right) $ space,\ for all natural $f\left(
n\right) \gg g\left( n\right) $. \ Cook \cite{cook:hierarchy}\ also proved
a hierarchy theorem for the nondeterministic time classes, which will play an
important role in Section \ref{IRONIC}:
\begin{theorem}
[Nondeterministic Time Hierarchy Theorem \cite{cook:hierarchy}]%
\label{ndhierarchy}For all time-constructible $f,g$\ such that $f\left(
n+1\right) =o\left( g\left( n\right) \right) $, we have
that$\ \mathsf{NTIME}\left( f\left( n\right) \right) $ is strictly
contained in $\mathsf{NTIME}\left( g\left( n\right) \right) $.
\end{theorem}
One amusing consequence of the hierarchy theorems is that we can prove, for
example, that $\mathsf{P}\neq\mathsf{SPACE}\left( n\right) $, even though we
can't prove either that $\mathsf{P\not \subset SPACE}\left( n\right) $ or
that $\mathsf{SPACE}\left( n\right) \not \subset \mathsf{P}$! \ For suppose
by contradiction that $\mathsf{P}=\mathsf{SPACE}\left( n\right) $. \ Then by
a padding argument (cf. Proposition \ref{padprop}), $\mathsf{P}$\ would also
contain $\mathsf{SPACE}\left( n^{2}\right) $, and therefore equal
$\mathsf{SPACE}\left( n^{2}\right) $. \ But then we'd have $\mathsf{SPACE}%
\left( n\right) =\mathsf{SPACE}\left( n^{2}\right) $, violating the Space
Hierarchy Theorem. \ Most computer scientists conjecture both that
$\mathsf{P\not \subset SPACE}\left( n\right) $\ \textit{and} that
$\mathsf{SPACE}\left( n\right) \not \subset \mathsf{P}$, but proving either
statement by itself is a much harder problem.
In summary, there really is a rich, infinite hierarchy of harder and harder
computable problems. \ Complexity classes don't collapse in the most extreme
ways imaginable, with (say) everything solvable in linear time.
\subsubsection{Circuit Lower Bounds Based on Counting\label{COUNTINGLB}}
A related idea---not exactly \textquotedblleft
diagonalization,\textquotedblright\ but counting arguments made explicit---can
also be used to show that certain problems can't be solved by polynomial-size
\textit{circuits}. \ This story starts with Claude Shannon \cite{shannon}, who
made the following fundamental observation in 1949.
\begin{proposition}
[Shannon \cite{shannon}]\label{shannonprop}There exists a Boolean function
$f:\left\{ 0,1\right\} ^{n}\rightarrow\left\{ 0,1\right\} $, on $n$
variables, such that any circuit to compute $f$\ requires at least\ $\Omega
\left( 2^{n}/n\right) $\ logic gates. \ Indeed, almost all Boolean functions
on $n$ variables\ (that is, a $1-o\left( 1\right) $\ fraction of them) have
this property.\footnote{With some effort, Shannon's lower bound can be shown
to be tight: that is, every $n$-variable Boolean function \textit{can} be
represented by a circuit of size $O\left( 2^{n}/n\right) $. \ (The obvious
upper bound is $O\left( n2^{n}\right) $.)}
\end{proposition}
\begin{proof}
There are $2^{2^{n}}$ different Boolean functions $f$ on $n$ variables, but
only%
\[
\sum_{t=1}^{T}\binom{n}{2}\binom{n+1}{2}\cdots\binom{n+t-1}{2}<\left(
n+T\right) ^{2T}%
\]
different Boolean circuits with $n$ inputs and at most $T$ NAND gates. \ Since
each circuit only represents one function, and since $\left( n+T\right)
^{2T}=o\left( 2^{2^{n}}\right) $\ when $T=o\left( 2^{n}/n\right) $, it
follows by a counting argument (i.e., the pigeonhole principle) that
\textit{some} $f$\ must require a circuit with $T=\Omega\left( 2^{n}%
/n\right) $\ NAND gates---and indeed, that almost all of the $2^{2^{n}}%
$\ possible $f$'s must have this property. \ The number of AND, OR, and NOT
gates required is related to the number of NAND gates by a constant factor, so
is also $\Omega\left( 2^{n}/n\right) $.
\end{proof}
Famously, Proposition \ref{shannonprop}\ shows that there \textit{exist}
Boolean functions that require exponentially large circuits---in fact, that
almost all of them do---yet it fails to produce a single example of such a
function! \ It tells us nothing whatsoever about \textsc{3Sat}\ or
\textsc{Clique}\ or any other particular function that might interest us. \ In
that respect, it's similar to Shannon's celebrated proof that almost all codes
are good error-correcting codes, which also fails to produce a single example
of such a code. \ Just like, in the decades after Shannon, the central
research agenda of coding theory was to \textquotedblleft make Shannon's
argument explicit\textquotedblright\ by finding \textit{specific} good
error-correcting codes, so too the agenda of circuit complexity has been to
\textquotedblleft make Proposition \ref{shannonprop}%
\ explicit\textquotedblright\ by finding specific functions that provably
require large circuits.
In some cases, the mere fact that we know, from Proposition \ref{shannonprop},
that hard functions \textit{exist} lets us \textquotedblleft
bootstrap\textquotedblright\ to show that particular complexity classes must
contain hard functions. \ Here's an example of this.
\begin{theorem}
\label{lexfirst}$\mathsf{EXPSPACE}\not \subset \mathsf{P/poly}$.
\end{theorem}
\begin{proof}
Let $n$ be sufficiently large. \ Then by Proposition \ref{shannonprop}, there
exist functions $f:\left\{ 0,1\right\} ^{n}\rightarrow\left\{ 0,1\right\}
$\ with circuit complexity at least $c2^{n}/n$, for some constant $c>0$.
\ Thus, if we list all the $2^{2^{n}}$ functions in lexicographic order by
their truth tables, there must be a first function in the list, call
it\ $f_{n}$, with circuit complexity at least $c2^{n}/n$. \ We now define%
\[
L:=\bigcup_{n\geq1}\left\{ x\in\left\{ 0,1\right\} ^{n}:f_{n}\left(
x\right) =1\right\} .
\]
Then by construction, $L\notin\mathsf{P/poly}$. \ On the other hand,
enumerating all $n$-variable Boolean functions, calculating the circuit
complexity of each, and finding the first one with circuit complexity at least
$c2^{n}/n$ can all be done in exponential space. \ Hence $L\in
\mathsf{EXPSPACE}$.
\end{proof}
There's also a \textquotedblleft scaled-down version\textquotedblright\ of
Theorem \ref{lexfirst}, proved in the same way:
\begin{theorem}
\label{lexfirst2}For every fixed $k$, there is a language in $\mathsf{PSPACE}%
$\ that does not have circuits of size $n^{k}$.\footnote{Crucially, this will
be a different language for each $k$; otherwise we'd get $\mathsf{PSPACE}%
\not \subset \mathsf{P/poly}$, which is far beyond our current ability to
prove.}
\end{theorem}
By being a bit more clever, Kannan \cite{kannan} lowered the complexity class
in Theorem \ref{lexfirst}\ from $\mathsf{EXPSPACE}$\ to $\mathsf{NEXP}%
^{\mathsf{NP}}$.
\begin{theorem}
[Kannan \cite{kannan}]\label{kannanthm}$\mathsf{NEXP}^{\mathsf{NP}%
}\not \subset \mathsf{P/poly}$.
\end{theorem}
\begin{proof}
First, we claim that $\mathsf{EXP}^{\mathsf{NP}^{\mathsf{NP}}}\not \subset
\mathsf{P/poly}$. \ The reason is simply a more careful version of the proof
of Theorem \ref{lexfirst}: in $\mathsf{EXP}^{\mathsf{NP}^{\mathsf{NP}}}$, we
can do an explicit binary search for the lexicographically first Boolean
function $f_{n}:\left\{ 0,1\right\} ^{n}\rightarrow\left\{ 0,1\right\}
$\ such that every circuit of size at most (say) $c2^{n}/n$\ disagrees with
$f_{n}$\ on some input $x$. \ (Such an $f_{n}$\ must exist by a counting argument.)
Next, suppose by contradiction that $\mathsf{NEXP}^{\mathsf{NP}}%
\subset\mathsf{P/poly}$. \ Then certainly $\mathsf{NP}\subset\mathsf{P/poly}$.
\ By the Karp-Lipton Theorem (Theorem \ref{klthm}), this implies that
$\mathsf{PH}=\Sigma_{2}^{\mathsf{P}}$, so in particular $\mathsf{P}%
^{\mathsf{NP}^{\mathsf{NP}}}=\mathsf{NP}^{\mathsf{NP}}$. \ By upward
translation (as in Proposition \ref{padprop}), this in turn means that
$\mathsf{EXP}^{\mathsf{NP}^{\mathsf{NP}}}=\mathsf{NEXP}^{\mathsf{NP}}$. \ But
we already know that $\mathsf{EXP}^{\mathsf{NP}^{\mathsf{NP}}}$\ doesn't have
polynomial-size circuits, and therefore neither does $\mathsf{NEXP}%
^{\mathsf{NP}}$.
\end{proof}
Amusingly, if we work out the best possible lower bound that we can get from
Theorem \ref{kannanthm}\ on the circuit complexity of a language in
$\mathsf{NEXP}^{\mathsf{NP}}$, it turns out to be \textit{half-exponential}:
that is, a function $f$\ such that $f\left( f\left( n\right) \right)
$\ grows exponentially. \ Such functions exist, but have no closed-form expressions.
Directly analogous to Theorem \ref{lexfirst2}, a \textquotedblleft
scaled-down\textquotedblright\ version of the proof of Theorem \ref{kannanthm}%
\ shows that, for every fixed $k$, there's a language in $\mathsf{\Sigma}%
_{2}^{\mathsf{P}}=\mathsf{NP}^{\mathsf{NP}}$\ that doesn't have circuits of
size $n^{k}$.
In Section \ref{HYBRID}, we'll discuss slight improvements to these results
that can be achieved with algebraic methods. \ Nevertheless, it (sadly)
remains open even to show that $\mathsf{NEXP}\not \subset \mathsf{P/poly}$, or
that there's a language in $\mathsf{NP}$\ that doesn't have linear-sized circuits.
\subsubsection{The Relativization Barrier\label{REL}}
The magic of diagonalization, self-reference, and counting arguments is how
abstract and general they are: they never require us to \textquotedblleft get
our hands dirty\textquotedblright\ by understanding the inner workings of
algorithms or circuits. \ But as was recognized early in the history of
complexity theory, the price of generality is that the logical techniques are
extremely limited in scope.
Often the best way to understand the limits of a proposed approach for proving
a statement $S$, is to examine \textit{what else besides} $S$ the approach
would prove if it worked---i.e., which stronger statements $S^{\prime}$\ the
approach \textquotedblleft fails to differentiate\textquotedblright\ from $S$.
\ If any of the stronger statements are false, then the approach can't prove
$S$ either.
That is exactly what Baker, Gill, and Solovay \cite{bgs}\ did for
diagonalization in 1975, when they articulated the \textit{relativization
barrier}. \ Their central insight was that almost all the techniques we have
for proving statements in complexity theory---such as $\mathcal{C}%
\subseteq\mathcal{D}$\ or $\mathcal{C}\not \subset \mathcal{D}$,\ where
$\mathcal{C}$\ and $\mathcal{D}$\ are two complexity classes---are so general
that, if they work at all, then they actually prove $\mathcal{C}^{A}%
\subseteq\mathcal{D}^{A}$\ or $\mathcal{C}^{A}\not \subset \mathcal{D}^{A}%
$\ \textit{for all possible oracles} $A$. \ In other words: if all the
machines that appear in the proof are enhanced in the same way, by being given
access to the same oracle, the proof is completely oblivious to that change,
and goes through just as before. \ A proof with this property is said to
\textquotedblleft relativize,\textquotedblright\ or to hold \textquotedblleft
in all possible relativized worlds\textquotedblright\ or \textquotedblleft
relative to any oracle.\textquotedblright\
Why do so many proofs relativize? \ Intuitively, because the proofs only do
things like using one Turing machine $M_{1}$\ to simulate a second Turing
machine $M_{2}$ step-by-step, without examining either machine's internal
structure. \ In that case, if $M_{2}$ is given access to an oracle $A$, then
$M_{1}$ can still simulate $M_{2}$ just fine, provided that $M_{1}$ is
\textit{also} given access to $A$, in order to simulate $M_{2}$'s oracle calls.
To illustrate, you might want to check that the proofs of Theorems
\ref{pexpthm}, \ref{lexfirst}, and \ref{kannanthm} can be straightforwardly
modified to show that, more generally:
\begin{itemize}
\item $\mathsf{P}^{A}\neq\mathsf{EXP}^{A}$ for all oracles $A$.
\item $\mathsf{EXPSPACE}^{A}\not \subset \mathsf{P}^{A}\mathsf{/poly}$ for all
oracles $A$.
\item $\mathsf{NEXP}^{\mathsf{NP}^{A}}\not \subset \mathsf{P}^{A}%
\mathsf{/poly}$ for all oracles $A$.
\end{itemize}
Alas, Baker, Gill, and Solovay then observed that no relativizing technique
can possibly resolve the $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ question.
\ For, unlike (say) $\mathsf{P\overset{?}{=}EXP}$\ or the unsolvability of the
halting problem, $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ admits
\textquotedblleft contradictory relativizations\textquotedblright: there are
some oracle worlds where $\mathsf{P}=\mathsf{NP}$, and others where
$\mathsf{P}\neq\mathsf{NP}$. \ For that reason, any proof of $\mathsf{P}%
\neq\mathsf{NP}$\ will need to \textquotedblleft notice,\textquotedblright\ at
some point, that there are no oracles in \textquotedblleft
our\textquotedblright\ world: it will have to use techniques that
\textit{fail} relative to certain oracles.
\begin{theorem}
[Baker-Gill-Solovay \cite{bgs}]\label{bgsthm}There exists an oracle $A$ such
that $\mathsf{P}^{A}=\mathsf{NP}^{A}$, and another oracle $B$ such that
$\mathsf{P}^{B}\neq\mathsf{NP}^{B}$.
\end{theorem}
\begin{proof}
[Proof Sketch]To make $\mathsf{P}^{A}=\mathsf{NP}^{A}$, we can just let $A$ be
any $\mathsf{PSPACE}$-complete language. \ Then it's not hard to see that
$\mathsf{P}^{A}=\mathsf{NP}^{A}=\mathsf{PSPACE}$.
To make $\mathsf{P}^{B}\neq\mathsf{NP}^{B}$, we can (for example) let $B$ be a
random oracle, as observed by Bennett and Gill \cite{bg}. \ We can then, for
example, define%
\[
L=\left\{ 0^{n}:\text{the first }2^{n}\text{\ bits returned by }B\text{
contain a run of }n\text{ consecutive }1\text{'s}\right\} .
\]
Clearly $L\in\mathsf{NP}^{B}$. \ By contrast, one can easily show that
$L\notin\mathsf{P}^{B}$\ with probability $1$ over $B$: in this case, there
\textit{really is} nothing for a deterministic Turing machine to do but
brute-force search, requiring exponentially many queries to the $B$\ oracle.
\end{proof}
We also have the following somewhat harder result.
\begin{theorem}
[Wilson \cite{wilson}]There exists an oracle $A$\ such that $\mathsf{NEXP}%
^{A}\subset\mathsf{P}^{A}\mathsf{/poly}$, and such that every language in
$\mathsf{NP}^{A}$\ has linear-sized circuits with $A$-oracle gates (that is,
gates that query $A$).
\end{theorem}
In other words, any proof even of $\mathsf{NEXP}\not \subset \mathsf{P/poly}%
$---that is, of a circuit lower bound just \textquotedblleft
slightly\textquotedblright\ beyond those that have already been proven---will
require non-relativizing techniques. \ One can likewise show that
non-relativizing techniques will be needed to make real progress on many of
the other open problems of complexity theory (such as proving $\mathsf{P}%
=\mathsf{BPP}$).
If relativization seems too banal, the way to appreciate it is to try to
invent techniques, for proving inclusions or separations among complexity
classes, that \textit{fail} to relativize. \ It's harder than it sounds! \ A
partial explanation for this was given by Arora, Impagliazzo, and Vazirani
\cite{aiv}, who reinterpreted the relativization barrier in logical terms.
\ From their perspective, a relativizing proof is simply any proof that
\textquotedblleft knows\textquotedblright\ about complexity classes, only
through axioms that assert the classes' closure properties, as well as
languages that the classes \textit{do} contain. \ (For example, $\mathsf{P}$
contains the empty language;\ if $L_{1}$\ and $L_{2}$\ are both in
$\mathsf{P}$, then so are Boolean combinations like $\overline{L_{1}}$\ and
$L_{1}\cap L_{2}$.) \ These axioms can be shown to imply statements such as
$\mathsf{P\neq EXP}$. \ But other statements, like $\mathsf{P}\neq\mathsf{NP}%
$, can be shown to be independent of the axioms, by constructing models of the
axioms where those statements are false. \ One constructs those models by
using oracles to \textquotedblleft force in\textquotedblright\ additional
languages---such as $\mathsf{PSPACE}$-complete languages, if one wants a world
where $\mathsf{P=NP}$---which the axioms might not \textit{require} to be
contained in complexity classes like $\mathsf{P}$\ and $\mathsf{NP}$, but
which they don't prohibit from being contained, either. \ The conclusion is
that any proof of $\mathsf{P\neq NP}$\ will need to appeal to deeper
properties of the classes $\mathsf{P}$\ and $\mathsf{NP}$, properties that
don't follow from these closure axioms.
\subsection{Combinatorial Lower Bounds\label{CIRCUITLB}}
Partly because of the relativization barrier, in the 1980s attention shifted
to combinatorial approaches: that is, approaches where one tries to prove
superpolynomial lower bounds on the number of operations of \textit{some} kind
needed to do \textit{something}, by actually \textquotedblleft rolling up
one's sleeves\textquotedblright\ and delving into the messy details of what
the operations do (rather than making abstract diagonalization arguments).
\ These combinatorial approaches enjoyed some spectacular successes, some of
which seemed at the time like they were within striking distance of proving
$\mathsf{P}\neq\mathsf{NP}$. \ Let's see some examples.
\subsubsection{Proof Complexity\label{PROOFCOM}}
Suppose we're given a \textsc{3Sat}\ formula $\varphi$, and we want to prove
that $\varphi$\ has no satisfying assignments. \ One natural approach to this
is called \textit{resolution}: we repeatedly pick two clauses of $\varphi$,
and then \textquotedblleft resolve\textquotedblright\ the clauses (or
\textquotedblleft smash them together\textquotedblright) to derive a new
clause that logically follows from the first two. \ This is most useful when
one of the clauses contains a non-negated literal $x$, and the other contains
the corresponding negated literal $\overline{x}$. \ For example, from the
clauses $\left( x\vee y\right) $ and $\left( \overline{x}\vee z\right) $,
it's easy to see that we can derive $\left( y\vee z\right) $. \ The new
derived clause can then be added to the list of clauses, and used as an input
to future resolution steps.
Now, if we ever derive the empty clause $\left( ~\right) $---say, by
smashing together $\left( x\right) $\ and $\left( \overline{x}\right)
$---then we can conclude that our original \textsc{3Sat}\ formula\ $\varphi
$\ must have been unsatisfiable. \ For in that case, $\varphi$\ entails a
clause that's not satisfied by \textit{any} setting of variables. \ Another
way to say this is that resolution is a \textit{sound} proof system. \ By
doing induction on the number of variables in $\varphi$, it's not hard to show
that resolution is also \textit{complete}:
\begin{proposition}
Resolution is a complete proof system for the unsatisfiability of
$k$\textsc{Sat}. \ In other words, given any unsatisfiable $k$\textsc{Sat}%
\ formula $\varphi$, there exists some sequence of resolution steps that
produces the empty clause.
\end{proposition}
So the key question about resolution is just \textit{how many} resolution
steps are needed to derive the empty clause, starting from an unsatisfiable
formula $\varphi$. \ If that number could be upper-bounded by a polynomial in
the size of $\varphi$, it would follow that $\mathsf{NP}=\mathsf{coNP}$. \ If,
moreover, an appropriate sequence of resolutions could actually be
\textit{found} in polynomial time, it would follow that $\mathsf{P}%
=\mathsf{NP}$.
On the other hand, when we prove completeness by induction on the number of
variables $n$, the only upper bound we get on the number of resolution steps
is $2^{n}$. \ And indeed, in 1985, Haken proved the following celebrated result.
\begin{theorem}
[Haken \cite{haken}]\label{hakenthm}There exist $k$\textsc{Sat}\ formulas,
involving $n^{O\left( 1\right) }$ variables and\ clauses,\ for which any
resolution proof of unsatisfiability requires at least $2^{\Omega\left(
n\right) }$\ resolution steps. \ An example is a $k$\textsc{Sat}\ formula
that explicitly encodes the \textquotedblleft$n^{th}$ Pigeonhole
Principle\textquotedblright: that is, the statement that there's no way to
assign $n+1$\ pigeons to $n$ holes, without assigning two or more pigeons to
the same hole.
\end{theorem}
Haken's proof formalized the intuition that any resolution proof of the
Pigeonhole Principle will ultimately be stuck \textquotedblleft reasoning
locally\textquotedblright: \textquotedblleft let's see, if I put this pigeon
there, and that one there ... darn, it \textit{still} doesn't
work!\textquotedblright\ \ Such a proof has no ability to engage in
higher-level reasoning about the total \textit{number} of
pigeons.\footnote{Haken's proof has since been substantially
simplified.\ \ Readers interested in a \textquotedblleft
modern\textquotedblright\ version should consult Ben-Sasson and Wigderson
\cite{bswig},\ who split the argument into two easy steps: first,
\textquotedblleft short proofs are narrow\textquotedblright---that is, any
short resolution proof can be converted into another such proof that only
contains clauses with few literals---and second, any resolution refutation of
a $k$\textsc{Sat}\ instance encoding (for example) the pigeonhole principle
must be \textquotedblleft wide,\textquotedblright\ because of the instance's
graph-expansion properties.}
Since Haken's breakthrough, there have been many other exponential lower
bounds on the sizes of unsatisfiability proofs, typically for proof systems
that generalize resolution in some way (see Beame and Pitassi
\cite{beamepitassi}\ for a good survey). \ These, in turn, often let us prove
exponential lower bounds on the running times of certain kinds of algorithms.
\ For example, there's a widely-used class of $k$\textsc{Sat}\ algorithms
called\ DPLL (Davis-Putnam-Logemann-Loveland) algorithms \cite{dpll}, which
are based on pruning the search tree of possible satisfying assignments.
\ DPLL algorithms have the property that, if one looks at the search tree of
their execution on an unsatisfiable $k$\textsc{Sat}\ formula $\varphi$, one
can \textit{read off} a resolution proof that $\varphi$\ is unsatisfiable.
\ From that fact, together with Theorem \ref{hakenthm}, it follows that there
exist $k$\textsc{Sat}\ formulas\ (for example, the Pigeonhole Principle
formulas) for which any DPLL algorithm requires exponential time.
In principle, if one could prove superpolynomial lower bounds for
\textit{arbitrary} proof systems (constrained only by the proofs being
checkable in polynomial time), one would get $\mathsf{P\neq NP}$, and even
$\mathsf{NP}\neq\mathsf{coNP}$! \ However, perhaps this motivates turning our
attention to lower bounds on circuit size, which tend to be somewhat easier
than the analogous proof complexity lower bounds, and which---if generalized
to arbitrary Boolean circuits---would \textquotedblleft
merely\textquotedblright\ imply $\mathsf{P\neq NP}$\ and $\mathsf{NP}%
\not \subset \mathsf{P/poly}$, rather than $\mathsf{NP}\neq\mathsf{coNP}$.
\subsubsection{Monotone Circuit Lower Bounds\label{MONO}}
Recall, from Section \ref{NONUNIF}, that if we could merely prove that any
family of \textit{Boolean circuits} to solve some \thinspace$\mathsf{NP}$
problem required a superpolynomial number of AND, OR, and NOT gates, then that
would imply $\mathsf{P\neq NP}$, and even the stronger result $\mathsf{NP}%
\not \subset \mathsf{P/poly}$\ (that is, $\mathsf{NP}$-complete problems are
not efficiently solvable by nonuniform algorithms).
Now, some $\mathsf{NP}$-complete\ languages $L$ have the interesting property
of being \textit{monotone}: that is, changing an input bit from $0$ to $1$ can
change the answer from $x\notin L$\ to $x\in L$, but never from $x\in L$\ to
$x\notin L$. \ An example is the \textsc{Clique} language: say, the set of all
encodings of $n$-vertex graphs $G$, as adjacency matrices of $0$s and $1$s,
such that $G$ contains a clique on at least $\sqrt{n}$\ vertices. \ It's not
hard to see that we can decide any such language using a \textit{monotone
circuit}: that is, a Boolean circuit of AND and OR gates only, no NOT gates.
\ For the \textsc{Clique} language, for example, a circuit could simply
consist of an OR of $\binom{n}{\sqrt{n}}$\ ANDs, one for each possible clique.
\ It thus becomes interesting to ask what are the \textit{smallest} monotone
circuits for monotone $\mathsf{NP}$-complete\ languages.
In 1985, Alexander Razborov, then a graduate student, astonished the
complexity theory world with the following result.
\begin{theorem}
[Razborov \cite{razborov:mono}]\label{monotonethm}Any monotone circuit for
\textsc{Clique}\ requires at least $n^{\Omega\left( \log n\right) }$\ gates.
\end{theorem}
Subsequently, Alon and Boppana \cite{alonboppana}\ improved this, to show that
any monotone circuit to detect a clique of size $\sim\left( n/\log n\right)
^{2/3}$\ must have size $\exp\left( \Omega\left( \left( n/\log n\right)
^{1/3}\right) \right) $. \ I won't go into the proof of Theorem
\ref{monotonethm}\ here, but it uses beautiful combinatorial techniques,
including (in modern versions) the Erd\H{o}s-Rado sunflower lemma.
The significance of Theorem \ref{monotonethm} is this: if we could now merely
prove that \textit{any circuit for a monotone language can be made into a
monotone circuit without much increasing its size}, then we'd immediately get
$\mathsf{P\neq NP}$\ and even $\mathsf{NP}\not \subset \mathsf{P/poly}$.
\ Indeed, this was considered a potentially-viable approach to proving
$\mathsf{P\neq NP}$ for some months. \ Alas, the approach turned out to be a
dead end, because of a result first shown by Razborov himself (and then
improved by Tardos):
\begin{theorem}
[Razborov \cite{razborov:nope}, Tardos \cite{tardos:mono}]\label{nopesorry}%
There are monotone languages in $\mathsf{P}$\ that require exponentially-large
monotone circuits. \ An example is the \textsc{Matching}\ language, consisting
of all adjacency-matrix encodings of $n$-vertex graphs that admit a matching
on at least $\sim\left( n/\log n\right) ^{2/3}$ vertices. \ This language
requires monotone circuits of size $\exp\left( \Omega\left( \left( n/\log
n\right) ^{1/3}\right) \right) $.
\end{theorem}
Thus, while Theorem \ref{monotonethm} stands as a striking example of the
power of combinatorics to prove circuit lower bounds, ultimately it tells us
not about the hardness of $\mathsf{NP}$-complete problems, but only about the
weakness of monotone circuits. \ Theorem \ref{nopesorry}\ implies that, even
if we're trying to compute a monotone Boolean function (such as the
\textsc{Matching}\ function), allowing ourselves the non-monotone NOT gate can
yield an exponential reduction in circuit size. \ But Razborov's techniques
break down completely as soon as a few NOT gates are available.\footnote{Note
that, if we encode the input string using the so-called \textit{dual-rail
representation}---in which every $0$ is represented by the $2$-bit string
$01$, and every $1$ by $10$---then the monotone circuit complexities of
\textsc{Clique}, \textsc{Matching}, and so on\ \textit{do} become essentially
equivalent to their non-monotone circuit complexities, since we can push all
the NOT gates to the bottom layer of the circuit using de Morgan's laws, and
then eliminate the NOT gates using the dual-rail encoding. \ Unfortunately,
Razborov's lower bound techniques also break down under dual-rail encoding.}
I should also mention lower bounds on monotone \textit{depth}. \ In the
\textsc{stCon}\ ($s,t$-connectivity) problem, we're given as input the
adjacency matrix of an undirected graph, and asked whether or not there's a
path between two designated vertices $s$\ and $t$. \ By using their connection
between circuit depth and communication complexity (see Section \ref{PROG}),
Karchmer and Wigderson \cite{karchmerwigderson}\ were able to prove that any
monotone circuit for \textsc{stCon}\ requires $\Omega\left( \log^{2}n\right)
$ depth---and as a consequence, that any monotone \textit{formula} for
\textsc{stCon}\ requires $n^{\Omega\left( \log n\right) }$\ size. \ Since
\textsc{stCon} is known to have monotone circuits of polynomial size, this
implies in particular that monotone formula size and monotone circuit size are
not polynomially related.
\subsubsection{Small-Depth Circuits and the Random Restriction
Method\label{SMALLDEPTH}}
Besides restricting the allowed gates (say, to AND and OR only), there's a
second natural way to \textquotedblleft hobble\textquotedblright\ a circuit,
and thereby potentially make it easier to prove lower bounds on circuit size.
\ Namely, we can restrict the circuit's \textit{depth}, the number of layers
of gates between input and output. \ If the allowed gates all have a fanin\ of
$1$ or $2$ (that is, they all take only $1$ or $2$ input bits), then clearly
any circuit that depends nontrivially on all $n$ of the input bits must have
depth at least $\log_{2}n$. \ On the other hand, if we allow gates of
\textit{unbounded fanin}---for example, ANDs or XORs or MAJORITYs on unlimited
numbers of inputs---then it makes sense to ask what can be computed even by
circuits of \textit{constant} depth. \ Constant-depth circuits are very
closely related to \textit{neural networks}, which also consist of a small
number of layers of \textquotedblleft logic gates\textquotedblright\ (i.e.,
the neurons), with each neuron allowed to have very large \textquotedblleft
fanin\textquotedblright---i.e., to accept input from many or all of the
neurons in the previous layer.
If we don't also restrict the number of gates or neurons, then it turns out
that \textit{every} function\ can be computed in small depth:
\begin{proposition}
Every Boolean function $f:\left\{ 0,1\right\} ^{n}\rightarrow\left\{
0,1\right\} $\ can be computed by an unbounded-fanin, depth-$3$ circuit of
size $O\left( n2^{n}\right) $: namely, by an OR of ANDs of input bits and
their negations.
\end{proposition}
\begin{proof}
We simply need to check whether the input, $x\in\left\{ 0,1\right\} ^{n}$,
is one of the $z$'s\ such that $f\left( z\right) =1$:%
\[
f\left( x\right) =\bigvee_{z=z_{1}\cdots z_{n}~:~f\left( z\right)
=1}\left( \left( \bigwedge_{i\in\left\{ 1,\ldots,n\right\} ~:~z_{i}%
=1}x_{i}\right) \wedge\left( \bigwedge_{i\in\left\{ 1,\ldots,n\right\}
~:~z_{i}=0}\overline{x}_{i}\right) \right) .
\]
\
\end{proof}
Similarly, in typical neural network models, every Boolean function can be
computed by a network with $\sim2^{n}$ neurons arranged into just $2$ layers.
So the interesting question is what happens if we restrict both the depth
\textit{and} the number of gates or neurons. \ More formally, let
$\mathsf{AC}^{0}$\ be the class of languages $L\subseteq\left\{ 0,1\right\}
^{\ast}$\ for which there exists a family of circuits $\left\{ C_{n}\right\}
_{n\geq1}$, one for each input size $n$, such that:
\begin{itemize}
\item[(1)] $C_{n}\left( x\right) $ outputs $1$ if $x\in L$\ and $0$ if
$x\notin L$, for all $n$\ and $x\in\left\{ 0,1\right\} ^{n}$.
\item[(2)] Each $C_{n}$\ consists of unbounded-fanin AND and OR gates, as well
as NOT gates.
\item[(3)] There is a polynomial $p$ such that each $C_{n}$ has at most
$p\left( n\right) $\ gates.
\item[(4)] There is a constant $d$ such that each $C_{n}$\ has depth at most
$d$.
\end{itemize}
Clearly $\mathsf{AC}^{0}$\ is a subclass of $\mathsf{P/poly}$; indeed we
recover $\mathsf{P/poly}$\ by omitting condition (4). \ Now, one of the major
triumphs of complexity theory in the 1980s was to understand $\mathsf{AC}^{0}%
$, as we still only dream of understanding $\mathsf{P/poly}$. \ It's not just
that we know $\mathsf{NP}\not \subset \mathsf{AC}^{0}$; rather, it's that we
know in some detail which problems are and aren't in $\mathsf{AC}^{0}$ (even
problems within $\mathsf{P}$), and in some cases, the exact tradeoff between
the number of gates and the depth $d$. \ As the most famous example, let
\textsc{Parity}\ be the language consisting of all strings with an odd number
of `1' bits. \ Then:
\begin{theorem}
[Ajtai \cite{ajtai:ac0}, Furst-Saxe-Sipser \cite{fss}]\label{parityac0}%
\textsc{Parity} is not in $\mathsf{AC}^{0}$.
\end{theorem}
While the original lower bounds on the size of $\mathsf{AC}^{0}$ circuits for
\textsc{Parity}\ were only slightly superpolynomial, Theorem \ref{parityac0}%
\ was subsequently improved by Yao \cite{yao:ph}\ and then by H\aa stad
\cite{hastad:book}, the latter of whom gave an essentially optimal result:
namely, any $\mathsf{AC}^{0}$\ circuit for \textsc{Parity}\ of depth
$d$\ requires at least $2^{\Omega\left( n^{1/\left( d-1\right) }\right) }$\ gates.
