DOCSLIB.ORG

A Taxonomy of Proof Systems*

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

ATaxonomy of Pro of Systems Oded Goldreich Department of Computer Science and Applied Mathematics Weizmann Institute of Science Rehovot Israel September Abstract Several alternative formulations of the concept of an ecient pro of system are nowadays co existing in our eld These systems include the classical formulation of NP interactive proof systems giving rise to the class IP computational lysound proof systemsand probabilistical ly checkable proofs PCP which are closely related to multiprover interactive proofs MI P Although these notions are sometimes intro duced using the same generic phrases they are actually very dierent in motivation applications and expressivepower The main ob jectiveof this essay is to try to clarify these dierences This is a revised version of a survey which has app eared in Complexity Theory Retrospective II LA Hemaspaan dra and A Selman eds Intro duction In recentyears alternativeformulations of the concept of an ecient pro of system have received much attention Not only have talks and pap ers concerning these systems o o ded the eld of theoretical computer science but also some of these developments havereached the nontheory community and a few were even rep orted in nonscientic forums suchastheNew York Times Thus I am quite sure that the reader has heard of phrases suchasinteractive pro ofs and results suchasIP PSPACE By no means am I suggesting that the interest in the various formulations of ecientproof systems has gone out of prop ortion Certainly the notion of an ecient pro of system is central to the eld of computer science and I nd it hard to conceive of circumstances in which one mightsay that it was receiving to o muchattention Furthermore the research area established by these notions has b een one of the most successful and rewarding enterprises in which the theoretical computer science community has b een involved For example zeroknowledge pro ofs haverevolutionized the design of cryptographic proto cols and the characterization of NP in terms of probabilistically checkable pro ofs has contributed to and in fact revived the attempts to classify the complexity of approximation problems Except for NP all pro of systems reviewed b elow are probabilistic and furthermore ha ve a non zero error probabilityHowever the error probability is explicitly b ounded and can b e reduced by successive applications of the pro of system In all cases nonzero error probability is essential to the interesting prop erties and consequences that these probabilistic pro of systems have Referencing convention Ihave decided to pro ceed in a somewhat unconventional way and have decoupled the technical exp osition from the story b ehind its evolution These parts app ear in separate sections whichcan b e read indep endently of each other When reading the technical part the reader should b ear in mind that the references in this part are minimal and denitely substandard with the sole objective of referring the reader to the b est source for more details I wish to stress that the b est source for more details is not necessarily the source that deserves the most credit The situation is reversed in the story part whichcontains only credits or more accurately my evaluation of the contribution of the various works to the development of the eld Addendum The currentversion is augmented by an op en problems section ATechnical Exp osition The notion of a pro of is one of the more fundamental notions of our culture In particular it is central to science and sp ecically to mathematics and computer science Yet although p eople always talk of proofs the fundamental issue is the verication pro cedure Pro of systems are dened by their verication pro cedure and it is the verication pro cedure that gives them their value The notion of a verication pro cedure assumes the notion of computation and furthermore ecient computation This implicit assumption is made explicit in the denition of NP It is the asso ciation of ecient computation with deterministic p olynomialtime algorithms that yields the asso ciation of ecient pro of systems with the class NPNamely to prove the validity of some statement one supplies a relatively short pro of and the verication pro cedure consists of running a p olynomialtime algorithm on input Technical Remarks All complexity measures mentioned in the subsequent exp osition are assumed to b e constructible in p olynomial time We denote by poly the set of all p olynomials and by log the set of all logarithmic functions ie integer functions b ounded by O log n We adopt the def def poly poly standard notations EX P DTIME andNEXP NTIME Interactive Pro of Systems In light of the growing acceptability of randomized and interactive computations it is only natural e p olynomialtime to asso ciate the notion of ecient computation with probabilistic and interactiv computations This leads naturally to the notion of an interactive pro of system in which the veri cation pro cedure is interactive and randomized rather than b eing noninteractive and deterministic as in NP A sketch of the formal denition is given in Item b elow We stress that no com putational restrictions are placed on the prover Items and intro duce additional complexity measures that can b e ignored in a rst reading Denition Interactive Pro ofs IP An interactive pro of system ips for a language L is a pair P V of interactive machines so that V is a probabilistic polynomialtime machine satisfying CompletenessFor every x L the verier V always accepts after interacting with the prover P on common input x SoundnessFor every x L and every potential prover P the verier V rejects with probability at least after interacting with P on common input x Let m and r beinteger functions The complexity class IP mr consists of languages having an interactive proof system in which on common input x the verier uses at most r jxj coin tosses and the total number of messages exchangedbetween the parties is bounded by mjxj Let M and R be sets of integer functions Then def IP M R IP mr mMrR def def IPm poly and IP IP poly Final ly IP m Weavoid the denition of interacting machines This denition can b e found in In Item wehave followed the common convention of sp ecifying b oth the verier and the prover An alternative presentation only sp ecies the verier while rephrasing the completeness condition as follows There exists a machine P a prover so that for every x L the verier V always accepts after interacting with P on common input x The soundness condition allows for errors that is executions in which the verier accepts x L In general one may consider the error probability in Yet the error is explicitly b ounded by the soundness condition as another parameter It is not hard to see that the error probabilityin interactive pro ofs can b e reduced by indep endent sequential andor parallel rep etitions Actually this holds even for somewhat dep endent parallel rep etitions see which is instructive also for the simpler case of indep endent parallel rep etitions On the other hand requiring zero soundness error in interactive pro of systems restricts their existence to languages in NP We stress that although wehave relaxed the requirements from the verication pro cedure by allowing it to interact toss coins and err with b ounded probabilitywe did not restrict the validity of the assertions by assumptions concerning the p otential prover This should b e contrasted with later notions of pro of systems such as computationallysound ones and multiprover ones in which the validity of the soundness condition dep ends on assumptions concerning the external proving entity Known results Clearly IP poly equals coRP whereas IP equals NPFurthermore IP poly con tains BP P see or Hence IP IP polycontains BP P N P whereas we currently do not know whether NP contains BP P It is also easy to see that IP log collapses to IP P whereas IPpoly log collapses to IP NP The main result concerning interactive pro of systems is that they exist for any language recognizable in p olynomial space Namely Theorem IP PSPACE Theorem was established using algebraic metho ds In particular the following approach unprecedented in complexity theory was employed In order to demonstrate that a particular language is in a particular class an arithmetic generalization of the Bo olean problem is presented and elementary algebraic metho ds are applied to show that the arithmetic problem is solvable within the class Interestingly this technique do es not relativize and furthermore yields results eg IP PSPACE that are false relative to most oracles providing a dramatic refutation of the Random Oracle Hyp othesis see Concerning the ner structure of the IPhierarchy the following is known For every integer function f so that f n for all n the class IP O f collapses to the class IP f and in particular IP O collapses to IP The class IP contains languages not known to b e in NP eg Graph NonIsomorphism See for the general technique and for its applicati on yielding the quoted result The class IP is contained in NPp oly ie nonuniformNP analogously to BP P P poly If coNP IP then the p olynomialtime hierarchy collapses It is conjectured that coNP is not contained in IP and consequently that interactive pro ofs with an unb ounded numb er of message exchanges are more p owerful than interactive pro ofs in which only a b ounded ie constant numb er of messages are exchanged The IPhierarchy ie IP equals an analogous hierarchy in whichtheverier
Recommended publications
  • On the Randomness Complexity of Interactive Proofs and Statistical Zero-Knowledge Proofs*

