On Completeness and Soundness in Interactive Pro of Systems
Martin Furer� Computer Science Dept�� Pennsylvania state Univ�� University Park� PA ������
Oded Goldreich� Computer Science Dept�� Technion� Haifa� Israel�
Yishay Mansour� Lab� for Computer Science� MIT� Cambridge� MA ������
Michael Sipser� Mathematics Dept�� MIT� Cambridge� MA ������
Stathis Zachos� Comp� and Inform� Sci�� Bro okline College of CUNY� Bro okline� NY ������
ABSTRACT � An interactive pro of system with Perfect Completeness �resp� Perfect
Soundness� for a language L is an interactive pro of �for L� in which for every x � L
�resp� x �� L� the veri�er always accepts �resp� always rejects�� We show that any
language having an interactive pro of system has one �of the Arthur�Merlin type� with
p erfect completeness� On the other hand� only languages in NP have interactive
pro ofs with p erfect soundness�
Work done while third author was working at the IBM�Scienti�c Center� Technion City� Haifa�
Israel� Second author was partially supp orted by the Fund for Basic Research Administered by the
Israeli Academy of Sciences and Humanities� Fifth author was partially supp orted by PSC�CUNY
grant�
App eared in Advances in Computing Research� A Research Annual� Vol� � �Randomness and
Computation� S� Micali� ed��� pages �������� �����
Warning� Repro duced almost automatically from an old tro� �le� The resulting text was not
pro ofread�
Up dated a�liation for Oded Goldreich � Department of Computer Science and Applied Math�
ematics Weizmann Institute of Science� Rehovot� Israel� Email� oded�wisdom�weizmann�ac�il
�� INTRODUCTION
The two basic notions regarding a pro of system are completeness and soundness� Completeness
means that the pro of system is p owerful enough to generate �pro ofs� for all the valid statements
�in some class�� Soundness means that any statement that can b e proved is valid �i�e� no �pro ofs�
exist for false statements�� Two computational tasks related to a pro of system are generating
a pro of and verifying the validity of a pro of� This naturally suggests the notions of a prover �a
party able of generating pro ofs� and a veri�er �a party capable of validating pro ofs�� Typically�
the veri�er�s task is easier than the prover�s task� In order to fo cus on the complexity of the
veri�cation task it is convenient to assume that the prover has unlimited p ower� For many
years NP was considered the formulation of �whatever can be e�ciently veri�ed�� This stemmed
from the asso ciation of deterministic p olynomial�time computation with e�cient computation�
The growing acceptability of probabilistic p olynomial�time computations as re�ecting e�cient
computations is the basis of more recent formalizations of �whatever can b e e�ciently veri�ed��
In these formalizations� due to Goldwasser� Micali and Racko� �GMR� and Babai �B�� and shown
to b e equivalent by Goldwasser and Sipser �GS�� the �p olynomial time� veri�er is allowed to
toss coins and arbitrarily interact with the prover� furthermore he can accept or reject based on
overwhelming statistical evidence� Ruling by overwhelming statistical evidence means relaxing the
completeness and soundness conditions so that any valid statement can b e proved with a very high
probability while any false statement has only negligible probability to b e proved� For a de�nition
of interactive proof systems we refer the reader to Goldwasser and Sipser�s article in this volume
�GS�� We denote by IP the class of languages for which there exists an interactive pro of system�
Clearly� NP � IP � P S P AC E � It is b elieved that the class NP is strictly contained in IP �
Evidence for this may p erhaps b e derived from the fact that� relative to some oracle� interactive