The first proofs of Theorem \ref{parityac0}\ used what's called
the\ \textit{method of random restrictions}. \ In this method, we assume by
contradiction that we have a size-$s$, depth-$d$, unbounded-fanin circuit
$C$\ for our Boolean function---say, the \textsc{Parity}\ function. We then
randomly fix most of the input bits to $0$ or $1$, while leaving a few input
bits unfixed. \ What we hope to find is that the random restriction
\textquotedblleft kills off\textquotedblright\ an entire layer of
gates---because any AND gate that takes even one constant $0$ bit as input can
be replaced by the constant $0$ function, and likewise, any OR gate that takes
even one $1$ bit as input can be replaced by the constant $1$ function.
\ Thus, any AND or OR gate with a large fanin is extremely likely to be killed
off; gates with small fanin might not be killed off, but can be left around to
be dealt with later. \ We then repeat this procedure, randomly restricting
most of the remaining unfixed bits, in order to kill off the next higher layer
of AND and OR gates, and so on through all $d$\ layers. \ By the time we're
done, we've reduced $C$ to a shadow of its former self: specifically, to a
circuit that depends on only a constant number of input bits. \ Meanwhile,
even though only a tiny fraction of the input bits (say, $n^{1/d}$\ of them)
remain unfixed, we still have a nontrivial Boolean function on those bits:
indeed, it's easy to see that any restriction of the \textsc{Parity}\ function
to a smaller set of bits will either be \textsc{Parity} itself, or else
\textsc{NOT(Parity)}. \ But a circuit of constant size clearly can't compute a
Boolean function that depends on $\sim n^{1/d}$ input bits. \ This yields our
desired contradiction.
At a high level, there were three ingredients needed for the random
restriction method to work. \ First, the circuit needed to be built out of AND
and OR gates, which are likely to get killed off by random restrictions. \ The
method \textit{wouldn't} have worked if the circuit contained unbounded-fanin
MAJORITY gates (as a neural network does), or even unbounded-fanin XOR gates.
\ Second, it was crucial that the circuit depth $d$\ was small, since we
needed to shrink the number of unfixed input variables by a large factor $d$
times, and then still have unfixed variables left over. \ It turns out that
random restriction arguments can yield \textit{some} lower bound whenever
$d=o\left( \frac{\log n}{\log\log n}\right) $, but not beyond that. \ Third,
we needed to consider a function, such as \textsc{Parity}, that remains
nontrivial even after the overwhelming majority of input bits are randomly
fixed to $0$ or $1$. \ The method wouldn't have worked, for example, for the
$n$-bit AND function (which is unsurprising, since the AND function
\textit{does} have a depth-$1$ circuit, consisting of a single AND gate!).
The original proofs for \textsc{Parity~}$\notin\mathsf{AC}^{0}$\ have been
generalized and improved on in many ways. \ For example, Linial, Mansour, and
Nisan \cite{lmn} examined the weakness of $\mathsf{AC}^{0}$\ circuits from a
different angle: \textquotedblleft turning lemons into
lemonade,\textquotedblright\ they gave a quasipolynomial-time algorithm to
\textit{learn} arbitrary $\mathsf{AC}^{0}$\ circuits with respect to the
uniform distribution over inputs.\footnote{By a \textquotedblleft learning
algorithm,\textquotedblright\ here we mean an algorithm that takes as input
uniformly-random samples\ $x_{1},\ldots,x_{k}\in\left\{ 0,1\right\} ^{n}$,
as well as $f\left( x_{1}\right) ,\ldots,f\left( x_{k}\right) $, where $f$
is some unknown function in $\mathsf{AC}^{0}$, and that with high probability
over the choice of $x_{1},\ldots,x_{k}$, outputs a hypothesis $h$\ such that
$\Pr_{x\in\left\{ 0,1\right\} ^{n}}\left[ h\left( x\right) =f\left(
x\right) \right] $\ is close to $1$.} \ Also, proving a conjecture put
forward by Linial and Nisan \cite{ln}\ (and independently Babai), Braverman
\cite{braverman}\ showed that $\mathsf{AC}^{0}$\ circuits can't distinguish
the outputs of a wide range of pseudorandom generators from truly random strings.
Meanwhile, H\aa stad \cite{hastad:book} showed that for every $d$, there are
functions computable by $\mathsf{AC}^{0}$ circuits of depth $d$ that require
exponentially many gates for $\mathsf{AC}^{0}$\ circuits of depth $d-1$.
\ This implies that there exists an oracle relative to which $\mathsf{PH}$\ is
infinite (that is, all its levels are distinct). \ Improving that result,
Rossman, Servedio, and Tan \cite{rossman:ph}\ very recently showed that the
same functions H\aa stad\ had considered require exponentially many gates even
to \textit{approximate} using $\mathsf{AC}^{0}$\ circuits of depth $d-1$.
\ This implies that $\mathsf{PH}$\ is infinite relative to a \textit{random}
oracle with probability $1$, which resolved a thirty-year-old open problem.
The random restriction method has also had other applications in complexity
theory, besides to $\mathsf{AC}^{0}$. \ Most notably, it's been used to prove
polynomial lower bounds on \textit{formula size}. \ The story of formula-size
lower bounds starts in 1961 with Subbotovskaya \cite{subbo}, who used random
restrictions to show that the $n$-bit \textsc{Parity}\ function requires
formulas of size $\Omega\left( n^{1.5}\right) $. \ Later Khrapchenko
\cite{khrap} improved this to $\Omega\left( n^{2}\right) $, which is
tight.\footnote{Assume for simplicity that $n$ is a power of $2$. $\ $Then
$x_{1}\oplus\cdots\oplus x_{n}$ can be written as $y\oplus z$, where
$y:=x_{1}\oplus\cdots\oplus x_{n/2}$\ and $z:=x_{n/2+1}\oplus\cdots\oplus
x_{n}$. \ This in turn can be written as $\left( y\wedge\overline{z}\right)
\vee\left( \overline{y}\wedge z\right) $. \ Expanding recursively now yields
a size-$n^{2}$ formula for \textsc{Parity}, made of AND, OR, and NOT gates.}
\ Next, in 1987, Andreev \cite{andreev}\ constructed a different Boolean
function in $\mathsf{P}$\ that could be shown, again using random
restrictions, to require formulas of size $n^{2.5-o\left( 1\right) }$.
\ This was subsequently improved to $n^{2.55-o\left( 1\right) }$\ by
Impagliazzo and Nisan \cite{in:shrinkage}, to $n^{2.63-o\left( 1\right) }%
$\ by\ Paterson and Zwick \cite{patersonzwick}, and finally to $n^{3-o\left(
1\right) }$\ by H\aa stad \cite{hastad:shrinkage}\ and to $\Omega\left(
\frac{n^{3}}{\left( \log n\right) ^{2}\left( \log\log n\right) ^{3}%
}\right) $\ by Tal \cite{tal:shrinkage}. \ Unfortunately, the random
restriction method seems fundamentally incapable of going beyond
$\Omega\left( n^{3}\right) $. \ On the other hand, for Boolean circuits
rather than formulas, we still have no lower bound better than \textit{linear}
for any function in $\mathsf{P}$\ (or for that matter, in $\mathsf{NP}$)!
\subsubsection{Small-Depth Circuits and the Polynomial Method\label{POLYMETH}}
For our purposes, the most important extension of Theorem \ref{parityac0}\ was
achieved by Smolensky \cite{smolensky}\ and Razborov \cite{razborov:ac0}\ in
1987. \ Let $\mathsf{AC}^{0}\left[ m\right] $\ be the class of languages
decidable by a family of constant-depth, polynomial-size, unbounded-fanin
circuits with AND, OR, NOT, and MOD-$m$ gates (which output $1$ if their
number of `$1$' input bits is divisible by $m$, and $0$ otherwise). \ Adding
in MOD-$m$\ gates seems like a natural extension of $\mathsf{AC}^{0}$: for
example, if $m=2$, then we're just adding \textsc{Parity}, one of the most
basic functions not in $\mathsf{AC}^{0}$.
Smolensky and Razborov extended the class of circuits for which lower bounds
can be proven from $\mathsf{AC}^{0}$\ to $\mathsf{AC}^{0}\left[ p\right] $,
whenever $p$ is prime.
\begin{theorem}
[Smolensky \cite{smolensky}, Razborov \cite{razborov:ac0}]\label{razsmothm}Let
$p$ and $q$ be distinct primes. \ Then \textsc{Mod}$_{q}$, the set of all
strings with Hamming weight divisible by $q$, is not in $\mathsf{AC}%
^{0}\left[ p\right] $. \ Indeed, any $\mathsf{AC}^{0}\left[ p\right]
$\ circuit for \textsc{Mod}$_{q}$\ of depth $d$\ requires $2^{\Omega\left(
n^{1/2d}\right) }$ gates. \ As a corollary, the \textsc{Majority}\ function
is also not in $\mathsf{AC}^{0}\left[ p\right] $, and also requires
$2^{\Omega\left( n^{1/2d}\right) }$\ gates to compute using $\mathsf{AC}%
^{0}\left[ p\right] $\ circuits of depth $d$.
\end{theorem}
It's not hard to show that $\mathsf{AC}^{0}\left[ p\right] =\mathsf{AC}%
^{0}\left[ p^{k}\right] $\ for any $k\geq1$, and thus, one also gets lower
bounds against $\mathsf{AC}^{0}\left[ m\right] $,\ whenever $m$ is a prime power.
The proof of Theorem \ref{razsmothm}\ uses the so-called \textit{polynomial
method}. \ Here one argues that, if a function $f$ can be computed by a
constant-depth circuit with AND, OR, NOT, and MOD-$p$ gates, then $f$ can also
be approximated by a low-degree polynomial over the finite field
$\mathbb{F}_{p}$. \ One then shows that a function of interest, such as the
\textsc{Mod}$_{q}$\ function (for $q\neq p$), \textit{can't} be approximated
by any such low-degree polynomial. \ This provides the desired contradiction.
The polynomial method is famously specific in scope: it's still not known how
to prove results like Theorem \ref{razsmothm} even for $\mathsf{AC}^{0}\left[
m\right] $\ circuits, where $m$ is not a prime power.\footnote{Williams's
$\mathsf{NEXP}\not \subset \mathsf{ACC}$\ breakthrough \cite{williams:acc}, to
be discussed in Section \ref{NEXPACC}, could be seen as the first successful
use of the \textquotedblleft polynomial method\textquotedblright\ to prove a
lower bound against $\mathsf{AC}^{0}\left[ m\right] $\ circuits---though in
that case, the lower bound applies only to $\mathsf{NEXP}$-complete problems,
and polynomials are only one ingredient in the proof among many.} \ The reason
why it breaks down there is simply that there are no finite fields of
non-prime-power order. \ And thus, to be concrete, it's still open whether the
$n$-bit \textsc{Majority}\ function has a constant-depth, polynomial-size,
unbounded-fanin circuit consisting of AND, OR, NOT, and MOD-$6$ gates, or even
entirely of MOD-$6$ gates!
Stepping back, it's interesting to ask whether the constant-depth circuit
lower bounds evade the relativization barrier explained in Section \ref{REL}.
\ There's some disagreement about whether it's even sensible to feed oracles
to tiny complexity classes such as $\mathsf{AC}^{0}$ (see Allender and Gore
\cite{ag:ac0}\ for example). \ However, to whatever extent it \textit{is}
sensible, the answer is that these lower bounds do evade relativization. \ For
example, if by $\left( \mathsf{AC}^{0}\right) ^{A}$, we mean $\mathsf{AC}%
^{0}$\ extended by \textquotedblleft oracle gates\textquotedblright\ that
query $A$, then it's easy to construct an $A$ such that $\left(
\mathsf{AC}^{0}\right) ^{A}=\mathsf{P}^{A}$: for example, any $A$\ that is
$\mathsf{P}$-complete under $\mathsf{AC}^{0}$-reductions will work. \ On the
other hand, we know from Theorem \ref{parityac0}\ that $\mathsf{AC}^{0}%
\neq\mathsf{P}$\ in the \textquotedblleft real,\textquotedblright%
\ unrelativized world.
There's one other aspect of the constant-depth circuit lower bounds that
requires discussion. \ Namely, we saw that both the random restriction method
and the polynomial method yield lower bounds of the form $2^{n^{\Omega\left(
1/d\right) }}$\ on the number of gates needed in an $\mathsf{AC}^{0}%
$\ circuit of depth $d$---with the sharpest result, due to H\aa stad
\cite{hastad:book}, having the form $2^{\Omega\left( n^{1/\left( d-1\right)
}\right) }$. \ Of course, this bound degrades rapidly as $d$ gets large, and
is never $2^{\Omega\left( n\right) }$\ for any interesting depth $d\geq3$.
\ So one might wonder: \textit{why} do these size lower bounds consistently
fall short of $2^{\Omega\left( n\right) }$? \ In the special case of
\textsc{Parity}, that question has a very simple answer: because $2^{O\left(
n^{1/\left( d-1\right) }\right) }$\ is easily seen to be a matching upper
bound! \ But could the same techniques yield a $2^{\Omega\left( n\right) }%
$\ lower bound on $\mathsf{AC}^{0}$\ circuit size\ for \textit{other} functions?
The surprising answer is that $2^{n^{\Omega\left( 1/d\right) }}$\ represents
a sort of fundamental barrier---in the sense that, if we could do better, then
we could also do much more than prove constant-depth circuit lower bounds.
\ This is a consequence of the following result, which is not nearly as
well-known as it should be:
\begin{theorem}
[Allender et al.\ \cite{ahmps}, Koiran \cite{koiran}]\label{boolchasm}Let $L$
be a language decided by an $\mathsf{NLOGSPACE}$\ (that is, nondeterministic
logarithmic space) machine that halts in $m=n^{O\left( 1\right) }$\ time
steps. \ Then for every odd constant $d\geq3$, we can also decide $L$\ using a
family of $\mathsf{AC}^{0}$\ circuits with depth $d$ and size $m^{O\left(
m^{2/\left( d+1\right) }\right) }$.
\end{theorem}
Theorem \ref{boolchasm}\ means, in particular, that if we proved that some
language $L$ required $\mathsf{AC}^{0}$\ circuits of size $2^{\Omega\left(
n^{\varepsilon}\right) }$, independently of the constant depth $d$---even
with, say, $\varepsilon=0.001$---then we also would have proven $L\notin%
\mathsf{NLOGSPACE}$. \ In other words, if we had the ability to prove strong
enough $\mathsf{AC}^{0}$ lower bounds for languages in $\mathsf{P}$, then we'd
also have the ability to prove $\mathsf{NLOGSPACE}\neq\mathsf{P}$.
\subsubsection{The Natural Proofs Barrier\label{NATPROOF}}
Despite the weakness of $\mathsf{AC}^{0}$\ and $\mathsf{AC}^{0}\left[
p\right] $ circuits, the progress on lower bounds for them suggested what
seemed to many researchers like a plausible path to proving $\mathsf{NP}%
\not \subset \mathsf{P/poly}$, and hence $\mathsf{P\neq NP}$. \ That path is
simply to generalize the random restriction and polynomial methods further and
further, to get lower bounds for more and more powerful classes of circuits.
\ The first step, of course, would be to generalize the polynomial method to
handle $\mathsf{AC}^{0}\left[ m\right] $\ circuits, where $m$ is not a prime
power. \ Then one could handle what are called $\mathsf{TC}^{0}$ circuits:
that is, constant-depth, polynomial-size, unbounded-fanin circuits with
MAJORITY gates (or, as in a neural network, \textit{threshold gates}, which
output $1$\ if a certain weighted affine combination of the input bits exceeds
$0$, and $0$ otherwise). \ Next, one could aim for polynomial-size circuits of
logarithmic depth: that is, the class $\mathsf{NC}^{1}$. \ Finally, one could
push all the way to polynomial-depth circuits: that is, the class
$\mathsf{P/poly}$.
Unfortunately, we now know that this path hits a profound barrier at
$\mathsf{TC}^{0}$, if not earlier---a barrier that explains why the random
restriction and polynomial methods haven't taken us further toward a proof of
$\mathsf{P}\neq\mathsf{NP}$. \ Apparently this barrier was known to Michael
Sipser (and perhaps a few others) in the 1980s, but it was first articulated
in print in 1993 by Razborov and Rudich \cite{rr}, who called it the
\textit{natural proofs barrier}.
The basic insight is that combinatorial techniques, such as the method of
random restrictions, do more than advertised: in some sense, they do too much
for their own good. \ In particular, not only do they let us show that certain
specific functions, like \textsc{Parity}, are hard for $\mathsf{AC}^{0}$; they
even let us certify that a \textit{random} function is hard for $\mathsf{AC}%
^{0}$. \ Indeed, such techniques give rise to an \textit{algorithm}, which
takes as input the truth table of a Boolean function $f:\left\{ 0,1\right\}
^{n}\rightarrow\left\{ 0,1\right\} $, and which has the following two properties.
\begin{enumerate}
\item[(1)] \textbf{\textquotedblleft Constructivity.\textquotedblright} \ The
algorithm runs in time polynomial in the size of $f$'s truth table (that is,
polynomial in $2^{n}$).
\item[(2)] \textbf{\textquotedblleft Largeness.\textquotedblright} \ If $f$ is
chosen uniformly at random, then with probability at least $1/n^{O\left(
1\right) }$\ over $f$, the algorithm certifies that $f$ is hard (i.e., that
$f$\ is not in some circuit class $\mathcal{C}$, such as $\mathsf{AC}^{0}$\ in
the case of the random restriction method).
\end{enumerate}
If a lower bound proof gives rise to an algorithm satisfying (1) and (2), then
Razborov and Rudich call it a \textit{natural proof}. \ In many cases, it's
not entirely obvious that a lower bound proof is natural, but with some work
one can show that it is. \ To illustrate, in the case of the random
restriction method, the algorithm could check that $f$ has a large fraction of
its Fourier mass on high-degree Fourier coefficients, or that $f$\ has high
\textquotedblleft average sensitivity\textquotedblright\ (that is, if $x$\ and
$y$\ are random inputs that differ only in a single bit, then with high
probability $f\left( x\right) \neq f\left( y\right) $). \ These tests have
the following three properties:
\begin{itemize}
\item They're easy to perform, in time polynomial in the truth table
size\ $2^{n}$.
\item A random function $f$\ will pass these tests with overwhelming
probability (that is, such an $f$ will \textquotedblleft look like
\textsc{Parity}\textquotedblright\ in the relevant respects).
\item The results of Linial, Mansour, and Nisan \cite{lmn} show that any $f$
that passes these tests remains nontrivial under most random restrictions, and
for that reason, can't be in $\mathsf{AC}^{0}$.
\end{itemize}
But now, twisting the knife, Razborov and Rudich point out that any natural
lower bound proof against a powerful enough complexity class would be
self-defeating, in that \textit{it would yield an efficient algorithm to solve
some of the same problems that we'd set out to prove were hard.} \ More
concretely, suppose we have a natural lower bound proof against the circuit
class $\mathcal{C}$. \ Then by definition, we also have an efficient algorithm
$A$\ that, given a random Boolean function $f:\left\{ 0,1\right\}
^{n}\rightarrow\left\{ 0,1\right\} $, certifies that $f\notin\mathcal{C}%
$\ with at least $1/n^{O\left( 1\right) }$\ probability over $f$. \ But this
means that $\mathcal{C}$\ cannot contain very strong families of
\textit{pseudorandom functions}: namely, functions $f:\left\{ 0,1\right\}
^{n}\rightarrow\left\{ 0,1\right\} $\ that are indistinguishable from
\textquotedblleft truly\textquotedblright\ random functions, even by
algorithms that can examine their entire truth tables and use time polynomial
in $2^{n}$.
Why not? \ Because $A$ can \textit{never} certify $f\notin\mathcal{C}$\ if $f$
is a pseudorandom function, computable in $\mathcal{C}$. \ But $A$\ certifies
$f\notin\mathcal{C}$\ with $1/n^{O\left( 1\right) }$\ probability over a
truly random $f$. \ Thus, $A$ serves to distinguish random from pseudorandom
functions with non-negligible\footnote{In theoretical computer science, the
term \textit{non-negligible}\ means lower-bounded by $1/n^{O\left( 1\right)
}$.} bias---so the latter were never really pseudorandom at all.
To recap, we've shown that, if there's any natural proof that any function is
not in $\mathcal{C}$, then all Boolean functions computable in $\mathcal{C}%
$\ can be distinguished from random functions by $2^{O\left( n\right) }%
$-time algorithms. \ That might not sound so impressive, since $2^{O\left(
n\right) }$\ is a lot of time. \ But a key observation is that, for most of
the circuit classes $\mathcal{C}$ that we care about, there are families of
pseudorandom functions $\left\{ f_{s}\right\} _{s}$\ on $n$ bits that are
conjectured to require $2^{p\left( n\right) }$\ time to distinguish from
truly random functions, where $p\left( n\right) $ is as large a polynomial
as we like (related to the length of the random \textquotedblleft
seed\textquotedblright\ $s$). \ It follows from results of Naor and Reingold
\cite{naorreingold}\ that in $\mathsf{TC}^{0}$ (constant-depth,
polynomial-size threshold circuits), there are functions that can't be
distinguished from random functions in $2^{O\left( n\right) }$\ time,
\textit{unless} the factoring and discrete logarithm problems are solvable in
$O\left( 2^{n^{\varepsilon}}\right) $\ time for every $\varepsilon>0$.
\ (For comparison, the best \textit{known} algorithms for these problems take
roughly $2^{n^{1/3}}$\ time.) \ Likewise, Banerjee et al.\ \cite{bpr}\ showed
that in $\mathsf{TC}^{0}$, there are functions that can't be distinguished
from random in $2^{O\left( n\right) }$ time, unless noisy systems of linear
equations can be solved in $O\left( 2^{n^{\varepsilon}}\right) $\ time for
every $\varepsilon>0$.
It's worth pausing to let the irony sink in. \ Razborov and Rudich are
pointing out that, as we showed certain problems (factoring and discrete
logarithm) to be harder and harder via a natural proof, we'd simultaneously
show those same problems to be easier and easier! \ Indeed, any natural proof
showing that these problems took \textit{at least} $t\left( n\right) $ time,
would also show that they took \textit{at most} roughly $2^{t^{-1}\left(
n\right) }$\ time. \ As a result, no natural proof could possibly show these
problems take more than half-exponential\ time: that is, time $t\left(
n\right) $ such that $t\left( t\left( n\right) \right) $\ grows exponentially.
Here, perhaps, we're finally face-to-face with a central conceptual difficulty
of the $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ question: namely, we're trying
to prove that certain functions are hard, but the problem of deciding whether
a function is hard is \textit{itself} hard, according to the very sorts of
conjectures that we're trying to prove.\footnote{Technically, the problem of
distinguishing random from pseudorandom functions is equivalent to the problem
of inverting one-way functions, which is not \textit{quite} as strong as
solving $\mathsf{NP}$-complete\ problems in polynomial time---only solving
average-case $\mathsf{NP}$-complete\ problems\ with planted solutions. \ For
more see Section \ref{OWF}.}
Of course, the natural proofs barrier didn't prevent complexity theorists from
proving strong lower bounds against $\mathsf{AC}^{0}$. \ But the result of
Linial, Mansour, and Nisan \cite{lmn}\ can be interpreted as saying that this
is \textit{because} $\mathsf{AC}^{0}$\ is not yet powerful enough to express
pseudorandom functions.\footnote{Though even here, Theorem \ref{boolchasm}%
\ implies that for every $\varepsilon>0$ and $c$, there exists a $d$ such that
$\mathsf{AC}^{0}$ circuits of size $2^{n^{\varepsilon}}$\ and depth $d$ can
simulate an $\mathsf{NLOGSPACE}$\ machine that halts in time $n^{c}$. \ But
it's known that $\mathsf{NLOGSPACE}$\ can simulate uniform $\mathsf{NC}^{1}$,
which contains strong pseudorandom function candidates. \ So even for
$\mathsf{AC}^{0}$ circuits, if we wanted to prove strong enough exponential
lower bounds on size, then we \textit{would} be up against the natural proofs
barrier. \ Not by coincidence, proving such strong size lower bounds for
$\mathsf{AC}^{0}$\ has been a longstanding open problem, as discussed in
Section \ref{POLYMETH}.} \ When we move just slightly higher, to
$\mathsf{TC}^{0}$ (constant-depth threshold circuits), we \textit{do} have
pseudorandom functions under plausible hardness assumptions, and---not at all
coincidentally, according to Razborov and Rudich---we no longer have strong
circuit lower bounds. \ In that sense, natural proofs explains almost
precisely why the progress toward proving $\mathsf{P}\neq\mathsf{NP}$\ via
circuit complexity stalled where it did. \ The one complication in the story
is the $\mathsf{AC}^{0}\left[ m\right] $\ classes, for which we don't yet
have strong lower bounds (though see Section \ref{IRONIC}), but \textit{also}
don't have pseudorandom function candidates. \ For those classes, it's still
possible that natural proofs could succeed.
As Razborov and Rudich themselves stressed, the take-home message is
\textit{not} that we should give up on proving $\mathsf{P}\neq\mathsf{NP}$.
\ In fact, since the beginning of complexity theory, we've had at least one
technique that easily evades the natural proofs barrier: namely,
diagonalization (the technique used to prove $\mathsf{P}\neq\mathsf{EXP}$; see
Section \ref{LOGIC})! \ The reason why diagonalization evades the barrier is
that it zeroes in on a specific property of the function $f$\ being
lower-bounded---namely, the fact that $f$ is $\mathsf{EXP}$-complete, and thus
able to simulate all $\mathsf{P}$\ machines---and thereby avoids the trap of
arguing that \textquotedblleft$f$ is hard because it looks like a random
function.\textquotedblright\ \ Of course, diagonalization is subject to the
relativization barrier (see Section \ref{REL}), so the question still stands
of how to evade relativization and natural proofs simultaneously; we'll return
to that question in Section \ref{HYBRID}.
More broadly, there are many cases in mathematics where we can prove that some
object $O$\ of interest to us has a property $P$, even though we have no hope
of finding a general polynomial-time algorithm to decide whether \textit{any}
given object has property $P$,\ or even to certify a large fraction of objects
as having property $P$. \ In such cases, often we prove that $O$\ has property
$P$\ by exploiting special symmetries in $O$---symmetries that have little to
do with why $O$\ has property $P$, but everything to do with why we can
\textit{prove} it has the property. \ As an example, a random graph is an
\textit{expander graph} (that is, a graph on which a random walk mixes
rapidly) with overwhelming probability. \ But since the general problem of
deciding whether a graph is an expander is $\mathsf{NP}$-hard, if we want a
\textit{specific} graph $G$ that's provably an expander, typically we need to
construct $G$ with a large amount of symmetry: for example, by taking it to be
the Cayley graph of a finite group. \ Similarly, even though we expect that
there's no general efficient algorithm to decide if a Boolean function $f$ is
hard,\footnote{The problem, given as input the truth table of a Boolean
function $f:\left\{ 0,1\right\} ^{n}\rightarrow\left\{ 0,1\right\} $, of
computing or approximating the circuit complexity of $f$\ is called the
Minimum Circuit Size Problem (MCSP). \ It's a longstanding open problem
whether or not MCSP is $\mathsf{NP}$-hard; at any rate, there are major
obstructions to \textit{proving} it $\mathsf{NP}$-hard with existing
techniques (see Kabanets and Cai \cite{kc}\ and Murray and Williams
\cite{murraywilliams}). \ On the other hand, MCSP can't be in $\mathsf{P}%
$\ (or $\mathsf{BPP}$) unless there are no cryptographically-secure
pseudorandom generators. \ At any rate, what's relevant to natural proofs is
just whether there's an efficient algorithm to \textit{certify a large
fraction} of Boolean functions as being hard: that is, to output
\textquotedblleft$f$ is hard\textquotedblright\ for a $1/\operatorname*{poly}%
\left( n\right) $\ fraction of Boolean functions $f:\left\{ 0,1\right\}
^{n}\rightarrow\left\{ 0,1\right\} $\ that require large circuits, and for
no Boolean functions that have small circuits. \ This is a weaker requirement
than solving MCSP.} given as input $f$'s truth table, we might be able to
prove that certain \textit{specific} $f$'s (for example, $\mathsf{NP}$- or
$\mathsf{\#P}$-complete ones) are hard by exploiting their symmetries.
\ Geometric Complexity Theory (see Section \ref{GCT}) is the best-known
development of that particular hope for escaping the natural proofs barrier.
But GCT is not the only way to use symmetry to evade natural proofs. \ As a
vastly smaller example, I \cite[Appendix 10]{aar:mlin}\ proved an exponential
lower bound on the so-called \textit{manifestly orthogonal formula size} of a
function $f:\left\{ 0,1\right\} ^{n}\rightarrow\left\{ 0,1\right\} $\ that
outputs $1$ if the input $x$ is a codeword of a linear error-correcting code,
and $0$ otherwise. \ Here a \textit{manifestly orthogonal formula} is a
formula over $x_{1},\ldots,x_{n},\overline{x}_{1},\ldots,\overline{x}_{n}%
$\ consisting of OR and AND gates, where every OR must be of two subformulas
over the same set of variables, and every AND must be of two subformulas over
disjoint sets of variables. \ My lower bound wasn't especially difficult, but
what's notable about it is that it took crucial advantage of a
\textit{symmetry} of linear error-correcting codes: namely, the fact that any
such code can be recursively decomposed as a\ disjoint union of Cartesian
products of smaller linear error-correcting codes. \ My proof thus gives no
apparent insight into how to certify that a \textit{random} Boolean function
has manifestly orthogonal formula size $\exp\left( n\right) $, and possibly
evades the natural proofs barrier (if there \textit{is} such a barrier in the
first place for manifestly orthogonal formulas).
Another proposal for how to evade the natural proofs barrier comes from a
beautiful 2010 paper by Allender and Kouck\'{y} \cite{allenderkoucky} (see
also Allender's survey \cite{allender:cracks}). \ These authors show that, if
one wanted to prove that certain specific $\mathsf{NC}^{1}$ problems were not
in $\mathsf{TC}^{0}$, thereby establishing the breakthrough separation
$\mathsf{TC}^{0}\neq\mathsf{NC}^{1}$, it would suffice to show that those
problems had no $\mathsf{TC}^{0}$\ circuits of size $n^{1+\varepsilon}$, for
any constant $\varepsilon>0$. \ To achieve this striking \textquotedblleft
bootstrap,\textquotedblright\ from an $n^{1+\varepsilon}$\ lower bound to a
superpolynomial one, Allender and Kouck\'{y}\ exploit the
\textit{self-reducibility} of the $\mathsf{NC}^{1}$\ problems in question: the
fact that they can be reduced to smaller instances of themselves. \ Crucially,
this self-reducibility would \textit{not} hold for a random function. \ For
this reason, the proposed lower bound method has at least the potential to
evade the natural proofs barrier. \ Indeed, it's not even totally implausible
that a natural proof could yield an $n^{1+\varepsilon}$\ lower bound for
$\mathsf{TC}^{0}$\ circuits, with the known bootstrapping from
$n^{1+\varepsilon}$\ to superpolynomial the only non-natural part of the
argument.\footnote{Allender and Kouck\'{y}'s paper partly builds on 2003 work
by Srinivasan \cite{srinivasan}, who showed that, to prove $\mathsf{P}%
\neq\mathsf{NP}$, one would \textquotedblleft merely\textquotedblright\ need
to show that\ any algorithm to compute weak approximations for the
\textsc{MaxClique}\ problem takes $\Omega\left( n^{1+\varepsilon}\right)
$\ time, for some constant $\varepsilon>0$. \ The way Srinivasan proved this
striking statement was, again, by using a sort of self-reduciblity: he showed
that, if there's a polynomial-time algorithm for \textsc{MaxClique}, then by
running that algorithm on smaller graphs sampled from the original graph, one
can solve approximate versions of \textsc{MaxClique}\ in $n^{1+o\left(
1\right) }$\ time.}
I can't resist mentioning a final idea about how to evade natural proofs. \ In
a 2014 paper, Chapman and Williams \cite{chapmanwilliams} suggested proving
circuit lower bounds for $\mathsf{NP}$-complete problems like \textsc{3Sat},
via arguments that would work only for circuits that are
\textit{self-certifying}: that is, that output satisfying assignments whenever
they exist, which we know that a circuit solving $\mathsf{NP}$-complete
problems\ can always do by\ Proposition \ref{searchdec}. \ Strikingly, they
then showed that if $\mathsf{NP}\not \subset \mathsf{P/poly}$\ is true at all,
then it has a proof that's \textquotedblleft natural\textquotedblright\ in
their modified sense: that is, a proof that yields an efficient algorithm to
certify that a $1/n^{O\left( 1\right) }$\ fraction of all Boolean functions
$f:\left\{ 0,1\right\} ^{n}\rightarrow\left\{ 0,1\right\} $%
\ \textit{either don't have polynomial-size circuits or else aren't
self-certifying}. \ Thus, if we could just figure out how to exploit
$\mathsf{NP}$-complete problems' property of self-certification, that would
already be enough to evade natural proofs.
\subsection{Arithmetization\label{HYBRID}}
In the previous sections, we saw that there are logic-based techniques (like
diagonalization) that suffice to prove $\mathsf{P\neq EXP}$\ and
$\mathsf{NEXP}^{\mathsf{NP}}\not \subset \mathsf{P/poly}$, and that evade the
natural proofs barrier, but that are blocked from proving $\mathsf{P\neq NP}%
$\ by the relativization barrier. \ Meanwhile, there are combinatorial
techniques (like random restrictions) that suffice to prove circuit lower
bounds against $\mathsf{AC}^{0}$ and $\mathsf{AC}^{0}\left[ p\right] $, and
that evade the relativization barrier, but that are blocked from proving lower
bounds against $\mathsf{P/poly}$\ (and hence, from proving $\mathsf{P\neq NP}%
$) by the natural proofs barrier. \
This raises a question: couldn't we simply \textit{combine} techniques that
evade relativization but not natural proofs, with techniques that evade
natural proofs but not relativization, in order to evade both? \ As it turns
out, we can.