    On the Randomness Complexity of Interactive Proofs and Statistical Zero-Knowledge Proofs*

    On the Randomness Complexity of Interactive Proofs and Statistical Zero-Knowledge Proofs* Benny Applebaum† Eyal Golombek* Abstract We study the randomness complexity of interactive proofs and zero-knowledge proofs. In particular, we ask whether it is possible to reduce the randomness complexity, R, of the verifier to be comparable with the number of bits, CV , that the verifier sends during the interaction. We show that such randomness sparsification is possible in several settings. Specifically, unconditional sparsification can be obtained in the non-uniform setting (where the verifier is modelled as a circuit), and in the uniform setting where the parties have access to a (reusable) common-random-string (CRS). We further show that constant-round uniform protocols can be sparsified without a CRS under a plausible worst-case complexity-theoretic assumption that was used previously in the context of derandomization. All the above sparsification results preserve statistical-zero knowledge provided that this property holds against a cheating verifier. We further show that randomness sparsification can be applied to honest-verifier statistical zero-knowledge (HVSZK) proofs at the expense of increasing the communica- tion from the prover by R−F bits, or, in the case of honest-verifier perfect zero-knowledge (HVPZK) by slowing down the simulation by a factor of 2R−F . Here F is a new measure of accessible bit complexity of an HVZK proof system that ranges from 0 to R, where a maximal grade of R is achieved when zero- knowledge holds against a “semi-malicious” verifier that maliciously selects its random tape and then plays honestly.
  • The Polynomial Hierarchy

