Like many other new grad students, when I just started at the Weizmann Institute of Science, I was extremely anxious. While I loved (the little I knew about) theory, I was not sure if I’m smart enough to do original research in this area. The professors seemed like beings from another world, but one thing that helped was that at least I did share some background with them. Almost all of them were males (and in fact, this being Israel, almost all were, like me, Ashkenazi secular jews). So, it was not completely unthinkable to imagine that I would some day be like them.
Another thing that helped me a lot in my early time in Weizmann was my study group.
I quickly found three friends, all male, and we spent many hours together studying for exams, talking about research, but also playing video games.
As I progressed in the field, I’ve had a great many research interactions and collaborations. I’ve met people at all hours and various locations, including coffee shops, restaurants, and private homes. I’ve never had to worry about the potential for sexual harassment, nor that I would be judged by my looks or what I wear. I am the type of person that speaks their opinion loudly, perhaps sometimes a little too loudly. In my experience, women that act the same are judged by a different standard and often “rub people the wrong way” and get tagged as having problematic personalities. Also, I was never afraid to ask potentially stupid questions. I did not need to fear that asking such a question would confirm people’s bias about me that I don’t belong in this field. Asking potentially stupid questions is one of the most useful ways to learn and evolve as a scientist.
Last but not least, I would most definitely not be where I am if my wife did not quit her job in Israel to move with me across the Atlantic for my postdoc. Also, while I think of myself as an involved father, I have to admit that Ravit still does more of the childcare duties. (As I’m reading this out loud, my daughter is commenting that I am not such an involved father…) Again, I am not saying that all male scientists are like me, nor that there are no female scientists that greatly rely on the support of their partners, but I don’t think my situation is atypical.
On more general terms, one misconception I see about science in such discussions is that it is about “things” or “facts” and not people, and hence perhaps should be free of biases.
But in fact science is an extremely social enterprise. Since graduating, I have never written a solo paper. Much of my work is spent talking to people in front of a whiteboard or notepad, and I’ve learned a great deal from discussions with fellow scientists. This also explains why certain subfields of science can have outlying gender or ethnicities ratios. People just feel more comfortable working with others similar to them, and role models greatly influence the fields students choose to pursue. For example, there is nothing innately Hungarian about combinatorics. Similarly, there is nothing innately feminine about cryptography, but rather a few extremely strong female scientists have had a huge effect. The influence of people such as Shafi Goldwasser, Tal Rabin, and others has not been limited just to their (amazing) research results but also as role models and mentors to many female cryptographers (and many male cryptographers as well, myself included).
I don’t like the expression “leveling the playing field” because Science is not a game. This is not about competing but about collaborating with each other to uncover the mysteries of the universe. But us males (especially those that, like me, come from amply represented ethnicities), should be aware and grateful for the advantages we’ve had in our careers. We should not try to remove these advantages: access to role models, freedom from bias, ease of networking, are all good things. We should however strive for a world where everyone enjoys the same benefits. In such a world we’ll have more scientists that are more productive and happier, and that will only be better for science.
Early registration deadline for the conference is Sept 25th, 2017.
Speaking of workshops, there is one way to guarantee that FOCS has a workshop in an area you care about, and it is to organize such a workshop yourself!
Speaking from experience, organizing a workshop is non-zero but not unmanageable amount of work. It is a great way to connect with colleagues in your area, as well as expose some other people in the TCS community to it. The call for workshops is now up at http://focs17.simons.berkeley.edu/workshopAndTutorial.html
A proposal for a workshop can be quite minimal – the main thing you need is the names of the organizers and speakers. To submit a proposal, send an email to Aleskander Mądry and James Lee by September 3, 2017.
Of course there are results such as the time hierarchy theorem and Ladner’s theorem that tell us that “intermediate complexity” do exist, but the hope is that this doesn’t happen for “natural” problems.
(In particular, we can artificially create problems of complexity or by padding exponentially hard problems. This is one of the reasons why Impagliazzo Paturi and Zane argued that for NP problems, the parameter should be thought of the solution size and not the input size.)