\subsubsection{$\mathsf{IP}=\mathsf{PSPACE\label{IPPSPACE}}$}
The story starts with a dramatic development in complexity theory around 1990,
though not one that obviously bore on $\mathsf{P\neq NP}$\ or circuit lower
bounds. \ In the 1980s, theoretical cryptographers became interested in
so-called \textit{interactive proof systems}, which are protocols where a
computationally-unbounded but untrustworthy prover (traditionally named
Merlin) tries to convince a skeptical polynomial-time verifier (traditionally
named Arthur) that some mathematical statement is true, via a two-way
conversation, in which Arthur can randomly generate challenges and then
evaluate Merlin's answers to them.
More formally, let $\mathsf{IP}$\ (Interactive Proof) be the class of all
languages $L\subseteq\left\{ 0,1\right\} ^{\ast}$\ for which there exists a
probabilistic polynomial-time algorithm\ for Arthur with the following
properties. \ Arthur receives an input string $x\in\left\{ 0,1\right\} ^{n}$
(which Merlin also knows), and then generates up to $n^{O\left( 1\right) }%
$\ challenges to send to Merlin. \ Each challenge is a string of up to
$n^{O\left( 1\right) }$\ bits, and each can depend on $x$, on Arthur's
internal random bits, \textit{and} on Merlin's responses to the previous
challenges. \ (We also allow Arthur, if he likes, to keep some random bits
hidden, without sending them to Merlin---though surprisingly, this turns out
not to make any difference \cite{gs}.) \ We think of Merlin as trying his best
to persuade Arthur that $x\in L$; at the end, Arthur decides whether to accept
or reject Merlin's claim. \ We require that for all inputs $x$:
\begin{itemize}
\item If $x\in L$, then there's some strategy for Merlin (i.e., some function
determining which message to send next, given $x$\ and the sequence of
challenges so far\footnote{We can assume without loss of generality that
Merlin's strategy is deterministic, since Merlin is computationally unbounded,
and any convex combination of strategies must contain a deterministic strategy
that causes Arthur to accept with at least as great a probability as the
convex combination does.}) that causes Arthur to accept with probability at
least $2/3$\ over his internal randomness.
\item If $x\notin L$, then regardless of what strategy Merlin uses, Arthur
rejects with probability at least $2/3$\ over his internal randomness.
\end{itemize}
Clearly $\mathsf{IP}$\ generalizes $\mathsf{NP}$: indeed, we recover
$\mathsf{NP}$\ if we get rid of the interaction and randomness aspects, and
just allow a single message from Merlin, which Arthur either accepts or
rejects. \ In the other direction, it's not hard to show that $\mathsf{IP}%
\subseteq\mathsf{PSPACE}$.\footnote{This is so because a polynomial-space
Turing machine can treat the entire interaction between Merlin and Arthur as a
game, in which Merlin is trying to get Arthur to accept with the largest
possible probability. \ The machine can then evaluate the exponentially large
game tree using depth-first recursion.}
The question asked in the 1980s was: \textit{does interaction help? \ }In
other words, how much bigger is $\mathsf{IP}$\ than $\mathsf{NP}$\textit{?}
\ It was observed that $\mathsf{IP}$\ contains at least a few languages that
aren't known to be in $\mathsf{NP}$, such as graph non-isomorphism. \ This is
so because of a simple, famous, and elegant protocol \cite{gmw}: given two
$n$-vertex graphs $G$ and $H$, Arthur can pick one of the two uniformly at
random, randomly permute its vertices, then send the result to Merlin. \ He
then challenges Merlin: \textit{which graph did I start from, }$G$\textit{ or
}$H$\textit{?} \ If $G\ncong H$, then Merlin, being computationally unbounded,
can easily answer this challenge by solving graph isomorphism. \ If, on the
other hand, $G\cong H$,\ then Merlin sees the same distribution over graphs
regardless of whether Arthur started from $G$ or $H$, so he must guess wrongly
with probability $1/2$.
Despite such protocols, the feeling in the late 1980s was that $\mathsf{IP}%
$\ should be only a \textquotedblleft slight\textquotedblright\ extension of
$\mathsf{NP}$. \ This feeling was buttressed by a result of Fortnow and Sipser
\cite{fs}, which said that there exists an oracle $A$ such that $\mathsf{coNP}%
^{A}\not \subset \mathsf{IP}^{A}$,\ and hence, any interactive protocol even
for $\mathsf{coNP}$\ (e.g., for proving Boolean formulas unsatisfiable)\ would
require non-relativizing techniques.
Yet in the teeth of that oracle result, Lund, Fortnow, Karloff, and Nisan
\cite{lfkn} showed nevertheless that $\mathsf{coNP}\subseteq\mathsf{IP}%
$\ \textquotedblleft in the real world\textquotedblright---and not only that,
but $\mathsf{P}^{\mathsf{\#P}}\subseteq\mathsf{IP}$. \ This was quickly
improved by Shamir \cite{shamir}\ to the following striking statement:
\begin{theorem}
[\cite{lfkn,shamir}]\label{shamirthm}$\mathsf{IP}=\mathsf{PSPACE}.$
\end{theorem}
Theorem \ref{shamirthm}\ means, for example, that if a
computationally-unbounded alien came to Earth, it could not merely beat us in
games of strategy like chess: rather, the alien could mathematically prove to
us, via a short conversation and to statistical certainty, that it knew how to
play \textit{perfect} chess.\footnote{This assumes that we restrict attention
to $n\times n$\ chess games that end after at most $n^{O\left( 1\right) }$
moves, for example because of the time limits in tournament play. \ As
discussed in Section \ref{SPACE}, with no time limits chess jumps up from
being $\mathsf{PSPACE}$-complete to being $\mathsf{EXP}$-complete.} \ Theorem
\ref{shamirthm}\ has been hugely influential in complexity theory for several
reasons, but one reason was that it illustrated, dramatically and
indisputably, that the relativization barrier need not inhibit progress.
So how was this amazing result achieved, and why does the proof \textit{fail}
relative to certain oracles? \ The trick is what we now call
\textit{arithmetization}. \ This means that we take a Boolean formula or
circuit---involving, for example, AND, OR, and NOT gates---and then
reinterpret the Boolean gates as arithmetic operations over some larger finite
field $\mathbb{F}_{p}$. \ More concretely, the Boolean AND ($x\wedge y$)
becomes multiplication ($xy$), the Boolean NOT becomes the function $1-x$, and
the Boolean OR ($x\vee y$) becomes $x+y-xy$. \ Note that if $x,y\in\left\{
0,1\right\} $, then we recover the original Boolean operations. \ But the new
operations make sense even if $x,y\notin\left\{ 0,1\right\} $, and they have
the effect of lifting our Boolean formula or circuit to a multivariate
polynomial over $\mathbb{F}_{p}$. \ Furthermore, the degree of the polynomial
can be upper-bounded in terms of the size of the formula or circuit.
The advantage of this lifting is that polynomials, at least over large finite
fields, have powerful error-correcting properties that are unavailable in the
Boolean case. \ These properties ultimately derive from a basic fact of
algebra: a nonzero, degree-$d$ univariate polynomial has at most $d$ roots.
\ As a consequence, if $q,q^{\prime}:\mathbb{F}_{p}\rightarrow\mathbb{F}_{p}%
$\ are two degree-$d$ polynomials that are unequal (and $d\ll p$), then with
high probability, their inequality can be seen by querying them at a random
point:%
\[
\Pr_{x\in\mathbb{F}_{p}}\left[ q\left( x\right) =q^{\prime}\left(
x\right) \right] \leq\frac{d}{p}.
\]
Let me now give a brief impression of how one proves Theorem \ref{shamirthm},
or at least the simpler result $\mathsf{coNP}\subseteq\mathsf{IP}$. \ Let
$\varphi\left( x_{1},\ldots,x_{n}\right) $\ be, say, a \textsc{3Sat} formula
that Merlin wants to convince Arthur is unsatisfiable. \ Then Arthur first
lifts $\varphi$\ to a multivariate polynomial $q:\mathbb{F}_{p}^{n}%
\rightarrow\mathbb{F}_{p}$, of degree $d\leq\left\vert \varphi\right\vert $
(where $\left\vert \varphi\right\vert $\ is the size of $\varphi$), over the
finite field $\mathbb{F}_{p}$, for some $p\gg2^{n}$. \ Merlin's task is
equivalent to convincing Arthur of the following equation:%
\[
\sum_{x_{1},\ldots,x_{n}\in\left\{ 0,1\right\} }q\left( x_{1},\ldots
,x_{n}\right) =0.
\]
To achieve this, Merlin first sends Arthur the coefficients of a univariate
polynomial $q_{1}:\mathbb{F}_{p}\rightarrow\mathbb{F}_{p}$. \ Merlin claims
that $q_{1}$ satisfies%
\begin{equation}
q_{1}\left( x_{1}\right) =\sum_{x_{2},\ldots,x_{n}\in\left\{ 0,1\right\}
}q\left( x_{1},x_{2},\ldots,x_{n}\right) , \label{hmm}%
\end{equation}
and also satisfies $q_{1}\left( 0\right) +q_{1}\left( 1\right) =0$.
\ Arthur can easily check the latter equation for himself. \ To check equation
(\ref{hmm}), Arthur picks a random value $r_{1}\in\mathbb{F}_{p}$\ for $x_{1}$
and sends it to Merlin. \ Then Merlin replies with a univariate polynomial
$q_{2}$, for which he claims that%
\[
q_{2}\left( x_{2}\right) =\sum_{x_{3},\ldots,x_{n}\in\left\{ 0,1\right\}
}q\left( r_{1},x_{2},x_{3},\ldots,x_{n}\right) .
\]
Arthur checks that $q_{2}\left( 0\right) +q_{2}\left( 1\right)
=q_{1}\left( r_{1}\right) $, then picks a random value $r_{2}\in
\mathbb{F}_{p}$\ for $x_{2}$ and sends it to Merlin, and so on. \ Finally,
Arthur checks that $q_{n}$\ is indeed the univariate polynomial obtained by
starting from the arithmetization of $\varphi$, then fixing $x_{1}%
,\ldots,x_{n-1}$\ to $r_{1},\ldots,r_{n-1}$\ respectively. \ The bounded
number of roots ensures that, if Merlin lied at any point in the protocol,
then with high probability at least one of Arthur's checks will fail.
Now, to return to the question that interests us: why does this protocol
escape the relativization barrier? \ The short answer is: because if the
Boolean formula $\varphi$\ involved oracle gates, then we wouldn't have been
able to arithmetize $\varphi$. \ By arithmetizing $\varphi$, we did something
\textquotedblleft deeper\textquotedblright\ with it, more dependent on its
structure, than simply evaluating $\varphi$\ on various Boolean inputs (which
would have continued to work fine had an oracle been involved).
Arithmetization made sense because $\varphi$\ was built out of AND and OR and
NOT gates, which we were able to reinterpret arithmetically. \ But how would
we arithmetically reinterpret an oracle gate?
\subsubsection{Hybrid Circuit Lower Bounds\label{HYBAPP}}
To recap, $\mathsf{PSPACE}\subseteq\mathsf{IP}$\ is a non-relativizing
inclusion of complexity classes. \ But can we leverage that achievement to
prove non-relativizing \textit{separations} between complexity classes, with
an eye toward $\mathsf{P\neq NP}$? \ Certainly, by combining $\mathsf{IP}%
=\mathsf{PSPACE}$\ with the Space Hierarchy Theorem (which implies
$\mathsf{SPACE}\left( n^{k}\right) \neq\mathsf{PSPACE}$ for every fixed
$k$), we get that $\mathsf{IP}\not \subset \mathsf{SPACE}\left( n^{k}\right)
$ for every fixed $k$. \ Likewise, by combining $\mathsf{IP}=\mathsf{PSPACE}$
with Theorem \ref{lexfirst2}\ (that $\mathsf{PSPACE}$\ does not have circuits
of size $n^{k}$\ for fixed $k$), we get that $\mathsf{IP}$\ doesn't have
circuits of size $n^{k}$\ either. \ Furthermore, both of these separations can
be shown to be non-relativizing, using techniques from \cite{bft}. \ But can
we get more interesting separations?
The key to doing so turns out to be a beautiful corollary of the
$\mathsf{IP}=\mathsf{PSPACE}$\ theorem. \ To state the corollary, we need one
more complexity class: $\mathsf{MA}$\ (Merlin-Arthur) is a probabilistic
generalization of $\mathsf{NP}$. \ It's defined as the class of languages
$L\subseteq\left\{ 0,1\right\} ^{\ast}$\ for which there exists a
probabilistic polynomial-time verifier $M$, and a polynomial $p$, such that
for all inputs $x\in\left\{ 0,1\right\} ^{\ast}$:
\begin{itemize}
\item If $x\in L$\ then there exists a witness string $w\in\left\{
0,1\right\} ^{p\left( \left\vert x\right\vert \right) }$\ such that
$M\left( x,w\right) $\ accepts with probability at least $2/3$\ over its
internal randomness.
\item If $x\notin L$, then $M\left( x,w\right) $\ rejects with probability
at least $2/3$\ over its internal randomness, for all $w$.
\end{itemize}
Clearly $\mathsf{MA}$\ contains $\mathsf{NP}$\ and $\mathsf{BPP}$. \ It can
also be shown that $\mathsf{MA}\subseteq\mathsf{\Sigma}_{2}^{\mathsf{P}}%
\cap\mathsf{\Pi}_{2}^{\mathsf{P}}$ and that $\mathsf{MA}\subseteq\mathsf{PP}$,
where $\mathsf{PP}$\ is the counting class from Section \ref{COUNTING}. \ Now,
here's the corollary of Theorem \ref{shamirthm}:
\begin{corollary}
\label{macor}If $\mathsf{PSPACE}\subset\mathsf{P/poly}$, then $\mathsf{PSPACE}%
=\mathsf{MA}$.
\end{corollary}
\begin{proof}
Suppose $\mathsf{PSPACE}\subset\mathsf{P/poly}$, let $L\in\mathsf{PSPACE}$,
and let $x$\ be an input in $L$. \ Then as an $\mathsf{MA}$\ witness proving
that $x\in L$, Merlin simply sends Arthur a description of a polynomial-size
circuit $C$\ that simulates the $\mathsf{PSPACE}$\ prover, in an interactive
protocol that convinces Arthur that $x\in L$. \ (Here we use one additional
fact about Theorem \ref{shamirthm}, beyond the mere fact that\ $\mathsf{IP}%
=\mathsf{PSPACE}$: that, in the protocol, Merlin can run a $\mathsf{PSPACE}%
$\ algorithm to decide which message to send next.) \ Then Arthur simulates
the protocol, using $C$ to compute Merlin's responses to his random
challenges, and accepts if and only if the protocol does. \ Hence
$L\in\mathsf{MA}$.
\end{proof}
Likewise:
\begin{corollary}
\label{macor2}If $\mathsf{P}^{\mathsf{\#P}}\subset\mathsf{P/poly}$, then
$\mathsf{P}^{\mathsf{\#P}}=\mathsf{MA}$.
\end{corollary}
(Again, here we use the observation that, in the protocol proving that
$\mathsf{P}^{\mathsf{\#P}}\subseteq\mathsf{IP}$, Merlin can run a
$\mathsf{P}^{\mathsf{\#P}}$\ algorithm to decide which message to send next.)
Let's now see how we can use these corollaries of $\mathsf{IP}=\mathsf{PSPACE}%
$\ to prove new circuit lower bounds. \ Let $\mathsf{MA}_{\mathsf{EXP}}$\ be
\textquotedblleft the exponential-time version of $\mathsf{MA}$%
,\textquotedblright\ with a $2^{p\left( n\right) }$-size witness that can be
probabilistically verified in $2^{p\left( n\right) }$\ time: in other words,
the class that is to $\mathsf{MA}$\ as $\mathsf{NEXP}$\ is to $\mathsf{NP}$. \ Then:
\begin{theorem}
[Buhrman-Fortnow-Thierauf \cite{bft}]\label{bfttheorem}$\mathsf{MA}%
_{\mathsf{EXP}}\not \subset \mathsf{P/poly}.$
\end{theorem}
\begin{proof}
Suppose by contradiction that $\mathsf{MA}_{\mathsf{EXP}}\subset
\mathsf{P/poly}$. \ Then certainly $\mathsf{PSPACE}\subset\mathsf{P/poly}$,
which means that $\mathsf{PSPACE}=\mathsf{MA}$\ by Corollary \ref{macor}. \ By
a padding argument (see Proposition \ref{padprop}),\ this means that
$\mathsf{EXPSPACE}=\mathsf{MA}_{\mathsf{EXP}}$. \ But we already saw in
Theorem \ref{lexfirst}\ that $\mathsf{EXPSPACE}\not \subset \mathsf{P/poly}$,
and therefore $\mathsf{MA}_{\mathsf{EXP}}\not \subset \mathsf{P/poly}$\ as well.
\end{proof}
Note in particular that if we could prove $\mathsf{MA}=\mathsf{NP}$, then we'd
also have $\mathsf{MA}_{\mathsf{EXP}}=\mathsf{NEXP}$ by padding, and hence
$\mathsf{NEXP}\not \subset \mathsf{P/poly}$ by Theorem \ref{bfttheorem}.
\ This provides another example of how derandomization can lead to circuit
lower bounds, a theme mentioned in Section \ref{PROG}.
A second example involves the class $\mathsf{PP}$.
\begin{theorem}
[Vinodchandran \cite{vinodchandran}]For every fixed $k$, there is a language
in $\mathsf{PP}$ that does not have circuits of size $n^{k}$.
\end{theorem}
\begin{proof}
Fix $k$, and suppose by contradiction that $\mathsf{PP}$\ has circuits of size
$n^{k}$. \ Then in particular, $\mathsf{PP}\subset\mathsf{P/poly}$, so
$\mathsf{P}^{\mathsf{PP}}=\mathsf{P}^{\mathsf{\#P}}\subset\mathsf{P/poly}$, so
$\mathsf{P}^{\mathsf{\#P}}=\mathsf{PP}=\mathsf{MA}$ by Corollary \ref{macor2}.
\ But we noted in Section \ref{LOGIC}\ that $\mathsf{\Sigma}_{2}^{\mathsf{P}}%
$\ does not have circuits of size $n^{k}$. \ And $\mathsf{\Sigma}%
_{2}^{\mathsf{P}}\subseteq\mathsf{P}^{\mathsf{\#P}}$\ by Toda's Theorem
(Theorem \ref{todathm}), so $\mathsf{P}^{\mathsf{\#P}}$\ doesn't have circuits
of size $n^{k}$ either. \ Therefore neither does $\mathsf{PP}$%
.\footnote{Actually, for this proof\ one does not really need either Toda's
Theorem, \textit{or} the slightly-nontrivial result that $\mathsf{\Sigma}%
_{2}^{\mathsf{P}}$\ does not have circuits of size $n^{k}$. \ Instead, one can
just argue directly that at any rate, $\mathsf{P}^{\mathsf{\#P}}$\ does not
have circuits of size $n^{k}$, using a slightly more careful version of the
argument of Theorem \ref{lexfirst}. \ For details see Aaronson
\cite{aar:subtle}.}
\end{proof}
As a final example, Santhanam \cite{santhanam}\ showed the following (we omit
the proof).
\begin{theorem}
[Santhanam \cite{santhanam}]For every fixed $k$, there is an $\mathsf{MA}$
\textquotedblleft promise problem\textquotedblright\footnote{In complexity
theory, a \textit{promise problem} is a pair of subsets $\Pi
_{\operatorname*{YES}},\Pi_{\operatorname*{NO}}\subseteq\left\{ 0,1\right\}
^{\ast}$\ with $\Pi_{\operatorname*{YES}}\cap\Pi_{\operatorname*{NO}%
}=\varnothing$. \ An algorithm solves the problem if it accepts all inputs in
$\Pi_{\operatorname*{YES}}$\ and rejects all inputs in $\Pi
_{\operatorname*{NO}}$. \ Its behavior on inputs neither in $\Pi
_{\operatorname*{YES}}$\ nor $\Pi_{\operatorname*{NO}}$\ (i.e., inputs that
\textquotedblleft violate the promise\textquotedblright) can be arbitrary. \ A
typical example of a promise problem is: given a Boolean circuit $C$, decide
whether $C$\ accepts at least $2/3$\ of all inputs $x\in\left\{ 0,1\right\}
^{n}$ or at most $1/3$ of them, promised that one of those is true. \ This
problem is in $\mathsf{BPP}$\ (or technically, $\mathsf{P{}romiseBPP}$). \ The
role of the promise here is to get rid of those inputs for which random
sampling would accept with probability between $1/3$\ and $2/3$, violating the
definition of $\mathsf{BPP}$.} that does not have circuits of size $n^{k}$.
\end{theorem}
The above results clearly evade the natural proofs barrier, because they give
lower bounds against strong circuit classes such as $\mathsf{P/poly}$, or the
set of all size-$n^{k}$ circuits for fixed $k$. \ This is not so surprising
when we observe that the proofs build on the simpler results from Section
\ref{LOGIC}, which already used diagonalization to evade the natural proofs barrier.
What's more interesting is that these results \textit{also} evade the
relativization barrier. \ Of course, one might guess as much, after noticing
that the proofs use the non-relativizing\ $\mathsf{IP}=\mathsf{PSPACE}%
$\ theorem. \ But to show rigorously that the circuit lower bounds
\textit{themselves} fail to relativize, one needs to construct oracles
relative to which the circuit lower bounds are false.\ \ This is done by the
following results, whose somewhat elaborate proofs we omit:
\begin{theorem}
[Buhrman-Fortnow-Thierauf \cite{bft}]\label{bft2}There exists an oracle
$A$\ such that $\mathsf{MA}_{\mathsf{EXP}}^{A}\subset\mathsf{P}^{A}%
\mathsf{/poly}$.
\end{theorem}
\begin{theorem}
[Aaronson \cite{aar:subtle}]\label{pplin}There exists an oracle $A$ relative
to which all languages in $\mathsf{PP}$\ have linear-sized circuits.
\end{theorem}
The proofs of both of these results also easily imply that there exists an
oracle relative to which all $\mathsf{MA}$\ promise problems have linear-sized circuits.
The bottom line is that, by combining non-relativizing results like
$\mathsf{IP}=\mathsf{PSPACE}$\ with non-naturalizing results like
$\mathsf{EXPSPACE}\not \subset \mathsf{P/poly}$, we can prove interesting
circuit lower bounds that neither relativize \textit{nor} naturalize. \ So
then why couldn't we keep going, and use similar techniques to prove
$\mathsf{NEXP}\not \subset \mathsf{P/poly}$, or even $\mathsf{P}%
\neq\mathsf{NP}$? \ Is there a third barrier, to which even the
arithmetization-based lower bounds are subject?
\subsubsection{The Algebrization Barrier\label{ALGBAR}}
In 2008, Avi Wigderson and I \cite{awig}\ showed that, alas, there's a third
barrier. \ In particular, while the arithmetic techniques used to prove
$\mathsf{IP}=\mathsf{PSPACE}$\ do evade relativization, they crash up against
a modified version of relativization that's \textquotedblleft
wise\textquotedblright\ to those techniques. \ We called this modified barrier
the \textit{algebraic relativization} or \textit{algebrization }barrier. \ We
then showed that, in order to prove $\mathsf{P}\neq\mathsf{NP}$---or for that
matter, even to prove $\mathsf{NEXP}\not \subset \mathsf{P/poly}$, or
otherwise go even slightly beyond the results of Section \ref{HYBAPP}---we'd
need techniques that evade the algebrization barrier (and \textit{also}, of
course, evade natural proofs).
In more detail, we can think of an oracle as just an infinite collection of
Boolean functions, $f_{n}:\left\{ 0,1\right\} ^{n}\rightarrow\left\{
0,1\right\} $ for each $n$. \ Now, by an \textit{algebraic oracle}, we mean
an oracle that provides access not only to $f_{n}$\ for each $n$, but also to
a low-degree extension $\widetilde{f_{n}}:\mathbb{F}^{n}\rightarrow\mathbb{F}%
$\ of $f_{n}$\ over some large finite field $\mathbb{F}$. \ This extension
must have the property that $\widetilde{f_{n}}\left( x\right) =f_{n}\left(
x\right) $\ for all $x\in\left\{ 0,1\right\} ^{n}$, and it must be a
polynomial of low degree---say, at most $2n$. \ But such extensions always
exist,\footnote{Indeed, every $f_{n}$\ has an extension to a degree-$n$
polynomial, namely a \textit{multilinear} one (in which no variable is raised
to a higher power than $1$): for example, $\operatorname*{OR}\left(
x,y\right) =x+y-xy$.} and querying them \textit{outside} the Boolean cube
$\left\{ 0,1\right\} ^{n}$\ might help even for learning about the Boolean
part $f_{n}$.
The point of algebraic oracles is that they capture what we could do if we had
a formula or circuit for $f_{n}$, and were willing to evaluate it not only on
Boolean inputs, but on non-Boolean ones as well, in the manner of
$\mathsf{IP}=\mathsf{PSPACE}$. \ In particular, we saw in Section
\ref{IPPSPACE}\ that, given (say) a \textsc{3Sat}\ formula $\varphi$, we can
\textquotedblleft lift\textquotedblright\ $\varphi$\ to a low-degree
polynomial $\widetilde{\varphi}$\ over a finite field $\mathbb{F}$\ by
reinterpreting the AND, OR, and NOT gates in terms of field addition and
multiplication. \ So if we're trying to capture the power of arithmetization
relative to an oracle function $f_{n}$, then it stands to reason that we
should also be allowed to lift $f_{n}$.
Once we do so, we find that the non-relativizing results based on
arithmetization, such as $\mathsf{IP}=\mathsf{PSPACE}$, \textit{relativize
with respect to algebraic oracles} (or \textquotedblleft
algebrize\textquotedblright). \ That is:
\begin{theorem}
\label{italgebrizes}$\mathsf{IP}^{\widetilde{A}}=\mathsf{PSPACE}%
^{\widetilde{A}}$ for all algebraic oracles $\widetilde{A}$. \ Likewise,
$\mathsf{PSPACE}^{\widetilde{A}}\subset\mathsf{P}^{\widetilde{A}%
}\mathsf{/poly}$\ implies $\mathsf{PSPACE}^{\widetilde{A}}=\mathsf{MA}%
^{\widetilde{A}}$\ for all algebraic oracles $\widetilde{A}$, and so on for
all the interactive proof results.
\end{theorem}
The intuitive reason is that, any time (say) Arthur needs to arithmetize a
formula $\varphi$\ containing $A$-oracle gates in an interactive protocol, he
can handle non-Boolean inputs to the $A$-oracle gates by calling
$\widetilde{A}$.
As a consequence of Theorem \ref{italgebrizes}, the circuit lower bounds of
Section \ref{HYBAPP} are algebrizing as well: for example, for all algebraic
oracles $\widetilde{A}$, we have $\mathsf{MA}_{\mathsf{EXP}}^{\widetilde{A}%
}\not \subset \mathsf{P}^{\widetilde{A}}\mathsf{/poly}$, and $\mathsf{PP}%
^{\widetilde{A}}$\ does not have size-$n^{k}$ circuits with $\widetilde{A}%
$-oracle gates.
Admittedly, the original paper of Aaronson and Wigderson \cite{awig}\ only
managed to prove a weaker version of Theorem \ref{italgebrizes}. \ It showed,
for example, that for all algebraic oracles $\widetilde{A}$, we have
$\mathsf{PSPACE}^{A}\subseteq\mathsf{IP}^{\widetilde{A}}$, and $\mathsf{MA}%
_{\mathsf{EXP}}^{\widetilde{A}}\not \subset \mathsf{P}^{A}\mathsf{/poly}$.
\ As a result, it had to define algebrization in a convoluted way, where some
complexity classes received the algebraic oracle $\widetilde{A}$\ while others
received only the \textquotedblleft original\textquotedblright\ oracle $A$,
and which class received which depended on what kind of result one was talking
about (e.g., an inclusion or a separation). \ Shortly afterward, Impagliazzo,
Kabanets, and Kolokolova \cite{ikk} fixed this defect of algebrization,
proving Theorem \ref{italgebrizes}\ even when all classes receive the same
algebraic oracle $\widetilde{A}$, but only at the cost of jettisoning Aaronson
and Wigderson's conclusion that any proof of $\mathsf{NEXP\not \subset
P/poly}$\ will require non-algebrizing techniques. \ Very recently, Ayd\i nl\i
o\u{g}lu and Bach \cite{aydin} showed how to get the best of both worlds, with
a uniform definition of algebrization \textit{and} the conclusion about
$\mathsf{NEXP}$ vs. $\mathsf{P/poly}$.
In any case, the main point of \cite{awig}\ was that to prove $\mathsf{P}%
\neq\mathsf{NP}$, or otherwise go further than the circuit lower bounds of
Section \ref{HYBAPP}, we'll need non-algebrizing techniques: techniques that
fail to relativize in a \textquotedblleft deeper\textquotedblright\ way than
$\mathsf{IP}=\mathsf{PSPACE}$\ fails to relativize. \ Let's see why this is
true for $\mathsf{P}\neq\mathsf{NP}$.
\begin{theorem}
[Aaronson-Wigderson \cite{awig}]There exists an algebraic oracle
$\widetilde{A}$\ such that $\mathsf{P}^{\widetilde{A}}=\mathsf{NP}%
^{\widetilde{A}}$. \ As a consequence, any proof of $\mathsf{P}\neq
\mathsf{NP}$\ will require non-algebrizing techniques.
\end{theorem}
\begin{proof}
We can just let $A$\ be any $\mathsf{PSPACE}$-complete language, and then let
$\widetilde{A}$\ be its unique extension to a collection of multilinear
polynomials over $\mathbb{F}$\ (that is, polynomials in which no variable is
ever raised to a higher power than $1$). \ The key observation is that the
multilinear extensions are themselves computable in $\mathsf{PSPACE}$. \ So we
get a $\mathsf{PSPACE}$-complete\ oracle $\widetilde{A}$, which collapses
$\mathsf{P}$\ and\ $\mathsf{NP}$\ for the same reason as in the original
argument of Baker, Gill, and Solovay \cite{bgs} (see Theorem \ref{bgsthm}).
\end{proof}
Likewise, Aaronson and Wigderson \cite{awig} showed that any proof of
$\mathsf{P}=\mathsf{NP}$, or even $\mathsf{P}=\mathsf{BPP}$, would need
non-algebrizing techniques. \ They also proved the following somewhat harder
result, whose proof we omit.
\begin{theorem}
[\cite{awig}]There exists an algebraic oracle $\widetilde{A}$\ such that
$\mathsf{NEXP}^{\widetilde{A}}\subset\mathsf{P}^{\widetilde{A}}\mathsf{/poly}%
$. \ As a consequence, any proof of $\mathsf{NEXP\not \subset P/poly}$\ will
require non-algebrizing techniques.
\end{theorem}
Note that this explains almost exactly why progress stopped where it did:
$\mathsf{MA}_{\mathsf{EXP}}\not \subset \mathsf{P/poly}$\ can be proved with
algebrizing techniques, but $\mathsf{NEXP\not \subset P/poly}$\ can't be.
I should mention that Impagliazzo, Kabanets, and Kolokolova \cite{ikk}\ gave a
logical interpretation of algebrization, extending the logical interpretation
of relativization given by Arora, Impagliazzo, and Vazirani \cite{aiv}.
\ Impagliazzo et al.\ show that the algebrizing statements\ can be seen as all
those statements that follow from \textquotedblleft algebrizing axioms for
computation,\textquotedblright\ which include basic closure properties,
\textit{and also} the ability to lift any Boolean computation to a larger
finite field. \ Statements like $\mathsf{P}\neq\mathsf{NP}$\ are then provably
independent of the algebrizing axioms.
\subsection{Ironic Complexity Theory\label{IRONIC}}
There's one technique that's had some striking recent successes in proving
circuit lower bounds, and that bypasses the natural proofs, relativization,
\textit{and} algebrization barriers. \ This technique might be called
\textquotedblleft ironic complexity theory.\textquotedblright\ \ It uses the
existence of surprising algorithms in one setting to show the \textit{non}%
existence of algorithms in another setting. \ It thus reveals a
\textquotedblleft duality\textquotedblright\ between upper and lower bounds,
and reduces the problem of proving impossibility theorems to the much
better-understood task of designing efficient algorithms.\footnote{Indeed, the
hybrid circuit lower bounds of Section \ref{HYBAPP} could already be
considered examples of ironic complexity theory. \ In this section, we discuss
other examples. \ }
At a conceptual level, it's not hard to see how algorithms can lead to lower
bounds. \ For example, suppose someone discovered a way to verify arbitrary
exponential-time computations efficiently, thereby proving $\mathsf{NP}%
=\mathsf{EXP}$. \ Then as an immediate consequence of the Time Hierarchy
Theorem ($\mathsf{P}\neq\mathsf{EXP}$), we'd get $\mathsf{P}\neq\mathsf{NP}$.
\ Or suppose someone discovered that every language in $\mathsf{P}$\ had
linear-size circuits. \ Then $\mathsf{P}=\mathsf{NP}$\ would imply that every
language in $\mathsf{PH}$\ had linear-size circuits---but since we know that's
not the case (see Section \ref{LOGIC}), we could again conclude that
$\mathsf{P}\neq\mathsf{NP}$. \ Conversely, if someone proved $\mathsf{P}%
=\mathsf{NP}$, that wouldn't be a total disaster for lower bounds research: at
least it would immediately imply $\mathsf{EXP}\not \subset \mathsf{P/poly}%
$\ (via $\mathsf{EXP}=\mathsf{EXP}^{\mathsf{NP}^{\mathsf{NP}}}$), and the
existence of languages in $\mathsf{P}$\ and $\mathsf{NP}$\ that don't have
linear-size circuits!
Examples like this can be multiplied, but there's an obvious problem with
them: they each show a separation, but only assuming a collapse that's
considered extremely unlikely to happen. \ However, recently researchers have
managed to use surprising algorithms that \textit{do} exist, and collapses
that \textit{do} happen, to achieve new lower bounds. \ In this section I'll
give two examples.
