The communication complexity of interleaved group products

Abstract

Alice receives a tuple (a1,...,at) of t elements from the group G = SL(2,q). Bob similarly receives a tuple of t elements (b1,...,bt). They are promised that the interleaved product prodi ≤ t ai bi equals to either g and h, for two fixed elements g,h ∈ G. Their task is to decide which is the case. We show that for every t ≥ 2 communication Ω(t log |G|) is required, even for randomized protocols achieving only an advantage ε = |G|-Ω(t) over random guessing. This bound is tight, improves on the previous lower bound of Ω(t), and answers a question of Miles and Viola (STOC 2013). An extension of our result to 8-party number-on-forehead protocols would suffice for their intended application to leakage-resilient circuits. Our communication bound is equivalent to the assertion that if (a1,...,at) and (b1,...,bt) are sampled uniformly from large subsets A and B of Gt then their interleaved product is nearly uniform over G = SL(2,q). This extends results by Gowers (Combinatorics, Probability & Computing, 2008) and by Babai, Nikolov, and Pyber (SODA 2008) corresponding to the independent case where A and B are product sets. We also obtain an alternative proof of their result that the product of three independent, high-entropy elements of G is nearly uniform. Unlike the previous proofs, ours does not rely on representation theory.