Violating Constant Degree Hypothesis
Requires Breaking Symmetry

In this paper we prove that symmetric ${\text{MOD}}_q\circ {\text{MOD}}_p\circ {\text{AND}}_d$ circuits computing ${\text{AND}}_n$ have exponential size. A key to the proof is to analyze the periodic behaviour of the functions computed by such circuits. Our techniques work also when $d$ is unbounded and is considered as a function of $n$. The following theorem characterizes the periodic behaviour of such functions.

To fully understand the periodic behaviour of ${\text{MOD}}_q\circ {\text{MOD}}_p\circ {\text{AND}}_d$ circuits, we would also like to construct relatively small circuits given a function $f$ with period of the form $p^{k_p}{q}^{k_q}$. We present such a construction below in Proposition 19. The most interesting consequence of this construction is that we get a tight characterization of the periodic behaviour of functions computed by quasipolynomial-size ${\text{MOD}}_q\circ {\text{MOD}}_p\circ {\text{AND}}_d$ circuits (recall that a quasipolynomial is a function of the form $2^{{\log }^{k}n}$ for some constant $k$).

Next let us consider the case of the ${\text{AND}}_n$ function more carefully. The following theorem is a careful application of Theorem 1.

Note that the restriction $d\le \sqrt{n}$ still includes the most interesting case. Indeed, for $\sqrt{n}\le d\le n-\sqrt{n}$ we get an almost trivial lower bound of $2^{\sqrt{n}}$ (see Theorem 21). Moreover, Theorem 3 suggests an interesting trade-of between the degree and the size at $d\approx \sqrt{n}$. Then we can reach a lower bound for the size of the form $2^{\mathrm{\Omega }(\sqrt{n})}$.

As a direct consequence of Theorem 3 we get the desired result for ${\text{AND}}_n$.

Before we go to the more technical part, let us briefly mention an opposite perspective on the results of this paper. Although current evidence seems to support CDH and lower bounds for ${\text{AND}}_n$ for general ${\mathrm{𝖢𝖢}}_h[m]$ circuits, it is known that ${\mathrm{𝖢𝖢}}_h[m]$ circuits using $O(\log n)$ random bits are able to compute ${\text{AND}}_n$ in polynomial size [25]. This was even improved in [31], by showing that ${\text{MOD}}_q\circ {\text{MOD}}_p$ circuits can also be used for representing ${\text{AND}}_n$ in this probabilistic model. This might be interpreted as a argument against lower bounds, because now it is enough to derandomize the construction for ${\text{MOD}}_q\circ {\text{MOD}}_p$ circuits. We already understand these $2$-level circuits relatively well (to the point that we can prove strong lower bounds for them for the ${\text{AND}}_n$ function itself). Our Corollary 4 implies that one cannot construct ${\text{AND}}_n$ with polynomial-size symmetric ${\text{MOD}}_q\circ {\text{MOD}}_p\circ {\text{AND}}_d$ circuits. Hence, to make short deterministic constructions one needs to either go beyond the symmetric setting or consider larger depths.

The paper is organized as follows: in Section 2 we fix our notation on circuits as well as hypergraphs and group actions. These notions are essential in the later study of the symmetric structure of circuits. In Section 3, we describe how to rewrite a circuit into a nicer form that we use throughout the paper. Then in Section 4 we present our key lemmas including proofs or short proof sketches and show how to derive our main results. The missing proofs can be found in the full version on arXiv [32]. In Section 5 we add some discussion of our results.