\subsubsection{Time-Space Tradeoffs\label{TST}}
At the moment, no one can prove that solving \textsc{3Sat}\ requires more than
linear time (let alone exponential time!), on realistic models of computation
like random-access machines.\footnote{On unrealistic models such as one-tape
Turing machines, one can prove up to $\Omega\left( n^{2}\right) $\ lower
bounds for \textsc{3Sat}\ and many other problems (even recognizing
palindromes), but only by exploiting the fact that the tape head needs to
waste a lot of time moving back and forth across the input.} \ Nor can anyone
prove that solving \textsc{3Sat}\ requires more than $O\left( \log n\right)
$\ bits of memory. \ But the situation isn't completely hopeless: at least we
can prove there's no algorithm for \textsc{3Sat}\ that uses both linear time
\textit{and} logarithmic memory! \ Indeed, we can do better than that.
A \textquotedblleft time-space tradeoff\ theorem\textquotedblright\ shows that
any algorithm to solve some problem must use \textit{either}\ more than
$T$\ time or else more than $S$ space. \ The first such theorem for
\textsc{3Sat}\ was proved by Fortnow \cite{fortnow:tst}, who showed that no
random-access machine can solve \textsc{3Sat}\ simultaneously in
$n^{1+o\left( 1\right) }$\ time and $n^{1-\varepsilon}$\ space, for any
$\varepsilon>0$. \ Later, Lipton and Viglas \cite{liptonviglas} gave a
different tradeoff involving a striking exponent; I'll use their result as my
running example in this section.
\begin{theorem}
[Lipton-Viglas \cite{liptonviglas}]\label{lvthm}No random-access machine can
solve \textsc{3Sat}\ simultaneously in $n^{\sqrt{2}-\varepsilon}$\ time and
$n^{o\left( 1\right) }$\ space, for any $\varepsilon>0$.
\end{theorem}
Here, a \textquotedblleft random-access machine\textquotedblright\ means a
machine that can access an arbitrary memory location in $O\left( 1\right)
$\ time, as usual in practical programming. \ This makes Theorem \ref{lvthm}
\textit{stronger} than one might have assumed: it holds not merely for
unrealistically weak\ models such as Turing machines, but for
\textquotedblleft realistic\textquotedblright\ models as well.\footnote{Some
might argue that Turing machines are \textit{more} realistic than RAM
machines, since Turing machines take into account that signals can propagate
only at a finite speed, whereas RAM machines don't! \ However, RAM machines
are closer to what's assumed in practical algorithm development, whenever
memory latency is small enough to be treated as a constant.} \ Also,
\textquotedblleft$n^{o\left( 1\right) }$\ space\textquotedblright\ means
that we get the $n$-bit \textsc{3Sat}\ instance itself in a read-only memory,
and we \textit{also} get $n^{o\left( 1\right) }$\ bits of read/write memory
to use as we wish.
While Theorem \ref{lvthm} is obviously a far cry from $\mathsf{P}%
\neq\mathsf{NP}$, it does rely essentially on \textsc{3Sat} being
$\mathsf{NP}$-complete: we don't yet know how to prove analogous results for
matching, linear programming, or other natural problems in $\mathsf{P}%
$.\footnote{On the other hand, by proving size-depth tradeoffs for so-called
\textit{branching programs}, researchers have been able to obtain time-space
tradeoffs for certain special problems in $\mathsf{P}$. \ Unlike the
\textsc{3Sat}\ tradeoffs, the branching program tradeoffs involve only
\textit{slightly} superlinear time bounds; on the other hand, they really do
represent a fundamentally different way to prove time-space tradeoffs, one
that makes no appeal to $\mathsf{NP}$-completeness, diagonalization, or
hierarchy theorems. \ As one example, in 2000 Beame et al.\ \cite{bssv},
building on earlier work by Ajtai \cite{ajtai:bp}, used branching programs to
prove the following: there exists a problem in $\mathsf{P}$, based on binary
quadratic forms, for which any RAM algorithm (even a nonuniform one) that uses
$n^{1-\Omega\left( 1\right) }$\ space must also use $\Omega\left(
n\cdot\sqrt{\log n/\log\log n}\right) $\ time.} \ This makes Theorem
\ref{lvthm} fundamentally different from (say) the \textsc{Parity}%
$~\notin\mathsf{AC}^{0}$\ result of Section \ref{SMALLDEPTH}.
Let $\mathsf{DTISP}\left( T,S\right) $ be the class of languages decidable
by an algorithm, running on a RAM machine, that uses $O\left( T\right)
$\ time and $O\left( S\right) $\ space. \ Then Theorem \ref{lvthm}\ can be
stated more succinctly as%
\[
\text{\textsc{3Sat}}\notin\mathsf{DTISP}\left( n^{\sqrt{2}-\varepsilon
},n^{o\left( 1\right) }\right)
\]
for all $\varepsilon>0$.
At a high level, Theorem \ref{lvthm}\ is proved by assuming the opposite, and
then deriving stranger and stranger consequences until we ultimately get a
contradiction with the Nondeterministic Time Hierarchy Theorem (Theorem
\ref{ndhierarchy}). \ There are three main ideas that go into this. \ The
first idea is a tight version of the Cook-Levin Theorem (Theorem
\ref{cooklevin}). \ In particular, one can show, not merely that
\textsc{3Sat}\ is $\mathsf{NP}$-complete, but that \textsc{3Sat}\ is complete
for $\mathsf{NTIME}\left( n\right) $\ (that is, nondeterministic linear-time
on a RAM machine) under nearly linear-time reductions---and moreover, that
each individual bit of the \textsc{3Sat}\ instance is computable quickly, say
in $\log^{O\left( 1\right) }n$\ time. \ This means that, to prove Theorem
\ref{lvthm}, it suffices to prove a non-containment of complexity classes:%
\[
\mathsf{NTIME}\left( n\right) \not \subset \mathsf{DTISP}\left( n^{\sqrt
{2}-\varepsilon},n^{o\left( 1\right) }\right)
\]
for all $\varepsilon>0$.
The second idea is called \textquotedblleft trading time for
alternations.\textquotedblright\ \ Consider a deterministic computation that
runs for $T$\ steps and uses $S$ bits of memory. \ Then we can
\textquotedblleft chop the computation up\textquotedblright\ into $k$ blocks,
$B_{1},\ldots,B_{k}$, of $T/k$\ steps each. \ The statement that the
computation accepts is then equivalent to the statement that \textit{there
exist} $S$-bit strings $x_{0},\ldots,x_{k}$, such that
\begin{enumerate}
\item[(i)] $x_{0}$ is the computation's initial state,
\item[(ii)] \textit{for all} $i\in\left\{ 1,\ldots,k\right\} $, the result
of starting in state $x_{i-1}$ and then running for $T/k$\ steps is $x_{i}$, and
\item[(iii)] $x_{k}$ is an accepting state.
\end{enumerate}
We can summarize this as%
\[
\mathsf{DTISP}\left( T,S\right) \subseteq\mathsf{\Sigma}_{2}\mathsf{TIME}%
\left( Sk+\frac{T}{k}\right) ,
\]
where the\ $\mathsf{\Sigma}_{2}$\ means that we have two alternating
quantifiers: an existential quantifier over $x_{1},\ldots,x_{k}$, followed by
a universal quantifier over $i$. \ Choosing $k:=\sqrt{T/S}$\ to optimize the
bound then gives us%
\[
\mathsf{DTISP}\left( T,S\right) \subseteq\mathsf{\Sigma}_{2}\mathsf{TIME}%
\left( \sqrt{TS}\right) .
\]
So in particular,%
\[
\mathsf{DTISP}\left( n^{c},n^{o\left( 1\right) }\right) \subseteq
\mathsf{\Sigma}_{2}\mathsf{TIME}\left( n^{c/2+o\left( 1\right) }\right) .
\]
The third idea is called \textquotedblleft trading alternations for
time.\textquotedblright\ \ If we assume by way of contradiction that%
\[
\mathsf{NTIME}\left( n\right) \subseteq\mathsf{DTISP}\left( n^{c}%
,n^{o\left( 1\right) }\right) \subseteq\mathsf{TIME}\left( n^{c}\right)
,
\]
then in particular, for all $b\geq1$, we can add an existential quantifier to
get%
\[
\mathsf{\Sigma}_{2}\mathsf{TIME}\left( n^{b}\right) \subseteq\mathsf{NTIME}%
\left( n^{bc}\right) .
\]
So putting everything together, if we consider a constant $c>1$, and use
padding (as in Proposition \ref{padprop}) to talk about $\mathsf{NTIME}\left(
n^{2}\right) $\ rather than $\mathsf{NTIME}\left( n\right) $, then the
starting assumption that \textsc{3Sat} is solvable in $n^{c-\varepsilon}%
$\ time and $n^{o\left( 1\right) }$\ space implies that%
\begin{align*}
\mathsf{NTIME}\left( n^{2}\right) & \subseteq\mathsf{DTISP}\left(
n^{2c},n^{o\left( 1\right) }\right) \\
& \subseteq\mathsf{\Sigma}_{2}\mathsf{TIME}\left( n^{c+o\left( 1\right)
}\right) \\
& \subseteq\mathsf{NTIME}\left( n^{c^{2}+o\left( 1\right) }\right) .
\end{align*}
But if $c^{2}<2$, then this contradicts the Nondeterministic Time Hierarchy
Theorem (Theorem \ref{ndhierarchy}). \ This completes the proof of Theorem
\ref{lvthm}. \ Notice that the starting hypothesis about \textsc{3Sat}\ was
applied not once but twice, which was how the final running time became
$n^{c^{2}}$.
A proof of this general form, making a sequence of trades between running time
and nondeterminism, is called an \textit{alternating-trading proof}.\ \ Later,
using a more involved alternating-trading proof, Fortnow and van Melkebeek
\cite{fortmelk} improved Theorem \ref{lvthm}, to show that \textsc{3Sat}%
\ can't be solved by a RAM machine using $n^{\phi-\varepsilon}$ time and
$n^{o\left( 1\right) }$\ space, where $\phi=\frac{1+\sqrt{5}}{2}%
\approx1.618$\ is the golden ratio. \ Subsequently Williams
\cite{williams:tst1} improved the time bound still further to $n^{\sqrt
{3}-\varepsilon}$, and then \cite{williams:tst2}\ to $n^{2\cos\pi
/7-\varepsilon}$. \ In 2012, however, Buss and Williams \cite{busswilliams}%
\ showed that no alternation-trading proof can possibly improve that exponent
beyond the peculiar constant $2\cos\pi/7\approx1.801$. \ There have been many
related time-space tradeoff results, including for $\mathsf{\#P}$-complete and
$\mathsf{PSPACE}$-complete problems, but I won't cover them here (see van
Melkebeek \cite{melkebeek}\ for a survey).
Alternation-trading has had applications in complexity theory other than to
time-space tradeoffs. \ In particular, it played a key role in a celebrated
1983\ result of Paul, Pippenger, Szemeredi, and Trotter \cite{ppst}, whose
statement is tantalizingly similar to $\mathsf{P}\neq\mathsf{NP}$.
\begin{theorem}
[Paul et al.\ \cite{ppst}]$\mathsf{TIME}\left( n\right) \neq\mathsf{NTIME}%
\left( n\right) $, if we define these classes using multiple-tape Turing
machines.\label{ppstthm}
\end{theorem}
In this case, the key step was to show, via a clever combinatorial argument
involving\ \textquotedblleft pebble games,\textquotedblright\ that for
multi-tape Turing machines, deterministic linear time can be simulated in
$\mathsf{\Sigma}_{4}\mathsf{TIME}\left( f\left( n\right) \right) $, for
some $f$ that's \textit{slightly} sublinear. \ This, combined with the
assumption $\mathsf{TIME}\left( n\right) =\mathsf{NTIME}\left( n\right) $,
is then enough to produce a contradiction with a time hierarchy theorem.
What can we say about barriers? \ All the results mentioned above clearly
evade the natural proofs barrier, because they ultimately rely on
diagonalization, and (more to the point) because classes like $\mathsf{TIME}%
\left( n\right) $\ and $\mathsf{DTISP}\left( n^{\sqrt{2}},n^{o\left(
1\right) }\right) $\ contain plausible pseudorandom function candidates.
\ Whether they evade the relativization barrier (let alone algebrization) is a
trickier question; it depends on subtle details of the oracle access
mechanism. \ There are some definitions of the classes $\mathsf{TIME}\left(
n\right) ^{A}$, $\mathsf{DTISP}\left( T,S\right) ^{A}$, and so on under
which these results relativize, and others under which they don't:\ for
details, see for example Moran \cite{moran}.
On the definitions that cause these results \textit{not} to relativize, the
explanation for how is that the proofs \textquotedblleft look
inside\textquotedblright\ the operations of a RAM machine or a multi-tape
Turing machine \textit{just enough} for something to break down if certain
kinds of oracle calls are present. \ To illustrate, in the proof of Theorem
\ref{lvthm} above, we nondeterministically guessed the complete state of the
machine at various steps in its execution, taking advantage of the fact that
the state was an $n^{o\left( 1\right) }$-bit string. \ This wouldn't have
worked had there been an $n$-bit query written onto an oracle tape (even if
the oracle tape were write-only). \ Likewise, in the proof of Theorem
\ref{ppstthm}, the combinatorial pebble arguments use specific properties of
multi-tape Turing machines that might fail for RAM machines, let alone for
oracle machines.
Because their reasons for failing to relativize have nothing to do with
lifting to large finite fields, I conjecture that, with some oracle access
mechanisms, Theorems \ref{lvthm} and \ref{ppstthm} would also be
non-algebrizing. \ But this remains to be shown.
\subsubsection{$\mathsf{NEXP}\not \subset \mathsf{ACC}$\label{NEXPACC}}
In Section \ref{POLYMETH}, we saw how Smolensky \cite{smolensky}\ and Razborov
\cite{razborov:ac0}\ proved strong lower bounds against the class
$\mathsf{AC}^{0}\left[ p\right] $, or constant-depth, polynomial-size
circuits of AND, OR, NOT, and MOD $p$ gates,\ where $p$\ is prime. \ This left
the frontier of circuit lower bounds as $\mathsf{AC}^{0}\left[ m\right] $,
where $m$ is composite.
Meanwhile, we saw in Section \ref{HYBRID} how Buhrman, Fortnow, and Thierauf
\cite{bft}\ proved that\ $\mathsf{MA}_{\mathsf{EXP}}\not \subset
\mathsf{P/poly}$, but how this can't be extended even to $\mathsf{NEXP}%
\not \subset \mathsf{P/poly}$\ using algebrizing techniques. \ Indeed, it
remains open even to prove $\mathsf{NEXP}\not \subset \mathsf{TC}^{0}$.
This state of affairs---and its continuation for decades---helps to explain
why many theoretical computer scientists were electrified when Ryan Williams
proved the following in 2011.
\begin{theorem}
[Williams \cite{williams:acc}]$\mathsf{NEXP}\not \subset \mathsf{ACC}$ (and
indeed $\mathsf{NTIME}\left( 2^{n}\right) \not \subset \mathsf{ACC}$), where
$\mathsf{ACC}$\ is the union of $\mathsf{AC}^{0}\left[ m\right] $\ over all
constants $m$.\footnote{We can also allow MOD-$m_{1}$ gates, MOD-$m_{2}$
gates, etc. in the same circuit; this is equivalent to $\mathsf{AC}^{0}\left[
\operatorname*{lcm}\left( m_{1},m_{2},\ldots\right) \right] $. \ On the
other hand, if we allow MOD-$m$ gates for \textit{non}-constant $m$ (and in
particular, for $m$ growing polynomially with $n$), then we jump up to
$\mathsf{TC}^{0}$.}\label{ryanthm}
\end{theorem}
If we compare it against the ultimate goal of proving $\mathsf{NP}%
\not \subset \mathsf{P/poly}$, Theorem \ref{ryanthm} looks laughably weak: it
shows only that Nondeterministic Exponential Time, a class vastly larger than
$\mathsf{NP}$, is not in $\mathsf{ACC}$, a circuit class vastly smaller than
$\mathsf{P/poly}$. \ But a better comparison is against where we were before.
\ The proof of Theorem \ref{ryanthm}\ was noteworthy not only because it
defeats all the known barriers (relativization, algebrization, and natural
proofs), but also because it brings together almost \textit{all} known
techniques in Boolean circuit lower bounds, including diagonalization, the
polynomial method, interactive proof results, and ironic complexity theory.
\ So it's worth at least sketching the elaborate proof, so we can see how a
lower bound at the current frontier operates. \ (For further details, I
recommend two excellent expository articles by Williams himself
\cite{williams:sigact,williams:icm}.)
At a stratospherically high level, the proof of Theorem \ref{ryanthm} is built
around the Nondeterministic Time Hierarchy Theorem, following a program that
Williams had previously laid out in \cite{williams:program}. \ More
concretely, we assume that $\mathsf{NTIME}\left( 2^{n}\right) \subset
\mathsf{ACC}$. \ We then use that assumption to show that $\mathsf{NTIME}%
\left( 2^{n}\right) =\mathsf{NTIME}\left( 2^{n}/n^{k}\right) $ for some
positive $k$: a slight speedup of nondeterministic machines, but enough to
achieve a contradiction with Theorem \ref{ndhierarchy}.
How do we use the assumption $\mathsf{NTIME}\left( 2^{n}\right)
\subset\mathsf{ACC}$\ to violate the Nondeterministic Time Hierarchy Theorem?
\ The key to this---and this is where \textquotedblleft ironic complexity
theory\textquotedblright\ enters the story---is a faster-than-brute-force
algorithm for a problem called \textsc{ACCSat}. \ Here we're given as input a
description of $\mathsf{ACC}$\ circuit $C$, and want to decide whether there
exists an input $x\in\left\{ 0,1\right\} ^{n}$\ such that $C\left(
x\right) =1$. \ The core of Williams's proof is the following
straightforwardly algorithmic result.
\begin{lemma}
[Williams \cite{williams:acc}]\label{ryanlem}There's a deterministic algorithm
that solves \textsc{ACCSat}, for $\mathsf{ACC}$\ circuits of depth $d$ with
$n$ inputs, in $2^{n-\Omega\left( n^{\delta}\right) }$\ time, for some
constant $\delta>0$\ that depends on $d$.
\end{lemma}
The proof of Lemma \ref{ryanlem} is itself a combination of several ideas.
\ First, one appeals to a powerful structural result of Yao \cite{yao:acc},
Beigel-Tarui \cite{beigeltarui}, and Allender-Gore \cite{ag:perm} from the
1990s, which shows that functions in $\mathsf{ACC}$\ are representable in
terms of low-degree polynomials.
\begin{lemma}
[\cite{yao:acc,beigeltarui,ag:perm}]\label{acclem}Let $f:\left\{ 0,1\right\}
^{n}\rightarrow\left\{ 0,1\right\} $ be computable by an $\mathsf{AC}%
^{0}\left[ m\right] $\ circuit of size $s$ and depth $d$. \ Then $f\left(
x\right) $\ can be expressed as $g\left( p\left( x\right) \right) $,
where $p:\left\{ 0,1\right\} ^{n}\rightarrow\mathbb{N}$ is a polynomial of
degree $\log^{O\left( 1\right) }s$ that's a sum of $\exp\left(
\log^{O\left( 1\right) }s\right) $ monomials with coefficients of $1$, and
$g:\mathbb{N}\rightarrow\left\{ 0,1\right\} $\ is some efficiently
computable function. \ Moreover, this conversion can be done in $\exp\left(
\log^{O\left( 1\right) }s\right) $\ time. \ (Here the constant in the
big-$O$ depends on both $d$ and $m$.)
\end{lemma}
The proof of Lemma \ref{acclem}\ uses some elementary number theory, and is
closely related to the polynomial method from Section \ref{POLYMETH}, by which
one shows that any\ $\mathsf{AC}^{0}\left[ p\right] $ function can be
approximated by a low-degree polynomial over the finite field $\mathbb{F}_{p}%
$.\footnote{Interestingly, both the polynomial method and the proof of Lemma
\ref{acclem}\ are also closely related to the proof of Toda's Theorem (Theorem
\ref{todathm}), that $\mathsf{PH}\subseteq\mathsf{P}^{\mathsf{\#P}}$.}
In proving Lemma \ref{ryanlem}, next one devises a faster-than-brute-force
algorithm that, given a function $g\left( p\left( x\right) \right) $\ as
above, decides whether there exists an $x\in\left\{ 0,1\right\} ^{n}$ such
that $g\left( p\left( x\right) \right) =1$. \ The first step is to give an
algorithm that constructs a table of all $2^{n}$\ values of $p\left(
x\right) $, for all the $2^{n}$\ possible values of $x$, in $\left(
2^{n}+s^{O\left( 1\right) }\right) n^{O\left( 1\right) }$ time, rather
than the $O\left( 2^{n}s\right) $\ time that one would need na\"{\i}vely.
\ (In other words, this algorithm uses only\ $n^{O\left( 1\right) }$\ time
on average per entry in the table, rather than $O\left( s\right)
$\ time---an improvement if $s$\ is superpolynomial.) \ Here there are several
ways to go: one can use a fast rectangular matrix multiplication algorithm due
to Coppersmith \cite{coppersmith:mm}, but one can also just use a dynamic
programming algorithm reminiscent of the Fast Fourier Transform.
Now, by combining this table-constructing algorithm with Lemma \ref{acclem},
we can immediately solve \textsc{ACCSat}, for an $\mathsf{ACC}$\ circuit of
size $s=2^{n^{\delta}}$, in $2^{n}n^{O\left( 1\right) }$\ time, which is
better than the $O\left( 2^{n}s\right) $\ time that we would need
na\"{\i}vely. \ But this still isn't good enough to prove Lemma \ref{ryanlem},
which demands a $2^{n-\Omega\left( n^{\delta}\right) }$\ algorithm. \ So
there's a further trick: given an $\mathsf{ACC}$\ circuit $C$\ of size
$n^{O\left( 1\right) }$, we first \textquotedblleft shave
off\textquotedblright\ $n^{\delta}$\ of the $n$ variables, building a new
$\mathsf{ACC}$\ circuit $C^{\prime}$\ that takes as input the $n-n^{\delta}%
$\ remaining variables, and that computes the OR of $C$\ over all
$2^{n^{\delta}}$\ possible assignments to the $n^{\delta}$\ shaved
variables.\footnote{Curiously, this step can only be applied to the
$\mathsf{ACC}$\ circuits themselves, which of course allow OR gates. \ It
can't be applied to the Boolean functions of low-degree polynomials that one
derives from the $\mathsf{ACC}$\ circuits.} \ The new circuit $C^{\prime}%
$\ has size $2^{O\left( n^{\delta}\right) }$, so we can construct the table,
and thereby solve \textsc{ACCSat}\ for $C^{\prime}$ (and hence for $C$), in
time $2^{n-\Omega\left( n^{\delta}\right) }$.
Given Lemma \ref{ryanlem}, as well as the starting assumption $\mathsf{NTIME}%
\left( 2^{n}\right) \subset\mathsf{ACC}$, there's still a lot of work to do
to prove that $\mathsf{NTIME}\left( 2^{n}\right) =\mathsf{NTIME}\left(
2^{n}/n^{k}\right) $. \ Let me summarize the four main steps:
\begin{enumerate}
\item[(1)] We first use a careful, quantitative version of the Cook-Levin
Theorem (Theorem \ref{cooklevin}), to reduce the problem of simulating an
$\mathsf{NTIME}\left( 2^{n}\right) $\ machine to a problem called
\textsc{Succinct3Sat}. \ In that problem, we're given a circuit $C$ whose
truth table encodes an exponentially large \textsc{3Sat}\ instance $\varphi$,
and the problem is to decide whether or not $\varphi$\ is satisfiable.
\ Indeed, we prove something stronger: the circuit $C$ can be taken to be an
$\mathsf{AC}^{0}$ circuit.\footnote{In Williams's original paper
\cite{williams:acc}, this step required invoking the $\mathsf{NEXP\subset
ACC}$\ assumption (and only yielded an $\mathsf{ACC}$\ circuit). \ But
subsequent improvements have made this step unconditional: see for example,
Jahanjou, Miles, and Viola \cite{jmv}.}
\item[(2)] We next appeal to a result of Impagliazzo, Kabanets, and Wigderson
\cite{ikw}, which says that if $\mathsf{NEXP\subset P/poly}$, then the
satisfying assignments for satisfiable \textsc{Succinct3Sat}\ instances can
themselves be constructed by polynomial-size circuits.
\item[(3)] We massage the result (2) to get a conclusion about $\mathsf{ACC}$:
roughly speaking, if $\mathsf{NEXP\subset ACC}$, then a satisfying assignment
for an $\mathsf{AC}^{0}$ \textsc{Succinct3Sat} instance $\Phi$ can itself be
constructed by an $\mathsf{ACC}$\ circuit $W$. \ Furthermore, the problem of
verifying that $W$\ does indeed encode a satisfying assignment for $\Phi$ can
be solved in slightly less than $2^{n}$\ time nondeterministically, if we use
the fact (Lemma \ref{ryanlem}) that \textsc{ACCSat} is solvable in
$2^{n-\Omega\left( n^{\delta}\right) }$\ time.
\item[(4)] Putting everything together, we get that $\mathsf{NTIME}\left(
2^{n}\right) $\ machines can be reduced to $\mathsf{AC}^{0}$
\textsc{Succinct3Sat}\ instances, which can then (assuming
$\mathsf{NEXP\subset ACC}$, and using the \textsc{ACCSat}\ algorithm)\ be
decided in $\mathsf{NTIME}\left( 2^{n}/n^{k}\right) $\ for some positive
$k$. \ But that contradicts the Nondeterministic Time Hierarchy Theorem
(Theorem \ref{ndhierarchy}).
\end{enumerate}
Let me mention some improvements and variants of Theorem \ref{ryanthm}.
\ Already in his original paper \cite{williams:acc}, Williams noted that the
proof actually yields a stronger result, that $\mathsf{NTIME}\left(
2^{n}\right) $\ has no $\mathsf{ACC}$\ circuits of \textquotedblleft
third-exponential\textquotedblright\ size: that is, size $f\left( n\right)
$\ where $f\left( f\left( f\left( n\right) \right) \right) $\ grows
exponentially. \ He also gave a second result, that $\mathsf{TIME}\left(
2^{n}\right) ^{\mathsf{NP}}$---that is, deterministic exponential time with
an $\mathsf{NP}$\ oracle---has no $\mathsf{ACC}$\ circuits of size
$2^{n^{o\left( 1\right) }}$. \ More recently, Williams has extended Theorem
\ref{ryanthm} to show that $\mathsf{NTIME}\left( 2^{n}\right) \mathsf{/1}%
\cap\mathsf{coNTIME}\left( 2^{n}\right) \mathsf{/1}$\ (where the
$\mathsf{/1}$\ denotes $1$ bit of nonuniform advice) doesn't have
$\mathsf{ACC}$\ circuits of size $n^{\log n}$ \cite{williams:natural}, and
also\ to show that even $\mathsf{ACC}$\ circuits of size $n^{\log n}$\ with
threshold gates at the bottom layer can't compute all languages in
$\mathsf{NEXP}$ \cite{williams:thr}.
At this point, I should step back and make some general remarks about the
proof of Theorem \ref{ryanthm} and the prospects for pushing it further.
\ First of all, why did this proof only yield lower bounds for functions in
the huge complexity class $\mathsf{NEXP}$, rather than $\mathsf{EXP}$ or
$\mathsf{NP}$\ or even $\mathsf{P}$? \ The short answer is that, in order to
prove that a class $\mathcal{C}$ is not in $\mathsf{ACC}$\ via this approach,
we need to use the assumption $\mathcal{C}\subset\mathsf{ACC}$\ to violate a
hierarchy theorem for $\mathcal{C}$-like classes. \ But there's a
bootstrapping problem: the mere fact that $\mathcal{C}$\ \textit{has} small
$\mathsf{ACC}$\ circuits doesn't imply that we can \textit{find} those
circuits in a $\mathcal{C}$-like class, in order to obtain the desired
contradiction. \ When $\mathcal{C}=\mathsf{NEXP}$, we can use the
nondeterministic guessing power of the $\mathsf{NTIME}$\ classes simply to
\textit{guess} the small $\mathsf{ACC}$\ circuits\ for $\mathsf{NEXP}$, but
even when $\mathcal{C}=\mathsf{EXP}$\ this approach seems to break down.
A second question is: what in Williams's proof was specific to $\mathsf{ACC}$?
\ Here the answer is that the proof used special properties of $\mathsf{ACC}%
$\ in one place only: namely, in the improved algorithm for \textsc{ACCSat}
(Lemma \ref{ryanlem}). \ This immediately suggests a possible program to prove
$\mathsf{NEXP}\not \subset \mathcal{C}$\ for larger and larger circuit classes
$\mathcal{C}$. \ For example, let \textsc{TC}$^{0}$\textsc{Sat}\ be the
problem where we're given as input a $\mathsf{TC}^{0}$\ circuit $C$ (that is,
a neural network, or constant-depth circuit of threshold gates), and we want
to decide whether there exists an $x\in\left\{ 0,1\right\} ^{n}$\ such that
$C\left( x\right) =1$. \ Then if we could\ solve \textsc{TC}$^{0}%
$\textsc{Sat}\ even slightly faster than brute force---say, in $O\left(
2^{n}/n^{k}\right) $ time for some positive $k$---Williams's results would
immediately imply $\mathsf{NEXP}\not \subset \mathsf{TC}^{0}$.\footnote{Very
recently, Kane and Williams \cite{kanewilliams}\ managed to give an explicit
Boolean function that requires depth-$2$ threshold circuits with
$\Omega\left( n^{3/2}/\log^{3}n\right) $\ gates. \ However, their argument
doesn't proceed via a better-than-brute-force algorithm for depth-$2$
\textsc{TC}$^{0}$\textsc{Sat}. \ Even more recently, Chen, Santhanam, and
Srinivasan \cite{css}\ gave the first nontrivial algorithm for \textsc{TC}%
$^{0}$\textsc{Sat} with a slightly-superlinear number of wires. \ This wasn't
enough for a new lower bound, but Chen et al.\ also used related ideas to show
that \textsc{Parity}\ can't be computed even by polynomial-size $\mathsf{AC}%
^{0}$\ circuits with $n^{o\left( 1\right) }$\ threshold gates.} \ Likewise,
recall from Section \ref{NPCOMPLETE}\ that \textsc{CircuitSat}\ is the
satisfiability problem for \textit{arbitrary} Boolean circuits. \ If we had an
$O\left( 2^{n}/n^{k}\right) $\ algorithm for \textsc{CircuitSat}, then
Williams's results would imply the long-sought $\mathsf{NEXP}\not \subset
\mathsf{P/poly}$.
Admittedly, one might be skeptical that faster-than-brute-force algorithms
should even \textit{exist} for problems like \textsc{TC}$^{0}$\textsc{Sat}%
\ and \textsc{CircuitSat}. \ But Williams and others have addressed that
particular worry, by showing that circuit lower bounds for $\mathsf{NEXP}%
$\ would follow even from faster-than-brute-force \textit{derandomization}
algorithms: that is, deterministic algorithms to find satisfying assignments
under the assumption that a constant fraction of all assignments are
satisfying. \ Obviously there's a fast randomized algorithm $R$\ under that
assumption: namely, keep picking random assignments until you find one that
works! \ Thus, to prove a circuit lower bound, \textquotedblleft all we'd need
to do\textquotedblright\ is give a nontrivial deterministic simulation of
$R$---something that would necessarily exist under standard derandomization
hypotheses (see Section \ref{DERAND}). \ More precisely:
\begin{theorem}
[Williams \cite{williams:program}, Santhanam-Williams \cite{santhanamwilliams}%
]\label{whoa}Suppose there's a deterministic algorithm, running in
$2^{n}/f\left( n\right) $\ time for any superpolynomial function $f$, to
decide whether a polynomial-size Boolean circuit $C:\left\{ 0,1\right\}
^{n}\rightarrow\left\{ 0,1\right\} $\ has no satisfying assignments or at
least $2^{n-2}$\ satisfying assignments, promised that one of those is the
case. \ Then $\mathsf{NEXP}\not \subset \mathsf{P/poly}$.\footnote{This
strengthens a previous result of Impagliazzo, Kabanets, and Wigderson
\cite{ikw},\ who showed that, if such a deterministic algorithm exists that
runs in $2^{n^{o\left( 1\right) }}$ time, then $\mathsf{NEXP}\not \subset
\mathsf{P/poly}$.} \ Likewise, if such an algorithm exists for $\mathsf{TC}%
^{0}$\ circuits, then $\mathsf{NEXP}\not \subset \mathsf{TC}^{0}$.
\end{theorem}
Theorem \ref{whoa}\ means that, besides viewing Williams's program as
\textquotedblleft ironic complexity theory,\textquotedblright\ we can also
view it as an instance of \textit{circuit lower bounds through
derandomization},\ an idea discussed in Section \ref{PROG}.
In addition to derandomization, one could use faster algorithms for certain
classic computational problems to prove circuit lower bounds. \ These
algorithms might or might not exist, but it's at least plausible that they do.
\ Thus, recall Theorem \ref{shaved}, which said that if \textsc{CircuitSAT}%
\ for circuits of depth $o\left( n\right) $\ requires $\left( 2-o\left(
1\right) \right) ^{n}$\ time, then \textsc{EditDistance}\ requires nearly
quadratic time. \ In Section \ref{RUNTIME}, we interpreted this to mean that
there's a plausible hardness conjecture---albeit, one much stronger than
$\mathsf{P}\neq\mathsf{NP}$---implying that the classic $O\left(
n^{2}\right) $\ algorithm for\ \textsc{EditDistance}\ is nearly optimal.
\ But there's a different way to interpret the same connection: namely, if
\textsc{EditDistance}\ \textit{were} solvable in less than $\sim n^{2}$ time,
then various satisfiability problems would be solvable in less than $\sim
2^{n}$ time, and we've already seen that the latter would lead to new circuit
lower bounds! \ Putting all this together, Abboud et al.\ \cite{ahww}%
\ recently proved the following striking theorem, which they describe in
slogan form as \textquotedblleft a polylog shaved is a lower bound
made\textquotedblright:
\begin{theorem}
[Abboud et al.\ \cite{ahww}]\label{shaved2}Suppose that \textsc{EditDistance}
is solvable in $O\left( n^{2}/\log^{c}n\right) $\ time, for every constant
$c$. \ Then $\mathsf{NEXP}\not \subset \mathsf{NC}^{1}$.