A A
pro ofs are even not contained in the p olynomial�time hierarchy� i�e� �A s�t� IP � PH � �
�see �AGH��� It is also interesting to note that natural languages as Graph Non�Isomorphism and
Matrix Group Non�Membership� which are not known to b e in NP � where shown to b e in IP
�by �GMW� and �B�� resp ectively�� Considering an interactive pro of system� it seems that in some
sense the prover is �resp onsible� for the completeness condition� while the veri�er is �resp onsible�
for the soundness condition� If this intuition is correct� and the prover has unrestricted p ower�
why should the completeness condition b e relaxed� Namely� can one mo dify the interactive pro of
such that the prover never fails in demonstrating the validity of true statements� while maintaining
soundness� By perfect completeness we mean that the prover never fails to prove the membership
of inputs that are indeed in the language� while perfect soundness means that the veri�er never
accepts inputs that are not in the language� Perfect completeness and p erfect soundness are
not only theoretically interesting� but are also of practical imp ortance� This is the case� since
probabilistic completeness and soundness are de�ned with resp ect to ideal �unbiased� coin tosses
and may not hold when using pseudorandom sequences �even in the sense of Blum and Micali
�BM� and Yao �Y��� On the other hand p erfect completeness and soundness are indep endent of
the quality of the veri�er coin tosses� Our main result is that Interactive Proofs with Perfect
Completeness are as p owerful as Interactive Proofs� The pro of of the main result is in fact a
transformation that given an interactive pro of for a language L yield an Arthur�Merlin interactive
pro of with p erfect completeness for L� This transformation preserves the number of interactions of
the original interactive pro of� An alternative pro of which uses di�erent ideas� and in particular a
proto col for �random selection� app ears in �GMS�� An alternative characterization of complexity
classes de�ne by b ounded Arthur�Merlin games was presented in �ZF�� They use p olynomially
+ +
b ounded quanti�ers �� �� � �where � means roughly �for most��� For all quanti�er strings
+
Q � Q of equal length over f�� �� � g the notation �Q �Q � represents the classes of languages
1 2 1 2
satisfying�
� x � L � Q y� P �x� y��
1
� x �� L � Q y� � P �x� y��
2
+ + +
for some p oly�time computable predicate P � In this notation �� ��� ��� �resp� ����� ���
+
�� ������ denotes the class of languages that are accepted by a general �resp� p erfect com�
pleteness� p erfect soundness� two�move Arthur�Merlin pro of system� �� MODEL AND DEF�
INITIONS
We state and prove our main result for the Arthur Merlin games introduced by Babai �B�� Using
the result of �GS� our main result applies also to the interactive pro of systems of �GMR�� In this
section we provide a precise de�nition of Arthur Merlin games and auxiliary terminology� in order
to facilitate the presentation of our result� Since we are interested only in the complexity theoretic
asp ects of pro of systems� we may assume that the prover �Merlin� uses an optimal strategy and
therefore� with no loss of generality� is deterministic� In the following de�nition we assume that in
all interactions of Arthur and Merlin� on inputs of the same length� the same number of messages
are exchanged and that all these messages are of the same length� Clearly� this condition is
immaterial and is only placed in order to facilitate the analysis�
De�nition � �Arthur Merlin games��
An Arthur�Merlin game is a pair of interactive programs A and M and a predicate � such that�
� On common input x� exactly �q �jxj� messages of length m�jxj� each are exchanged� where q