    The Polynomial Hierarchy

    ij 'I '""T', :J[_ ';(" THE POLYNOMIAL HIERARCHY Although the complexity classes we shall study now are in one sense byproducts of our definition of NP, they have a remarkable life of their own. 17.1 OPTIMIZATION PROBLEMS Optimization problems have not been classified in a satisfactory way within the theory of P and NP; it is these problems that motivate the immediate extensions of this theory beyond NP. Let us take the traveling salesman problem as our working example. In the problem TSP we are given the distance matrix of a set of cities; we want to find the shortest tour of the cities. We have studied the complexity of the TSP within the framework of P and NP only indirectly: We defined the decision version TSP (D), and proved it NP-complete (corollary to Theorem 9.7). For the purpose of understanding better the complexity of the traveling salesman problem, we now introduce two more variants. EXACT TSP: Given a distance matrix and an integer B, is the length of the shortest tour equal to B? Also, TSP COST: Given a distance matrix, compute the length of the shortest tour. The four variants can be ordered in "increasing complexity" as follows: TSP (D); EXACTTSP; TSP COST; TSP. Each problem in this progression can be reduced to the next. For the last three problems this is trivial; for the first two one has to notice that the reduction in 411 j ;1 17.1 Optimization Problems 413 I 412 Chapter 17: THE POLYNOMIALHIERARCHY the corollary to Theorem 9.7 proving that TSP (D) is NP-complete can be used with DP.
  • Polynomial Hierarchy

    Polynomial Hierarchy

    CSE200 Lecture Notes – Polynomial Hierarchy Lecture by Russell Impagliazzo Notes by Jiawei Gao February 18, 2016 1 Polynomial Hierarchy Recall from last class that for language L, we defined PL is the class of problems poly-time Turing reducible to L. • NPL is the class of problems with witnesses verifiable in P L. • In other words, these problems can be considered as computed by deterministic or nonde- terministic TMs that can get access to an oracle machine for L. The polynomial hierarchy (or polynomial-time hierarchy) can be defined by a hierarchy of problems that have oracle access to the lower level problems. Definition 1 (Oracle definition of PH). Define classes P Σ1 = NP. P • P Σi For i 1, Σi 1 = NP . • ≥ + Symmetrically, define classes P Π1 = co-NP. • P ΠP For i 1, Π co-NP i . i+1 = • ≥ S P S P The Polynomial Hierarchy (PH) is defined as PH = i Σi = i Πi . 1.1 If P = NP, then PH collapses to P P Theorem 2. If P = NP, then P = Σi i. 8 Proof. By induction on i. P Base case: For i = 1, Σi = NP = P by definition. P P ΣP P Inductive step: Assume P NP and Σ P. Then Σ NP i NP P. = i = i+1 = = = 1 CSE 200 Winter 2016 P ΣP Figure 1: An overview of classes in PH. The arrows denote inclusion. Here ∆ P i . (Image i+1 = source: Wikipedia.) Similarly, if any two different levels in PH turn out to be the equal, then PH collapses to the lower of the two levels.
  • The Polynomial Hierarchy and Alternations

    The Polynomial Hierarchy and Alternations

    Chapter 5 The Polynomial Hierarchy and Alternations “..synthesizing circuits is exceedingly difficulty. It is even more difficult to show that a circuit found in this way is the most economical one to realize a function. The difficulty springs from the large number of essentially different networks available.” Claude Shannon 1949 This chapter discusses the polynomial hierarchy, a generalization of P, NP and coNP that tends to crop up in many complexity theoretic inves- tigations (including several chapters of this book). We will provide three equivalent definitions for the polynomial hierarchy, using quantified pred- icates, alternating Turing machines, and oracle TMs (a fourth definition, using uniform families of circuits, will be given in Chapter 6). We also use the hierarchy to show that solving the SAT problem requires either linear space or super-linear time. p p 5.1 The classes Σ2 and Π2 To understand the need for going beyond nondeterminism, let’s recall an NP problem, INDSET, for which we do have a short certificate of membership: INDSET = {hG, ki : graph G has an independent set of size ≥ k} . Consider a slight modification to the above problem, namely, determin- ing the largest independent set in a graph (phrased as a decision problem): EXACT INDSET = {hG, ki : the largest independent set in G has size exactly k} . Web draft 2006-09-28 18:09 95 Complexity Theory: A Modern Approach. c 2006 Sanjeev Arora and Boaz Barak. DRAFTReferences and attributions are still incomplete. P P 96 5.1. THE CLASSES Σ2 AND Π2 Now there seems to be no short certificate for membership: hG, ki ∈ EXACT INDSET iff there exists an independent set of size k in G and every other independent set has size at most k.
  • A Short History of Computational Complexity