One family of natural problems are constraint satisfaction problems (CSPs). For some finite alphabet and constant , a CSP is characterized by a set of predicates from .
The input for is a collection of functions , each of which applies some predicate in to a -subset of its coordinates.
The basic task in CSPs is exact satisfiability, where the goal is to tell whether there is some assignment for the inputs that such that .
The celebrated CSP dichotomy conjecture (which perhaps should now be called a theorem) implies (in its modern, algebraic form) that for every , either there is a polynomial-time (in fact I believe that at most time) algorithm for the exact satisfiability of or there is a constant-factor blowup reduction from 3SAT to , implying that (under the exponential-time hypothesis or ETH) its complexity is .
The approximation problem for is parameterized by two numbers (known as the soundness and completeness paramters) and asks to distinguish, given an input of , between the case that there is some assignment such that , and the case that for every . There is one sense in which understanding the complexity of the approximation problem is easier, since in the context of approximation, the pesky difference between 3SAT and 3XOR (bane of many failed NP vs P proofs, and the main reason the dichotomy conjecture is so hard to prove) disappears. On the other hand, in this context a problem such as BIPARTITNESS (or ), which was in the EASY column of exactly solving, become the NP-hard problem of Max-Cut.
One of the most fascinating consequences of the Unique Games Conjecture is that, if it is true, then there are in fact CSPs for which their approximation is neither EASY nor HARD. That is, the Unique Games Conjecture (plus the ETH) implies the following conjecture:
Intermediate Complexity Conjecture: For every , there exist some , and such that vs approximation of can be done in time but (the potentially easier) vs approximation cannot be done in time .
This is a consequence of the subexponential time algorithm for unique games, which in particular implies that for, say, , there is some that tends to zero with such that the vs problem for the unique games CSP can be solved in time .
On the other hand, the Unique Games Conjecture implies that for every , no matter how close is to zero, or is to , the vs problem for unique games is NP hard and hence (under the ETH) cannot be solved in time .
I find this conjecture very fascinating. A priori, we might expect a zero one law for CSP’s complexity, where, depending on the approximation quality, one could either solve the problem in time or require at least time. Indeed, we have good reasons to believe that predicates such as 3XOR and 3SAT satisfy such a zero/one law. But, if the intermediate complexity conjecture is true then for some predicates (such as unique games itself, and probably even max cut, which can hardly be called “unnatural”) we would get a non-trivial curve of the running time vs approximation quality, that looks something like this:
Figure 1: Conjectured time complexity of vs approximation of unique games as a function of assuming the unique games conjecture. The UGC characterizes the threshold when the time complexity becomes for some , while there is also a (not yet fully determined) threshold when there is a linear blowup reduction from 3SAT and hence (under the ETH) the complexity is .
(One other setting where people were not sure if the complexity of some finitely specified object must be either exponential or polynomial is group theory, where one can define the complexity of a finitely generated group as the number of distinct elements that can be generated by a word of length $n$. There it turned out there are groups of “intermediate complexity”.)
What is also quite interesting is that we might be able to prove the intermediate complexity conjecture without resolving the UGC. In an exciting recent work, Dinur, Khot, Kindler, Minzer and Safra gave a combinatorial hypothesis that, if true, would imply the NP hardness of vs approximation for unique games where , and can be arbitrarily close to . Thus, if their hypothesis is true then, combined with the subexponential time algorithm mentioned above, it would imply the intermediate complexity conjecture. (If the construction is improved to obtain completeness that is close to then of course it would prove the unique games conjecture as well.)
Through discussions with Pravesh Kothari and David Steurer, we showed that the DKKMS combinatorial hypothesis is equivalent to a fairly simple to state statement. Informally, it can be stated as follows: let be the graph on binary matrices, such that two matrices have an edge if has rank one over GF(2). (UGC/PCP experts might recognize this graph as the degree two short code graph.) This graph is not a small set expander in the sense that, if you think about it for few minutes, you see that there are sets matrices of measure such that if we pick a random and a random neighbor of , then with constant probability will also be in . The DKKMS hypothesis is equivalent to the conjecture that these sets that you think about after few minutes encompass all such examples.