\end{theorem}
A third question is: how does the proof of Theorem \ref{ryanthm} evade the
known barriers? \ Because of the way the algorithm for \textsc{ACCSat}%
\ exploits the structure of $\mathsf{ACC}$\ circuits, we shouldn't be
surprised if the proof evades the relativization and algebrization barriers.
\ And indeed, using the techniques of Wilson \cite{wilson} and of Aaronson and
Wigderson \cite{awig}, one can easily construct an oracle $A$\ such that
$\mathsf{NEXP}^{A}\subset\mathsf{ACC}^{A}$, and even an algebraic oracle
$\widetilde{A}$\ such that $\mathsf{NEXP}^{\widetilde{A}}\subset
\mathsf{ACC}^{\widetilde{A}}$, thereby showing that $\mathsf{NEXP}%
\not \subset \mathsf{ACC}$\ is non-relativizing and non-algebrizing.
\ Meanwhile, because it uses diagonalization (in the form of the
Nondeterministic Time Hierarchy Theorem), we might say that the proof of
Theorem \ref{ryanthm}\ has the \textquotedblleft capacity\textquotedblright%
\ to evade natural proofs. \ On the other hand, as I alluded to in Section
\ref{NATPROOF}, it's not yet clear whether $\mathsf{ACC}$\ is powerful enough
to compute pseudorandom functions---and thus, whether it even \textit{has} a
natural proofs barrier to evade! \ The most we can say is that \textit{if}
$\mathsf{ACC}$ has a natural proofs barrier, \textit{then} Theorem
\ref{ryanthm}\ evades it.
Given everything we saw in the previous sections, a final question arises: is
there some fourth barrier, beyond relativization, algebrization, and natural
proofs, which will inherently prevent even Williams's techniques from proving
$\mathsf{P}\neq\mathsf{NP}$, or even (say) $\mathsf{NEXP}\not \subset
\mathsf{TC}^{0}$?\ \ One reasonable answer is that this question is premature:
in order to identify the barriers to a given set of techniques, we first need
to know formally what the techniques \textit{are}---i.e., what properties all
the theorems using those techniques have in common---but we can't know that
until the techniques have had a decade or more to solidify, and there are at
least three or four successful examples of their use. \ Of course, one obvious
\textquotedblleft barrier\textquotedblright\ is that, while Theorem \ref{whoa}
shows that we could get much further just from plausible derandomization
assumptions, eventually we might find ourselves asking for
faster-than-brute-force algorithms that simply don't exist---in which case,
ironic complexity theory would've run out of the irony that it needs as fuel.
Stepping back, I see Theorem \ref{ryanthm} as having contributed something
important to the quest to prove $\mathsf{P}\neq\mathsf{NP}$, by demonstrating
just how much nontrivial work can get done, and how many barriers can be
overcome, along the way to applying a 1960s-style hierarchy theorem.
\ Williams's result makes it possible to imagine that, in the far future,
$\mathsf{P}\neq\mathsf{NP}$\ might be proved by assuming the opposite, then
deriving stranger and stranger consequences using thousands of pages of
mathematics barely comprehensible to anyone alive today---and yet still, the
\textit{coup de gr\^{a}ce} will be a diagonalization, barely different from
what Turing did in 1936.
\subsection{Arithmetic Complexity Theory\label{ALGLB}}
Besides Turing machines and Boolean circuits acting on bits, there's another
kind of computation\ that has enormous relevance to the attempt to prove
$\mathsf{P}\neq\mathsf{NP}$. \ Namely, we can consider computer programs that
operate directly on elements of a field, such as the reals or complex numbers.
\ Perhaps the easiest way to do this is via \textit{arithmetic circuits},
which take as input a collection of elements $x_{1},\ldots,x_{n}$ of a field
$\mathbb{F}$,\footnote{I'll restrict to fields here for simplicity, but one
can also consider (e.g.) rings.} and whose operations consist of adding or
multiplying any two previous elements---or any previous element and any scalar
from $\mathbb{F}$---to produce a new $\mathbb{F}$-element. \ We then consider
the minimum number of operations needed to compute some polynomial
$g:\mathbb{F}^{n}\rightarrow\mathbb{F}$, as a function of $n$. \ For
concreteness, we can think of $\mathbb{F}$\ as the reals $\mathbb{R}$,
although we're most interested in algorithms that work over any $\mathbb{F}$.
\ Note that, if we work over a finite field $\mathbb{F}_{m}$, then we need to
specify whether we want to compute $g$ \textit{as a formal polynomial}, or
merely as a function over $\mathbb{F}_{m}$.\footnote{To illustrate, $0$\ and
$x^{2} + x$\ are equal as functions over the finite field $\mathbb{F}_{2}$,
but not equal as formal polynomials.}
At first glance, arithmetic circuits seem more powerful than Boolean circuits,
because they have no limit of finite precision: for example, an arithmetic
circuit could multiply $\pi$\ and $e$\ in a single time step. \ From another
angle, however, arithmetic circuits are weaker, because they have no facility
(for example) to extract individual bits from the binary representations of
the $\mathbb{F}$ elements: they can \textit{only} manipulate them as
$\mathbb{F}$ elements. \ In general, the most we can say is that, \textit{if}
an input has helpfully been encoded using the elements $0,1\in\mathbb{F}%
$\ only, \textit{then} an arithmetic circuit can simulate a Boolean one, by
using $x\rightarrow1-x$\ to simulate $\operatorname*{NOT}$, multiplication to
simulate Boolean $\operatorname*{AND}$, and so on. \ But for arbitrary inputs,
such a simulation might be impossible.
Thus, arithmetic circuits represent a different kind of computation: or
rather, a generalization of the usual kind, since we can recover ordinary
Boolean computation by setting $\mathbb{F}=\mathbb{F}_{2}$. \ A major reason
to focus on arithmetic circuits is that it often seems easier---or better,
less absurdly hard!---to understand circuit size in the arithmetic setting
than in the Boolean one. \ The usual explanation given for this is the
so-called \textquotedblleft yellow books argument\textquotedblright:
arithmetic complexity brings us closer to continuous mathematics, about which
we have centuries' worth of deep knowledge (e.g., algebraic geometry and
representation theory) that's harder to apply in the Boolean case.
One remark: in the rest of the section, I'll talk exclusively about arithmetic
\textit{circuit} complexity: that is, about nonuniform arithmetic
computations, and the arithmetic analogues of questions such as $\mathsf{NP}%
$\ versus $\mathsf{P/poly}$ (see Section \ref{NONUNIF}). \ But it's also
possible to develop a theory of \textit{arithmetic Turing machines}, which
(roughly speaking) are like arithmetic circuits except that they're uniform,
and therefore need loops, conditionals, memory registers, and so on. \ See the
book of Blum, Cucker, Shub, and Smale (BCSS) \cite{bcss} for a beautiful
exposition of this theory. \ In the BCSS framework, one can ask analogues of
the $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ question for Turing machines over
arbitrary fields $\mathbb{F}$, such as $\mathbb{R}$\ or $\mathbb{C}$,
recovering the \textquotedblleft ordinary, Boolean\textquotedblright%
\ $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ question precisely when\ $\mathbb{F}$
is finite. \ At present, no implications are known among the $\mathsf{P}%
\overset{?}{=}\mathsf{NP}$, the $\mathsf{P}_{\mathbb{R}}\overset{?}{=}%
\mathsf{NP}_{\mathbb{R}}$, and the $\mathsf{P}_{\mathbb{C}}\overset{?}{=}%
\mathsf{NP}_{\mathbb{C}}$ questions, although it's known that $\mathsf{P}%
_{\mathbb{C}}=\mathsf{NP}_{\mathbb{C}}$\ implies $\mathsf{NP}\subset
\mathsf{P/poly}$\ (see for example B\"{u}rgisser \cite[Chapter 8]%
{burgisser:book}).\footnote{The central difference between the $\mathsf{P}%
_{\mathbb{R}}\overset{?}{=}\mathsf{NP}_{\mathbb{R}}$ and $\mathsf{P}%
_{\mathbb{C}}\overset{?}{=}\mathsf{NP}_{\mathbb{C}}$\ questions is simply
that, because $\mathbb{R}$\ is an ordered field, one defines Turing machines
over $\mathbb{R}$\ to allow comparisons ($<,\leq$) and branching on their
results.}
The problems of proving $\mathsf{P}_{\mathbb{R}}\neq\mathsf{NP}_{\mathbb{R}}%
$\ and $\mathsf{P}_{\mathbb{C}}\neq\mathsf{NP}_{\mathbb{C}}$\ are known to be
closely related to the problem of proving arithmetic circuit lower bounds,
which we'll discuss in the following sections. \ I can't resist giving one
example of a connection, due to BCSS \cite{bcss}. \ Given a positive integer
$n$, let $\tau\left( n\right) $\ be the number of operations in the smallest
arithmetic circuit that takes the constant $1$ as its sole input, and that
computes $n$ using additions, subtractions, and multiplications. \ For
example, we have
\begin{itemize}
\item $\tau\left( 2\right) =1$ via $1+1$,
\item $\tau\left( 3\right) =2$ via $1+1+1$,
\item $\tau\left( 4\right) =2$ via $\left( 1+1\right) ^{2}$, ...
\end{itemize}
Also, let $\tau^{\ast}\left( n\right) $\ be the minimum of $\tau\left(
kn\right) $\ over all positive integers $k$.
\begin{theorem}
[BCSS \cite{bcss}]\label{bcssthm}Suppose $\tau^{\ast}\left( n!\right)
$\ grows faster than $\left( \log n\right) ^{O\left( 1\right) }$. \ Then
$\mathsf{P}_{\mathbb{C}}\neq\mathsf{NP}_{\mathbb{C}}$.\footnote{In later work,
B\"{u}rgisser \cite{burgisser} showed that the same conjecture about
$\tau^{\ast}\left( n!\right) $\ (called the $\tau$\textit{-conjecture})
would also imply Valiant's Conjecture \ref{valiantconj}, that the permanent
has no polynomial-size arithmetic circuits.}
\end{theorem}
\subsubsection{Permanent Versus Determinant\label{PERDET}}
Just as $\mathsf{P}\overset{?}{=}\mathsf{NP}$\ is the \textquotedblleft
flagship problem\textquotedblright\ of Boolean complexity theory, so the
central, flagship problem of arithmetic complexity is that of
\textit{permanent versus determinant}. \ This problem concerns the following
two functions of an $n\times n$\ matrix $X\in\mathbb{F}^{n\times n}$:%
\begin{align*}
\operatorname*{Per}\left( X\right) & =\sum_{\sigma\in S_{n}}\prod
_{i=1}^{n}x_{i,\sigma\left( i\right) },\\
\operatorname*{Det}\left( X\right) & =\sum_{\sigma\in S_{n}}\left(
-1\right) ^{\operatorname*{sgn}\left( \sigma\right) }\prod_{i=1}%
^{n}x_{i,\sigma\left( i\right) }.
\end{align*}
Despite the similarity of their definitions---they're identical apart from the
$\left( -1\right) ^{\operatorname*{sgn}\left( \sigma\right) }$---the
permanent and determinant have dramatic differences. \ The determinant is
computable in polynomial time, for example by using Gaussian elimination.
\ (Indeed, the determinant is computable in $O\left( n^{\omega}\right)
$\ time, where $\omega\in\left[ 2,2.373\right] $\ is the matrix
multiplication exponent; see Section \ref{DIF}.) \ The determinant has many
other interpretations---for example, the product of $X$'s eigenvalues, and the
volume of the parallelepiped spanned by its row vectors---giving it a central
role in linear algebra and geometry.
By contrast, Valiant \cite{valiant}\ proved in 1979 that the permanent is
$\mathsf{\#P}$-complete. \ Thus, a polynomial-time algorithm for the
permanent\ would imply even more than $\mathsf{P}=\mathsf{NP}$: it would yield
an efficient algorithm not merely to solve $\mathsf{NP}$-complete problems,
but to count how many solutions they have. \ In some sense, the $\mathsf{\#P}%
$-completeness of the permanent helps to \textit{explain} why
$\operatorname*{Per}$, unlike $\operatorname*{Det}$, has no simple geometric
or linear-algebraic interpretations: if such interpretations existed, then
they might imply $\mathsf{P}=\mathsf{P}^{\mathsf{\#P}}$.
In the arithmetic model, Kaltofen and Villard \cite{kaltofenvillard}
constructed circuits of size $O\left( n^{2.698}\right) $ that compute
$\operatorname*{Det}\left( X\right) $\ as a formal polynomial in the entries
of $X$, and that work over an arbitrary field $\mathbb{F}$.\footnote{One might
think that size-$O\left( n^{3}\right) $\ circuits for the determinant would
be trivial, because of Gaussian elimination, and that one could even get
$O\left( n^{\omega}\right) $, where $\omega\leq2.373$\ is the matrix
multiplication exponent. \ However, the difficulty is that Gaussian
elimination involves division, whereas the model as we've defined it allows
only addition and multiplication. \ A seminal result of Strassen
\cite{strassen:tensor} says that division gates can always eliminated in an
arithmetic circuit to compute a polynomial, leaving addition and
multiplication gates only---but doing so could produce a polynomial blowup in
the circuit size. \ In the case of Gaussian elimination, a na\"{\i}ve
application of Strassen's method yields a circuit of size $O\left(
n^{5}\right) $.} \ By contrast, Valiant conjectured the following.
\begin{conjecture}
[Valiant's Conjecture]\label{valiantconj}Any arithmetic circuit for
$\operatorname*{Per}\left( X\right) $\ requires size superpolynomial in $n$,
over any field of characteristic other than $2$.\footnote{Fields of
characteristic $2$, such as $\mathbb{F}_{2}$, are a special case: there, the
permanent and determinant are \textit{equivalent}, so in particular
$\operatorname*{Per}\left( X\right) $\ has polynomial-size arithmetic
circuits.}$^{,}$\footnote{In the literature, Conjecture \ref{valiantconj}\ is
often called the $\mathsf{VP}\neq\mathsf{VNP}$\ conjecture, with $\mathsf{VP}%
$\ and $\mathsf{VNP}$\ being arithmetic analogues of $\mathsf{P}$\ and
$\mathsf{NP}$\ respectively. \ I won't use that terminology in this survey,
for several reasons: (1) $\mathsf{VP}$\ is arguably more analogous to
$\mathsf{NC}$\ than to $\mathsf{P}$, (2) $\mathsf{VNP}$\ is arguably more
analogous to $\mathsf{\#P}$\ than to $\mathsf{NP}$, and (3) Conjecture
\ref{valiantconj}\ is almost always studied as a nonuniform conjecture, more
analogous to $\mathsf{NP}\not \subset \mathsf{P/poly}$\ than to $\mathsf{P}%
\neq\mathsf{NP}$.}
\end{conjecture}
B\"{u}rgisser \cite{burgisser:cook} showed that, if Conjecture
\ref{valiantconj}\ fails over any field of positive characteristic, or if it
fails over any field of characteristic zero \textit{and the Generalized
Riemann Hypothesis holds}, then $\mathsf{P}^{\mathsf{\#P}}\subset
\mathsf{P/poly}$, and hence $\mathsf{NP}\subset\mathsf{P/poly}$%
.\footnote{Indeed, $\mathsf{\#P}$\ would even have polynomial-size circuits of
depth $\log^{O\left( 1\right) }n$.} \ (The main difficulty in proving this
result is just that an arithmetic circuit might have very large constants
hardwired into it.) \ On the other hand, no converses to this result are
currently known. \ It's conceivable, for example, that we could have
$\mathsf{P}=\mathsf{P}^{\mathsf{\#P}}$ for some \textquotedblleft inherently
Boolean\textquotedblright\ reason, even if the permanent required arithmetic
circuits of exponential size. \ To put it another way, Conjecture
\ref{valiantconj}\ could serve as an \textquotedblleft arithmetic
warmup\textquotedblright---some would even say an \textquotedblleft arithmetic
prerequisite\textquotedblright---to Boolean separations such as $\mathsf{P}%
^{\mathsf{\#P}}\not \subset \mathsf{P/poly}$ and $\mathsf{P}\neq\mathsf{NP}$.
Better yet, Conjecture \ref{valiantconj} turns out to be implied by (and
nearly equivalent to) an appealing mathematical conjecture, which makes no
direct reference to computation or circuits. \ Let's say that the $n\times n$
permanent \textit{linearly embeds} into the $m\times m$ determinant, if it's
possible to express $\operatorname*{Per}\left( X\right) $\ (for an $n\times
n$\ matrix $X\in\mathbb{F}^{n\times n}$) as $\operatorname*{Det}\left(
L\left( X\right) \right) $, where $L\left( X\right) $\ is an $m\times
m$\ matrix each of whose entries is an affine combination of the entries of
$X$. \ Then let $D\left( n\right) $\ be the smallest $m$ such that the
$n\times n$ permanent\ linearly embeds into the $m\times m$ determinant.
Grenet \cite{grenet}\ proved the following:
\begin{theorem}
[Grenet \cite{grenet}]\label{grenetthm}$D\left( n\right) \leq2^{n}-1$.
\end{theorem}
To illustrate, when $n=2$ we have%
\[
\operatorname*{Per}\left(
\begin{array}
[c]{cc}%
a & b\\
c & d
\end{array}
\right) =\operatorname*{Det}\left(
\begin{array}
[c]{cc}%
a & -b\\
c & d
\end{array}
\right) =ad+bc
\]
(in this case, as we see, Theorem \ref{grenetthm} is not tight), while when
$n=3$\ we have%
\[
\operatorname*{Per}\left(
\begin{array}
[c]{ccc}%
a & b & c\\
d & e & f\\
g & h & i
\end{array}
\right) =\operatorname*{Det}\left(
\begin{array}
[c]{ccccccc}%
0 & a & d & g & 0 & 0 & 0\\
0 & 1 & 0 & 0 & i & f & 0\\
0 & 0 & 1 & 0 & 0 & c & i\\
0 & 0 & 0 & 1 & c & 0 & f\\
e & 0 & 0 & 0 & 1 & 0 & 0\\
h & 0 & 0 & 0 & 0 & 1 & 0\\
b & 0 & 0 & 0 & 0 & 0 & 1
\end{array}
\right) .
\]
By contrast, the best current lower bound on $D\left( n\right) $\ is
quadratic, and was proved by Mignon and Ressayre \cite{mignon} in 2004,
following a long sequence of linear lower bounds:
\begin{theorem}
[Mignon and Ressayre \cite{mignon}]$D\left( n\right) \geq n^{2}%
/2$.\label{mrthm}
\end{theorem}
(Actually, Mignon and Ressayre proved Theorem \ref{mrthm} only for fields of
characteristic $0$. \ Their result was then extended to all fields of
characteristic other than $2$\ by Cai, Chen, and Li \cite{ccl}\ in 2008.)
The basic idea of the proof of Theorem \ref{mrthm}\ is to consider the
\textit{Hessian matrix} of a polynomial $p:\mathbb{F}^{N}\rightarrow
\mathbb{F}$, or the matrix of second partial derivatives, evaluated at some
particular point $X_{0}\in\mathbb{F}^{N}$:%
\[
H_{p}\left( X_{0}\right) :=\left(
\begin{array}
[c]{ccc}%
\frac{\partial^{2}p}{\partial x_{1}^{2}}\left( X_{0}\right) & \cdots &
\frac{\partial^{2}p}{\partial x_{1}\partial x_{N}}\left( X_{0}\right) \\
\vdots & \ddots & \vdots\\
\frac{\partial^{2}p}{\partial x_{N}\partial x_{1}}\left( X_{0}\right) &
\cdots & \frac{\partial^{2}p}{\partial x_{N}^{2}}\left( X_{0}\right)
\end{array}
\right) .
\]
Here we mean the \textquotedblleft formal\textquotedblright\ partial
derivatives of $p$: even if $\mathbb{F}$\ is a finite field, we can still
symbolically differentiate a polynomial over $\mathbb{F}$, to produce new
polynomials over smaller sets of variables. \ In general, when we're trying to
lower-bound the difficulty of computing a polynomial $p$, a common technique
in arithmetic complexity is to look at various partial derivatives
$\frac{\partial^{k}p}{\partial x_{i_{1}}\cdots\partial x_{i_{k}}}$---and in
particular, at the dimensions of vector spaces spanned by those partial
derivatives, or the ranks of matrices formed from them---and then argue that,
if $p$ had a small circuit (or formula, or whatever), then those dimensions or
ranks couldn't possibly be as high as they are.
In the case of Theorem \ref{mrthm}, we prove the following two statements:
\begin{enumerate}
\item[(1)] If $p$ is the permanent, of an $n\times n$\ matrix of $N=n^{2}%
$\ indeterminates, then there exists a point $X_{0}\in\mathbb{F}^{N}$\ such
that $\operatorname*{rank}\left( H_{p}\left( X_{0}\right) \right) =N$.
\item[(2)] If $p$ is the determinant of an $m\times m$\ matrix of affine
functions in the $N$ indeterminates, then $\operatorname*{rank}\left(
H_{p}\left( X\right) \right) \leq2m$ for every $X$.
\end{enumerate}
Combining these, we get $m\geq n^{2}/2$, if $p$ is both the $n\times
n$\ permanent and an $m\times m$\ determinant.
So to summarize, the \textquotedblleft blowup\textquotedblright\ $D\left(
n\right) $\ in embedding the permanent into the determinant is known to be at
least quadratic and at most exponential. \ The huge gap here becomes a bit
less surprising, once we know that $D\left( n\right) $\ is tightly connected
to the arithmetic circuit complexity of the permanent. \ In particular, recall
that a \textit{formula} is just a circuit in which every gate has a fanout of
$1$. \ Then Valiant \cite{valiant:det} showed the following:
\begin{theorem}
[Valiant \cite{valiant:det}]\label{valiantthm}$D\left( n\right) \leq
F\left( n\right) +1$, where $F\left( n\right) $ is the size of the
smallest arithmetic formula for the $n\times n$\ permanent.
\end{theorem}
Thus, if we could prove that $D\left( n\right) $\ grew faster than any
polynomial, we'd have shown\ that the permanent has no polynomial-size
formulas. \ But heightening the interest still further, Valiant et
al.\ \cite{vsbr} showed that in the arithmetic world, there's a surprisingly
tight connection between formulas and circuits:
\begin{theorem}
[Valiant et al.\ \cite{vsbr}]\label{vsbrthm}If a degree-$d$ polynomial has an
arithmetic circuit of size $s$, then it also has an arithmetic formula of size
$\left( sd\right) ^{O\left( \log d\right) }$.
\end{theorem}
Theorem \ref{vsbrthm} implies that $D\left( n\right) \leq C\left( n\right)
^{O\left( \log n\right) }$, where $C\left( n\right) $\ is the size of the
smallest arithmetic \textit{circuit} for the $n\times n$\ permanent. \ This
means that, if we could prove that $D\left( n\right) $\ grew not only
superpolynomially but faster than $n^{O\left( \log n\right) }$, we'd also
have shown that $C\left( n\right) $\ grew superpolynomially, thereby
establishing Valiant's Conjecture \ref{valiantconj}.
But lower-bounding $D\left( n\right) $\ is not merely sufficient for proving
Valiant's Conjecture; it's also necessary! \ For recall that the $n\times
n$\ determinant has an arithmetic circuit of size $O\left( n^{2.698}\right)
$ \cite{kaltofenvillard}. \ So we get the following chain of implications:%
\begin{align*}
D\left( n\right) >n^{O\left( \log n\right) } & \Longrightarrow F\left(
n\right) >n^{O\left( \log n\right) }\text{ (by Theorem \ref{valiantthm})}\\
& \Longrightarrow C\left( n\right) >n^{O\left( 1\right) }\text{ (by
Theorem \ref{vsbrthm}; this is Valiant's Conjecture \ref{valiantconj})}\\
& \Longrightarrow D\left( n\right) >n^{O\left( 1\right) }\text{ (by the
}n^{O\left( 1\right) }\text{\ arithmetic circuits for determinant)}\\
& \Longrightarrow F\left( n\right) >n^{O\left( 1\right) }\text{ (by
Theorem \ref{valiantthm}).}%
\end{align*}
Today, a large fraction of the research aimed at proving $\mathsf{P}%
\neq\mathsf{NP}$\ is aimed, more immediately, at proving Valiant's Conjecture
\ref{valiantconj} (see Agrawal \cite{agrawal:icm}\ for a survey focusing on
that goal). \ The hope is that, on the one hand, powerful tools from algebraic
geometry and other fields can be brought to bear on Valiant's problem, but on
the other, that solving it could provide insight about the original
$\mathsf{P\overset{?}{=}NP}$ problem.
\subsubsection{Arithmetic Circuit Lower Bounds\label{ACLB}}
I won't do justice in this survey to the now-impressive body of work motivated
by Conjecture \ref{valiantconj}; in particular, I'll say little about proof
techniques. \ Readers who want to learn more about arithmetic circuit lower
bounds should consult Shpilka and Yehudayoff \cite[Chapter 3]{shpilkay} for an
excellent survey circa 2010, or Saraf \cite{saraf}\ for a 2014 update.
\ Briefly, though, computer scientists have tried to approach Conjecture
\ref{valiantconj}\ much as they've approached $\mathsf{NP}\not \subset
\mathsf{P/poly}$, by proving lower bounds against more and more powerful
arithmetic circuit classes. \ In that quest, they've had some notable
successes (paralleling the Boolean successes), but have also run up against
some differences from the Boolean case.
For starters, just as Razborov \cite{razborov:mono}\ and others considered
monotone Boolean circuits, one can also consider \textit{monotone arithmetic
circuits} (over fields such as $\mathbb{R}$\ or $\mathbb{Q}$), in which all
coefficients need to be positive. \ Since the determinant involves
$-1$\ coefficients, it doesn't make sense to ask about monotone circuits for
$\operatorname*{Det}\left( X\right) $, but one can certainly ask about the
monotone circuit complexity of $\operatorname*{Per}\left( X\right) $. \ And
already in 1982, Jerrum and Snir \cite{jerrumsnir}\ proved the following
arithmetic counterpart of Razborov's Theorem \ref{monotonethm}:
\begin{theorem}
[Jerrum and Snir \cite{jerrumsnir}]Any monotone circuit for
$\operatorname*{Per}\left( X\right) $\ requires size $2^{\Omega\left(
n\right) }$.
\end{theorem}
As another example, just as computer scientists considered constant-depth
Boolean circuits (the classes $\mathsf{AC}^{0}$, $\mathsf{ACC}$,
$\mathsf{TC}^{0}$, and so on), so we can also consider \textit{constant-depth
arithmetic circuits}, which are conventionally denoted $\Sigma\Pi$, $\Sigma
\Pi\Sigma$, etc.\ to indicate whether they represent a multivariate polynomial
as a sum of products, a sum of product of sums, etc. \ It's trivial to prove
exponential lower bounds on the sizes of depth-two ($\Sigma\Pi$) circuits:
that just amounts to lower-bounding the number of monomials in a polynomial.
\ More interesting is the following result:
\begin{theorem}
[Grigoriev and Karpinski \cite{gkarpinski}, Grigoriev and Razborov
\cite{grazborov}]\label{gkthm}Over a finite field, any $\Sigma\Pi\Sigma$
circuit for $\operatorname*{Det}\left( X\right) $\ requires size
$2^{\Omega\left( n\right) }$. \ (Indeed, this is true even for circuits
representing $\operatorname*{Det}\left( X\right) $\ as a function.)
\end{theorem}
Curiously, over \textit{infinite} fields, the best lower bound that we have
for the determinant is still a much weaker one, due to Shpilka and Wigderson
\cite{shpilkaw}:
\begin{theorem}
[Shpilka and Wigderson \cite{shpilkaw}]\label{swthm}Over infinite fields, any
$\Sigma\Pi\Sigma$ circuit for $\operatorname*{Det}\left( X\right)
$\ requires size $\Omega\left( n^{4}/\log n\right) $.\footnote{As this
survey was being written, Kayal, Saha, and Tavenas \cite{kst}\ announced a
proof that a certain explicit polynomial, albeit not the permanent or
determinant, requires $\Sigma\Pi\Sigma$ circuits\ of size $\Omega\left(
n^{3}/\log^{2}n\right) $, over any field $\mathbb{F}$. \ By comparison, as a
function of the number of input variables ($n^{2}$), Shpilka and Wigderson's
$\Omega\left( n^{4}/\log n\right) $\ lower bound for the determinant
\cite{shpilkaw}\ is \textquotedblleft only\textquotedblright\ quadratic.}
\end{theorem}
Theorems \ref{gkthm}\ and \ref{swthm} are stated for the determinant, although
they have analogues for the permanent. \ In any case, these results certainly
don't succeed in showing that the permanent is \textit{harder} than the determinant.
The situation is better when we restrict the fanin of the multiplication
gates. \ In particular, by a $\Sigma\Pi^{\left[ a\right] }\Sigma\Pi^{\left[
b\right] }$\ circuit, let's mean a depth-$4$ circuit where every inner
multiplication gate has fanin at most $a$, and every bottom multiplication
gate has fanin at most $b$. \ Then in 2013, Gupta et al.\ \cite{gkks:lb}%
\ proved the following.
\begin{theorem}
[Gupta, Kamath, Kayal, and Saptharishi \cite{gkks:lb}]Any $\Sigma\Pi^{\left[
O\left( \sqrt{n}\right) \right] }\Sigma\Pi^{\left[ \sqrt{n}\right] }%
$\ circuit for $\operatorname*{Per}\left( X\right) $\ or
$\operatorname*{Det}\left( X\right) $\ requires size $2^{\Omega\left(
\sqrt{n}\right) }$.
\end{theorem}
Subsequently, Kayal, Saha, and Saptharishi \cite{kayalss}\ proved a size lower
bound of $n^{\Omega\left( \sqrt{n}\right) }$\ for such circuits, though not
for the permanent or determinant but for a different explicit polynomial.
The situation is also better when we restrict to \textit{homogeneous}
arithmetic circuits. \ These are circuits where every gate is required to
compute a homogeneous polynomial: that is, one where all the monomials have
the same degree. \ Here Nisan and Wigderson \cite{nw:arith}\ established the
following in 1997.
\begin{theorem}
[Nisan and Wigderson \cite{nw:arith}]\label{nwthm}Over any field, any
homogeneous $\Sigma\Pi\Sigma$\ circuit for $\operatorname*{Det}\left(
X\right) $\ requires size $2^{\Omega\left( n\right) }$.
\end{theorem}
Going further, in 2014 Kayal, Limaye, Saha, and Srinivasan \cite{klss}\ gave
an explicit polynomial in $n$ variables for which any homogeneous $\Sigma
\Pi\Sigma\Pi$\ circuit\ requires size $n^{\Omega\left( \sqrt{n}\right) }$
(compared to Theorem \ref{nwthm}'s $2^{\Omega\left( \sqrt{n}\right) }$, as a
function of the number of input variables).
It's natural to wonder: why are we stuck talking about depth-$3$ and depth-$4$
arithmetic circuits? \ Why couldn't we show that the permanent and determinant
have no \textit{constant-depth} arithmetic circuits of subexponential size?
\ After all, wasn't arithmetic complexity supposed to be easier than Boolean complexity?
In 2008, Agrawal and Vinay \cite{agrawalvinay}\ gave a striking answer to
these questions; they called their answer \textquotedblleft the chasm at depth
four.\textquotedblright\ \ In particular, building on the earlier work of
Valiant et al.\ \cite{vsbr} (Theorem \ref{vsbrthm}), Agrawal and Vinay showed
that, if we managed to prove strong enough lower bounds for depth-$4$
arithmetic circuits, then we'd also get superpolynomial lower bounds for
\textit{arbitrary} arithmetic circuits! \ Here's one special case of their result:
\begin{theorem}
[Agrawal and Vinay \cite{agrawalvinay}]\label{avthm}Suppose that
$\operatorname*{Per}\left( X\right) $\ requires depth-$4$ arithmetic
circuits (even homogeneous ones) of size $2^{\Omega\left( n\right) }$.
\ Then $\operatorname*{Per}\left( X\right) $\ requires arithmetic circuits
of superpolynomial size, and Valiant's Conjecture \ref{valiantconj}\ holds.
\end{theorem}
In some sense, Theorem \ref{avthm}\ does for arithmetic circuit complexity
what Theorem \ref{boolchasm}\ did for Boolean circuit complexity. \ Recall
that Theorem \ref{boolchasm}\ constructed $\mathsf{AC}^{0}$\ circuits of size
$2^{n^{\varepsilon}}$ for any language in $\mathsf{NLOGSPACE}$ and any
constant $\varepsilon>0$, thereby showing that strong enough size lower bounds
for $\mathsf{AC}^{0}$\ circuits would entail a breakthrough in separating
complexity classes. \ Arguably, though, Theorem \ref{avthm} is even more
surprising, because it reaches a similar conclusion while talking only about a
\textit{fixed} depth (in this case, depth $4$), rather than about arbitrary
constant depths.\footnote{We can also talk about fixed constant depths in the
$\mathsf{AC}^{0}$\ case, but if we do, the conclusions are weaker. \ For
example, if we managed to prove a $2^{\Omega\left( n\right) }$\ size lower
bound against $\mathsf{AC}^{0}$\ circuits of depth $3$, for some language $L$,
then we could deduce from Theorem \ref{boolchasm}\ that any
$\mathsf{NLOGSPACE}$\ machine for $L$ would require $\Omega\left( n^{2}%
/\log^{2}n\right) $\ time.}
Subsequently, Koiran \cite{koiran}\ and Tavenas \cite{tavenas}\ showed that
Valiant's Conjecture would follow, not merely from a $2^{\Omega\left(
n\right) }$\ size lower bound for homogeneous depth-$4$ circuits computing
the permanent, but from \textit{any} size lower bound better than
$n^{\Omega\left( \sqrt{n}\right) }$. \ In an even more exciting development,
Gupta et al.\ \cite{gkks:chasm}\ reduced the depth from four to three (though
only for fields of characteristic $0$, and no longer allowing homogeneity):
\begin{theorem}
[Gupta, Kamath, Kayal, and Saptharishi \cite{gkks:chasm}]Suppose that
$\operatorname*{Per}\left( X\right) $\ requires depth-$3$ arithmetic
circuits of size more than $n^{\Omega\left( \sqrt{n}\right) }$, over fields
of characteristic $0$. \ Then $\operatorname*{Per}\left( X\right)
$\ requires arithmetic circuits of superpolynomial size, and Valiant's
Conjecture \ref{valiantconj}\ holds.