and m are �xed p olynomials and jxj denotes the length of x�
� Arthur �A� go es �rst� and at iteration � � i � q �jxj� chooses at random a string r of length
i
m�jxj�� with uniform probability distribution�
� Merlin�s reply in the i�th iteration� denoted y � is a function of all the previous choices of
i
Arthur and the common input x� More formally� y � M�x� r � � � r �� In other words� M is
i 1 i
the strategy of Merlin�
� �
� For every program M � a conversation b etween A and M on input x is a string r y � � � r y �
1 1 q (jxj) q (jxj)
0
� M
where for every � � i � q �jxj� y � M �x� r � � � r �� We denote by CONV the set of all
i 1 i
x
0
� M q (jxj)m(jxj)
conversations b etween A and M on input x� Note that jCONV j � � � x
� The predicate � is a p olynomial�time computable predicate� This predicate maps the input x
and a conversation r y � � � r y to a Bo olean value� called the value of the conversation�
1 1 q (jxj) q (jxj)
We asso ciate tr ue with accept and f al se with r ej ect� The predicate � is called the value�
of�the�game predicate�
�
Notation� Let A and M b e programs and � b e a predicate as ab ove�
0
��M
Then AC C denotes the set
x
0
M
fr � � � r j�y � � � y s�t� r y � � � r y � CONV � ��r y � � � r y � � accept g�
1 q (jxj) 1 q (jxj) 1 1 q (jxj) q (jxj) � � q (jx j) q (jx j)
x
0
��M
Intuitively� AC C is the set of all the random choices leading A to accept x� when interacting
x
0
� ��M �
with M � Note that AC C dep ends only on Merlin �M � and the predicate �� since we assume
x
0
��M
jAC C j
x
that Arthur follows the proto col� The ratio is the probability that Arthur accepts x
0
M
jCONV j
x
�
when interacting with M �
De�nition � �Arthur Merlin pro of systems�� An Arthur�Merlin proof system for language
L is an Arthur�Merlin game satisfying the following two conditions�
��M
jAC C j
2
x
� � �This condition � There exists a strategy for Merlin� M� such that for all x � L�
M
jCONV j 3
x
is hereafter referred to as probabilistic�completeness��
0
��M
jAC C j
1
�
x
� �This condition is hereafter � For every strategy M and for any x �� L� �
0
M
3
jCONV j
x
referred to as probabilistic�soundness��
�p(jxj) �p(jxj)
An equivalent de�nition is obtained by replacing ��� by � and ��� by � � � � where
p��� is an arbitrary p olynomial satisfying p�n� � �� n ���
De�nition � �p erfect completeness�� An Arthur�Merlin pro of system with perfect�completeness
for a language L is an Arthur�Merlin pro of system for L satisfying�
��M
�x � L jAC C j � CONVSIZE
x
Perfect�completeness� of an Arthur�Merlin pro of system� means that Merlin always succeeds in
convincing Arthur to accept inputs in the language�
De�nition � �p erfect soundness�� An Arthur�Merlin pro of system with perfect�soundness for
a language L is an Arthur�Merlin pro of system for L satisfying�
0
� ��M
�M �x �� L AC C � �
x
Perfect�soundness� of an Arthur�Merlin pro of system� means that no matter what Merlin do es
Arthur never accepts an input not in the language�
�� ARTHUR MERLIN PROOF SYSTEMS WITH PERFECT COMPLETENESS
In this section we transform an Arthur�Merlin pro of system to an Arthur�Merlin pro of system with
p erfect completeness� This transformation preserves the number of interactions in the original
Arthur�Merlin pro of� The underlying technique is taken from Lautemann�s pro of that BPP is
in the p olynomial�time hierarchy �L�� �Lautemann�s pro of that BPP is in the p olynomial�time
hierarchy simpli�es the original pro of of Sipser �S��� The idea is to show that this technique works
also for Arthur�Merlin pro of systems� We think that this idea seems strange at �rst glance�
trivial in second thought� but in fact is quite surprising and imp ortant� Lautemann�s technique