Let me state this more formally: Lets say that a subset is a basic set if or where are column vectors. Note that each such set has measure among all matrices and that a random neighbor of an element in will be in with probability . For every constant , you can clearly construct a set where a random neighbor stays inside with probability by intersecting basic sets. You can also keep this probability constant even if you just subsampled a constant fraction of this intersection (and you can add a few random vertices as well). The DKKMS hypothesis is equivalent to the statement that this is all you can do. That is, it is equivalent to the following statement:
Inverse short code conjecture: For every there exists some and such that if is large enough and is the graph above with vertex set and if , then for every , if satisfies then there are basic sets such that satisfies .
I call this an “inverse conjecture” since it is aimed at characterizing the sets that have unusually small expansion in the short-code graphs in terms of their correlation with basic sets.
I find it a natural question, though have to admit that, despite thinking about it some time (and also talking about it, not just with David and Pravesh but also Irit Dinur, Shachar Lovett and Kaave Hoesseini) I still don’t have a strong intuition whether it’s false or true.
Given that the short code graph is a Cayley graph over the Boolean cube, this seems like a question that could be amenable to tools from Fourier analysis and additive combinatorics.
Some partial progress has been made by the DKKMS folks in their new manuscript.
In fact, the same observations show that their original hypothesis is also equivalent not just to the “inverse short code conjecture” but also to Hypothesis 1.7 in this report, which is an analogous “inverse conjecture” for the Grassmanian graph where, for , the vertices are dimension subspaces of , and two subspaces are neighbors if their intersection has dimension .
Nevertheless, at the moment this question is still wide open, and I hope this writeup encourages more people to work on it. Other than resolving this question, there are some other interesting research directions, including:
The underlying building block for DKKMS is a problem known as a smooth label cover. This is not precisely a CSP, but can we show that it has intermediate complexity? i.e., give a subexponential time algorithm for it? If the DKKMS hypothesis is correct then we know that such an algorithm should be an SDP hierarchy.
Suppose the combinatorial hypothesis is true, is there an inherent reason why its proof should not be a low degree SOS proof? After all, related isoperimetric results on the short code graph have been shown by low degree SOS proofs. Also, is the proof of the current best bounds coming from the DKKMS manuscript SOS-izable?
The quantiative bounds for the DKKMS reduction are terrible. I haven’t worked out all the details but it seems that the reduction from 3XOR to vs approximation of unique games would map an variable instance to an instance of at least (or maybe even ) size. Is this inherent?
Is there a general conjecture that would predict for (say even if is a single predicate) and what should be the time complexity of vs approximation for it? We have some approaches of trying to predict when the complexity should be by considering pairwise independent distributions. I feel like a conjecture trying to characterize what can be done in time would have something to do with defining a suitable notion of “$(1+\epsilon)$-wise independent distributions” perhaps via concepts of mutual information. For example, perhaps we can argue that a smooth label cover is a -wise independent CSP to a certain extent.
This fall I will be teaching CS 121 at Harvard: Introduction to Theoretical Computer Science.
This type of “intro theory” course is taught at many universities, sometimes under the name “introduction to the theory of computation” or “computability and automata”, typically using Sipser’s excellent book.
Sipser’s book is incredibly well-written and liked by students, but there have been many developments in theoretical computer science and CS at large since it was written, both in terms of new results, techniques, and applications, as well as new emphases and points of view on this area.
So what should an “intro TCS” course contain these days?
My sense is that this course is first and foremost about studying computation in its own right, as opposed to being a tool to solve other problems.
This is not just about computability and complexity, but also about looking at different ways to measure the “goodness” of algorithms, especially given the drastic change in the way algorithms interact with the world these days.
So, for example, students in such a course should get at least some awareness of questions such as privacy or incentive-compatibility, even if doing these topics justice requires dedicated courses.
Another point that should be “hammered in” more is of hardness as a resource.