For $d\in \mathbb{N}$ we write $[d]$ for the set of integers $\{1,\mathrm{\dots },d\}$. For a set $X$ we denote its power set by $𝒫(X)$. A hypergraph on a set of vertices $V$ is a pair $(V,E)$ with $E\subseteq 𝒫(V)\text{<foreignobject height="4.3pt" overflow="visible" transform="matrix(1 0 0 -1 0 16.6)" width="2.9pt"><img src="x2.png" id="S2.SS0.SSS0.P0.SPx1.p1.m8.g1nest" class="ltx\_graphics ltx\_img\_portrait" width="6" height="8" alt="[Uncaptioned image]" style="width: 6px; height: unset; max-width: 100\%"></foreignobject>}\{\mathrm{\varnothing }\}$. A ${𝔽}_p$-labeled hypergraph is a pair $G=(V,\lambda )$ where $\lambda :(𝒫(V)\text{<foreignobject height="4.3pt" overflow="visible" transform="matrix(1 0 0 -1 0 16.6)" width="2.9pt"><img src="x3.png" id="S2.SS0.SSS0.P0.SPx1.p1.m11.g1nest" class="ltx\_graphics ltx\_img\_portrait" width="6" height="8" alt="[Uncaptioned image]" style="width: 6px; height: unset; max-width: 100\%"></foreignobject>}\{\mathrm{\varnothing }\})\to {𝔽}_p$. We obtain an (unlabeled) hypergraph by setting $E=\{e\subseteq V\mid \lambda (e)\ne 0\}$ and call each $e$ with $\lambda (e)\ne 0$ an edge of $G$. Thus, an ${𝔽}_p$-labeled hypergraph is indeed a hypergraph where we assign to each edge a number from ${𝔽}_p\text{<foreignobject height="4.3pt" overflow="visible" transform="matrix(1 0 0 -1 0 16.6)" width="2.9pt"><img src="x4.png" id="S2.SS0.SSS0.P0.SPx1.p1.m17.g1nest" class="ltx\_graphics ltx\_img\_portrait" width="6" height="8" alt="[Uncaptioned image]" style="width: 6px; height: unset; max-width: 100\%"></foreignobject>}\{0\}$. Moreover, $(V,\lambda )$ is called an ${𝔽}_p$-labeled $d$-hypergraph if for all $e\in 𝒫(V)$ with $\left|e\right|>d$ we have $\lambda (e)=0$. We write ${\mathscr{H}}_p^d(V)$ for the set of ${𝔽}_p$-labeled $d$-hypergraphs on $V$. For $C\subseteq V$ we write $\overline{C}=V\text{<foreignobject height="4.3pt" overflow="visible" transform="matrix(1 0 0 -1 0 16.6)" width="2.9pt"><img src="x5.png" id="S2.SS0.SSS0.P0.SPx1.p1.m29.g1nest" class="ltx\_graphics ltx\_img\_portrait" width="6" height="8" alt="[Uncaptioned image]" style="width: 6px; height: unset; max-width: 100\%"></foreignobject>}C$ for the complement of $C$.

If $G=(V,\lambda )$ and $H=(V,\zeta )$ are ${𝔽}_p$-labeled hypergraphs on the same set of vertices $V$, we define $G+H$ (resp. $G-H$) as $(V,\lambda +\zeta )$ (resp. $(V,\lambda -\zeta )$) where $\lambda +\zeta$ denotes the point-wise addition. We interpret any subset $E\subseteq 𝒫(V)\text{<foreignobject height="4.3pt" overflow="visible" transform="matrix(1 0 0 -1 0 16.6)" width="2.9pt"><img src="x6.png" id="S2.SS0.SSS0.P0.SPx1.p2.m10.g1nest" class="ltx\_graphics ltx\_img\_portrait" width="6" height="8" alt="[Uncaptioned image]" style="width: 6px; height: unset; max-width: 100\%"></foreignobject>}\{\mathrm{\varnothing }\}$ as a hypergraph by setting $\lambda (e)=1$ if $e\in E$ and $\lambda (e)=0$ otherwise (be aware of the slight ambiguity as $V$ is not uniquely defined by $E$ – but it always will be clear from the context). Thus, we have defined the addition $G+E$ (resp. $G-E$). We extend this to $G+e=G+\{e\}$.