is commonly presented as a metho d of expressing a �random� quanti�er by a universal and an
k
existential quanti�er� Supp ose we are dealing with a subset� W � of f�� �g and that this subset
k k k
has cardinality either � �� � �� � � or � � � � � The statement �most r � f�� �g are in W �
(1) (2) (k ) k k
can b e substituted by the statement ��s � s � ���� s � f�� �g such that �r � f�� �g there
(i)
�i �� � i � k � such that s � r � W �� where s � r is the bit�by�bit XOR of the strings
(1) (k ) k
s and r � The strings s ���s are said to �cover� W � The statement �most r � f�� �g are
(1) (2) (k ) k k
not in W � can b e substituted by the statement ��s � s � ���� s � f�� �g �r � f�� �g �i
(i)
�� � i � k � s � r �� W �� Zachos showed that the ab ove �simulation� can b e used to swap
quanti�ers in a successive manner �for survey see �Z� Sch��� Zachos and Fuerer �ZF� then used
this idea to show that b ounded Arthur�Merlin pro ofs equal b ounded Arthur�Merlin pro ofs with
p erfect completeness� by expressing the former pro ofs as a �xed quanti�er sequence and applying
+ +
a �swapping lemma� iteratively� For example� applying the swapping lemma to �� ��� �� and
+ + +
using the BPP characterization �ZH� one gets ��� ��� ��� � ����� ��� Each such iteration is
thus a straightforward application of the �simulation technique�� and blows�up the size of the
Arthur�Merlin game by an unbounded amount� Thus� this idea do es not extend to unbounded
Arthur�Merlin pro ofs� For our transformation it is necessary to extend the simulation technique
to settings in which the witness set W is not predetermined� In fact� in Arthur�Merlin games the
set of random choices leading Arthur to accept is not de�ned� unless Merlin is sp eci�ed� This fact
is disturbing in the case that the input is not in the language and one has to guarantee that no
matter how Merlin acts he cannot fo ol Arthur �except for low probability��
An overview of the proto col Without loss of generality� we assume that the error probability
1
in the original Arthur�Merlin game is su�ciently small � i�e� ��jxj� �� The transformed
3q (jxj)m(jxj)
Arthur�Merlin game will consist of k � q �jxj�m�jxj� original games played concurrently with
related coin tosses� and Arthur will accept i� he accepts in one of these games� More sp eci�cally�
(1) (2) (k ) k
Merlin starts the game by selecting carefully k strings� s � s � ���� s � f�� �g � and sending them
��M
to Arthur� These strings are selected to �cover� AC C in the case that x is in the language�
x
Arthur and Merlin now start to play k copies of the original game� In round j � Arthur sends
only one m�bit string r and his move in the i�th game is de�ned as the bit�by�bit XOR of r
j j
(i) (i)
(i)
and the j �th segment in s �i�e� Arthur�s j �th move in the i�th copy is r � r � s � where
j
j j
(i)
(i)
is the j �th m�bit blo ck in s �� Merlin answers by k strings so that the i�th string equals the s
j
answer the original Merlin would have given in the i�th copy �i�e� the i�th m�bit blo ck in Merlin�s
(i) (i) (i)
j �th message equals M�x� r r � � � r �� where M is the original Merlin�� Clearly� the p erfect
1 2 j
completeness condition is satis�ed� It is less easy to see that probabilistic soundness is satis�ed
as well� Note that a cheating Merlin may select his answers for one copy of the game dep ending
M
is not su�cient� on his prosp ects in the other copies� and in particular arguing ab out AC C x
Our argument� instead� consists of two claims� �� the probability of winning the transformed
game is b ounded by the sum of the probabilities of winning each copy� and �� the probability of
winning a particular copy is b ounded by the probability of winning the original game� �Trying to