\end{theorem}
These results can be considered extreme versions of the depth reduction of
Spira \cite{spira}\ (see Proposition \ref{brentprop}). \ I should mention that
all of these results hold, not just for the permanent, but for \textit{any}
homogeneous polynomial of degree $n^{O\left( 1\right) }$. \ In particular,
by applying their depth reduction \textquotedblleft in the opposite
direction\textquotedblright\ for the determinant, Gupta et
al.\ \cite{gkks:chasm}\ were able to show that there \textit{exist} depth-$3$
arithmetic circuits of size $n^{O\left( \sqrt{n}\right) }$\ for
$\operatorname*{Det}\left( X\right) $. \ This provides an interesting
counterpoint to the result of Nisan and Wigderson \cite{nw:arith} (Theorem
\ref{nwthm}), which showed that $2^{\Omega\left( n\right) }$\ gates are
needed for the determinant if we restrict to depth-$3$ \textit{homogeneous} circuits.
There are yet other results in this vein, which give yet other tradeoffs.
\ But perhaps we should step back from the flurry of theorems and try to
summarize. \ After decades of research in arithmetic circuit complexity, we
now have lower bounds of the form $n^{\Omega\left( \sqrt{n}\right) }$\ on
the sizes of depth-$3$ and depth-$4$ arithmetic circuits computing explicit
polynomials (subject to various technical restrictions). \ On the other hand,
we also have a deep explanation for why the progress has stopped at the
specific bound $n^{\Omega\left( \sqrt{n}\right) }$: because \textit{any
lower bound even slightly better than that would already prove Valiant's
Conjecture, that the permanent is superpolynomially harder than the
determinant!} \ It's as if, in arithmetic complexity, we reach a terrifying
precipice---beyond which we can no longer walk but need to fly---sooner than
we do in the Boolean case. \ And around 2014, we learned exactly where that
precipice is and walked right up to it, but we still haven't
jumped.\footnote{Or perhaps, we've jumped many times, but each time hit the
bottom rather than flew!}$^{,}$\footnote{As this survey was being written,
Forbes, Kumar, and Saptharishi \cite{fks} gave yet another interesting result
sharpening the contours of the \textquotedblleft chasm at depth
four\textquotedblright: namely, they showed that lower bounds on homogeneous
depth-$4$ arithmetic circuits to compute \textit{Boolean functions} (rather
than formal polynomials), and which are only \textquotedblleft
slightly\textquotedblright\ stronger than lower bounds that have already been
shown, would imply a separation between $\mathsf{\#P}$\ and $\mathsf{ACC}$.}
In this connection, it's worth pointing out that, with the exception of
Theorem \ref{mrthm} by Mignon and Ressayre \cite{mignon}, none of the results
in this section actually \textit{differentiate} the permanent from the
determinant: that is, none of them prove a lower bound for
$\operatorname*{Per}\left( X\right) $\ better than the analogous lower bound
known for $\operatorname*{Det}\left( X\right) $. \ Eventually, of course,
any proof of Valiant's Conjecture \textit{will} need to explain why the
permanent is harder than the determinant, which is one of the main motivations
for the Mulmuley-Sohoni program (see Section \ref{GCT}).
Let me end this section by discussing two striking results of Ran Raz, and one
of Pascal Koiran, that didn't quite fit into the narrative above. \ The first
result is a superpolynomial lower bound on the sizes of \textit{multilinear
formulas}. \ An arithmetic formula is called \textit{multilinear} if the
polynomial computed by each gate is a multilinear polynomial (that is, no
variable is raised to a higher power than $1$). \ Notice that the permanent
and determinant are both multilinear polynomials. \ For that reason, they can
be computed by multilinear formulas, and it makes sense to ask about the size
of the smallest such formulas.
In a 2004 breakthrough, Raz \cite{raz}\ proved the following.
\begin{theorem}
[Raz \cite{raz}]\label{razthm}Any multilinear formula for $\operatorname*{Per}%
\left( X\right) $ or $\operatorname*{Det}\left( X\right) $\ requires size
$n^{\Omega\left( \log n\right) }$.\footnote{An immediate corollary is that
any multilinear \textit{circuit} for $\operatorname*{Per}\left( X\right) $
or $\operatorname*{Det}\left( X\right) $\ requires \textit{depth}
$\Omega\left( \log^{2}n\right) $.}
\end{theorem}
What made Theorem \ref{razthm}\ striking was that there was no restriction on
the formula's depth. \ The proof was via the random restriction method from
Section \ref{SMALLDEPTH}, combined with the idea (common in arithmetic
complexity) of using matrix rank as a progress measure. \ In more detail, let
$p:\left\{ 0,1\right\} ^{n}\rightarrow\mathbb{R}$ be a polynomial computed
by a small multilinear formula: for simplicity, we'll take $p$'s inputs to be
Boolean. \ Then basically, we randomly partition $p$'s input variables into
two small sets $X=\left\{ x_{1},\ldots,x_{k}\right\} $\ and $Y=\left\{
y_{1},\ldots,y_{k}\right\} $, and a large set $Z$ of size $n-2k$. \ (Here we
should imagine, say, $k=n^{1/3}$.) \ We then randomly fix the variables in $Z$
to $0$'s or $1$'s, while leaving the variables in $X$ and $Y$ unfixed. \ Next,
we define a\ matrix $M\in\mathbb{R}^{2^{k}\times2^{k}}$, whose rows are
indexed by the $2^{k}$\ possible assignments to $X$, whose columns are indexed
by the $2^{k}$\ possible assignments to $Y$, and whose $\left( X,Y\right)
$\ entry equals $p\left( X,Y,Z\right) $. \ Finally, we prove the following
two statements:
\begin{itemize}
\item With high probability, $M$ has rank much smaller than $2^{k}$. \ This is
the hard part of the proof: we use the assumption that $p$ has a small
multilinear formula, and then argue by induction on the formula.
\item If $p$ represents the function $f$\ of interest to us (say, the
permanent or determinant), then $\operatorname*{rank}\left( M\right) =2^{k}$
with certainty.
\end{itemize}
Together, these yield the desired contradiction, showing that $f$ can't have
had a small multilinear formula after all.
It seems likely that the lower bound in Theorem \ref{razthm} could be improved
from $n^{\Omega\left( \log n\right) }$\ all the way up to $2^{\Omega\left(
n\right) }$, but this remains open. \ Raz and Yehudayoff \cite{razy}\ did
manage to prove an exponential lower bound for \textit{constant-depth}
multilinear formulas computing the permanent or determinant; and in a separate
work \cite{razy2}, they also proved a $2^{\Omega\left( n\right) }$ lower
bound for \textquotedblleft non-cancelling\textquotedblright\ multilinear
formulas computing an explicit polynomial $f$ (not the permanent or
determinant). \ Here \textquotedblleft non-cancelling\textquotedblright---a
notion that I defined in \cite{aar:mlin}---basically means that nowhere in the
formula are we allowed to add two polynomials that \textquotedblleft almost
perfectly\textquotedblright\ cancel each other out, leaving only a tiny residue.
Of course, just like with the arithmetic circuit lower bounds discussed
earlier, so far all the known multilinear formula lower bounds fail to
distinguish the permanent from the determinant.
The second result of Raz's concerns so-called \textit{elusive functions}.
\ Given a polynomial curve $f:\mathbb{C}\rightarrow\mathbb{C}^{n}$, Raz calls
$f$ \textit{elusive} if $f$\ is not contained in the image of any polynomial
mapping $g:\mathbb{C}^{n-1}\rightarrow\mathbb{C}^{n}$\ of degree $2$. \ He
then proves the following beautiful theorem.
\begin{theorem}
[Raz \cite{raz:elusive}]Suppose there exists an elusive function\ whose
coefficients can be computed in polynomial time. \ Then $\operatorname*{Per}%
\left( X\right) $\ requires arithmetic circuits of superpolynomial size, and
Valiant's Conjecture \ref{valiantconj}\ holds.
\end{theorem}
Arguably, this makes Valiant's Conjecture look \textit{even more} like a
question of pure algebraic geometry than it did before! \ As evidence that the
\textquotedblleft elusive function\textquotedblright\ approach to circuit
lower bounds is viable, Raz then constructs an explicit $f$\ that's elusive in
a weak sense, which is already enough to imply the following new lower bound:
\begin{theorem}
[Raz \cite{raz:elusive}]For every $r$, there is an explicit polynomial
$p$\ with $n$ variables and degree $O\left( r\right) $, such that any
depth-$r$ arithmetic circuit for $p$ (over any field) requires size
$n^{1+\Omega\left( 1/r\right) }$.
\end{theorem}
Now for the result of Koiran.
\begin{theorem}
[Koiran \cite{koiran:shallow}]\label{koiranthm}Suppose that any univariate
real polynomial, of the form%
\[
p\left( x\right) =\sum_{i=1}^{\ell}\prod_{j=1}^{m}\sum_{k=1}^{n}%
a_{ijk}x^{e_{ijk}},
\]
has at most $\left( \ell mn\right) ^{O(1)}$\ real zeroes. \ Then
$\operatorname*{Per}\left( X\right) $ requires arithmetic formulas of
superpolynomial size (and indeed, $D\left( n\right) >n^{O\left( 1\right)
}$).
\end{theorem}
In fact it would suffice to upper-bound the number of \textit{integer} zeroes
of such a polynomial by $\left( \ell mn\right) ^{O(1)}$. \ Note that, if we
had asked about \textit{complex} zeroes, then Theorem \ref{koiranthm}\ would
badly fail, because of counterexamples such as $x^{2^{n}}-1$. \ But with real
zeroes, no counterexample is known, and Theorem \ref{koiranthm} once again
raises the tantalizing possibility that tools from analysis could be brought
to bear on the permanent versus determinant problem.
\subsubsection{Arithmetic Natural Proofs?\label{ANP}}
In Section \ref{ACLB}, we saw arithmetic circuit lower bounds that, again and
again, seem to go \textquotedblleft right up to the brink\textquotedblright%
\ of proving Valiant's Conjecture, but then stop short. \ Given this, it's
natural to wonder what the barriers are to further progress in arithmetic
complexity, and how they relate to the barriers in the Boolean case.
We've already discussed one obvious barrier, which is that eventually we need
techniques that work for the permanent but \textit{fail} for the determinant.
\ It might also be interesting to define an arithmetic analogue of the
relativization barrier (Section \ref{REL}). \ To my knowledge, this hasn't
been done, but my guess is that in the arithmetic setting, the natural choices
for oracles would look a lot like the algebraic oracles studied by Aaronson
and Wigderson \cite{awig}\ (see Section \ref{ALGBAR}). \ With a notion of
\textquotedblleft oracle\textquotedblright\ in hand, one could probably show
that most arithmetic circuit lower bounds require arithmetically
non-relativizing techniques. \ On the other hand, this wouldn't be much of an
obstruction, since even the results discussed in Section \ref{ACLB} should
\textit{already} evade the relativization barrier, for the same reason as
those of Sections \ref{SMALLDEPTH}\ and \ref{POLYMETH}.
In the rest of this section, I'd like to discuss the contentious question of
whether or not arithmetic circuit complexity faces a natural proofs barrier,
in the sense of Razborov and Rudich \cite{rr}. \ Recall from Section
\ref{NATPROOF}\ that a circuit lower bound proof is called \textit{natural}
if, besides proving that the specific function $f$\ of interest to us is not
in a circuit class $\mathcal{C}$, the proof also provides a
\textit{polynomial-time algorithm} $A$\ that takes as input a function's truth
table, and that certifies a $1/n^{O\left( 1\right) }$\ fraction of all
functions as not belonging to $\mathcal{C}$. \ Such an $A$ can be used to
distinguish functions in $\mathcal{C}$\ from random functions with
non-negligible bias. \ Meanwhile, the class $\mathcal{C}$\ has a
\textit{natural proofs barrier} if $\mathcal{C}$\ contains
\textit{pseudorandom function families}, which can't be so distinguished from
random functions, and whose existence is therefore incompatible with the
existence of $A$.
In the arithmetic setting, presumably we'd call a proof \textit{natural} if it
yields a polynomial-time algorithm\footnote{For simplicity, here I'll assume
that we mean an \textquotedblleft ordinary\textquotedblright\ (Boolean)
polynomial-time algorithm, though one could also require polynomial-time
algorithms in the arithmetic model.} that takes as input, say, the complete
output table of a homogeneous degree-$d$ polynomial $p:\mathbb{F}%
^{n}\rightarrow\mathbb{F}$ over a finite field $\mathbb{F}$, and that
certifies a $1/n^{O\left( 1\right) }$\ fraction of all such polynomials as
not belonging to the arithmetic circuit class $\mathcal{C}$. \ Also, we'd say
that $\mathcal{C}$\ has a \textit{natural proofs barrier} if $\mathcal{C}%
$\ contains \textit{pseudorandom polynomial families}. \ By this, we mean
families of homogeneous degree-$d$ polynomials, $p_{s}:\mathbb{F}%
^{n}\rightarrow\mathbb{F}$,\ that no $\left\vert \mathbb{F}\right\vert
^{O\left( n\right) }$-time algorithm can distinguish from uniformly-random
homogeneous degree-$d$ polynomials with non-negligible bias. \ (We can no
longer talk about uniformly-random \textit{functions}, since an algorithm can
easily ascertain, for example, that $p_{s}$\ is a degree-$d$ polynomial.) \ By
exactly the same logic as in the Boolean case, if $\mathcal{C}$\ is powerful
enough to compute pseudorandom polynomials, then no natural proof can show
that a polynomial isn't in $\mathcal{C}$.
Now, one point that's \textit{not} disputed is that all the arithmetic circuit
lower bounds discussed in Section \ref{ACLB} are natural in the above sense.
\ I didn't say much about how the lower bounds are proved, but as mentioned in
Section \ref{PERDET}, arithmetic circuit lower bounds generally proceed by
finding some parameter $\alpha\left( p\right) $\ associated with a
polynomial $p$---say, the rank of its Hessian matrix, or the dimension of a
vector space spanned by $p$'s\ partial derivatives---to use as a
\textquotedblleft progress measure.\textquotedblright\ \ The proof then argues that
\begin{enumerate}
\item[(1)] $\alpha\left( p\right) $ is large for the specific polynomial $p$
of interest to us (say, the permanent or determinant), but
\item[(2)] every gate added to our circuit or formula can only increase
$\alpha\left( p\right) $\ by so much,
\end{enumerate}
\noindent thereby implying that $p$\ requires many gates. \ Furthermore,
virtually any progress measure $\alpha$\ that's a plausible choice for such an
argument---and certainly the ones used in the existing results---will be
computable in $\left\vert \mathbb{F}\right\vert ^{O\left( n\right) }$ time,
and will be maximized by a \textit{random} polynomial $p$ of the appropriate
degree. \ Alas, this implies that the argument is natural! \ If the circuit
class $\mathcal{C}$\ has a natural proofs barrier, then no such argument can
possibly prove $p\notin\mathcal{C}$.
The part that's controversial is whether arithmetic circuit classes
\textit{do} have a natural proofs barrier. \ To show that they did, we'd need
plausible candidates for pseudorandom polynomials---say, homogeneous
degree-$d$ polynomials $p:\mathbb{F}^{n}\rightarrow\mathbb{F}$\ that actually
have small arithmetic circuits, but that look to any efficient test just like
random homogeneous polynomials of degree $d$. \ The trouble is that, while
cryptographers know a great deal about how to construct pseudorandom
functions, the accepted constructions are all \textquotedblleft inherently
Boolean\textquotedblright; they don't work in the setting of low-degree
polynomials over a finite field.
Thus, to take one example, the work of Goldreich, Goldwasser, and Micali (GGM)
\cite{ggm}, combined with that of H\aa stad et al.\ \cite{hill},\ shows how to
build a pseudorandom function family starting from any \textit{one-way
function} (see Section \ref{CRYPTO}). \ And indeed, Razborov and Rudich
\cite{rr}\ used a variant of the GGM construction in their original paper on
natural proofs. \ However, if we try to implement the GGM construction using
arithmetic circuits---say, using multiplication for the AND gates, $1-x$\ for
the NOT gates, etc.---we'll find that we've produced an arithmetic circuit of
$n^{O\left( 1\right) }$ depth, which computes a polynomial of $\exp\left(
n^{O\left( 1\right) }\right) $\ degree: far too large.
As I mentioned in Section \ref{NATPROOF}, if we're willing to assume the
hardness of specific cryptographic problems, then there are also much more
direct constructions of pseudorandom functions, which produce circuits of much
lower depth. \ In particular, there's the construction of Naor and Reingold
\cite{naorreingold}, which is\ based on factoring and discrete logarithm; and
that of Banerjee et al.\ \cite{bpr}, which is based on noisy systems of linear
equations. \ Unfortunately, examination of these constructions reveals that
they, too, require treating the input as a string of bits rather than of
finite field elements. \ So for example, the Naor-Reingold construction
involves modular exponentiation, which of course goes outside the arithmetic
circuit model, where only addition and multiplication are allowed.
At this point I can't resist stating my own opinion, which is that the issue
here is partly technical but also partly social. \ Simply put: Naor-Reingold
and Banerjee et al.\ are taken to be relevant to natural proofs, because
factoring, discrete logarithm, and solving noisy systems of linear equations
have become \textit{accepted by the community of cryptographers} as plausibly
hard problems. \ Since real computers use Boolean circuits, and since in
practice one normally needs pseudorandom \textit{functions} rather than
polynomials, cryptographers have had extremely little reason to study
pseudorandom low-degree polynomials that are computed by small arithmetic
circuits over finite fields. \ If they \textit{had} studied that, though, it
seems plausible that they would've found decent candidates for such
polynomials, and formed a consensus that they indeed seem hard to distinguish
from random polynomials.
Motivated by that thought, in a 2008 blog post \cite{aar:ant}, I offered my
own candidate for a pseudorandom family of polynomials, $p_{s}:\mathbb{F}%
^{n}\rightarrow\mathbb{F}$, which are homogeneous of degree $d=n^{O\left(
1\right) }$. \ My candidate was simply this: motivated by Valiant's result
\cite{valiant:det}\ that the determinant can express any arithmetic formula
(Theorem \ref{valiantthm}), take the random seed $s$ to encode $d^{2}%
$\ uniformly-random linear functions, $L_{i,j}:\mathbb{F}^{n}\rightarrow
\mathbb{F}$\ for all $i,j\in\left\{ 1,\ldots,d\right\} $. \ Then set%
\[
p_{s}\left( x_{1},\ldots,x_{n}\right) :=\operatorname*{Det}\left(
\begin{array}
[c]{ccc}%
L_{1,1}\left( x_{1},\ldots,x_{n}\right) & \cdots & L_{1,d}\left(
x_{1},\ldots,x_{n}\right) \\
\vdots & \ddots & \vdots\\
L_{d,1}\left( x_{1},\ldots,x_{n}\right) & \cdots & L_{d,d}\left(
x_{1},\ldots,x_{n}\right)
\end{array}
\right) .
\]
My conjecture is that, at least when $d$\ is sufficiently large, a random
$p_{s}$ drawn from this family should require $\exp\left( d^{\Omega\left(
1\right) }\right) $\ time to distinguish from a random homogeneous
polynomial of degree $d$, if we're given the polynomial $p:\mathbb{F}%
^{n}\rightarrow\mathbb{F}$\ by a table of $\left\vert \mathbb{F}\right\vert
^{n}$\ values. \ If $d$ is a large enough polynomial in $n$, then $\exp\left(
d^{\Omega\left( 1\right) }\right) $\ is greater than $\left\vert
\mathbb{F}\right\vert ^{O\left( n\right) }$, so the natural proofs barrier
would apply.
So far there's been little study of this conjecture. \ Neeraj Kayal and Joshua
Grochow (personal communication) have pointed out to me that the
Mignon-Ressayre Theorem (Theorem \ref{mrthm}) implies that $p_{s}$\ can be
efficiently distinguished from a uniformly-random degree-$d$ homogeneous
polynomial whenever $d2^{n^{o\left( 1\right) }}$. \ The reason is that there
are points in the orbit closure of the determinant that aren't in its
\textquotedblleft endomorphism orbit\textquotedblright\ (that is, the set of
polynomials that have not-necessarily-invertible linear embeddings into the
determinant).\ \ In complexity terms, these are homogeneous degree-$m$
polynomials that can be arbitrarily well approximated by determinants of
$m\times m$\ matrices of linear functions, but not represented exactly.
See Grochow \cite{grochow:thesis}\ for further discussion of both issues.
\subsubsection{Characterization by Symmetries}
So far, it seems like all we've done is restated Valiant's Conjecture in a
more abstract language and slightly generalized it. \ But now we come to the
main insight of GCT, which is that\ the permanent and determinant are both
special, highly symmetric functions, and it's plausible that we can leverage
that fact to learn more about their orbit closures than we could if they were
arbitrary functions. \ For starters,\ $\operatorname*{Per}\left( X\right) $
is symmetric under permuting $X$'s rows or columns, transposing $X$, and
multiplying the rows or columns by scalars that multiply to $1$. \ That is, we
have%
\begin{equation}
\operatorname*{Per}\left( X\right) =\operatorname*{Per}\left( X^{T}\right)
=\operatorname*{Per}\left( PXQ\right) =\operatorname*{Per}\left(
AXB\right) \label{persym}%
\end{equation}
for all permutation matrices $P$\ and $Q$, and all diagonal matrices $A$ and
$B$ such that $\operatorname*{Per}\left( A\right) \operatorname*{Per}\left(
B\right) =1$. \ The determinant has an even larger symmetry group: we have%
\begin{equation}
\operatorname*{Det}\left( X\right) =\operatorname*{Det}\left( X^{T}\right)
=\operatorname*{Det}\left( AXB\right) \label{detsym}%
\end{equation}
for all matrices $A$ and $B$ such that $\operatorname*{Det}\left( A\right)
\operatorname*{Det}\left( B\right) =1$.
But there's a further point: it turns out that the permanent and determinant
are both \textit{uniquely characterized} (up to a constant factor) by their
symmetries, among all homogeneous polynomials of the same degree. \ More precisely:
\begin{theorem}
\label{symchar}Let $p$ be any degree-$m$ homogeneous polynomial in the entries
of $X\in\mathbb{C}^{m\times m}$ that satisfies $p\left( X\right) =p\left(
PXQ\right) =p\left( AXB\right) $ for all permutation matrices $P,Q$\ and
diagonal $A,B$\ with $\operatorname*{Per}\left( A\right) \operatorname*{Per}%
\left( B\right) =1$. \ Then $p\left( X\right) =\alpha\operatorname*{Per}%
\left( X\right) $ for some $\alpha\in\mathbb{C}$. \ Likewise, let $p$ be any
degree-$m$ homogeneous polynomial in the entries of $X\in\mathbb{C}^{m\times
m}$ that satisfies $p\left( X\right) =p\left( AXB\right) $\ for all
$A,B$\ with $\operatorname*{Det}\left( A\right) \operatorname*{Det}\left(
B\right) =1$. \ Then $p\left( X\right) =\alpha\operatorname*{Det}\left(
X\right) $ for some $\alpha\in\mathbb{C}$.\footnote{Note that we don't even
need to assume the symmetry $p\left( X\right) =p\left( X^{T}\right) $;
that comes as a free byproduct. \ Also, it might seem like \textquotedblleft
cheating\textquotedblright\ that we use the permanent to state the symmetries
that characterize the permanent, and likewise for the determinant. \ But we're
just using the permanent and determinant as convenient ways to specify which
matrices $A,B$ we want, and could give slightly more awkward symmetry
conditions that avoided them. \ (This is especially clear for the permanent,
since if $A$ is diagonal, then $\operatorname*{Per}\left( A\right) $\ is
just the product of the diagonal entries.)}
\end{theorem}
Theorem \ref{symchar} is fairly well-known in representation theory; the
determinant case dates back to Frobenius. \ See Grochow \cite[Propositions
3.4.3 and 3.4.5]{grochow:thesis}\ for an elementary proof, using Gaussian
elimination for the determinant and even simpler considerations for the
permanent. \ Notice that we're not merely saying that any polynomial $p$\ with
the same symmetry group as the permanent is a multiple of the permanent (and
similarly for the determinant), but rather that any $p$ whose symmetry group
\textit{contains} the permanent's is a multiple of the permanent.
In a sense, Theorem \ref{symchar} is the linchpin of the GCT program. \ Among
other things, it's GCT's answer to the question of how it could overcome the
natural proofs barrier. \ For notice that, if we picked a degree-$m$
homogeneous polynomial at random, it almost certainly \textit{wouldn't} be
uniquely characterized by its symmetries, as the permanent and determinant
are.\footnote{See Grochow \cite[Proposition 3.4.9]{grochow:thesis}\ for a
simple proof of this, via a dimension argument.} \ Thus, if a proof that the
permanent is hard relies on symmetry-characterization, we need not fear that
the same proof would work for a random homogeneous polynomial, and thereby
give us a way to break arithmetic pseudorandom functions (Section \ref{ANP}).
\ While this isn't mentioned as often, Theorem \ref{symchar} should also let
GCT overcome the relativization and algebrization barriers, since (for
example) a polynomial that was $\mathsf{\#P}^{A}$-complete for some oracle
$A$, rather than $\mathsf{\#P}$-complete like the permanent was, wouldn't have
the same symmetries as the permanent itself.
\subsubsection{The Quest for Obstructions\label{OBSTRUCT}}
\textit{Because} the permanent and determinant are characterized by their
symmetries, and because they satisfy another technical property called
\textquotedblleft partial stability,\textquotedblright\ Mulmuley and Sohoni
observe that a field called \textit{geometric invariant theory} can be used to
get a handle on their orbit closures. \ I won't explain the details of how
this works (which involve something called Luna's \'{E}tale Slice Theorem
\cite{luna}), but will just state the punchline.
Given a set $S\subseteq\mathbb{C}^{N}$, define $R\left[ S\right] $, or the
\textit{coordinate ring of} $S$, to be the vector space of all complex
polynomials $q:\mathbb{C}^{N}\rightarrow\mathbb{C}$, with two polynomials
identified if they agree on all points $x\in S$. \ Then we'll be interested in
$R_{\operatorname*{Det}}:=R\left[ \chi_{\operatorname*{Det},m}\right] $\ and
$R_{\operatorname*{Per}}:=R\left[ \chi_{\operatorname*{Per},m,n}\right] $:
the coordinate rings of the orbit closures of the determinant and the padded
permanent. \ In this case, $N=\binom{m^{2}+m-1}{m}$ is the dimension of the
vector space of homogeneous degree-$m$ polynomials over $m^{2}$ variables.
\ So the coordinate rings are vector spaces of polynomials over $N$ variables:
truly enormous objects.
Next, let $q:\mathbb{C}^{N}\rightarrow\mathbb{C}$ be one of these
\textquotedblleft big\textquotedblright\ polynomials, whose inputs are the
coefficients of a \textquotedblleft small\textquotedblright\ polynomial $p$
(such as the permanent or determinant). \ Then we can define an action of the
general linear group, $G=\operatorname*{GL}_{m^{2}}\left( \mathbb{C}\right)
$, on $q$, via $\left( A\cdot q\right) \left( p\left( x\right) \right)
:=q\left( p\left( Ax\right) \right) $ for all $A\in G$. \ In other words,
we take the action of $G$ on the \textquotedblleft small\textquotedblright%
\ polynomials $p$ that we previously defined, and use it to induce an action
on the \textquotedblleft big\textquotedblright\ polynomials $q$. \ Notice that
this action fixes the coordinate rings $R_{\operatorname*{Det}}$\ and
$R_{\operatorname*{Per}}$ (i.e., just shifts their points around), simply
because the action of $G$ fixes the orbit closures $\chi_{\operatorname*{Det}%
,m}$\ and $\chi_{\operatorname*{Per},m,n}$\ themselves. \ As a consequence,
the actions of $G$ on $R_{\operatorname*{Det}}$\ and $R_{\operatorname*{Per}}%
$\ give us two representations\textit{ }of the group $G$: that is,
homomorphisms that map the elements of $G$ to linear transformations on the
vector spaces $R_{\operatorname*{Det}}$\ and $R_{\operatorname*{Per}}%
$\ respectively. \ Call these representations $\rho_{\operatorname*{Det}}%
$\ and $\rho_{\operatorname*{Per}}$\ respectively.
Like most representations, $\rho_{\operatorname*{Det}}$\ and $\rho
_{\operatorname*{Per}}$\ can be decomposed uniquely into direct sums of
\textit{isotypic components}; each isotypic component, in turn, consists of an
\textit{irreducible representation}, or \textquotedblleft
irrep\textquotedblright\ (which can't be further decomposed) that occurs with
some nonnegative integer \textit{multiplicity}.\footnote{An isotypic component
might be decomposable into irreps in many ways, but one always gets the same
number of irreps of the same type.} \ In particular, let $\rho:G\rightarrow
\mathbb{C}^{k\times k}$\ be any irrep of $G$. \ Then $\rho$\ occurs with some
multiplicity, call it $\lambda_{\operatorname*{Det}}\left( \rho\right) $, in
$\rho_{\operatorname*{Det}}$, and with some possibly different multiplicity,
call it $\lambda_{\operatorname*{Per}}\left( \rho\right) $, in
$\rho_{\operatorname*{Per}}$. \ We're now ready for the theorem that sets the
stage for the rest of GCT.
\begin{theorem}
[Mulmuley-Sohoni \cite{gct1}]\label{obstructthm}Suppose there exists an irrep
$\rho$\ such that $\lambda_{\operatorname*{Per}}\left( \rho\right)
>\lambda_{\operatorname*{Det}}\left( \rho\right) $. \ Then
$\operatorname*{Per}\nolimits_{m,n}^{\ast}\notin\chi_{\operatorname*{Det},m}$:
that is, the padded permanent is not in the orbit closure of the determinant.
\end{theorem}
Note that Theorem \ref{obstructthm}\ is not an \textquotedblleft if and only
if\textquotedblright: even if $\operatorname*{Per}\nolimits_{m,n}^{\ast}%
\notin\chi_{\operatorname*{Det},m}$, there's no result saying that the reason
must be representation-theoretic. \ In GCT2 \cite{gct2}, Mulmuley and Sohoni
\textit{conjecture} that the algebraic geometry of $\chi_{\operatorname*{Det}%
,m}$\ is in some sense completely determined by its representation theory, but
if true, that would have to be for reasons specific to $\chi
_{\operatorname*{Det},m}$ (or other \textquotedblleft
complexity-theoretic\textquotedblright\ orbit closures).
If $\lambda_{\operatorname*{Per}}\left( \rho\right) >\lambda
_{\operatorname*{Det}}\left( \rho\right) $, then Mulmuley and Sohoni call
$\rho$\ a \textit{multiplicity obstruction} to embedding the permanent into
the determinant. \ Any obstruction would be a \textit{witness} to the
permanent's hardness: in crude terms, it would prove that the $m\times
m$\ determinant has \textquotedblleft the wrong kinds of
symmetries\textquotedblright\ to express the padded $n\times n$\ permanent,
unless $m$\ is much larger than $n$. \ From this point forward, GCT---at least
in Mulmuley and Sohoni's vision---is focused entirely on the hunt for a
multiplicity obstruction.
\textit{A priori}, one could imagine proving nonconstructively that an
obstruction $\rho$ must exist, without actually finding it. \ However,
Mulmuley and Sohoni emphatically reject that approach. \ They want not merely
any proof of Conjecture \ref{gctconj}, but an \textquotedblleft
explicit\textquotedblright\ proof: that is, one that yields an algorithm that
actually \textit{finds} an obstruction $\rho$\ witnessing $\operatorname*{Per}%
\nolimits_{m,n}^{\ast}\notin\chi_{\operatorname*{Det},m}$, in time polynomial
in $m$\ and $n$. \ Alas, as you might have gathered, the representations
$\rho_{\operatorname*{Det}}$\ and $\rho_{\operatorname*{Per}}$\ are fearsomely
complicated objects---so even if we accept for argument's sake that
obstructions exist, we seem a very long way from algorithms to find them in
less than astronomical time.\footnote{In principle, $\rho_{\operatorname*{Det}%
}$\ and $\rho_{\operatorname*{Per}}$\ are infinite-dimensional
representations, so an algorithm could search them forever for obstructions
without halting. \ On the other hand, if we impose some upper bound on the
degrees of the polynomials in the coordinate ring, we get an algorithm that
takes \textquotedblleft merely\textquotedblright\ doubly- or
triply-exponential time.}
For now, therefore, Mulmuley and Sohoni argue that the best way to make
progress toward Conjecture \ref{gctconj}\ is to work on \textit{more and more
efficient algorithms} to compute the multiplicities of irreps in complicated
representations like $\rho_{\operatorname*{Det}}$\ and $\rho
_{\operatorname*{Per}}$. \ The hope is that, in order to design those
algorithms, we'll be forced to acquire such a deep understanding that we'll
then know exactly where to look for a $\rho$ such that $\lambda
_{\operatorname*{Per}}\left( \rho\right) >\lambda_{\operatorname*{Det}%
}\left( \rho\right) $. \ So that's the program that's been pursued for the
last decade; I'll have more to say later about where that program currently stands.
The central idea here---that the path to proving $\mathsf{P}\neq\mathsf{NP}%
$\ will go through \textit{discovering new algorithms}, rather than through
ruling them out---is GCT's version of \textquotedblleft ironic complexity
theory,\textquotedblright\ discussed in Section \ref{IRONIC}. \ What I've been
calling \textquotedblleft irony\textquotedblright\ in this survey, Mulmuley
calls \textquotedblleft The Flip\textquotedblright\ \cite{mulmuley:flip}: that
is, flipping lower-bound problems into upper-bound problems, which we have a
much better chance of solving.