    A Short History of Computational Complexity

    The Computational Complexity Column by Lance FORTNOW NEC Laboratories America 4 Independence Way, Princeton, NJ 08540, USA [email protected] http://www.neci.nj.nec.com/homepages/fortnow/beatcs Every third year the Conference on Computational Complexity is held in Europe and this summer the University of Aarhus (Denmark) will host the meeting July 7-10. More details at the conference web page http://www.computationalcomplexity.org This month we present a historical view of computational complexity written by Steve Homer and myself. This is a preliminary version of a chapter to be included in an upcoming North-Holland Handbook of the History of Mathematical Logic edited by Dirk van Dalen, John Dawson and Aki Kanamori. A Short History of Computational Complexity Lance Fortnow1 Steve Homer2 NEC Research Institute Computer Science Department 4 Independence Way Boston University Princeton, NJ 08540 111 Cummington Street Boston, MA 02215 1 Introduction It all started with a machine. In 1936, Turing developed his theoretical com- putational model. He based his model on how he perceived mathematicians think. As digital computers were developed in the 40's and 50's, the Turing machine proved itself as the right theoretical model for computation. Quickly though we discovered that the basic Turing machine model fails to account for the amount of time or memory needed by a computer, a critical issue today but even more so in those early days of computing. The key idea to measure time and space as a function of the length of the input came in the early 1960's by Hartmanis and Stearns.
  • Computational Complexity: a Modern Approach

    Computational Complexity: a Modern Approach

    i Computational Complexity: A Modern Approach Draft of a book: Dated January 2007 Comments welcome! Sanjeev Arora and Boaz Barak Princeton University [email protected] Not to be reproduced or distributed without the authors’ permission This is an Internet draft. Some chapters are more finished than others. References and attributions are very preliminary and we apologize in advance for any omissions (but hope you will nevertheless point them out to us). Please send us bugs, typos, missing references or general comments to [email protected] — Thank You!! DRAFT ii DRAFT Chapter 5 The Polynomial Hierarchy and Alternations “..synthesizing circuits is exceedingly difficulty. It is even more difficult to show that a circuit found in this way is the most economical one to realize a function. The difficulty springs from the large number of essentially different networks available.” Claude Shannon 1949 This chapter discusses the polynomial hierarchy, a generalization of P, NP and coNP that tends to crop up in many complexity theoretic investigations (including several chapters of this book). We will provide three equivalent definitions for the polynomial hierarchy, using quantified predicates, alternating Turing machines, and oracle TMs (a fourth definition, using uniform families of circuits, will be given in Chapter 6). We also use the hierarchy to show that solving the SAT problem requires either linear space or super-linear time. p p 5.1 The classes Σ2 and Π2 To understand the need for going beyond nondeterminism, let’s recall an NP problem, INDSET, for which we do have a short certificate of membership: INDSET = {hG, ki : graph G has an independent set of size ≥ k} .
  • Total Functions in the Polynomial Hierarchy 11

    Total Functions in the Polynomial Hierarchy 11

    Electronic Colloquium on Computational Complexity, Report No. 153 (2020) TOTAL FUNCTIONS IN THE POLYNOMIAL HIERARCHY ROBERT KLEINBERG∗, DANIEL MITROPOLSKYy, AND CHRISTOS PAPADIMITRIOUy Abstract. We identify several genres of search problems beyond NP for which existence of solutions is guaranteed. One class that seems especially rich in such problems is PEPP (for “polynomial empty pigeonhole principle”), which includes problems related to existence theorems proved through the union bound, such as finding a bit string that is far from all codewords, finding an explicit rigid matrix, as well as a problem we call Complexity, capturing Complexity Theory’s quest. When the union bound is generous, in that solutions constitute at least a polynomial fraction of the domain, we have a family of seemingly weaker classes α-PEPP, which are inside FPNPjpoly. Higher in the hierarchy, we identify the constructive version of the Sauer- Shelah lemma and the appropriate generalization of PPP that contains it. The resulting total function hierarchy turns out to be more stable than the polynomial hierarchy: it is known that, under oracles, total functions within FNP may be easy, but total functions a level higher may still be harder than FPNP. 1. Introduction The complexity of total functions has emerged over the past three decades as an intriguing and productive branch of Complexity Theory. Subclasses of TFNP, the set of all total functions in FNP, have been defined and studied: PLS, PPP, PPA, PPAD, PPADS, and CLS. These classes are replete with natural problems, several of which turned out to be complete for the corresponding class, see e.g.
  • Circuit Lower Bounds for Merlin-Arthur Classes