This of course arises in derandomization and cryptography, where recently cryptocurrencies have been quite explicit about equating computational difficulty with “mining” precious metals.
The interaction of computation with the physical world need to also be covered, and these days an “intro TCS” course cannot skip talking about quantum computing, which is our current best approach for modelling physically feasible computation.
But more than anything, considering computation as an object in its own right forces students to change their way of thinking, and truly come to terms with questions such as how do we model computation, how code is also data, and all the self-referential “paradoxes” and complications this entails.
This has always been present in “intro TOC” courses, but students can sometimes lose the big perspective while working on the n-th proof of non-regularity using the pumping lemma, or the m-th NP hardness reduction.
I am of course not alone in thinking of the need for a “more modern” intro TCS course.
See for example, Scott Aaronson’s MIT course. Also CMU’s renowned (or is it infamous? ) Great Ideas in TCS has been following such an approach for quite a while, and the folks at CMU have been very kind with advice and suggestions.
There are also books such as Aaronson’s Quantum Computing Since Democritus and Moore and Mertens’ The nature of computation that take a similar perspective, though neither is quite appropriate as an introductory undergraduate textbook.
Thus, I am working on writing a new set of lecture notes, which are available on http://www.introtcs.org.
These notes are very much a work in progress, and I welcome comments and suggestions.
In particular, the source for these notes is posted on a github repository and people are very much invited to use the issues and pull requests features there to post suggestions, comments, and point out (or even fix!) typos and bugs.
Some of the differences between these notes and the typical treatment include the following:
foo := bar NAND baz
assigns to the variable foo
the result of the NAND of the variables bar
and baz
. There are no loops, if statements, or subroutines, so this corresponds to straightline programs that are of course the same as Boolean circuits. Since students are already familiar with programming, I believe that starting with such an ultra-simple programming language makes things more concrete. Moreover, thanks to the efforts of my wonderful teaching fellow Juan Esteller, there is an implementation of the NAND, NAND++, and NAND<< programming languages that are taught in this course.NAND
programming language to the NAND++
programming language that allows loops by simply stipulating that the program execution goes back to the first line if the loop
variable has the value 1
. We also introduce an index variable i
so that we can use foo_i
to access a potentially unbounded memory. Of course, this is equivalent to Turing machines, and we show this equivalence (as well as equivalence to the lambda calculus and other models) . We also give a further enhancement of the NAND++ language that is equivalent to RAM programs, and so allows us to measure running time in the same it is measured in algorithms courses.
It is definitely an ambitious plan that will not make for an easy course to take or to teach.
Some might say that it’s a “recipe for disaster” but the saving grace is that, with the help of Salil Vadhan, we have assembled a wonderful teaching staff that should be a great help for the students in keeping up.
I will report back on how realistic it was at the end of the term.
Even with our fast pace, there are many areas of theory that are not mentioned above, but students should be exposed to. I hope to cover some of these topics in this course, or at least write lecture notes about them so that curious advanced students could read about on their own.
Once again, much of this is not novel, and courses such as the ones mentioned above have taken similar approaches. However, I still hope these notes can serve a useful resource for other people who teach similar courses.
Acknowledgements: These lecture notes are constantly evolving, and I am getting input from several people, for which I am deeply grateful.
Thanks to Jarosław Błasiok, Chi-Ning Chou, Juan Esteller, Alex Lombardi, Thomas Orton, Juan Perdomo, and Ryan Williams for helpful feedback.
Thanks to Anil Ada, Venkat Guruswami, and Ryan O’Donnell for helpful tips from their experience in teaching CMU 15-251.
Thanks to Juan Esteller for his work on implementing the NAND* languages.
Thanks to David Steurer for writing the scripts that we used for notes on sum of squares and that I am now repurposing to produce these notes and for his endless patience with me as I attempt to learn concepts such as git and makefiles. David’s code itself is based on several other packages, including pandoc, LateX, and the Tufte LaTeX and CSS packages.
Having entered into the organization of TheoryFest 2017 with some trepidation, we organizers were very relieved to see feedback such as “Best. STOC. Ever”. This post shares with you the feedback we got from attendees, and our plans for the next couple of years.