incorp orate b oth claims in one counting argument leads to di�culties which are not encountered
in Lautemann�s original pro of��
� �
���� The Proto col We denote the original Arthur by A� the original Merlin by M� and the
original value�of�the�game predicate by �� Let � b e the error probability� i�e� for x � L the
� �
Prob�A accepts� � � � ��jxj�� and for x �� L the Prob�A accepts� � ��jxj�� On input of size n�
q �n� iterations are p erformed� at each iteration Arthur sends a message of length m�n�� When
clear from the text we use �� q � m for ��n�� q �n�� m�n�� resp ectively� Let k � q m� Without loss of
1
generality we assume that � � � This can b e achieved by p erforming su�ciently many copies of
3k
the original Arthur Merlin game in parallel� and ruling by the ma jority �see �B�� �GS� and �BHZ���
Program for an honest Merlin� Merlin�s program consists of two stages� First� Merlin
computes k �sampling p oints� that are favorable to him� and sends them to Arthur� The second
stage is a simulation of k �related� copies of the original Arthur Merlin game�
Preprocessing stage Let AC C b e the set of random choices leading Arthur to accept in the
^
��^ M
� �
original AM game on input x � L �i�e� AC C is a shorthand for AC C �� Merlin selects k strings
x
(1) (2) (k ) k k (i)
s � s � ���� s � f�� �g so that for every r � f�� �g there exists an i such that s � r � AC C �
(i)
The prepro cessing is said to have failed� if no such set of s �s exist� If the prepro cessing do es not
(i)
fail then Merlin sends the s �s to Arthur� For sake of simplicity� we let Merlin send k �arbitrary�
strings �of length k �bit each� in case the prepro cessing fails�
Simulation stage Merlin plays concurrently k copies of the original game and computes Arthurs
(i) (i)
resp onses by XORing them with segments of the s �s� Each s is partitioned into q segments� of
(i) (i)
(i) (i)
m bits each� corresp onding to the q iteration of the original game� Namely� s � s s � � � s �
1 2
q
(i)
m
where s � f�� �g � Formally� at each iteration j �� � j � q �n��� Merlin preforms�
j
(k ) (2) (1) (i) (i) (i) (i) (i)
�
� ���� y � y � End Send y � M�x� r � � � r � r y � s Receive r For i � � to k do b egin r
j j
1
j j j j j j j
Arthur�s program� Arthur�s program is identical to the original program of Arthur� Formally�
for each iteration j �� � j � q �n�� Arthur p erforms�
(1) (2) (k )
m
Cho ose r at random in f�� �g � Send r Receive y � y � ���� y
j j
j j j
The value of a conversation
(k ) (2) (1) (i) (i)
(1) (2) (k )
� and s� � s s � � � s � We denote by � � � y y � y � y � r � s Let r
j j
j j j j j
(i) (i)
(i) (i)
� �x� s� r y � � � r y � � ��x� r y � � � r y � the value of the i�th game� The predicate � maps a
i 1 1 q q i
1 1
q q
conversations to � if and only if the conversation induced on the i�th copy of the original game
is an accepting one� The value of a conversation is determined by the following p olynomial�time
predicate
k
��x� �s r y � � � r y � � or � �x� �s r y � � � r y �
1 1 q q i 1 1 q q
i=1
���� The Perfect�Completeness of the proto col We show that if the input x is in L� then an
honest Merlin �Merlin following the strategy outlined in subsection ���� always convinces Arthur�
The argument is almost identical to the one in Lautemann �since AC C is �xed��� and is given
here for sake of self�containment �see also �ZH���
Lemma �� If x � L then the prepro cessing do es not fail�
1
k
Pro of� We have to show that if jAC C j � �� � �� � � and � � then there exists a sequence�
3k
(1) (2) (k ) (i) k k
s� � s � s � ���� s �s � f�� �g �� such that for every string r � f�� �g at least one of the
(i)
r � s is in AC C � Furthermore� we will show that the statement holds for most sequences s��
(1) (2) (k ) k
