today
	average case hardness
	=> pseudorandom generators
avg case hardness
	Q. when is \vx\to\vx,f(\vx) a pseudorandom generator?
		iff next-bit unpredictable
		iff for all simple P, Pr[P(x)=f(x)]\le 1/2+\eps
					\=> average case hardness
	rmk: this is weakly explicit if f\in\TIME(2^{O(n)})=E
	def: f:\bits^\ell\to\bits is (s,\delta)-average case hard if for all A computed by size s circuits
		Pr_x[A(x)=f(x)]\le 1-\delta
		\=> probability is over x alone
	ex:
		1-\delta<1		worst case hardness
		1-\delta=1-1/poly(s)
			=1-\Omega(1)
			=1/2+O(1)
			=1/2+1/\poly(s)
	today: 1-\delta=1/2+1/\poly(s) - hardness => PRG
	later: 1-\delta<1 => 1-\delta=1/2+1/\poly(s)
		[[can also consider going through the above in stages, will do directly here]]
nisan wigderson generator
	Q. get larger stretch?
	ideas?
	idea: concatenation x_1,\ldots,x_k\mapsto x_1,f(x_1),x_2,f(x_2),\ldots,x_k,f(x_k)
		\ell*k input bits			(\ell+1)*k output bits
		[[never get superlinear stretch]]
		[[rephrase as applying f to sets of disjoint parts of the input]]
			[[draw picture]]
	idea: apply f to sets of *nearly* disjoint sets of inputs
		[[draw picture]]
	def: [[recall defn from hw]]
		S_1,\ldots,S_m\subseteq[d] is an (\ell,a) design if
		|S_i|=\ell
		|S_i\cap S_j|\le a, i\ne j
	lem: [[recall from hw]]
		in poly(m,d) time can construct an (\ell,a) design with
			d=O(\ell^2/a)
			a=\log m, ie, m=2^a
		[[is only weakly explicit, which suffices here
			some strongly explicit constructions are known in some regimes]]
	construction[NisanWigderson Generator]
		f:\bits^\ell\to\bits
		S_1,\ldots,S_m\subseteq[d], (\ell,a)-design
		NW^f:\bits^d\to\bits^m
			NW^f(x)=f(x|_{S_1})f(x|_{S_2})\cdots f(x|_{S_m})
				\-> the bits in x restricted to those positions in S_1
	rmk:
		can also output the seed x [[if you want to]]
		large design => large stretch
	[[but why does it work?]]
	thm: f\in\TIME(2^{O(\ell)})=E which is (s(\ell),1/2-1/s(\ell))-average-case-hard
		=> NW^f yields mildly explicit (m,1/m)-PRG NW:\bits^d\to\bits^m
				\-> computable in 2^{O(d)}-time
			d=O(s^{-1}(\poly(m))/\log m)
	rmk: f\in\TIME(2^{O(\ell)}) => NW^f computable in time \poly(m,2^{O(\ell)}) [[don't need explicitness of f anywhere else]]
	lem: every function f:\bits^a\to\bits has a O(a2^a)-size circuit
	pf:	
		write down truth table of f
			-> 2^a many bits
		use circuit to pick out correct bit 
			->  O(a2^a)-size
	rmk:
		uniform complexity: 	any f, exist functions solvable in O(f) time but not o(f/log f) time
		non-uniform complext:	any f\le 2^n/n, exist functions solvable in O(f) size but not o(f) size [[get slightly better upper bound than what I said above]]
	parameters
		s(\ell)=2^{\Omega(\ell)} 		=> s^{-1}(m)=O(\log m) => s^{-1}(\poly(m))/\log m= O(\log m)^2/\log m=O(\log m)	=> BPP=P
			[[hardest a function can be]]
		s(\ell)=2^{\ell^{\Omega(1)}}		=> s^{-1}(m)=(\log m)^{O(1)} => s^{-1}(\poly(m))/\log m=(\log m)^{O(1)}		=> BPP\subseteq \quasiP
		s(\ell)=\ell^{\omega(1)}		=> s^{-1}(m)=m^{o(1)}								=> BPP\subseteq\SUBEXP