Important: Next year’s Theory Fest will be June 25-29, 2018 in downtown LA. See you there!
Location, location, location. Smack in the middle of lovely Montreal, in the midst of an ongoing street festival/party, and within walking distance to the waterfront and good restaurants. I wouldn’t complain if the conference were held here every year!
No catered lunches. This greatly reduced registration fees, and (together with the weak Canadian dollar) allowed us to be more generous with food and drink during breaks (including an open bar on three nights!). It also encouraged attendees to explore Montreal a bit more.
Every STOC paper also presented at poster session: a hit. Billed as the most controversial aspect of the TheoryFest, this ended up (based upon in-person and online feedback) as the most positive change. Respondents said they expected to hate poster sessions and ended up loving them. Having experienced the energy of poster sessions at non-theory conferences, I am not surprised. (We head the complaint that the poster room was a bit noisy, and will address it.)
Energy level. A day filled with different kinds of events seems to help keep up people’s energy levels. Attendance at the talks was high; I saw hardly any people loitering about in the public areas during talks. Possibly, it helped that STOC talks were in three parallel sessions; 50% more choice of topics at any given moment.
Highest attendance among STOC/FOCS held abroad. 377 attendees, which is quite high for the past decade.
Junior-senior lunches. Via a google doc page, 3 junior researchers (grads/postdocs) got to sign up to go to lunch with a senior researcher. These lunches got rave reviews, though not enough people participated due to the short notice. Next time we’ll be better organized.
117 attendees have responded thus far to our online survey. Their average satisfaction with TheoryFest was 4.5/5 .
Large majorities (>75%) found the amount of time devoted to various sub-components “about right.”
In terms of quality, the poster session was the biggest hit, followed by the plenary long talks. STOC paper talks had somewhat weaker ratings. Here’s a more detailed feedback.
Given the general support for the changes introduced this year, next year’s event will see no more drastic changes; merely tweaks to improve the overall experience.
Some feedback we received include:
“Stoc talks need to be longer.” “Short stoc talks worked well; could shorten even more.”
The alternatives we see are:
Both options have significant minority support but appear to lack majority support, which was the reason behind our split-the-baby decision of 17 min talks in 3 parallel sessions. We welcome further discussion. (The PC Chair Valerie King commented to me that she’d expected to dislike 17 min talks but ended up preferring this format.)
“The middle three days were a bit tiring; stretching from 9am to 10:30pm.”
We realize this and don’t see a good alternative. We hew to the philosophy that a big-tent theory conference should offer a large buffet of content, and attendees are free to decide how much to partake. One major problem with the old setup of STOC was an artificial cap on content —and arguably the day was nevertheless long and monotonous. Nobody complained about monotony this time.
“Some short plenary talks weren’t geared to a STOC audience.”
We’ll address this by assigning each outside speaker a “theory envoy” who will give them feedback on their slides and talk plan. But clearly, the problem will never go away 100%.
Overall, we welcome your feedback! If you didn’t fill out your Theory Fest survey thus far, please do so asap before we close it out, and feel free to also post your feedback as comments to this post.
ITCS is a conference that stands apart from all others. For a decade now, it has been celebrating the vibrancy and unity of our field of Theoretical Computer Science. See this blog post for a detailed discussion of what makes ITCS so cool and the brief description of ITCS’17 at the end of this post.
ITCS seeks to promote research that carries a strong conceptual message (e.g., introducing a new concept, model or understanding, opening a new line of inquiry within traditional or interdisciplinary areas, introducing new mathematical techniques and methodologies, or new applications of known techniques). ITCS welcomes both conceptual and technical contributions whose contents will advance and inspire the greater theory community.
This year, ITCS will be held at MIT in Cambridge, MA from January 11-14, 2018.
The submission deadline is September 8, 2017, with notification of decisions by October 30, 2017.
Authors should strive to make their papers accessible not only to experts in their subarea, but also to the theory community at large. The committee will place a premium on writing that conveys clearly and in the simplest possible way what the paper is accomplishing.