    Circuit Lower Bounds for Merlin-Arthur Classes

    Electronic Colloquium on Computational Complexity, Report No. 5 (2007) Circuit Lower Bounds for Merlin-Arthur Classes Rahul Santhanam Simon Fraser University [email protected] January 16, 2007 Abstract We show that for each k > 0, MA/1 (MA with 1 bit of advice) doesn’t have circuits of size nk. This implies the first superlinear circuit lower bounds for the promise versions of the classes MA AM ZPPNP , and k . We extend our main result in several ways. For each k, we give an explicit language in (MA ∩ coMA)/1 which doesn’t have circuits of size nk. We also adapt our lower bound to the average-case setting, i.e., we show that MA/1 cannot be solved on more than 1/2+1/nk fraction of inputs of length n by circuits of size nk. Furthermore, we prove that MA does not have arithmetic circuits of size nk for any k. As a corollary to our main result, we obtain that derandomization of MA with O(1) advice implies the existence of pseudo-random generators computable using O(1) bits of advice. 1 Introduction Proving circuit lower bounds within uniform complexity classes is one of the most fundamental and challenging tasks in complexity theory. Apart from clarifying our understanding of the power of non-uniformity, circuit lower bounds have direct relevance to some longstanding open questions. Proving super-polynomial circuit lower bounds for NP would separate P from NP. The weaker result that for each k there is a language in NP which doesn’t have circuits of size nk would separate BPP from NEXP, thus answering an important question in the theory of derandomization.
  • 5. Polynomial Hierarchy.Pdf

    5. Polynomial Hierarchy.Pdf

    Polynomial Hierarchy \A polynomial-bounded version of Kleene's Arithmetic Hierarchy becomes trivial if P = NP." Karp, 1972 Computational Complexity, by Fu Yuxi Polynomial Hierarchy 1/44 Larry Stockmeyer and Albert Meyer introduced polynomial hierarchy. 1. Larry Stockmeyer and Albert Meyer. The Equivalence Problem for Regular Expressions with Squaring Requires Exponential Space. SWAT'72. Computational Complexity, by Fu Yuxi Polynomial Hierarchy 2/44 Synopsis 1. Meyer-Stockmeyer's Polynomial Hierarchy 2. Stockmeyer-Wrathall Characterization 3. Chandra-Kozen-Stockmeyer Theorem 4. Infinite Hierarchy Conjecture 5. Time-Space Trade-Off Computational Complexity, by Fu Yuxi Polynomial Hierarchy 3/44 Meyer-Stockmeyer's Polynomial Hierarchy Computational Complexity, by Fu Yuxi Polynomial Hierarchy 4/44 Problem Beyond NP Meyer and Stockmeyer observed that MINIMAL does not seem to have short witnesses. MINIMAL = f' j ' DNF ^ 8 DNF :j j<j'j ) 9u::( (u),'(u))g: Notice that MINIMAL can be solved by an NDTM that queries SAT a polynomial time. I Why DNF? Computational Complexity, by Fu Yuxi Polynomial Hierarchy 5/44 [ PC = PA; A2C [ NPC = NPA: A2C Computational Complexity, by Fu Yuxi Polynomial Hierarchy 6/44 Meyer-Stockmeyer's Definition p p p The complexity classes Σi ; Πi ; ∆i are defined as follows: p Σ0 = P; p p Σi Σi+1 = NP ; p p Σi ∆i+1 = P ; p p Πi = Σi : The following hold: p p p I Σi ⊆ ∆i+1 ⊆ Σi+1, p p p I Πi ⊆ ∆i+1 ⊆ Πi+1. p p Σi Notice that Πi+1 = coNP by definition. Computational Complexity, by Fu Yuxi Polynomial Hierarchy 7/44 S p The polynomial hierarchy is the complexity class PH = i≥0 Σi .
  • NP-Completeness, Conp, P /Poly and Polynomial Hierarchy