For any set $V$ we denote the group of permutations on $V$ by $\mathrm{Sym}(V)$ (i.e., the symmetric group). For an integer $n$ we write $\mathrm{Sym}(n)$ or $S_n$ for the abstract symmetric group acting on any $n$-element set. Any subgroup $\mathrm{\Gamma }\le \mathrm{Sym}(V)$ acts faithfully on $V$ and is called a permutation group. A subset $U\subseteq V$ is called an orbit of the action of $\mathrm{\Gamma }$ on $V$ if $U=G\cdot x$ for some $x\in V$. If there is only one orbit, the action of $\mathrm{\Gamma }$ on $V$ is called transitive. Clearly, the orbits form a partition of $V$; moreover, if $U_1,\mathrm{\dots },U_k\subseteq V$ are the orbits of the action of $\mathrm{\Gamma }\le \mathrm{Sym}(V)$ on $V$, then $\mathrm{\Gamma }\le \mathrm{Sym}(U_1)\times \mathrm{\cdots }\times \mathrm{Sym}(U_k)$ where $\times$ denotes the direct product of groups.

Finally, let ${\mathrm{\Gamma }}^{\prime }\le \mathrm{\Gamma }$ be a subgroup. A left-transversal (in the following simply transversal) of ${\mathrm{\Gamma }}^{\prime }$ in $\mathrm{\Gamma }$ is a subset $R\subseteq \mathrm{\Gamma }$ such that $R$ is a system of representatives of $\mathrm{\Gamma }/{\mathrm{\Gamma }}^{\prime }$ – in other words, if $R{\mathrm{\Gamma }}^{\prime }=\mathrm{\Gamma }$ and $r{\mathrm{\Gamma }}^{\prime }\cap s{\mathrm{\Gamma }}^{\prime }=\mathrm{\varnothing }$ for $r,s\in R$ with $r\ne s$. For further details on permutation groups, we refer to [10].

Given an action of $\mathrm{Sym}(V)$ on $V$, it induces an action on $𝒫(V)$. Moreover, this extends to an action on ${\mathscr{H}}_p^d(V)$ where a permutation $\pi \in \mathrm{Sym}(V)$ maps $(V,\lambda )$ to $\pi ((V,\lambda ))=(V,{}_{}{}^{\pi }\lambda )$ for ${}_{}{}^{\pi }\lambda$ defined by $({}_{}{}^{\pi }\lambda )(e)=\lambda ({\pi }^{-1}(e))$. Be aware that the ^-1 is not by accident but rather guarantees that if some $e\in 𝒫(V)$ has label $\gamma =\lambda (e)$, then $\pi (e)$ has label ${}_{}{}^{\pi }\lambda (\pi (e))=\lambda (e)$. Note that two labeled hypergraphs with vertices $V$ are isomorphic if and only if they are in the same orbit under $\mathrm{Sym}(V)$. A permutation $\pi \in \mathrm{Sym}(V)$ is called an automorphism of $G=(V,\lambda )$ if $\pi (G)=G$ – with other words, if $\lambda (\pi (e))=\lambda (e)$ for all $e\in 𝒫(V)$. For a labeled hypergraph $G$, we denote its group of automorphisms by $\mathrm{Aut}(G)$.