We call a sequence s� � s � s � ���� s good if for every r � f�� �g there exists an i �� � i � k �
(i)
such that r � s � AC C � We consider the probability that a randomly selected sequence s� is not
go o d�
(i)
P r ob�s � is not go o d � � P r ob��r �i � r � s �� AC C �
X
(i)
� P r ob� �i � r � s �� AC C �
k
r �f0�1g
k (i)
� � � P r ob� �i � s �� AC C �
k k
� � � �
�
k
� � �
�k
�k
� �
The Lemma follows� 2
Lemma �� If x � L then Arthur always accepts�
(i)
Pro of� By Lemma �� Merlin can �nd s �s so that �when Merlin follows his program�� any
sequence of choices made by Arthur leads to acceptance in at least one of the copies of the
original game� The Lemma follows� 2
���� The Probabilistic Soundness of the proto col We now show that for every input x
not in L� no matter what Merlin do es� the probability that he convinces Arthur is less then
�
���� We consider the probabilities that Merlin M leads Arthur to accept in the i�th copy of
�
the original game� We �rst b ound by � the probability that M leads Arthur to accept in the
i�th copy of the original game �see Lemma ��� Hence� the probability that Merlin fo ols Arthur
�
is b ounded by k � � �Lemma ��� Let M b e any arbitrary program for Merlin� Recall that
0
��^ M
�
AC C denotes the set of random choices leading Arthur �A� to accept in the original game
x
�with game value predicate ��� We denote the set of random choices leading Arthur to accept in
0 0
� �M � �M
i i
the i�th game of the transformed game by AC C � Namely� r r � � � r � AC C if and only
1 2 q
x x
0 0
� � � �M ��^ M
i
if � �x� r M �x� r � � � � r M �x� r � � � r ��� Note that b oth AC C and AC C are subsets of
i 1 1 q 1 q
x x
k
f�� �g �
�
Lemma �� Supp ose that x �� L� Then for every Merlin M and for every i �� � i � k �
0
� �M k
i
jAC C j � � � �
x
Pro of� The idea of the pro of is that a Merlin which do es well on a particular copy of the original
game can b e easily transformed into a Merlin which do es �at least� as well in the original game�
The transformed Merlin �which plays the original game� simulates the actions of the Merlin
which plays k games concurrently� using the real game as the i�th copy� A detailed pro of follows�
�
Assume� on the contrary to the statement of the lemma� that there exists an M and an i� such
0
� �M k ��
i
that jAC C j � � � � We reach a contradiction by constructing a Merlin M � which do es as well
x
�� � (1) (2) (k )
in the original game� First� M runs M on input x to get the k sample p oints s � s � ���� s
(i) ��
and saves s � Let r � r � ���� r b e the �rst j messages that M has received� To compute the j �th
1 2 j
(i)
� � � � �� �
�i�e� � � � r r � r � s �for � � t � j � and runs M on input x and r message� M computes r
t
t
j 2 1 t
�� � � �
M �x� r � � � r � is the i�th m�bit blo ck of M �x� r � � � r ��� We now claim that
1 j
1 j
0 00
� �M (i) ��^ M
i
Claim� r � AC C if and only if r � s � AC C �
x x
0
� �M
i
Pro of� Supp ose that r � � � r � AC C � Then � �x� sr� y � � � r y � is true� where s� �
1 q i 1 1 q q
(i) (i)
(1) (k ) � � (i) (i)
s � � � s � M �x� and y � M �x� r � � � r � ��j �� It follows that ��x� r y � � � r y � �
j 1 j
1 1
q q
(i) (i) (i)
(i)
�� where y is the i�th m�bit blo ck in y � s is the j �th m�bit blo ck in s � and r �
j
j j j
00
(i) (i) (i) (i) (i)
�� (i) ��^ M
r � s � Note that y � M �x� r � � � r �� Thus� r � � � r � AC C � Noting that
j
j j 1 j 1
q x
(i)
(i) (i)
r � � � r � r � s one direction follows� The pro of of the second direction is similar and
1
q
the claim follows� 2
00 0
��^ M � �M k
i
By the ab ove Claim� jAC C j � jAC C j � � � � which contradicts the hypothesis that the
x x
original game has error probability � �� The lemma follows� 2
Remark� A statement analogue to Lemma � is trivial in Lautemann�s setting�
�
Lemma �� Supp ose that x �� L� Then for every Merlin M the probability that Arthur accepts
is at most k � ��
�
Pro of� Clearly� for every Merlin M �
k
X
0 0 0
k � �M ��M � �M
i i
j � j � j � AC C jAC C j jAC C
x x i=1 x
i=1
Using Lemma �� the statement follows� 2
���� Main Result Using the equivalence of interactive pro ofs and Arthur Merlin pro ofs �GS��
and combining Lemmas � and � we get
Main Theorem �Theorem ��� If a language L has an interactive proof system �with q ���
iterations� then L has an �Arthur Merlin� interactive proof system with perfect completeness �and
q ��� � � iterations�� 2
�� INTERACTIVE PROOF SYSTEMS WITH PERFECT SOUNDNESS
In the previous section� we showed that interactive pro ofs can b e mo di�ed so that the veri�er
always accepts valid statements� What happ ens if we require that the veri�er never accepts
false statements� In this case we show that the set of languages recognized equals NP� The
reader should note that the transformation of Goldwasser and Sipser �GS� do es not preserve
p erfect completeness� Thus it is not clear that proving the ab ove statement with resp ect to
Arthur Merlin games yields the same result with resp ect to general interactive pro ofs� The
di�culty can b e resolved by mo difying the transformation of �GS�� using the approximate lower
b ound proto col of �GMS� �which has the p erfect completeness prop erty�� We prefer to give
a direct pro of� The di�erence b etween interactive pro ofs and Arthur Merlin games is that in
interactive pro ofs the veri�er�s i�th message � is a function of the input x� his random coin tosses
i
r � and the previous messages of the prover �i�e� � � V �x� r� y � � � y �� After the last �say
i 1 i�1
q �th� iteration� the veri�er decides whether to accept or reject by evaluating the p olynomial�time
predicate ��x� r� y � � � y � � faccept� r ej ectg�
1 q
Theorem �� If a language L has an interactive proof with perfect soundness then L � NP
Pro of� Assume that for a language L� there exists an interactive pro of with p erfect soundness�
Since the veri�er is limited to probabilistic p olynomial time� then for any input x � L there is
a conversation that convinces him� and is of p olynomial length� The NP machine guesses this
conversation� checks that it is indeed a legitimate one and that it leads the veri�er to accept�
Namely� the machine guesses a random tap e r and a conversation � y � � � � y � and checks that
1 1 q q
� � V �x� r� y � � � y � �for every i� and that ��x� r� y � � � y � � accept� If x � L then� by the
i 1 i�1 1 q
probabilistic completeness condition� there exist �many� accepting conversations� If x �� L then�
by the p erfect�soundness condition� there is no such conversation� and any guess of the machine
will fail� 2
�� CONCLUDING REMARKS
Assuming the existence of secure encryption functions �in the sense of �GM�� and using the results
of �GMW�� one can easily demonstrate the existence of zero�knowledge interactive pro ofs with
p erfect completeness for every language in IP � Given L � IP � �rst present an interactive pro of
with p erfect completeness for L� and next apply the techniques in �GMW� observing that they
preserve p erfect completeness� However� it is not clear whether every language having a p erfect
�resp� almost p erfect� zero�knowledge interactive pro of �see �F� for de�nition� has a p erfect �resp�
almost p erfect� zero�knowledge interactive pro of with p erfect completeness� Weaker statement
can nevertheless b e proven�
�� Every language having an interactive pro of which is almost p erfect zero�knowledge with
respect to the speci�ed veri�er has an interactive pro of with p erfect completeness which is