Stepping back from the specifics of GCT, Mulmuley's view is that, before we
prove (say) $\mathsf{NP}\not \subset \mathsf{P/poly}$, a natural intermediate
goal is to find an algorithm $A$\ that takes a positive integer $n$ as input,
runs for $n^{O\left( 1\right) }$ time (or even $\exp\left( n^{O\left(
1\right) }\right) $\ time), and then outputs a proof that \textsc{3Sat}%
\ instances of size $n$ have no circuits of size $m$, for some superpolynomial
function $m$. \ Such an algorithm wouldn't immediately prove $\mathsf{NP}%
\not \subset \mathsf{P/poly}$, because we might still not know how to prove
that $A$ succeeded for every $n$. \ Even so, it would clearly be a titanic
step forward, since we could run $A$ and check that it \textit{did} succeed
for every $n$ we chose, perhaps even for $n$'s in the billions. \ At that
point, we could say either that $\mathsf{NP}\not \subset \mathsf{P/poly}$, or
else that $\mathsf{NP}\subset\mathsf{P/poly}$ only \textquotedblleft kicks
in\textquotedblright\ at such large values of $n$ as to have few or no
practical consequences. \ Furthermore, Mulmuley argues, we'd then be in a much
better position to prove $\mathsf{NP}\not \subset \mathsf{P/poly}$\ outright,
since we'd \textquotedblleft merely\textquotedblright\ have to analyze $A$,
whose very existence would obviously encode enormous insight about the
problem, and prove that it worked for all $n$.\footnote{A very loose analogy:
well before Andrew Wiles proved Fermat's Last Theorem \cite{wiles}, that
$x^{n}+y^{n}=z^{n}$\ has no nontrivial integer solutions for any $n\geq3$,
number theorists knew a reasonably efficient algorithm that took an exponent
$n$ as input, and that (in practice, in all the cases that were tried) proved
FLT for that $n$. \ Using that algorithm, in 1993---just before Wiles
announced his proof---Buhler et al.\ \cite{buhler}\ proved FLT for all $n$ up
to $4$ million.}
There has indeed been progress in finding efficient algorithms to compute the
multiplicities of irreps, though the state-of-the-art is still extremely far
from what GCT would need. \ To give an example,
a\ \textit{Littlewood-Richardson coefficient}\ is the multiplicity of a given
irrep in a tensor product of two irreps of the general linear group
$\operatorname*{GL}_{n}\left( \mathbb{C}\right) $. \ In GCT3 \cite{gct3},
Mulmuley et al.\ observed that a result of Knutson and Tao \cite{knutsontao}%
\ implies that one can use linear programming, not necessarily to compute
Littlewood-Richardson coefficients in polynomial time, but at least to decide
whether they're positive or zero.\footnote{As pointed out in Section
\ref{COUNTING}, there are other cases in complexity theory where deciding
positivity is much easier than counting: for example, deciding whether a graph
has at least one perfect matching (counting the \textit{number} of perfect
matchings is $\mathsf{\#P}$-complete).} \ B\"{u}rgisser and Ikenmeyer
\cite{bi:positivity} later gave a faster polynomial-time algorithm for the
same problem; theirs was purely combinatorial and based on maximum flow.
Note that, even if we only had efficient algorithms for positivity, those
would still be useful for finding so-called \textit{occurrence obstructions}:
that is, irreps $\rho$\ such that $\lambda_{\operatorname*{Per}}\left(
\rho\right) >0$ even though $\lambda_{\operatorname*{Det}}\left(
\rho\right) =0$. \ Thus, the \textquotedblleft best-case
scenario\textquotedblright\ for GCT would be for the permanent's hardness to
be witnessed not just by any obstructions, but by occurrence obstructions.
\ As we'll see, in a recent breakthrough, this \textquotedblleft best-case
scenario\textquotedblright\ has been ruled out \cite{ikenmeyerpanova,bip}.
In many cases, we don't even know yet how to represent the multiplicity of an
irrep as a $\mathsf{\#P}$ function: at best, we can represent it as a
\textit{difference} between two $\mathsf{\#P}$\ functions. \ In those cases,
research effort in GCT has sought to give \textquotedblleft positive
formulas\textquotedblright\ for the multiplicities: in other words, to
represent them as sums of exponentially many \textit{nonnegative} terms, and
thereby place their computation in $\mathsf{\#P}$ itself. \ The hope is that a
$\mathsf{\#P}$ formula could be a first step toward a polynomial-time
algorithm to decide positivity. \ To illustrate, Blasiak et al.\ gave a
$\mathsf{\#P}$\ formula for \textquotedblleft two-row Kronecker
coefficients\textquotedblright\ in GCT4 \cite{gct4}, while Ikenmeyer,
Mulmuley, and Walter \cite{imw}\ did so for a different subclass of Kronecker coefficients.
\subsubsection{\label{GCTPNP}GCT and $\mathsf{P}\protect\overset{?}{=}%
\mathsf{NP}$}
Suppose---let's dream---that everything above worked out perfectly. \ That is,
suppose GCT led to the discovery of explicit obstructions for embedding the
padded permanent into the determinant, and thence to a proof of Valiant's
Conjecture \ref{valiantconj}. \ How would GCT go even further, to prove
$\mathsf{P}\neq\mathsf{NP}$?
The short answer is that Mulmuley and Sohoni \cite{gct1} defined an
$\mathsf{NP}$\ function called $E$, as well as a $\mathsf{P}$%
-complete\footnote{A language $L$ is called $\mathsf{P}$-\textit{complete}\ if
(1) $L\in\mathsf{P}$, and (2) every $L^{\prime}\in\mathsf{P}$\ can be reduced
to $L$ by some form of reduction weaker than arbitrary polynomial-time ones
($\mathsf{LOGSPACE}$ reductions are often used for this purpose).} function
called $H$, and showed them to be characterized by symmetries in only a
slightly weaker sense than the permanent and determinant are. \ The $E$ and
$H$ functions aren't nearly as natural as the permanent and determinant, but
they suffice to show that $\mathsf{P}\neq\mathsf{NP}$\ could in principle be
proven by finding explicit representation-theoretic obstructions, which in
this case would be representations associated with the orbit of $E$\ but not
with the orbit of $H$. \ Alas, because $E$\ and $H$\ are functions over a
\textit{finite} field $\mathbb{F}_{q}$ rather than over $\mathbb{C}$, the
relevant algebraic geometry and representation theory would all be over finite
fields as well. \ This leads to mathematical questions even less
well-understood (!) than the ones discussed earlier, providing some additional
support for the intuition that proving $\mathsf{P}\neq\mathsf{NP}$\ should be
\textquotedblleft even harder\textquotedblright\ than proving Valiant's Conjecture.
For illustration, let me now define Mulmuley and Sohoni's $E$ function. \ Let
$X_{0}$\ and $X_{1}$\ be two $n\times n$ matrices\ over the finite field
$\mathbb{F}_{q}$. \ Also, given a binary string $s=s_{1}\cdots s_{n}$, let
$X_{s}$\ be the $n\times n$\ matrix obtained by choosing the $i^{th}$\ column
from $X_{0}$\ if $s_{i}=0$ or from $X_{1}$\ if $s_{i}=1$ for all $i\in\left\{
1,\ldots,n\right\} $. \ We then set%
\[
F\left( X_{0},X_{1}\right) :=\prod_{s\in\left\{ 0,1\right\} ^{n}%
}\operatorname*{Det}\left( X_{s}\right) ,
\]
and finally set%
\[
E\left( X_{0},X_{1}\right) :=1-F\left( X_{0},X_{1}\right) ^{q-1}%
\]
to obtain a function in $\left\{ 0,1\right\} $. \ Testing whether $E\left(
X_{0},X_{1}\right) =1$\ is clearly an $\mathsf{NP}$\ problem, since an
$\mathsf{NP}$\ witness is a single $s$\ such that $\operatorname*{Det}\left(
X_{s}\right) =0$. \ Furthermore, Gurvits \cite{gurvits:alg}\ showed that, at
least over $\mathbb{Z}$, testing whether $F\left( X_{0},X_{1}\right) =0$\ is
$\mathsf{NP}$-complete. \ Interestingly, it's not known whether $E$\ itself is
$\mathsf{NP}$-complete---though of course, to prove $\mathsf{P}\neq
\mathsf{NP}$, it would suffice to put any $\mathsf{NP}$\ problem outside
$\mathsf{P}$, not necessarily an $\mathsf{NP}$-complete\ one.
The main result about $E$\ (or rather $F$) is the following:
\begin{theorem}
[{see Grochow \cite[Proposition 3.4.6]{grochow:thesis}}]\label{symf}Let
$p:\mathbb{F}_{q}^{2n^{2}}\rightarrow\mathbb{F}_{q}$ be any homogeneous,
degree-$n2^{n}$ polynomial in the entries of $X_{0}$\ and $X_{1}$\ that's
divisible by $\operatorname*{Det}\left( X_{0}\right) \operatorname*{Det}%
\left( X_{1}\right) $, and suppose every linear symmetry of\ $F$\ is also a
linear symmetry of $p$. \ Then $p\left( X_{0},X_{1}\right) =\alpha F\left(
X_{0},X_{1}\right) $ for some $\alpha\in\mathbb{F}_{q}$.
\end{theorem}
The proof of Theorem \ref{symf} involves some basic algebraic geometry. \ Even
setting aside GCT, it would be interesting to know whether the existence of a
plausibly-hard $\mathsf{NP}$\ problem that's characterized by its symmetries
had direct complexity-theoretic applications.
One last remark: for some complexity classes, such as $\mathsf{BQP}$, we
currently lack candidate problems characterized by their symmetries, so even
by the speculative standards of this section, it's unclear how GCT could be
used to prove (say) $\mathsf{P}\neq\mathsf{BQP}$\ or $\mathsf{NP}%
\not \subset \mathsf{BQP}$.
\subsubsection{Reports from the Trenches\label{TRENCHES}}
In the past few years, there's been a surprising amount of progress on
resolving the truth or falsehood of some of GCT's main hypotheses, and on
relating GCT to mainstream complexity theory. \ This section relays some
highlights from the rapidly-evolving story.
Alas, the news has been sharply negative for the \textquotedblleft
simplest\textquotedblright\ way GCT could have worked: namely, by finding
occurrence obstructions. \ In a 2016 breakthrough, B\"{u}rgisser, Ikenmeyer,
and Panova \cite{bip}, building on slightly earlier work by Ikenmeyer and
Panova \cite{ikenmeyerpanova}, showed that one can't use occurrence
obstructions to separate $\chi_{\operatorname*{Per},m,n}$\ from $\chi
_{\operatorname*{Det},m}$, for $m$\ superpolynomially larger than $n$. \ That
is, any irrep that occurs at least once in the padded permanent representation
$\rho_{\operatorname*{Per}}$, also occurs at least once in the determinant
representation $\rho_{\operatorname*{Det}}$.
Particularly noteworthy is one aspect of the proof of this result. \ The
authors assume by contradiction that an occurrence obstruction exists, to
separate $\chi_{\operatorname*{Per},m,n}$\ from $\chi_{\operatorname*{Det},m}%
$\ for some fixed $n$\ and $m$. \ They then show inductively that there would
also be obstructions proving $\chi_{\operatorname*{Per},m,n}\not \subset
\chi_{\operatorname*{Det},m}$\ for larger and larger $m$---until finally, one
would have a contradiction with (for example) Theorem \ref{grenetthm}, the
result of Grenet \cite{grenet}\ showing that\ $\chi_{\operatorname*{Per}%
,2^{n}-1,n}\subseteq\chi_{\operatorname*{Det},2^{n}-1}$. \ This underscores
one of the central worries about GCT since the beginning: namely, how is this
approach sensitive to the \textit{quantitative} nature of the permanent versus
determinant problem? \ What is it that would break down, if one tried to use
GCT to prove lower bounds so aggressive that they were actually false? \ In
the case of occurrence obstructions, the answer turns out to be that nothing
would break down.
On the positive side, Ikenmeyer, Mulmuley, and Walter \cite{imw} showed that
there are superpolynomially many Kronecker coefficients that \textit{do}
vanish, thereby raising hope that occurrence obstructions might exist after
all, if not for permanent versus determinant then perhaps for other problems.
\ Notably, they proved this result by first giving a $\mathsf{\#P}$\ formula
for the relevant class of Kronecker coefficients, thereby illustrating the GCT
strategy of first looking for algorithms and only later looking for the
obstructions themselves.
Also on the positive side, Landsberg and Ressayre \cite{landsbergressayre}%
\ recently showed that Theorem \ref{grenetthm}---the embedding of $n\times
n$\ permanents into $\left( 2^{n}-1\right) \times\left( 2^{n}-1\right)
$\ determinants due to Grenet \cite{grenet}---is \textit{exactly optimal}
among all embeddings that respect left-multiplication by permutation and
diagonal matrices (thus, roughly half the symmetry group of the $n\times
n$\ permanent), as Grenet's embedding turns out to do.
We also now know that the central property of the permanent and determinant
that GCT seeks to exploit---namely, their characterization by
symmetries---does indeed have complexity-theoretic applications. \ In
particular, Mulmuley \cite{mulmuley:flip}\ observed that one can use the
symmetry-characterization of the permanent to give a different, and in some
ways nicer, proof of the classic result of Lipton \cite{lipton}\ that the
permanent is \textit{self-testable}: that is, given a circuit $C$ that's
alleged to compute $\operatorname*{Per}\left( X\right) $, in randomized
polynomial time one can either verify that $C\left( X\right)
=\operatorname*{Per}\left( X\right) $\ for most matrices $X$, or else find a
counterexample where $C\left( X\right) \neq\operatorname*{Per}\left(
X\right) $.\footnote{This result of Lipton's provided the germ of the proof
that\ $\mathsf{IP}=\mathsf{PSPACE}$; see Section \ref{IPPSPACE}. \ Mulmuley's
test improves over Lipton's by, for example, requiring only nonadaptive
queries to $C$ rather than adaptive ones.} \ Subsequently, Kayal \cite{kayal}
took Mulmuley's observation further to prove the following.
\begin{theorem}
[Kayal \cite{kayal}]\label{kayalthm}Let $n=d^{2}$, and suppose we're given
black-box access to a degree-$d$ polynomial $p:\mathbb{F}^{n}\rightarrow
\mathbb{F}$, for some field $\mathbb{F}$. \ Suppose also that we're promised
that $p\left( X\right) =\operatorname*{Per}\left( L\left( X\right)
\right) $, where $L$\ is a $d\times d$\ matrix of affine forms in the
variables $X=\left( x_{1},\ldots,x_{n}\right) $, and the mapping
$X\rightarrow L\left( X\right) $\ is invertible (that is, has rank $n$).
\ Then there's a randomized algorithm, running in $n^{O\left( 1\right) }%
$\ time, that actually finds an $L$\ such that $p\left( X\right)
=\operatorname*{Per}\left( L\left( X\right) \right) $. \ The same holds if
$p\left( X\right) =\operatorname*{Det}\left( L\left( X\right) \right) $.
\end{theorem}
In the same paper \cite{kayal}, Kayal showed that if $q$ is an
\textit{arbitrary} polynomial, then deciding whether there exist $A$ and $b$
such that $p\left( x\right) =q\left( Ax+b\right) $ is $\mathsf{NP}$-hard.
\ So what is it about the permanent and determinant that made the problem so
much easier? \ The answer turns out to be their symmetry-characterization,
along with more specific properties of the Lie algebras of the stabilizer
groups of $\operatorname*{Per}$\ and $\operatorname*{Det}$.
For more about the algorithmic consequences of symmetry-characterization, see
for example Grochow \cite[Chapter 4]{grochow:thesis},\ who also partially
derandomized Kayal's algorithm and applied it to other problems such as matrix
multiplication. \ In my view, an exciting challenge is to use the
symmetry-characterization of the permanent, or perhaps of the $E$ function
from Section \ref{GCTPNP}, to prove other new complexity
results---\textit{not} necessarily circuit lower bounds---that hopefully evade
the relativization and algebrization barriers.
We also now know that nontrivial circuit lower bounds---albeit, not
state-of-the-art ones---can indeed be proved by finding
representation-theoretic obstructions, as GCT proposed. \ Recall from Section
\ref{PROG}\ that the \textit{rank} of a $3$-dimensional tensor $A\in
\mathbb{F}^{n\times n\times n}$ is the smallest $r$\ such that $A$\ can be
written as the sum of $r$\ rank-one tensors, $t_{ijk}=x_{i}y_{j}z_{k}$. \ If
$\mathbb{F}$\ is a continuous field like $\mathbb{C}$, then we can also define
the \textit{border rank} of $A$ to be the smallest $r$ such that $A$ can be
written as the \textit{limit} of rank-$r$ tensors. \ It's known that border
rank can be strictly less than rank.\footnote{A standard example is the
$2\times2\times2$\ tensor whose $\left( 2,1,1\right) $, $\left(
1,2,1\right) $, and $\left( 1,1,2\right) $ entries are all $1$, and whose
$5$\ remaining entries are all $0$. \ One can check that this tensor has a
rank of $3$ but border rank of $2$.} \ Border rank was introduced in 1980 by
Bini, Lotti, and Romani \cite{blr} to study matrix multiplication algorithms:
indeed, one could call that the first appearance of orbit closures in
computational complexity, decades before GCT.
More concretely, the $n\times n$ \textit{matrix multiplication tensor}, say
over $\mathbb{C}$, is defined to be the $3$-dimensional tensor $M_{n}%
\in\mathbb{C}^{n^{2}\times n^{2}\times n^{2}}$\ whose $\left( i,j\right)
,\left( j,k\right) ,\left( i,k\right) $\ entries are all $1$, and whose
remaining $n^{6}-n^{3}$\ entries are all $0$. \ In 1973, Strassen
\cite{strassen:tensor}\ proved a key result connecting the rank of $M_{n}$\ to
the complexity of matrix multiplication:
\begin{theorem}
[Strassen \cite{strassen:tensor}]The rank of $M_{n}$\ equals the minimum
number of nonscalar multiplications in any arithmetic circuit that multiplies
two $n\times n$\ matrices.
\end{theorem}
As an immediate corollary, the border rank of $M_{n}$\ lower-bounds the
arithmetic circuit complexity of $n\times n$\ matrix multiplication. \ Bini
\cite{bini}\ showed, moreover, that the exponent $\omega$\ of matrix
multiplication is the same if calculated using rank or border rank---so in
that sense, the two are asymptotically equal.
In a tour-de-force, in 2004 Landsberg \cite{landsberg:border}\ proved that the
border rank of $M_{2}$\ is $7$, using differential geometry methods. \ A
corollary was that any procedure to multiply two $2\times2$\ matrices requires
at least $7$ nonscalar multiplications, precisely matching the upper bound
discovered by Strassen \cite{strassen} in 1969. \ (The trivial upper bound is
$8$ multiplications.) \ More recently, Hauenstein, Ikenmeyer, and Landsberg
\cite{hil}\ reproved the \textquotedblleft border rank is $7$%
\textquotedblright\ result, using methods that are more explicit and closer to
GCT (but that still don't yield multiplicity obstructions).
Then, in 2013, B\"{u}rgisser and Ikenmeyer \cite{bi:explicit} proved a border
rank lower bound that \emph{did} yield representation-theoretic embedding obstructions.
\begin{theorem}
[B\"{u}rgisser and Ikenmeyer \cite{bi:explicit}]There are
representation-theoretic (GCT) occurrence obstructions that witness that the
border rank of $M_{n}$\ is at least $\frac{3}{2}n^{2}-2$.\footnote{On the
other hand, B\"{u}rgisser and Ikenmeyer \cite{bi:explicit}\ also showed that
this is essentially the best lower bound achievable using their techniques.}
\end{theorem}
By comparison, the state-of-the-art lower bound on the border rank of matrix
multiplication---but without multiplicity or occurrence obstructions---is the following.
\begin{theorem}
[Landsberg and Ottaviani \cite{landsbergotta}]The border rank of $M_{n}$\ is
at least $2n^{2}-n$.\footnote{Recently, Landsberg and Michalek
\cite{landsbergmichalek}\ improved this slightly, to $2n^{2}-\left\lceil
\log_{2}n\right\rceil -1$.}
\end{theorem}
Since both lower bounds are still quadratic, neither of them shows that matrix
multiplication requires more than $\sim n^{2}$\ time, but it's interesting to
see what bound one can currently achieve when one insists on GCT obstructions,
compared to when one doesn't insist on them.\footnote{Of course, this
situation raises the possibility that even if representation-theoretic
obstructions \textit{do} exist, proving their existence could be \textit{even
harder} than proving complexity class separations in some more direct way.
\ One possible \textquotedblleft failure mode\textquotedblright\ for GCT is
that, after decades of struggle, mathematicians and computer scientists
finally prove Valiant's Conjecture and $\mathsf{P}\neq\mathsf{NP}$---and then,
after \textit{further} decades of struggle, it's shown that GCT could've
proven these results as well (albeit with quantitatively weaker bounds).}
Meanwhile, in a 2014 paper, Grochow \cite{grochow:unifying} has convincingly
argued\ that most known circuit lower bounds (though not all of them) can be
put into a \textquotedblleft broadly GCT-like\textquotedblright\ format. \ In
particular, the $\mathsf{AC}^{0}$ and $\mathsf{AC}^{0}\left[ p\right]
$\ lower bounds of Sections \ref{SMALLDEPTH}\ and \ref{POLYMETH}, the
embedding lower bound of Mignon and Ressayre (Theorem \ref{mrthm}), the lower
bounds for small-depth arithmetic circuits and multilinear formulas of Section
\ref{ACLB}, and many other results can each be seen as constructing a
\textit{separating module}: that is, a \textquotedblleft big
polynomial\textquotedblright\ that takes as input the coefficients of an input
polynomial, that vanishes for all polynomials in some complexity class
$\mathcal{C}$, but that doesn't vanish for a polynomial $q$\ for which we're
proving that $q\notin\mathcal{C}$.
It's important to understand that Grochow didn't show that the known circuit
lower bounds yield \textit{representation-theoretic} obstructions, only that
they yield separating modules. \ Thus, he showed that these results fit into
the \textquotedblleft GCT program\textquotedblright\ under a very broad
definition, but not under a narrower definition.
Interestingly, the lower bounds that \textit{don't} fit into the separating
module format---such as $\mathsf{MA}_{\mathsf{EXP}}\not \subset
\mathsf{P/poly}$\ (Theorem \ref{bfttheorem}) and $\mathsf{NEXP}\not \subset
\mathsf{ACC}$ (Theorem \ref{ryanthm})---essentially all use diagonalization as
a key ingredient. \ From the beginning, this was understood to be a major
limitation of the GCT framework: that it seems unable to capture
diagonalization. \ A related point is that GCT, as it stands, has no way to
take advantage of \textit{uniformity}: for example, no way to prove
$\mathsf{P}\neq\mathsf{NP}$, without also proving the stronger result
$\mathsf{NP}\not \subset \mathsf{P/poly}$. \ However, given that we can prove
$\mathsf{P}\neq\mathsf{EXP}$ but can't even prove $\mathsf{NEXP}%
\not \subset \mathsf{TC}^{0}$ (where $\mathsf{TC}^{0}$\ means the nonuniform
class), it seems conceivable that uniformity could help in proving
$\mathsf{P}\neq\mathsf{NP}$.
\subsubsection{The Lessons of GCT\label{LESSONS}}
Expert opinion is divided about GCT's prospects. \ Some feel that GCT does
little more than take complicated questions and make them even more
complicated---and are emboldened in their skepticism by the recent no-go
results \cite{ikenmeyerpanova,bip}. \ Others feel that GCT is a natural and
reasonable approach, and that the complication is an inevitable byproduct of
finally grappling with the real issues. \ Of course, one can also
\textquotedblleft cheer GCT from the sidelines\textquotedblright\ without
feeling prepared to work on it oneself, particularly given the unclear
prospects for any computer-science payoff in the foreseeable future.
\ (Mulmuley once told me he thought it would take a hundred years until GCT
led to major complexity class separations, and he's the \textit{optimist}!)
Personally,\ I'd call myself a qualified fan of GCT, in much the same way and
for the same reasons that I'm a qualified fan of string theory. \ I think all
complexity theorists should learn something about GCT---for one thing, because
it has general lessons for the quest to prove $\mathsf{P}\neq\mathsf{NP}$,
\textit{even if }it ends up not succeeding, or evolving still further away
from the original Mulmuley-Sohoni vision. \ This section is devoted to what I
believe those lessons are.
A first lesson is that we can in principle evade the relativization,
algebrization, and natural proofs barriers by using the existence of complete
problems with special properties: as a beautiful example, the property of
being \textquotedblleft characterized by symmetries,\textquotedblright\ which
the permanent and determinant both enjoy.\ \ A second lesson is that
\textquotedblleft ironic complexity theory\textquotedblright\ has even further
reach than one might have thought: one could use the existence of surprisingly
fast algorithms, not merely to show that certain complexity collapses would
violate hierarchy theorems, but also to help \textit{find certificates} that
problems are hard. \ A third lesson is that there's at least one route by
which a circuit lower bound proof would need to know about\ huge swathes of
\textquotedblleft traditional, continuous\textquotedblright\ mathematics, as
many computer scientists have long suspected (or feared!).
But none of those lessons really gets to the core of the matter. \ One of the
most striking features of GCT is that, even as the approach stands today, it
\textquotedblleft knows\textquotedblright\ about various nontrivial problems
in $\mathsf{P}$, such as maximum flow and linear programming (because they're
involved in deciding whether the multiplicities of irreps are nonzero). \ We
knew, of course, that any proof of $\mathsf{P}\neq\mathsf{NP}$ would need to
\textquotedblleft know\textquotedblright\ that linear programming, matching,
and so on are in $\mathsf{P}$ and are therefore different from \textsc{3Sat}.
\ (Indeed, that's one way to express the main difficulty of the $\mathsf{P}%
\overset{?}{=}\mathsf{NP}$ problem.) \ So the fact that GCT knows about all
these polynomial-time algorithms seems reassuring. \ But what's strange is
that GCT seems to know the \textit{upper} bounds, not the lower bounds---the
power of the algorithms, but not their limitations! \ In other words, consider
a hypothetical proof of $\mathsf{P}\neq\mathsf{NP}$ using GCT. \ If we ignore
the details, and look from a distance of a thousand miles, the proof seems to
be telling us not: \textquotedblleft You see how weak $\mathsf{P}$ is? \ You
see all these problems it can't solve?\textquotedblright\ but rather,
\textquotedblleft You see how strong $\mathsf{P}$ is? \ You see all these
amazing, nontrivial problems it \textit{can} solve?\textquotedblright\ \ The
proof would seem to building up an impressive case for the wrong side of the argument!
One response would be to point out that this is math, not a courtroom debate,
and leave it at that. \ But perhaps one can do better. \ Let $A$ be a
hypothetical problem, like matching or linear programming, that's in
$\mathsf{P}$ for a nontrivial reason, and that's also definable purely in
terms of its symmetries, as the permanent and determinant are. \ Then we can
define an orbit closure $\chi_{A}$, which captures all problems reducible to
$A$. \ By assumption, $\chi_{A}$ must be contained in $\chi_{\mathsf{P}}$, the
orbit closure corresponding to a $\mathsf{P}$-complete problem, such as
Mulmuley and Sohoni's $H$ function (see Section \ref{GCTPNP}). \ And hence,
there must \textit{not} be any representation-theoretic obstruction to such a
containment. \ In other words, if we were to compute the multiplicities
$m_{1},m_{2},\ldots$ of all the irreps in the representation associated with
$\chi_{A}$, as well as the multiplicities $n_{1},n_{2},\ldots$ of the irreps
associated with $\chi_{\mathsf{P}}$, we'd necessarily find that $m_{i}\leq
n_{i}$ for all $i$. \ Furthermore, by the general philosophy of GCT, once we
had our long-sought explicit formulas for these multiplicities, we might well
be able to use those formulas to \textit{prove} the above inequalities.
Now let's further conjecture---following GCT2 \cite{gct2}---that the orbit
closures $\chi_{A}$ and $\chi_{\mathsf{P}}$ are completely captured by their
representation-theoretic data. In that case, by showing that there's no
representation-theoretic obstruction to $\chi_{A}\subseteq\chi_{\mathsf{P}}$,
we would have proved, nonconstructively, that there \textit{exists} a
polynomial-time algorithm for $A$! \ And for that reason, we shouldn't be
surprised if the algorithmic techniques that are used to solve $A$ (matching,
linear programming, or whatever) have already implicitly appeared in getting
to this point. \ Indeed, we should be worried if they didn't
appear.\footnote{It would be interesting to find a function in $\mathsf{P}$,
more natural than the $\mathsf{P}$-complete $H$ function, that's completely
characterized by its symmetries, and then try to understand explicitly why
there's no representation-theoretic obstruction to that function's orbit
closure being contained in $\chi_{\mathsf{P}}$---something we already know
must be true.}
More broadly, people sometimes stress that $\mathsf{P}\neq\mathsf{NP}$ is a
\textquotedblleft universal mathematical statement\textquotedblright: it says
there's no polynomial-time algorithm for \textsc{3Sat}, no matter which area
of math we use to construct such an algorithm. \ And thus, the argument goes,
we shouldn't be shocked if nearly every area of math ends up playing some role
in the proof.
It will immediately be objected that there are other \textquotedblleft
universal mathematical statements\textquotedblright---for example, G\"{o}del's
Incompleteness Theorem, or the unsolvability of the halting problem---that are
nevertheless easy to prove, that don't require anything \textit{close} to
every area of math. \ But we might make the analogy that proving the
unsolvability of the halting problem is like proving that the first player has
a forced win in the game of Hex, which Piet Hein invented in 1942 and John
Nash independently invented in 1947 \cite{nash:hex}.\footnote{The game of Hex
involves two players who take turns placing white and black stones
respectively on a lattice of hexagons. \ White (which moves first) wins if it
manages to connect the left and right sides of the lattice by a path of white
stones, while Black wins if it connects the top and bottom by a path of black
stones. \ (Note that one of the two must happen.)
\par
As John Nash observed, there's a breathtakingly easy proof that White has a
forced win in this game. \ Namely, suppose by contradiction that Black had the
win. \ Then White could place a stone arbitrarily on its first move,
\textit{and thereafter simulate Black's winning strategy}. \ The key
observation is that the stone White placed in its first move will never
actually hurt it: if Black's stolen strategy calls for White to place a second
stone there, then White can simply place a stone anywhere else instead.} \ In
both cases, there's a clever gambit---diagonalization in the one case,
\textquotedblleft strategy-stealing\textquotedblright\ in the other---that
lets us cut through what looks at first like a terrifyingly complex problem,
and reason about it in a clean, abstract way. \ By contrast, proving
$\mathsf{P}\neq\mathsf{NP}$\ seems more like proving that White has the win in
chess. \ Here the opening gambit fails, so (to switch metaphors) we're thrown
immediately into the deep end of the pool, into considering \textit{this} way
Black could win, and \textit{that} one, and \textit{that} one; or into
considering an immense list of possible polynomial-time algorithms for
\textsc{3Sat}.
Now, a natural reaction to this observation would be, not awe at the
profundity of $\mathsf{P}\overset{?}{=}\mathsf{NP}$, but rather despair.
\ Since math is infinite, and since the possible \textquotedblleft ideas for
polynomial-time algorithms\textquotedblright\ are presumably unbounded, why
doesn't the \textquotedblleft universality\textquotedblright\ of
$\mathsf{P}\overset{?}{=}\mathsf{NP}$\ mean that the task of proving could go
on forever? \ At what point can we ever say \textquotedblleft enough! we've
discovered enough polynomial-time algorithms; now we're ready to flip things
around and proceed to proving $\mathsf{P}\neq\mathsf{NP}$\textquotedblright?
The earlier considerations about $\chi_{A}$ and $\chi_{\mathsf{P}}$ suggest
one possible answer to this question. \ Namely, we're ready to stop when we've
discovered nontrivial polynomial-time algorithms, not for all problems in
$\mathsf{P}$, but for \textit{all problems in} $\mathsf{P}$ \textit{that are
characterized by their symmetries}. \ For let $B$ be a problem in $\mathsf{P}$
that isn't characterized by symmetries. \ Then the orbit closure $\chi_{B}$ is
contained in $\chi_{\mathsf{P}}$, and if we could \textit{prove} that
$\chi_{B}\subseteq\chi_{\mathsf{P}}$, then we would've nonconstructively shown
the existence of a polynomial-time algorithm for $B$. \ But our hypothetical
$\mathsf{P}\neq\mathsf{NP}$\ proof doesn't need to know about that. \ For
since $B$ isn't characterized by symmetries, the GCT arguments aren't going to
be able to prove $\chi_{B}\subseteq\chi_{\mathsf{P}}$ anyway.
The above would seem to motivate an investigation of which functions in
$\mathsf{P}$ (or $\mathsf{NC}^{1}$, etc.) can be characterized by their
symmetries. \ If GCT can work at all, then the set of such functions, while
presumably infinite, ought to be classifiable into a finite number of
families. \ The speculation suggests itself that these families might roughly
correspond to the different algorithmic techniques: Gaussian elimination,
matching, linear programming, etc., and of course whatever other techniques
haven't yet been discovered. \ As a concrete first step toward these lofty
visions, it would be interesting to find some example of a function in
$\mathsf{P}$\ that's characterized by its symmetries, like the determinant is,
and that's in $\mathsf{P}$ only because of the existence of nontrivial
polynomial-time algorithms for (say) matching or linear programming.
\subsubsection{The Only Way?\label{ASSESS}}
In recent years, Mulmuley has advanced the following argument
\cite{mulmuley:flip,mulmuley:cacm,mulmuley:jacm}:\ even if GCT isn't literally
the \textit{only} way forward on $\mathsf{P\overset{?}{=}NP}$, still, the
choice of GCT to go after explicit obstructions is in some sense
\textit{provably unavoidable}---and furthermore, GCT is the \textquotedblleft
simplest\textquotedblright\ approach to finding the explicit obstructions, so
Occam's Razor all but forces us to try GCT first. \ I agree that GCT
represents a natural attack plan. \ But I disagree with the claim that we have
any theorem telling us that GCT's choices are inevitable, or \textquotedblleft
basically\textquotedblright\ inevitable. \ In this section, I'll explain why.