A circuit is usually defined as a directed acyclic graph with labels on its vertices that inform what kind of operation (like for instance $\wedge ,\vee ,\neg$, ${\text{MOD}}_p^R$) a given vertex (gate) computes. We allow multiple edges between any pair of gates. A depth-$d$ circuit of arity $n$ is a circuit that consists of $n$ inputs gates $x_1,\mathrm{\dots },x_n$ and $d$ layers (or levels) $G_1,\mathrm{\dots },G_d$ of inner gates (we do not count the input gate as a level). Between neighbour layers $G_{i-1}$ and $G_i$ there is a layer of wires $W_i$ which contains directed edges between $g\in G_{i-1}$ and $h\in G_i$ (where $G_0=\{x_0,\mathrm{\dots },x_n\}$). We allow for multiple (directed) edges between the same pair of gates. Moreover, gates are labeled with necessary information which allows to compute a function they represent. In our case we use ${\text{MOD}}_p^R$ gates where $p$ is a prime and $R\subseteq {𝔽}_p$. A ${\text{MOD}}_p^R$ with inputs $y_1,\mathrm{\dots },y_k$ outputs $1$ if and only if the sum of its inputs modulo $p$ is contained in $R$. A circuit is called an expression if it is a tree when removing the input layer. A subexpression of an expression is a subgraph containing for every gate also all its predecessors (towards the input gates). For circuits $C,D$ with $n$ inputs we write $C\equiv D$ if for all inputs $\overline{b}\in {\{0,1\}}^n$ they evaluate to the same value. We define the size of a circuit as its number of non-input gates.

In this article we consider ${\text{MOD}}_q\circ {\text{MOD}}_p\circ {\text{AND}}_d$ circuits: such a circuit consist of $3$-levels. On level $1$ there are ${\text{AND}}_d$ gates each of which receives inputs from at most $d$ input gates. The second level $G_2$ consists of ${\text{MOD}}_p^R$ gates – each of them is labeled with an accepting set $R\subseteq \{0,\mathrm{\dots },p-1\}$. The output layer $G_3$ contains only one ${\text{MOD}}_q^R$ gate, which sums all the wires from $W_3$ modulo $q$.

We say that a circuit $C$ is symmetric if no permutation of the input wires changes the circuit. Note that here the word symmetric refers to a syntactic structure of a circuit, rather than a semantic property of the function computed by it. More formally, a circuit $C$ on inputs $x_1,\mathrm{\dots },x_n$ is called symmetric if for any $\pi \in \mathrm{Sym}(\{x_1,\mathrm{\dots },x_n\})$ there is a permutation ${\pi }^{\prime }$ on the set of gates extending $\pi$ (meaning that $\pi (x_i)={\pi }^{\prime }(x_i)$ for all $i\in [n]$) such that there are $k$ wires connecting gate $i$ to gate $j$ if and only if there are $k$ wires connecting gates ${\pi }^{\prime }(i)$ to gate ${\pi }^{\prime }(j)$.

Any 2-level ${\text{MOD}}_p\circ {\text{AND}}_d$ circuit corresponds to polynomial over the field ${𝔽}_p$. Indeed, the ${\text{AND}}_d$ gates act like a multiplications on the two element domain $\{0,1\}\subseteq {𝔽}_p$ and the ${\text{MOD}}_p^R$ gate sums the results and checks whether the sum belong to the accepting set $R$. Because our circuits are of constant-depth, we can unfold the circuits to obtain expressions. This means, if a gate $g$ has an outgoing wire to several other gates, we create multiple copies of $g$, so that each gate has only a single output wire. Note that this might lead to a polynomial blow-up in size (more precisely, a circuit with size $s$ and depth bounded by $h$ is converted to an expression of size at most $s^{h-1}$ – thus, in our case $s^2$). Moreover, note that unfolding the circuit does not destroy the property of being symmetric. Hence, every symmetric ${\text{MOD}}_q\circ {\text{MOD}}_p\circ {\text{AND}}_d$ circuit yields also a symmetric expression