Ten-page versions of accepted papers will be published in an electronic proceedings of the conference. However, the alternative of publishing a one page abstract with a link to a full PDF will also be available (to accommodate subsequent publication in journals that would not consider results that have been published in preliminary form in a conference proceedings).
You can find all the details in the official Call For Papers.
On last year’s ITCS (by the PC Chair Christos Papadimitriou)
This past ITCS (2017) was by all accounts the most successful ever. We had 170+ submissions and 61 papers, including 5 “invited papers”, and 90+ registrants, all new records. There was a voluntary poster session for authors to get a chance to go through more detail, and the famous Graduating Bits event, where the younger ones get their 5 minutes to show off their accomplishment and personality.
The spirit of the conference was invigorating, heartwarming, and great fun. I believe none of the twelve sessions had fewer than 70 attendees — no parallelism, of course — while the now famous last session was among the best attended and went one hour overtime due to the excitement of discussion (compare with the last large conference that you attended).
Many people helped in making TheoryFest happen (my own role was quite limited: chairing the short invited paper committee), but two people that I think are worth singling out are the general chairs Hamed Hatami and Pierre McKenzie. Doing local arrangements often means a lot of work dealing with hotels, food, registrations, etc., without much recognition, but they really did an amazing job.
I might attempt later some longer expositions of some of the talks, but in the meantime, see Suresh’s and Dick’s posts. Luca writes about the awards. The best student paper awardee, Pasin Manurangsi, gave a wonderful talk about his almost tight hardness of approximation result for the classical densest-k-subgraph problem. He managed to explain clearly what the result is, what are the limits of what we can hope for, and convey the main ideas of the proof, all in a 20 minute talk. The proof itself is beautiful: the reduction (from 3SAT) is simple and natural, but the analysis is quite subtle, combining clever new ideas with classical results in combinatorics.
Tomorrow is the workshop day which I am also looking forward to. Tselil Schramm said that we should probably have called our SOS workshop a “wutorial” since, while we will cover some “hot off the presses” results, we are planning to mostly make the talks an accessible introduction to the field. In particular, Pablo Parrilo’s talk will be a broad overview of the sum of squares algorithm’s history, applications, and connections to other areas. (See my previous post for description of all the talks.) That said, there are some other great workshops in parallel to ours. That is probably one of the biggest problems with TheoryFest – too much great content and too little time..
I am already seeing several times that I would like to attend two or three of the talks that occur in parallel. One day where this would definitely be the case is during the workshops.
All of them seem very interesting. Eli mentioned the workshop on PCP’s. It’s amazing to see how the probabilistically checkable proofs, that at the time I was a student seemed like the quintessential hard and abstract area of theory, is now the foundations for startup companies.
The workshop on “user friendly” methods from continuous optimization could also be very useful. One of the drawbacks to a method being so useful is that because many communities use it, the same concepts can be described in very different ways and terminologies. Recently some significant advances were made by bridging together ideas from optimization and TCS, and this workshop is organized by some of the experts who did that, and can help the rest of us understand these different viewpoints.
The workshop on mechanism design has a packed schedule of many of the experts in this area including sessions about the tradeoffs of simplicity (which is often crucial for mechanism) and connections to learning. Speaking of learning , the workshop on machine learning has a full day of talks on what is now one of the most active areas of interaction with theory. In fact, learning research is so active that it has direct interactions with several of the areas (such as continuous optimization, mechanism design, and sum of squares) that are in the concurrent workshops… but we TCS people know that bounded resources often necessitate tradeoffs.
I am involved in organizing (with Pablo Parrilo and Tselil Schramm) one of the workshops – on the sum of squares algorithm . This workshop will consist of tutorial style talks, that assume only general TCS background, but will talk also about very recent works.
Pablo (who is one of the inventors of the SOS algorithm) will talk about some of its applications outside TCS and then about how the symmetry reduction technique, which is important in practical applications, turns out to be also crucial for proving combinatorial inequalities on graphs using flag algebras.
