Hardness amplification proofs require majority

Hardness amplification is the fundamental task of converting a δ-hard function f : (0, 1)ⁿ -> (0, 1) into a (1/2-ε)-hard function Amp(f), where f is γ-hard if small circuits fail to compute f on at least a γ fraction of the inputs. Typically, ε,δ are small (and δ=2^-k captures the case where f is worst-case hard). Achieving ε = 1/n^Ω(1) is a prerequisite for cryptography and most pseudorandom-generator constructions.

In this paper we study the complexity of black-box proofs of hardness amplification. A class of circuits cal D proves a hardness amplification result if for any function h that agrees with Amp(f) on a 1/2+e fraction of the inputs there exists an oracle circuit D ∈ D such that D^h agrees with f on a 1-δ fraction of the inputs. We focus on the case where every D ∈ D makes non-adaptive queries to h. This setting captures most hardness amplification techniques. We prove two main results: The circuits in D "can be used" to compute the majority function on 1e bits. In particular, these circuits have large depth when ε ≤ 1/ poly log n. The circuits in D must make Ω log(1/δ)/e² oracle queries.

Both our bounds on the depth and on the number of queries are tight up to constant factors. Our results explain why hardness amplification techniques have failed to transform known lower bounds against constant-depth circuit classes into strong average-case lower bounds. When coupled with the celebrated "Natural Proofs" result by Razborov and Rudich (J. CSS '97) and the pseudorandom functions by Naor and Reingold (J. ACM '04), our results show that standard techniques for hardness amplification can only be applied to those circuit classes for which standard techniques cannot prove circuit lower bounds. Our results reveal a contrast between Yao's XOR Lemma (Amp(f) := f(x₁) ⊕ ... ⊕ f(x_t) ∈ zo) and the Direct-Product Lemma (Amp(f) := f(x₁) O ... O f(x_t) ∈ zo^t; here Amp(f) is non-Boolean). Our results (1) and (2) apply to Yao's XOR lemma, whereas known proofs of the direct-product lemma violate both (1) and (2). One of our contributions is a new technique to handle "non-uniform" reductions, i.e. the case when D contains many circuits.