for suitable ${\alpha }_i\in {𝔽}_q$, $R_i\subseteq {𝔽}_p$ and polynomials ${𝐩}_i$ of degree bounded by $d$ for $i\in \{1,\mathrm{\dots },l\}$ and $R\subseteq {𝔽}_q$ which computes the same function. Here, $l$ is the number of ${\text{MOD}}_p$ gates used in the ${\text{MOD}}_q\circ {\text{MOD}}_p\circ {\text{AND}}_d$ circuit, while ${\alpha }_i$ tells us how many times a given ${\text{MOD}}_p$ gate is wired to the ${\text{MOD}}_q$ gate. Let us take a closer look at what being symmetric means for an expression of the form (1): for each $\pi \in \mathrm{Sym}(n)$ there exist ${\pi }^{\prime }\in S_l$ such that for all $i\in \{1,\mathrm{\dots },l\}$ we have ${\alpha }_i={\alpha }_{{\pi }^{\prime }(i)}$, $R_i=R_{{\pi }^{\prime }(i)}$, and ${𝐩}_i(x_1,\mathrm{\dots },x_n)={𝐩}_{{\pi }^{\prime }(i)}(x_{\pi (1)},\mathrm{\dots },x_{\pi (n)})$ (here = refers to equality in the polynomial ring ${𝔽}_p[x_1,\mathrm{\dots },x_n]$).

Next, observe that if we omit the outer $𝐛$ of the expression (1), the function computed by the resulting expression certainly does not have any new (smaller) periods than the one of the complete expression. Therefore, as we are aiming for an upper bound on the periods of the considered symmetric circuits, we will now concentrate on the symmetric expressions of the form

with $R_i\subseteq {𝔽}_p$, ${\alpha }_i\in {𝔽}_q$ and polynomials ${𝐩}_i$ of degree bounded by $d$. Indeed, every period of $𝐟$ is a period of $𝐛(𝐟)$, so for proving lower bounds, it is enough to consider the periods of $𝐟$. An expression of the form (2) is called a ${\mathrm{\Sigma }}_q\circ {\text{MOD}}_p\circ {\text{AND}}_d$ expression and each $𝐛({𝐩}_i(\overline{x});R_i)$ is an elementary subexpression of $𝐟$.

In the following, let us write $𝐛(𝐩(\overline{x});r)$ for $𝐛(𝐩(\overline{x});\{r\})$. Using this notation we have $𝐛(𝐩(\overline{x});R)={\sum }_{r\in R}𝐛(𝐩(\overline{x});r).$ Moreover, we always assume that for $i\ne j$ we have $({𝐩}_i,r_i)\ne ({𝐩}_j,r_j)$ as otherwise we can replace ${\alpha }_i𝐛({𝐩}_i(\overline{x});r_i)+{\alpha }_j𝐛({𝐩}_i(\overline{x});r_j)$ by ${\alpha }_{ij}𝐛({𝐩}_i(\overline{x});r_i)$ where ${\alpha }_{ij}={\alpha }_i+{\alpha }_j$. Thus, using $\mathrm{pol}(n,d)$ to denote the set of multilinear polynomials in ${𝔽}_p[x_1,\mathrm{\dots },x_n]$ with degree bounded by $d$, we rewrite $𝐟$ in (2) as

Note that to compute the size of $𝐟$ we only need to count the non-zero ${\alpha }_{𝐩,r}$ (plus the number of AND gates computing the polynomials $𝐩$).

Let us take a closer look at the ${\text{MOD}}_p\circ {\text{AND}}_d$ part of a ${\mathrm{\Sigma }}_q\circ {\text{MOD}}_p\circ {\text{AND}}_d$ circuit or expression. As any such expression is represented by a polynomial of degree $d$, we will need to deal with these polynomials and their symmetries. Notice that without loss of generality, we can assume that the polynomial corresponding to a ${\text{MOD}}_p\circ {\text{AND}}_d$ circuit is multi-linear since, because the values of variables are restricted to $\{0,1\}$ each occurrence of a higher power $x^k$ of a variable $x$ can be simply replaced by $x$.

In order to deal better with the combinatorics and symmetries of polynomials, we think of polynomials as hypergraphs. A multilinear polynomial $𝐩\in {𝔽}_p[x_1,\mathrm{\dots },x_n]$ with the degree bounded by $d$ can be naturally identified with an ${𝔽}_p$-labeled $d$-hypergraph $G=(V,\lambda )$ as follows:

1. 1.