Tselil will talk about spectral algorithms inspired by SOS, and how these can be used to give new algorithms, and sometimes even quite efficient ones, that avoid using general SDP solvers.
Sam Hopkins will talk on obtaining SOS lower and upper bounds using a computational Bayesian perspective in the context of planted problems such as planted clique, community detection, etc.., and how low degree statistics play a crucial role.
Finally, I will talk about whether SOS could be an “optimal algorithm” and what’s the relation to Khot’s Unique Games Conjecture. If you want to know what this means, or are one of the people who cringe at the notion of an “optimal algorithm” and want to upbraid me in person, this talk will be for you.
Attendees of the SODA’17 business meeting may recall our proposal for an algorithms conference dedicated to simplicity and elegance. We appreciate all the encouragement that we received from the community.
Thanks to the support from SIAM, the First Symposium on Simplicity in Algorithms (SOSA) will happen, and will be co-located with SODA’18, with a submission deadline of mid-to-late August (TBA). Raimund Seidel is the first PC Chair and is now assembling an impressive PC.
We’d like to encourage algorithms researchers to think about potential submissions.
SOSA is dedicated to advancing algorithms research by promoting simplicity and elegance in the design and analysis of algorithms. The benefits of simplicity are manifold. Simpler algorithms improve our understanding of hard problems; they are more likely to be implemented and trusted by practitioners; they are more easily taught and are more likely to be included in algorithms textbooks; they attract a broader set of researchers to tackle difficult algorithmic problems.
Simplicity is prized in our community. We love to learn and teach algorithms that are “from The Book.”
However, simplicity frequently goes unrewarded. Often there is no appropriate venue to publish an alternative solution to a problem, especially if the new solution has a slightly worse running time. It’s almost a cliche to hear: “What a pretty result.” “Yep. We won’t be able to publish it.”
There are many reasons that a result could qualify as simple. For example, a submission might
• introduce a new simpler algorithm,
• present a simpler analysis of an existing algorithm, or
• offer insights that generally simplify our understanding of important algorithmic problems.
We hope that you’ll share your simple and elegant results by submitting them to the 1st SOSA. Short and sweet papers are especially encouraged.
Your algorithms may already appear in “The Book,” but we’d also like to see them in SOSA.
The SOSA Steeting committee,
M. Bender, D. Karger, T. Kopelowitz, S. Pettie, R. Tarjan, and M. Thorup
Eli Ben-Sasson
You probably heard of Bitcoin, the crypto-currency invented in 2008 by an unidentified person (or persons) under the pseudonym Satoshi Nakamoto. When I started working on this blog post, Bitcoin’s market cap was around 30B USD. Now, a month later, it exceeds 40B USD. Although its long-term price stability is debatable, it has already spawned hundreds of similar crypto-currencies and a flourishing startup econony. It is also the method of payment preferred by certain ransomewares.
I got involved with crypto-currencies when I attended the Bitcoin Conference in San Jose in May 2013, to talk about how implemented cryptographic proof systems, like PCPs and ZK, could benefit Bitcoin. This led to my involvement in Zerocash (academic paper), and ZCash (its implementation as a crypto-currency); but that’s a topic for a different blog post. That conference was, by far, the most electrifying I have ever attended. The atmosphere was manic and there were lines of people waiting to get autographs from Bitcoin core developers (!). The excitement wasn’t just because Bitcoin’s price recently soared (though that certainly helped) but because people sincerely felt that they were “writing History”.
Time will tell if Bitcoin is a disruptive technology or just a modern Tulip Mania. But Bitcoin did already achieve something quite amazing. It showed for the first time (to the best of my knowledge) that cryptographic protocols over a decentralized network can practically replace functions that, so we thought, can only be managed by a Central Trusted Party (CTP). In the case of Bitcoin, this function is Fiat Money (explained below). Bitcoin’s moto, “In Crypto We Trust”, says it all. I admit that this revelation, that Money can be created “out of thin air” in this manner, and that people all over the world will attach economic value to it, has surprised me even more than the success of Wikipedia. Like Wikipedia, I never would have guessed it to be possible.