    NP-Completeness, Conp, P /Poly and Polynomial Hierarchy

    Lecture 2 - NP-completeness, coNP, P/poly and polynomial hierarchy. Boaz Barak February 10, 2006 Universal Turing machine A fundamental observation of Turing’s, which we now take for granted, is that Turing machines (and in fact any sufficiently rich model of computing) are program- mable. That is, until his time, people thought of mechanical computing devices that are tailor-made for solving particular mathematical problems. Turing realized that one could have a general-purpose machine MU , that can take as input a description of a TM M and x, and output M(x). Actually it’s easy to observe that this can be done with relatively small overhead: if M halts on x within T steps, then MU will halt on M, x within O(T log T ) steps. Of course today its harder to appreciate the novelty of this observation, as in some sense the 20th century was the century of the general-purpose computer and it is now all around us, and writing programs such as a C interpreter in C is considered a CS-undergrad project. Enumeration of Turing machines To define properly the universal Turing machine, we need to specify how we describe a Turing machine as a string. Since a TM is described by its collection of rules (of the form on symbol a, move left/right, write b), it can clearly be described as such a string. Thus, we assume that we have a standard encoding of TM’s into strings that satisfies the following: ∗ • For every α ∈ {0, 1} , there’s an associated TM Mα.
  • Lecture 10 1 Interactive Proofs

    Lecture 10 1 Interactive Proofs

    Notes on Complexity Theory: Fall 2005 Last updated: November, 2005 Lecture 10 Jonathan Katz 1 Interactive Proofs 1.1 Introduction and Motivation Let us begin by re-examining our intuitive notion of what it means to \prove" a statement. Tra- ditional mathematical proofs are static and are verified in a deterministic way: the reader (or \verifier”) checks the claimed proof of a given statement and is thereby either convinced that the statement is true (if the proof is correct) or remains unconvinced (if the proof is flawed | note that the statement may possibly still be true in this case, it just means there was something wrong with the proof). A statement is true (in this traditional setting) iff there exists a valid proof that convinces a legitimate verifier. Abstracting this process a bit, we may imagine a prover P and a verifier V such that the prover is trying to convince the verifier of the truth of some particular statement x; more concretely, let us say that P is trying to convince V that x 2 L for some fixed language L. We will require the verifier to run in polynomial time (in jxj), since we would like whatever proofs we come up with to be efficiently verifiable. Then a traditional mathematical proof can be cast in this framework by simply having P send a proof π to V, who then deterministically checks whether π is a valid proof of x and outputs V(x; π) (with 1 denoting acceptance and 0 rejection). (Note that since V runs in polynomial time, we may assume that the length of the proof π is also polynomial.) Now, the traditional mathematical notion of a proof is captured by requiring the following: • If x 2 L, then there exists a proof π such that V(x; π) = 1.
  • Polylogarithmic-Round Interactive Proofs for Conp Collapses the Exponential Hierarchy

    Polylogarithmic-Round Interactive Proofs for Conp Collapses the Exponential Hierarchy

    Polylogarithmic-round Interactive Proofs for coNP Collapses the Exponential Hierarchy Alan L. Selman¤ Department of Computer Science and Engineering University at Buffalo, Buffalo, NY 14260 Samik Senguptay Department of Computer Science and Engineering University at Buffalo, Buffalo, NY 14260 January 13, 2004 Abstract It is known [BHZ87] that if every language in coNP has a constant-round interactive proof system, then the polynomial hierarchy collapses. On the other hand, Lund et al. [LFKN92] have shown that #SAT #P , the -complete function that outputs the number of satisfying assignments of a Boolean for- mula, can be computed by a linear-round interactive protocol. As a consequence, the coNP-complete set SAT has a proof system with linear rounds of interaction. We show that if every set in coNP has a polylogarithmic-round interactive protocol then the expo- nential hierarchy collapses to the third level. In order to prove this, we obtain an exponential version of Yap's result [Yap83], and improve upon an exponential version of the Karp-Lipton theorem [KL80], obtained first by Buhrman and Homer [BH92]. 1 Introduction Ba´bai [Ba´b85] and Ba´bai and Moran [BM88] introduced Arthur-Merlin Games to study the power of randomization in interaction. Soon afterward, Goldwasser and Sipser [GS89] showed that these classes are equivalent in power to Interactive Proof Systems, introduced by Goldwasser et al. [GMR85]. Study of interactive proof systems and Arthur-Merlin classes has been exceedingly successful [ZH86, BHZ87, ZF87, LFKN92, Sha92], eventually leading to+the discovery of +Probabilistically Checkable Proofs [BOGKW88, LFKN92, Sha92, BFL81, BFLS91, FGL 91, AS92, ALM 92].