   Treat each variable $x_i$ in $𝐩(x_1,\mathrm{\dots },x_n)$ as a vertex in the graph $G_{𝐩}$. Thus, $V=\{x_1,\mathrm{\dots },x_n\}$, which we also identify with the set $[n]$.

2. 2.

   Each monomial $\gamma \cdot x_1\cdot \mathrm{\dots }\cdot x_d$ is represented by a hyperedge with a label $\gamma$, i.e., we have $\lambda (\{x_1,\mathrm{\dots },x_d\})=\gamma$.

Thus, we get a one-to-one correspondence between multilinear polynomials over ${𝔽}_p$ of degree at most $d$ and ${𝔽}_p$-labeled $d$-hypergraphs. This means that we can also do the reverse – for each labeled graph $G$ we can create its corresponding polynomial ${𝐩}_G$. Moreover, note that also the arithmetic operations we defined on hypergraphs as well as the group actions agree with those on polynomials. Therefore, in the following, we use polynomials and hypergraphs interchangeably.

Now, we can use our graph notation for polynomials in a more general setting and denote each expression $𝐛(𝐩(\overline{x});r)$ by $𝐛(G_{𝐩};r)$ or simply $𝐛(G;r)$ (when we start with a hypergraph representing a given polynomial). Thus, we can reformulate any expression of the form (3) as ${\sum }_{𝐩\in \mathrm{pol}(n,d)}{\sum }_{r\in {𝔽}_p}{\alpha }_{𝐩,r}𝐛(G_{𝐩};r)={\sum }_{G\in {\mathscr{H}}_p^d(V)}{\sum }_{r\in {𝔽}_p}{\alpha }_{G,r}𝐛(G;r).$

Now we define several notions, useful in analysing symmetric expressions. For $G=(V,\lambda )$ and $\pi \in \mathrm{Sym}(V)$, let us write ${𝐛}^{\pi }(G;R)$ for $𝐛(\pi G;R)$. The action of $\mathrm{Sym}(V)$ on $V$ now extends naturally to an action on expressions of the form $𝐟={\sum }_{G\in {\mathscr{H}}_p^d(V)}{\sum }_{r\in {𝔽}_p}{\alpha }_{G,r}𝐛(G;r)$ by setting

Now, $𝐟$ being symmetric can be simply expressed as the fact that for each $\pi \in \mathrm{Sym}(V)$ we have $\pi (𝐟)=𝐟.$

One needs to check that the above definition does not depend on the choice of the transversal, as there is a choice in picking the specific traversal ${\pi }_1,\mathrm{\dots },{\pi }_k$ which we use to create $𝐬(G;r)$. However, as $G$ is invariant under its automorphisms, no matter how we choose the specific ${\pi }_1,\mathrm{\dots },{\pi }_k$, we get the same expression in the end. In fact, every symmetric ${\mathrm{\Sigma }}_q\circ {\text{MOD}}_p\circ {\text{AND}}_d$ expression containing $𝐛(G;r)$ as subexpression, must also contain $𝐬(G;r)$ as subexpression. So $𝐬(G;r)$ is a symmetric closure of the basic expression $𝐛(G;r)$. Let us summarize this as follows:

If a symmetric $𝐟$ has some $\beta \cdot 𝐛(G,r)$ as an elementary subexpression, it must also have $\beta \cdot 𝐬(G;r)$ as a subexpression (see Remark 6). But now $𝐟-\beta \cdot 𝐬(G;r)$ is a symmetric expression which is shorter than $𝐟$, and hence we can use induction to prove the desired decomposition for $𝐟(\overline{x})$, by adding $\beta \cdot 𝐬(G;r)$ to the decomposition of $𝐟-\beta \cdot 𝐬(G;r)$. $◀$