We can identify at least four major successive decisions that GCT makes:
\begin{enumerate}
\item[(1)] To prove $\mathsf{P}\neq\mathsf{NP}$, we should start by proving
Valiant's Conjecture \ref{valiantconj}.
\item[(2)] To prove Valiant's Conjecture, the natural approach is to prove
Conjecture \ref{gctconj}, about orbit closures.
\item[(3)] To prove Conjecture \ref{gctconj}, the natural approach is to find
explicit representation-theoretic embedding obstructions.
\item[(4)] To find those obstructions, we should start by finding faster
algorithms (or algorithms in lower complexity classes) to learn about the
multiplicities of irreps.
\end{enumerate}
All four decisions are defensible, but not one is obvious. \ And of course,
even if every proposition in a list had good probability individually (or good
probability conditioned on its predecessors), their conjunction could have
probability close to zero!
As we saw in Section \ref{ALGLB}, decision (1) predates GCT by decades, so
there's no need to revisit it here. \ Meanwhile, decision (2) seems to involve
only a small strengthening of what needs to be proved, in return for a large
gain in elegance. \ But there's plenty to question about decisions (3) and (4).
Regarding (3): we saw, in Section \ref{TRENCHES}, that even if a given
embedding of orbit closures is impossible, the reason might simply not be
reflected in representation theory---and even if it is, it might be
\textit{harder} to prove that there's a representation-theoretic obstruction
than that there's some other obstruction, and one might get only a weaker
lower bound that way. \ At least, that's what seems to be true so far with the
border rank of the matrix multiplication tensor. \ This is an especially acute
concern because of the recent work of B\"{u}rgisser, Ikenmeyer, and Panova
\cite{bip}, discussed earlier, which destroys the hope of finding occurrence
obstructions (rather than the more general multiplicity obstructions) to
separate the permanent from the determinant.
But let me concentrate on (4). \ Is it clear that we must, in Mulmuley's
words, \textquotedblleft go for explicitness\textquotedblright: that is, look
for an efficient\ algorithm that takes a specific $n$ and $m$ as input, and
tries to find a witness that it's impossible to embed the padded $n\times
n$\ permanent into the $m\times m$\ determinant? \ Why not just look directly
for a \textit{proof}, which (if we found it) would work for arbitrary $n$ and
$m=n^{O\left( 1\right) }$?
Mulmuley's argument for explicitness rests on what he calls the
\textquotedblleft flip theorems\textquotedblright\ \cite{mulmuley:flip}.
\ These theorems, in his interpretation, assert that \textit{any} successful
approach to circuit lower bounds (not just GCT) will yield explicit
obstructions as a byproduct. \ And thus, all GCT is doing is bringing into the
open what any proof of Valiant's Conjecture or $\mathsf{NP}\not \subset
\mathsf{P/poly}$\ will eventually need to confront anyway.
Let me now state some of the flip theorems. \ First, building on a 1996
learning algorithm of Bshouty et al.\ \cite{bshouty}, in 2003 Fortnow, Pavan,
and Sengupta showed that, if $\mathsf{NP}$-complete problems are hard at all,
then there must be short lists of instances that cause all small circuits to fail.
\begin{theorem}
[Fortnow, Pavan, and Sengupta \cite{fps}]\label{fpsthm}Suppose $\mathsf{NP}%
\not \subset \mathsf{P/poly}$. \ Then for every $n$ and $k$, there's a list
of\ \textsc{3Sat}\ instances\ $\varphi_{1},\ldots,\varphi_{\ell}$, of length
at most $\ell=n^{O\left( 1\right) }$, such that every circuit $C$\ of size
at most $n^{k}$\ fails to decide at least one $\varphi_{i}$\ in the list.
\ Furthermore, such a list can be found in the class $\mathsf{BPP}%
^{\mathsf{NP}}$: that is, by a probabilistic polynomial-time Turing machine
with an $\mathsf{NP}$\ oracle.\footnote{In fact, the list can be found in the
class $\mathsf{ZPP}^{\mathsf{NP}}$, where $\mathsf{ZPP}$\ stands for
Zero-Error Probabilistic Polynomial-Time. \ This means that, whenever the
randomized algorithm succeeds in constructing the list, it's \textit{certain}
that it's done so. \ (Note that referring to $\mathsf{BPP}^{\mathsf{NP}}$ and
$\mathsf{ZPP}^{\mathsf{NP}}$\ here is strictly an abuse of notation, since
these are classes of decision problems---but theoretical computer scientists
will typically perpetrate such abuses when there's no risk of confusion.)}
\end{theorem}
Atserias \cite{atserias} showed that, in the statement of Theorem
\ref{fpsthm}, we can also swap the $\mathsf{NP}$\ oracle for the circuit
$C$\ itself: in other words, the list $\varphi_{1},\ldots,\varphi_{\ell}$\ can
also be found in $\mathsf{BPP}^{C}$, in probabilistic polynomial time with a
$C$-oracle.
Likewise, if the permanent is hard, then there must be short lists of matrices
that cause all small arithmetic circuits to fail---and here the lists are much
easier to find than they are in the Boolean case.
\begin{theorem}
[Mulmuley \cite{mulmuley:flip,mulmuley:jacm}]\label{flipthm}Suppose Valiant's
Conjecture \ref{valiantconj}\ holds (i.e., the permanent has no
polynomial-size arithmetic circuits, over finite fields $\mathbb{F}$\ with
$\left\vert \mathbb{F}\right\vert \gg n$). \ Then for every $n$ and $k$,
there's a list of\ matrices\ $A_{1},\ldots,A_{\ell}\in\mathbb{F}^{n\times n}$,
of length at most $\ell=n^{O\left( 1\right) }$, such that for every
arithmetic circuit $C$\ of size at most $n^{k}$, there exists an $i$ such that
$C\left( A_{i}\right) \neq\operatorname*{Per}\left( A_{i}\right) $.
\ Indeed, a random\ list $A_{1},\ldots,A_{\ell}$\ will have that property with
$1-o\left( 1\right) $\ probability. \ Furthermore, if polynomial identity
testing has a black-box derandomization,\footnote{The polynomial identity
testing problem was defined in Section \ref{RANDOM}. \ Also, by a
\textquotedblleft black-box derandomization,\textquotedblright\ we mean a
deterministic polynomial-time algorithm that outputs a \textit{hitting set}:
that is, a list of points $x_{1},\ldots,x_{\ell}$\ such that, for all small
arithmetic circuits $C$ that don't compute the identically-zero polynomial,
there exists an $i$\ such that $C\left( x_{i}\right) \neq0$. \ What makes
the derandomization \textquotedblleft black-box\textquotedblright\ is that the
choice of $x_{1},\ldots,x_{\ell}$\ doesn't depend on $C$.} then such a list
can be found in deterministic $n^{O\left( 1\right) }$ time.
\end{theorem}
While not hard to prove, Theorems \ref{fpsthm}\ and \ref{flipthm} are
conceptually interesting: they show that the entire hardness of \textsc{3Sat}%
\ and of the permanent can be \textquotedblleft concentrated\textquotedblright%
\ into a small number of instances. \ My difficulty is that \textit{this} sort
of \textquotedblleft explicit obstruction\textquotedblright\ to computing
\textsc{3Sat}\ or the permanent, seems barely related to the sorts of explicit
obstructions that GCT is seeking. \ The obstructions of Theorems
\ref{fpsthm}\ and \ref{flipthm}\ aren't representation-theoretic; they're
simply lists of hard instances. \ Furthermore, a list like $\varphi_{1}%
,\ldots,\varphi_{\ell}$\ or\ $A_{1},\ldots,A_{\ell}$\ is \textit{not} an
easy-to-verify witness that \textsc{3Sat}\ or the permanent is hard, because
we'd still need to check that the list worked against all of the exponentially
many $n^{O\left( 1\right) }$-sized\ circuits. \ Having such a list reduces a
two-quantifier ($\mathsf{\Pi}_{2}^{\mathsf{P}}$)\ problem to a one-quantifier
($\mathsf{NP}$) problem, but it still doesn't put the problem in $\mathsf{P}%
$---and we have no result saying that if, for example, the permanent is hard,
then there must be obstructions that can be verified in $n^{O\left( 1\right)
}$\ time. \ Perhaps the best we can say is that, if we \textit{proved} the
permanent was hard, then we'd immediately get, for every $n$, an
\textquotedblleft obstruction\textquotedblright\ that could be both found and
verified in $0$ time steps! \ But for all we know, the complexity of finding
provable obstructions could jump from $\exp\left( n^{O\left( 1\right)
}\right) $\ to $0$ as our understanding improved, without ever passing
through $n^{O\left( 1\right) }$.
Thus, I find, GCT's suggestion to look for faster obstruction-finding (or
obstruction-recognizing) algorithms is a useful \textit{guide}, a heuristic, a
way to organize our thoughts about how we're going to find, say, an irrep
$\rho$ whose multiplicity blocks the embedding of the permanent into the
determinant. \ But this is not the only path that should be considered.
\section{Conclusions\label{CONC}}
Some will say that this survey's very length, the bewildering zoo of
approaches and variations and results and barriers that it covered, is a sign
that no one has any real clue about the $\mathsf{P}\overset{?}{=}\mathsf{NP}$
problem---or at least, that \textit{I} don't. \ Among those who think that,
perhaps someone will write a shorter survey that points unambiguously to the
right way forward!
But it's also possible that this business, of proving brute-force search
unavoidable, seems complicated because it \textit{is} complicated. \ I confess
to limited sympathy for the idea that someone will just set aside everything
that's already known, think hard about the structural properties of the sets
of languages accepted by deterministic and nondeterministic polynomial-time
Turing machines, and find a property that holds for one set but not the other,
thereby proving $\mathsf{P}\neq\mathsf{NP}$. \ For I keep coming back to the
question: if a hands-off, aprioristic approach sufficed for $\mathsf{P}%
\neq\mathsf{NP}$, then why did it apparently \textit{not} suffice for all the
weaker separations that we've surveyed here?
At the same time, I hope our tour of the progress in lower bounds has made the
case that there's no reason (yet!) to elevate $\mathsf{P}\overset{?}{=}%
\mathsf{NP}$\ to some plane of metaphysical unanswerability, or assume it to
be independent of the axioms of set theory, or anything like that. \ The
experience of complexity theory, including the superpolynomial lower bounds
that people \textit{did} prove after struggle and effort, is consistent with
$\mathsf{P}\overset{?}{=}\mathsf{NP}$\ being \textquotedblleft merely a math
problem\textquotedblright---albeit, a math problem that happens to be well
beyond the current abilities of civilization, much like the solvability of the
quintic in the 1500s, or Fermat's Last Theorem in the 1700s. \ When we're
faced with such a problem, a natural response is to want to deepen our
understanding of the entire subject (in this case, algorithms and computation)
surrounding the problem---not merely because that's a prerequisite to someday
capturing the famous beast, but because \textit{regardless}, the new knowledge
gained along the way will hopefully find uses elsewhere. \ In our case, modern
cryptography, quantum computing, and parts of machine learning could all be
seen as flowers that bloomed in the garden of $\mathsf{P}\overset{?}{=}%
\mathsf{NP}$.
Obviously I don't know how $\mathsf{P}\neq\mathsf{NP}$\ will ultimately be
proved---if I did, this would be a different survey! \ It seems plausible that
a successful approach might yield the stronger result $\mathsf{NP}%
\not \subset \mathsf{P/poly}$\ (i.e., that it wouldn't take advantage of
uniformity); that it might start by proving Valiant's Conjecture (i.e., that
the algebraic case would precede the Boolean one); and that it might draw on
many areas of mathematics, but none of these things are even close to certain.
\ Half-jokingly, I once remarked that those who still think seriously about
$\mathsf{P}\overset{?}{=}\mathsf{NP}$\ now seem to be divided into
\textquotedblleft Team Yellow Books\textquotedblright\ (those hoping to use
algebraic geometry, representation theory, and other sophisticated
mathematics) and \textquotedblleft Team Caffeinated Alien
Reductions\textquotedblright\ (those hoping to use elementary yet convoluted
and alien chains of logic, as in Williams's proof of $\mathsf{NEXP}%
\not \subset \mathsf{ACC}$)---and that as far as I can tell, the two teams
seem right now to be about evenly matched.
It also seems plausible that a proof of $\mathsf{P}\neq\mathsf{NP}$\ would be
a beginning rather than an end---i.e., that the proof would require new
insights about computation that then could be applied to many other problems
besides $\mathsf{P}\overset{?}{=}\mathsf{NP}$. \ But given how far we are from
the proof, it's obviously premature to speculate about the fallout.
The one prediction I feel confident in making is that the idea of
\textquotedblleft ironic complexity theory\textquotedblright---i.e., of a
profound duality between upper and lower bounds, where the way to prove that
there's no fast algorithm for problem $A$ is to \textit{discover} fast
algorithms for problems $B$, $C$, and $D$---is here to stay. \ As we saw,
ironic complexity theory is at the core of Mulmuley's view, but it's
\textit{also} at the core of Williams's proof of $\mathsf{NEXP}\not \subset
\mathsf{ACC}$, which in other respects is about as far from GCT as possible.
\ The natural proofs barrier also provides a contrapositive version of ironic
complexity, showing how the \textit{nonexistence} of efficient algorithms is
often what\ \textit{prevents} us from proving lower bounds. \ If
\textsc{3Sat}\ is ever placed outside $\mathsf{P}$, it seems like a good bet
that the proof will place many other problems \textit{inside} $\mathsf{P}%
$---or at any rate, in smaller complexity classes than was previously known.
So, if we take an optimistic attitude (optimistic about proving
intractability!), then which breakthroughs should we seek next? \ What's on
the current horizon? \ There are hundreds of possible answers to that
question---we've already encountered some in this survey---but if I\ had to
highlight a few:
\begin{itemize}
\item Prove lower bounds against nonuniform $\mathsf{TC}^{0}$---for example,
by finding a better-than-brute-force deterministic algorithm to estimate the
probability that a neural network accepts a random input (cf. Theorem
\ref{whoa}).\footnote{In 1999, Allender \cite{allender:tc0}\ showed that the
permanent, and various other natural $\mathsf{\#P}$-complete problems, can't
be solved by $\mathsf{LOGTIME}$\textit{-uniform} $\mathsf{TC}^{0}$\ circuits:
in other words, constant-depth threshold circuits for which there's an
$O\left( \log n\right) $-time algorithm to output the $i^{th}$\ bit of their
description, for any $i$. \ Indeed, these problems can't be solved by
$\mathsf{LOGTIME}$-uniform $\mathsf{TC}^{0}$\ circuits of size $f\left(
n\right) $, where $f$ is any function that can yield an exponential when
iterated a constant number of times. \ The proof uses a hierarchy theorem; it
would be interesting to know whether it relativizes.}
\item Prove a lower bound better than $n^{\left\lfloor d/2\right\rfloor }$\ on
the rank of an explicit $d$-dimensional tensor, or construct one of the many
other algebraic or combinatorial objects---rigid matrices, elusive functions,
etc.---that are known to imply new circuit lower bounds (see Section
\ref{PROG}).
\item Advance proof complexity to the point where we could, for example, prove
a superpolynomial lower bound on the number of steps needed to convert some
$n$-input, polynomial-size Boolean circuit $C$ into some equivalent circuit
$C^{\prime}$, via moves that each swap out a size-$O\left( 1\right) $
subcircuit for a different size-$O\left( 1\right) $ subcircuit\ with
identical input/output behavior.\footnote{Examples are deleting two successive
NOT gates, or applying de Morgan's laws. \ By the completeness of Boolean
algebra, one can give local transformation rules that suffice to convert any
$n$-input Boolean circuit into any equivalent circuit using at most
$\exp\left( n\right) $ moves. \ From talking to experts, this problem seems
closely related to the problem of proving superpolynomial lower bounds for
so-called \textit{Frege proofs}, but is possibly easier.}
\item Prove a superlinear or superpolynomial lower bound on the number of
$2$-qubit quantum gates needed to implement some explicit $n$-qubit unitary
transformation $U$, to within exponential precision. \ (Remarkably, as far as
anyone knows today, one could succeed at this without needing to prove
\textit{any} new classical circuit lower bound. \ On the other hand, it's
plausible that one would need to overcome a unitary version of the natural
proofs barrier.)
\item Clarify whether $\mathsf{ACC}$\ has a natural proofs barrier,\ and prove
$\mathsf{ACC}$\ lower bounds for problems in $\mathsf{EXP}$\ or below.
\item Clarify whether there's an arithmetic natural proofs barrier, or
something else preventing us from crossing the \textquotedblleft chasm at
depth three\textquotedblright\ (see Sections \ref{ACLB} and \ref{ANP}).
\item Prove any lower bound on $D\left( n\right) $, the determinantal
complexity of the $n\times n$ permanent, better than Mignon and Ressayre's
$n^{2}/2$ (Theorem \ref{mrthm}).
\item Derandomize polynomial identity testing---or failing that, prove
\textit{some} derandomization theorem that implies a strong new circuit lower bound.
\item Discover a new class of polynomial-time algorithms, especially but not
only for computing multiplicities of irreps.
\item Prove any interesting new lower bound by finding a
representation-theoretic obstruction to an embedding of orbit closures.
\item Pinpoint additional special properties of \textsc{3Sat} or the permanent
that could be used to evade the natural proofs barrier, besides the few that
are already known, such as symmetry-characterization, self-reducibility, and
the ability to simulate machines in a hierarchy theorem.
\item Perhaps my favorite challenge: \textit{find new,
semantically-interesting ways to \textquotedblleft hobble\textquotedblright%
\ the classes of polynomial-time algorithms and polynomial-size circuits},
besides the ways that have already been studied, such as restricted memory,
restricted circuit depth, monotone gates only, arithmetic operations only, and
restricted families of algorithms (such as DPLL and certain linear and
semidefinite programming relaxations). \ Any such restriction that one
discovers is effectively a new slope that one can try to ascend up the
$\mathsf{P}\neq\mathsf{NP}$ mountain.
\end{itemize}
Going even further on a limb, I've long wondered whether massive computer
search could give any insight into complexity lower bound questions, beyond
the relatively minor ways it's been used for this purpose already (see, e.g.,
\cite{williams:automated,williams:practice}). \ For example, could we feasibly
discover the smallest arithmetic circuits to compute the permanents of
$4\times4$\ and $5\times5$\ and $6\times6$ matrices? \ And if we did, would
examination of those circuits yield any clues about what to prove for general
$n$? \ The conventional wisdom has always been \textquotedblleft
no\textquotedblright\ to both questions.\ \ For firstly, as far as anyone
knows today, the computational complexity of such a search will grow not
merely exponentially but \textit{doubly} exponentially with $n$ (assuming the
optimal circuits that we're trying to find grow exponentially themselves), and
examination of the constants suggests that $n=4$\ might already be out of
reach. \ And secondly, even if we knew the optimal circuits, they'd tell us
nothing about the existence or nonexistence of clever algorithms that start to
win only at much larger values of $n$. \ After all, many of the theoretically
efficient algorithms that we know today only overtake the na\"{\i}ve
algorithms for $n$'s in the thousands or millions.\footnote{There are even
what Richard Lipton has termed \textquotedblleft galactic
algorithms\textquotedblright\ \cite{lipton:galactic},\ which beat their
asymptotically-worse competitors, but only for values of $n$ that likely
exceed the information storage capacity of the galaxy or the observable
universe. \ The currently-fastest matrix multiplication algorithms
\textit{might} fall into this category, although the constants don't seem to
be known in enough detail to say for sure.}
These arguments have force. \ Even so, I think we should be open to the
possibility that someday, advances in raw computer power, and especially
theoretical advances that decrease the effective size of the search space,
might change the calculus and open up the field of \textquotedblleft
experimental complexity theory.\textquotedblright\ One way that could happen
would be if breakthroughs in GCT, or some other approach, brought the quest
for \textquotedblleft explicit obstructions\textquotedblright\ (say, to the
$1000\times1000$\ permanent having size-$10^{20}$ circuits) within the range
of computer search, if still not within the range of the human mind.
Or of course, the next great advance might come from some direction that I
didn't even mention here, whether because no one grasps its importance yet or
simply because \textit{I} don't. \ But regardless of what happens, the best
fate this survey could possibly enjoy would be to contribute, in some tiny
way, to making itself obsolete.
\section{Acknowledgments}
I thank Andy Drucker, Ron Fagin, Harvey Friedman, William Gasarch, Bruno
Grenet, Daniel Grier, Josh Grochow, Christian Ikenmeyer, Adam Klivans, Pascal
Koiran, Greg Kuperberg, JM Landsberg, Ashley Montanaro, Mateus Oliveira, Bruce
Smith, David Speyer, Noah Stephens-Davidowitz, Iddo Tzameret, Leslie Valiant,
Avi Wigderson, Ryan Williams, and Jon Yard for helpful observations and for
answering questions; as well as Daniel Seita for help with Figure
\ref{classfig}. \ I especially thank Michail Rassias for his exponential
patience with my delays completing this article.
\bibliographystyle{plain}
\bibliography{thesis}
\section{Appendix: Glossary of Complexity Classes}
To help you remember all the supporting characters in the ongoing soap opera
of which $\mathsf{P}$ and $\mathsf{NP}$ are the stars, this appendix contains
short definitions of the complexity classes that appear in this survey, with
references to the sections where the classes are discussed in more detail.
\ For a fuller list, containing over 500 classes, see for example my
Complexity Zoo \cite{aar:zoo}. \ All the classes below are classes of decision
problems---that is, languages $L\subseteq\left\{ 0,1\right\} ^{\ast}$. \ The
known inclusion relations among the classes are also depicted in Figure
\ref{classfig2}.
\begin{figure}[ptb]
\centering
\label{classfig}
\par
\begin{center}
\begin{tikzpicture}
\node (1) [align=center] {$\mathsf{EXPSPACE}$};
\node (2) [align=center, below=3mm of 1] {$\mathsf{MA}_{\mathsf{EXP}}$};
\node (3) [align=center, below=3mm of 2] {$\mathsf{NEXP}$};
\node (4) [align=center, below=3mm of 3] {$\mathsf{EXP}$};
\node (5) [align=center, below=3mm of 4] {$\mathsf{PSPACE}$};
\node (6) [align=center, below=3mm of 5] {$\mathsf{P}^{\mathsf{\#P}}$};
\node (7) [align=center, below=3mm of 6] {$\mathsf{PH}$};
\node (8) [align=center, below=3mm of 7] {$\mathsf{NP}^{\mathsf{NP}}$};
\node (9) [align=center, below=3mm of 8] {$\mathsf{MA}$};
\node (10) [align=center, below=3mm of 9] {$\mathsf{NP}$};
\node (11) [align=center, below=3mm of 10] {$\mathsf{P}$};
\node (12) [align=center, below=3mm of 11] {$\mathsf{NLOGSPACE}$};
\node (13) [align=center, below=3mm of 12] {$\mathsf{LOGSPACE}$};
\node (14) [align=center, right=20mm of 7] {$\mathsf{PP}$};
\node (15) [align=center, below=6mm of 14] {$\mathsf{BQP}$};
\node (16) [align=center, below=6mm of 15] {$\mathsf{BPP}$};
\node (17) [align=center, right=20mm of 14] {$\mathsf{P/poly}$};
\node (18) [align=center, below=3mm of 17] {$\mathsf{NC}^{1}$};
\node (19) [align=center, below=3mm of 18] {$\mathsf{TC}^{0}$};
\node (20) [align=center, below=3mm of 19] {$\mathsf{ACC}$};
\node (21) [align=center, below=3mm of 20] {$\mathsf{AC}^{0}\left[\mathsf{p}\right]$};
\node (22) [align=center, below=3mm of 21] {$\mathsf{AC}^{0}$};
\draw [line width=1.0pt] (1) edge (2);
\draw [line width=1.0pt] (2) edge (3);
\draw [line width=1.0pt] (3) edge (4);
\draw [line width=1.0pt] (4) edge (5);
\draw [line width=1.0pt] (5) edge (6);
\draw [line width=1.0pt] (6) edge (7);
\draw [line width=1.0pt] (7) edge (8);
\draw [line width=1.0pt] (8) edge (9);
\draw [line width=1.0pt] (9) edge (10);
\draw [line width=1.0pt] (10) edge (11);
\draw [line width=1.0pt] (11) edge (12);
\draw [line width=1.0pt] (12) edge (13);
\draw [line width=1.0pt] (6) edge (14);
\draw [line width=1.0pt] (9) edge (14);
\draw [line width=1.0pt] (9) edge (16);
\draw [line width=1.0pt] (11) edge (16);
\draw [line width=1.0pt] (14) edge (15);
\draw [line width=1.0pt] (15) edge (16);
\draw [line width=1.0pt] (16) edge (17);
\draw [line width=1.0pt] (17) edge (18);
\draw [line width=1.0pt] (18) edge (19);
\draw [line width=1.0pt] (19) edge (20);
\draw [line width=1.0pt] (20) edge (21);
\draw [line width=1.0pt] (21) edge (22);
\end{tikzpicture}
\end{center}
\caption{Known inclusion relations among $22$ of the complexity classes that
appear in this survey}%
\label{classfig2}%
\end{figure}
$\mathsf{\Pi}_{2}^{\mathsf{P}}$: $\mathsf{coNP}^{\mathsf{NP}}$, the second
level of the polynomial hierarchy (with universal quantifier in front). \ See
Section \ref{PH}.
$\mathsf{\Sigma}_{2}^{\mathsf{P}}$: $\mathsf{NP}^{\mathsf{NP}}$, the second
level of the polynomial hierarchy (with existential quantifier in front).
\ See Section \ref{PH}.
$\mathsf{AC}^{0}$: The class decidable by a nonuniform family of
polynomial-size, constant-depth, unbounded-fanin circuits of AND, OR, and NOT
gates. \ See Section \ref{SMALLDEPTH}.
$\mathsf{AC}^{0}\left[ m\right] $: $\mathsf{AC}^{0}$\ enhanced by
MOD\ $m$\ gates, for some specific value of $m$ (the case of $m$ a prime power
versus a non-prime-power are dramatically different). \ See Section
\ref{POLYMETH}.
$\mathsf{ACC}$: $\mathsf{AC}^{0}$\ enhanced by MOD\ $m$\ gates, for every $m$
simultaneously. \ See Section \ref{NEXPACC}.
$\mathsf{BPP}$: Bounded-Error Probabilistic Polynomial-Time. \ The class
decidable by a polynomial-time randomized algorithm that errs with probability
at most $1/3$\ on each input. \ See Section \ref{DERAND}.
$\mathsf{BQP}$: Bounded-Error Quantum Polynomial-Time. \ The same as
$\mathsf{BPP}$\ except that we now allow quantum algorithms. \ See Section
\ref{QUANTUM}.
$\mathsf{coNP}$: The class consisting of the complements of all languages in
$\mathsf{NP}$. \ Complete problems include unsatisfiability, graph
non-3-colorability, etc. \ See Section \ref{PH}.
$\mathsf{DTISP}\left( f\left( n\right) ,g\left( n\right) \right) $: See
Section \ref{TST}.
$\mathsf{EXP}$: Exponential-Time, or $\bigcup_{k}\mathsf{TIME}\left(
2^{n^{k}}\right) $. \ Note the permissive definition of \textquotedblleft
exponential,\textquotedblright\ which allows any polynomial in the exponent.
\ See Section \ref{BEYONDPOLY}.
$\mathsf{EXPSPACE}$: Exponential-Space, or $\bigcup_{k}\mathsf{SPACE}\left(
2^{n^{k}}\right) $. \ See Section \ref{BEYONDPOLY}.
$\mathsf{IP}$: Interactive Proofs, the class for which a \textquotedblleft
yes\textquotedblright\ answer can be proven (to statistical certainty) via an
interactive protocol in which a polynomial-time verifier Arthur exchanges a
polynomial number of bits with a computationally-unbounded prover Merlin.
\ Turns out to equal $\mathsf{PSPACE}$\ \cite{shamir}. \ See Section
\ref{IPPSPACE}.
$\mathsf{LOGSPACE}$: Logarithmic-Space, or $\mathsf{SPACE}\left( \log
n\right) $. \ Note that only read/write memory is restricted to $O\left(
\log n\right) $\ bits; the $n$-bit input itself is stored in a read-only
memory. \ See Section \ref{BEYONDPOLY}.
$\mathsf{MA}$: Merlin-Arthur, the class for which a \textquotedblleft
yes\textquotedblright\ answer can be proven to statistical certainty via a
polynomial-size message from a prover (\textquotedblleft
Merlin\textquotedblright), which the verifier (\textquotedblleft
Arthur\textquotedblright) then verifies in probabilistic polynomial time.
\ Same as $\mathsf{NP}$\ except that the verification can be probabilistic.
\ See Section \ref{HYBAPP}.
$\mathsf{MA}_{\mathsf{EXP}}$: The exponential-time analogue of $\mathsf{MA}$,
where now Merlin's proof can be $2^{n^{O\left( 1\right) }}$\ bits long, and
Arthur's probabilistic verification can also take $2^{n^{O\left( 1\right) }%
}$\ time. \ See Section \ref{HYBAPP}.
$\mathsf{NC}^{1}$: The class decidable by a nonuniform family of
polynomial-size Boolean formulas---or equivalently, polynomial-size Boolean
circuits of fanin $2$\ and depth $O\left( \log n\right) $. \ The subclass of
$\mathsf{P/poly}$\ that is \textquotedblleft highly
parallelizable.\textquotedblright\ \ See Section \ref{NONUNIF}.
$\mathsf{NEXP}$: Nondeterministic Exponential-Time, or $\bigcup_{k}%
\mathsf{NTIME}\left( 2^{n^{k}}\right) $. \ The exponential-time analogue of
$\mathsf{NP}$. \ See Section \ref{BEYONDPOLY}.
$\mathsf{NLOGSPACE}$: The nondeterministic counterpart of $\mathsf{LOGSPACE}$.
\ See Section \ref{BEYONDPOLY}.
$\mathsf{NP}$: Nondeterministic Polynomial-Time, or $\bigcup_{k}%
\mathsf{NTIME}\left( n^{k}\right) $. \ The class for which a
\textquotedblleft yes\textquotedblright\ answer can be proven via a
polynomial-size witness, which is verified by a deterministic polynomial-time
algorithm. \ See Section \ref{FORMAL}.
$\mathsf{NTIME}\left( f\left( n\right) \right) $: Nondeterministic
$f\left( n\right) $-Time. \ The class for which a \textquotedblleft
yes\textquotedblright\ answer can be proven via an $O\left( f\left(
n\right) \right) $-bit witness, which is verified by a deterministic
$O\left( f\left( n\right) \right) $-time algorithm. \ Equivalently, the
class solvable by a nondeterministic $O\left( f\left( n\right) \right)
$-time algorithm. \ See Section \ref{BEYONDPOLY}.
$\mathsf{P}$: Polynomial-Time, or $\bigcup_{k}\mathsf{TIME}\left(
n^{k}\right) $. \ The class solvable by a deterministic polynomial-time
algorithm. \ See Section \ref{FORMAL}.
$\mathsf{P}^{\mathsf{\#P}}$: $\mathsf{P}$\ with an oracle for $\mathsf{\#P}%
$\ problems (i.e., for counting the exact number of accepting witnesses for
any problem in $\mathsf{NP}$). \ See Section \ref{COUNTING}.
$\mathsf{P/poly}$: $\mathsf{P}$ enhanced by polynomial-size \textquotedblleft
advice strings\textquotedblright\ $\left\{ a_{n}\right\} _{n}$, which depend
only on the input size $n$ but can otherwise be chosen to help the algorithm
as much as possible. \ Equivalently, the class solvable by a nonuniform family
of polynomial-size Boolean circuits (i.e., a different circuit is allowed for
each input size $n$). \ See Section \ref{NONUNIF}.
$\mathsf{PH}$: The Polynomial Hierarchy. \ The class expressible via a
polynomial-time predicate with a constant number of alternating universal and
existential quantifiers over polynomial-size strings. \ Equivalently, the
union of $\mathsf{\Sigma}_{1}^{\mathsf{P}}=\mathsf{NP}$, $\mathsf{\Pi}%
_{1}^{\mathsf{P}}=\mathsf{coNP}$, $\mathsf{\Sigma}_{2}^{\mathsf{P}%
}=\mathsf{NP}^{\mathsf{NP}}$, $\mathsf{\Pi}_{2}^{\mathsf{P}}=\mathsf{coNP}%
^{\mathsf{NP}}$, and so on. \ See Section \ref{PH}.
$\mathsf{PP}$: Probabilistic Polynomial-Time. \ The class decidable by a
polynomial-time randomized algorithm that, for each input $x$, guesses the
correct answer with probability greater than $1/2$. \ Like $\mathsf{BPP}$\ but
without the bounded-error ($1/3$ versus $2/3$) requirement,\ and accordingly
believed to be much more powerful. \ See Section \ref{COUNTING}.
$\mathsf{PSPACE}$: Polynomial-Space, or $\bigcup_{k}\mathsf{SPACE}\left(
n^{k}\right) $. \ See Section \ref{SPACE}.
$\mathsf{SPACE}\left( f\left( n\right) \right) $: The class decidable by a
serial, deterministic algorithm that uses $O\left( f\left( n\right)
\right) $\ bits of memory (and possibly up to $2^{O\left( f\left( n\right)
\right) }$\ time). \ See Section \ref{BEYONDPOLY}.
$\mathsf{TC}^{0}$: $\mathsf{AC}^{0}$\ enhanced by MAJORITY gates. \ Also
corresponds to \textquotedblleft neural networks\textquotedblright%
\ (polynomial-size, constant-depth circuits of threshold gates). \ See Section
\ref{NATPROOF}.
$\mathsf{TIME}\left( f\left( n\right) \right) $: The class decidable by a
serial, deterministic algorithm that uses $O\left( f\left( n\right)
\right) $\ time steps (and therefore, $O\left( f\left( n\right) \right)
$\ bits of memory). \ See Section \ref{BEYONDPOLY}.
\end{document}