	thm: f:\bits^\ell\to\bits (s,1/2-\eps/m) avg-case hard
		=> NW^f is (t=s-m*a*2^a,\eps)-PRG
	pf of main thm:
		take
			\eps=1/m
			a=\log m
			\ell=s^{-1}(m^3)
		=>
			d=O(\ell^2/a)=O(s^{-1}(\poly(m))/\log m)
			t=s(\ell)-m*\log(m)*m=m^3-m^2\log m\ge m
			get (m,1/m)-PRG
	pf of subthm:
		via contropositive
		NW^f not (t,\eps) PRG => NW^f is not (t,\eps/m) next-bit unpredictable [[using stronger circuit size bound than proved last time]]
			=> some i with (NW^f)_i predictable
		P size t non-uniform circuit st that
			Pr_X[P(f(X|_{S_1}),\ldots,f(X|_{S_{i-1}})=f(X|_{S_i})]\ge 1/2+\eps/m
			[[want to convert this predictor to computing f]]
		Y=X|_{S_i}, Z=X|_{\neg S_i}
			hence X=(Y,Z)
			[[draw picture]]
			Pr_{Y,Z}[P(f(Y|_{S_1}, Z|_{S_1}),\ldots,f(Y|_{S_{i-1},Z|_{S_i})=f(Y)]\ge 1/2+\eps/m
											\->independent of Z, [[so average over Z]]
		exists z such that
			Pr_Y[P(f(Y|_{S_1}, z|_{S_1}),\ldots,f(Y|_{S_{i-1},z|_{S_i})=f(Y)]\ge 1/2+\eps/m
				=f_1(Y)				=f_m(Y)
		lem: each j, size(f_j(Y))\le a*2^a
		pf:
			f_j(Y)=f(Y|_{S_i},z|_{S_i})=f(X_{S_i\cap S_j},z|_{S_i})
							\=> only \le a variables
		=>A(Y)\eqdef P(f_1(Y),\lodts,f_m(Y)) has circuit size t+m*a*2^a
		Pr_Y[A(Y)=f(Y)]>1/2+\eps/m
		=> f not (t+m*a*2^a,1/2-\eps/m) average-case hard
	punchline
		average case hardness => pseudorandom generators
	Q. where to get average case hardness?
		[[difficult to prove for arbitrary circuits]]
		[[for restricted classes of circuits?]]
bounded-depth circuits
	def:	an unbounded fan-in circuit is a circuit with
		input gates		x_i or \neg x_i	[[only need negations at the bottom]]
		internal gates		AND(c_1,\ldots,c_k)	[[k=fan-in, can be arbitrary]]
					OR(c_1,\ldots,c_k)
		size			# gates
		depth			maximum length input-output path
		[[draw picture]]
		AC^0 is class of functions f:\bits^\star\to\bits with \poly(n)-size, O(1)-depth circuits
	eg: EQ(x,y)=1 iff x=y
		depth 3
	why?
		AC^0 is one of the most powerful classes where lower bounds are known
			[[sad]]
	thm[Hastad]
		Parity(x_1,\cdots,x_\ell)=\sum x_i mod 2
		k constant
		Parity_\ell is (s(\ell),1/2-1/s(\ell))-average case hard for depth-k AC^0 circuits with s(\ell)=2^{\Theta(\ell^{1/k})}
	rmk:	best possible lb for parity, as parity has nearly matching upper bound [[exercise]]
	Q: => PRG?
	A: yes, but have to be careful
	lem: every function f:\bits^a\to\bits has a O(a2^a)-size depth-2 AC^0 circuit
		[[same proof as before]]
		[[need this as otherwise the resulting circuit for parity is not AC^0]]
		[[similarly, need the PRG vs next-bit predictor relation to hold for small depth]]
	cor:	k constant, 
		poly(m)-computable (m,1/m)-PRG \bits^{(\log m)^{O(k)}}\to\bits^m fooling depth-k AC^0
			\-> hard function for AC^0 is easy!
				=> strongly explicit PRG
	[[why?]]
	thm:  DNF \varphi=C_1\or\cdots C_m, C_i=x\and \neg z\and y\cdots, ie, depth-2 AC^0
		can \times(1\pm\eps) approx #DNF [[# of satisfying assignments]] in randomized poly(|\varphi|)-time
	Cor: \=> derministically in 2^{\polylog|\varphi|} time
	pf	
		hw
next time
	local decoding