almost p erfect zero�knowledge with respect to the speci�ed veri�er �again see �F� for de�ni�
tion��
�� Every language having an interactive pro of which is almost p erfect zero�knowledge and
remains so under parallel composition �see �O� for de�nition� has an almost p erfect zero�
knowledge pro of with p erfect completeness�
The key observation in proving b oth statements is that almost all sequencess � can serve as sampling
p oints �see pro of of Lemma ��� and thus having the prover randomly select and send a good s� do es
not yield any knowledge� �In the simulation we use a randomly selected s�� which is most likely
but not necessarily go o d�� Babai �B� showed that any Arthur Merlin game with a �xed number
of interactions can b e simulated by a game with two interactions� A similar pro of applies to the
hierarchy of interactive pro ofs with p erfect completeness� Goldwasser and Sipser showed that
the p ower of interactive pro ofs is not decreased when restricting the veri�er to use only �public
coins� �GS�� We have showed that the p ower of interactive pro ofs is not decreased when further
restricting the system to have p erfect completeness� How else can interactive proofs be restricted
without decreasing their power�
REFERENCES
�A� Adleman� L�� �Two Theorems on Random Polynomial Time�� Proc� ��th FOCS� ����� pp�
������
�AGH� Aiello� W�� S� Goldwasser� and J� Hastad� �On the Power of Interaction�� Proc� ��th FOCS�
����� pp� ��������
�B� Babai� L�� �Trading Group Theory for Randomness�� Proc� ��th STOC� ����� pp� ��������
�BM� Blum� M�� and Micali� S�� �How to Generate Cryptographically Strong Sequences of Pseudo�
Random Bits�� SIAM Jour� on Computing� Vol� ��� ����� pp� ��������
�BHZ� Boppana� R�� J� Hastad� and S� Zachos� �Do es Co�NP Have Short Interactive Pro ofs��� IPL�
��� May ����� pp� ��������
�F� Fortnow� L�� �The Complexity of Perfect Zero�Knowledge�� this volume�
�G� Gill� J�� �Complexity of Probabilistic Turing Machines�� SIAM J� on Comp�� Vol� �� No� ��
����� pp� ��������
�GMS� Goldreich� O� Y� Mansour� and M� Sipser �Interactive Pro of Systems� Provers that never
Fail and Random Selection�� Proc� ��th FOCS� ����� pp���������
�GMW� Goldreich O�� S� Micali and A� Wigderson� �Pro ofs that yield Nothing But the Validity of
the assertion and the a Metho dology of Cryptographic Proto col Design�� Proc� ��th FOCS�
����� pp� ��������
�GM� Goldwasser� S�� and S� Micali� �Probabilistic Encryption�� JCSS� Vol� ��� No� �� ����� pp�
��������
�GMR� Goldwasser� S�� S� Micali and C� Racko�� �The knowledge Complexity of Interactive Pro of
Systems�� Proc� ��th STOC� ����� pp� ��������
�GS� Goldwasser� S� and M� Sipser� �Private coins versus Public coins�� this volume�
�L� Lautemann� C�� �BPP and the Polynomial�time Hierarchy�� IPL� ��� ����� pp� ��������
�O� Oren� Y�� �On the Cunning Power of Cheating Veri�ers� Some Observations ab out Zero�
Knowledge Pro ofs�� Proc� ��th FOCS� ����� pp� ��������
�Sch� Schoening� U�� �Probabilistic Complexity Classes and Lowness�� Proc� �nd Structure in
Complexity Theory Conf�� IEEE ����� pp� ����
�S� Sipser� M�� �A Complexity Theoretic Approach to Randomness�� Proc� ��th STOC� �����
pp� ��������
�Z� Zachos� S�� �Probabilistic Quanti�ers� Adversaries� and Complexity Classes�� Proc� �st
Structure in Complexity Theory Conf�� LNCS ���� Springer Verlag� ����� pp� ��������
�ZF� Zachos� S�� and M� Fuerer� �Probabilistic Quanti�ers vs� Distrustful Adversaries�� unpub�
lished manuscript� August ����� �see also FCT�TCS ������
�ZH� Zachos� S� and H� Heller� �A Decisive Characterization of BPP�� Information and Control�
��� ����� pp���������
�Y� Yao� A�C�� �Theory and Applications of Trapdo or Functions�� Proc� of the ��rd IEEE
Symp� on FOCS� ����� pp� ������