Can a relatively small subset of random numbers be permuted and reused and still guarantee good expected running time for an algorithm like quicksort?

Question

So this is sort of a general question but I'll limit the discussion to randomized quicksort to make it clear. Suppose generating "true" random bits is hard, e.g. because it requires measuring something in nature that can be considered essentially "random" like the 50th binary digit after the decimal point in wind speed at some location recorded in miles per hour. Or maybe quantum outcomes observed that can be considered truly random. Whatever. So we do the following: We generate $k$ "truly" random bits and then we re-use these $k$ bits over and over by using a pseudo-random number generator to permute them. In terms of $k$ (the number of initial truly random bits) and in terms of the total count of numbers to be sorted, $n$, and assuming the permutation algorithm of the $k$ initial random bits repeated over and over is known to an adversary, can we assert that an algorithm like quicksort will have good worst-case expected running time, assuming that "random" bits are used in the algorithm in the natural way to choose a pivot? How do $k$ and $n$ play into the worst-case expected running time? If we need $k = \Omega(n \log n)$ initial truly random bits to assure good worst case expected running time, that isn't very interesting. But maybe we can do somewhat ok with asymptotically fewer initial random bits?

Answer 1

The question you're asking deals with the topic of derandomization, and you're proposing a specific technique for derandomization, namely using pseudorandom number generators. There are other techniques suck as using k-wise independent distributions and the method of conditional expectations. The holy grail in the field is proving the conjecture P=BPP, which states (informally) that we can always get rid of randomness, though the resulting algorithm could be slower; more precisely, it states that if you have a randomized polytime algorithm for something, then there exists a deterministic polytime algorithm for the same problem.

In your particular case, you don't need random bits at all, since you can use the linear time median algorithm to guarantee a running time of $O(n\log n)$ for quicksort. The AKS deterministic primality test is likewise a specific derandomization of randomized primality testing. P=BPP, in contrast, gives a general derandomization technique that works for every (polytime) algorithm; ad hoc derandomizations are still meaningful, since they could be more efficient (like in the quicksort example).

Answer 2

If your adversary knows the $k$ input bits and your PRNG, they can apply the techniques used in McIllroy "A Killer Adversary for Quicksort", Software: Practice & Experience 29:4 (1999), pp. 341-344, and you are toast. How large $k$ has to be to make this infeasible to brute-force is another question.

No, "randomized quicksort" doesn't guarantee anything, it just makes the bad case(s) shift around at random (so it is very unlikely to hit them repeatedly with somewhat repeatable input permutations, as are common in "real world" uses). If you want some sort of guarantee, look for Musser "Introspective Sorting and Selection Algorithms", Software: Practice & Experience 27(8) (1997), pp. 983-993 (Introsort). Most standard C/C++ libraries use some variant of this for sorting.