Fiat Money: Way back, Money was associated with physical resources whose amount is limited by Nature, like seashells or gold. Money still takes this form, of physical limited resources, in closed micro-societies like prisons (cigarettes) and elementary schools (bubble gum wrappers, in mine). Fiat means in Latin “it shall be”; Fiat Money is a resource made limited by decision and, prior to Bitcoin, this decision laid in the hands of CTPs like Central Banks, whose Monetary Policy determines how much money is minted (or removed from circulation) and who gets it.
Bitcoin’s protocol has set in stone an ingeniously simple monetary policy that incentivizes participants to reach consensus regarding Bitcoin’s decentralized payment-ledger, called the blockchain. If you haven’t heard yet about mining and blockchain, you should spend a few minutes and watch one of these excellent introductory videos [1, 2], or read one of these short explanations [1, 2].
My brief redux of it appears at the end of this post.
The connections between Bitcion and TCS and old and strong. Bitcoin’s reliance on moderately hard functions goes back to the fundamental TCS work of Dwork and Naor on combatting spam-mail. The consensus mechanism that Bitcoin uses addresses in a novel way the Byzantine agreement problem, a cornerstone of distributed computation dating back to the 1980 work of Pease, Shostak and Lamport, and understanding the exact nature of this solution is a matter of ongoing research [cf. 1, 2, 3].
As a theoretician who happens to talk to Bitcoin (and other crypto-currency) developers, I am constantly impressed by how deeply they care about our research, and how passionate they are about learning it. This is a gratifying experience that I have not had in prior areas of theory that I have worked in. I believe this feeling is shared by other theoreticians working in this space.
But most importantly for theoreticians, Bitcoin’s core innovation, the creation of economic value from protocols and algorithms, makes you wonder. Human societies have used various ways to reach consensus and govern pooled resources. Fiat Money is just one case, and things like Law, Politics and Government loom behind. Could some other concoction of crypto and economic incentives lead to the practice of new forms of Governance?
You can hear more next week at the Theory Fest in Montreal:
+ Monday, June 19: Aviv Zohar will give a tutorial on Decentralized Cryptocurrencies
The ideal functionality that Bitcoin attempts to simulate is that of an append-only ledger, or sequence, of transactions (like “Alice pays Bob 10 coins”) that are individually valid (Alice has 10 coins in her disposal before paying Bob). The real-world model in which Bitcoin tries to simulate this is a decentralized and dynamically evolving network of nodes, or miners; each miner is assumed to be anonymous, rational, and selfish. Bitcoin suggests a simple protocol that ensures that a sufficient majority of honest nodes agrees on a valid prefix of the transaction ledger, and furthermore is incentivized to accept new transactions. Transactions fees suffice to incentivize miners to add new transactions to the ledger. Reaching consensus is the tricky part. Bitcoin’s protocol incentivizes miners to reach consensus by paying a reward of C new coins to the first miner that manages to extend the blockchain by a new valid block. The miner reward is part of that block, and this is how new money is printed. All miners record (their view of) the whole blockchain, and will reject a block if it contains even a single invalid transaction; this incentivizes miners to report only valid blocks (recall the miner’s reward is part of her reported block).
The reward is a hefty sum (at time of writing, more than 35,000$), so miners compete to win it. The winner is the first miner that solves a moderately hard problem (MHP) P(B,b) that is specified by the blockchain state B and the new block b that the miner is attempting to append to B. While the problem is moderately hard to solve, verifying correct solutions for P(B,b) is easy. Satoshi’s protocol says that miners should always attempt to extend the longest valid blockchain. If Alice announces her solution first, most likely (up to network delays) most honest miners will accept the solution, and consequently will try to extend the new, longer, blockchain B’=B||b. As long as a majority of mining computation power is honest, an attacker has low probability of success in rewriting the blockchain history because the “honest history” will grow longer much faster than his “dishonest” version of it. Thus, the much needed stability property is achieved in Bitcoin.