On Completeness and Soundness in Interactive Proof Systems
Total Page:16
File Type:pdf, Size:1020Kb
On Completeness and Soundness in Interactive Pro of Systems Martin Furer Computer Science Dept Pennsylvania state Univ University Park PA Oded Goldreich Computer Science Dept Technion Haifa Israel Yishay Mansour Lab for Computer Science MIT Cambridge MA Michael Sipser Mathematics Dept MIT Cambridge MA Stathis Zachos Comp and Inform Sci Bro okline College of CUNY Bro okline NY ABSTRACT An interactive pro of system with Perfect Completeness resp Perfect Soundness for a language L is an interactive pro of for L in which for every x L resp x L the verier always accepts resp always rejects We show that any language having an interactive pro of system has one of the ArthurMerlin type with p erfect completeness On the other hand only languages in NP have interactive pro ofs with p erfect soundness Work done while third author was working at the IBMScientic Center Technion City Haifa Israel Second author was partially supp orted by the Fund for Basic Research Administered by the Israeli Academy of Sciences and Humanities Fifth author was partially supp orted by PSCCUNY grant App eared in Advances in Computing Research A Research Annual Vol Randomness and Computation S Micali ed pages Warning Repro duced almost automatically from an old tro le The resulting text was not pro ofread Up dated aliation for Oded Goldreich Department of Computer Science and Applied Math ematics Weizmann Institute of Science Rehovot Israel Email odedwisdomweizmannacil INTRODUCTION The two basic notions regarding a pro of system are completeness and soundness Completeness means that the pro of system is p owerful enough to generate pro ofs for all the valid statements in some class Soundness means that any statement that can b e proved is valid ie no pro ofs exist for false statements Two computational tasks related to a pro of system are generating a pro of and verifying the validity of a pro of This naturally suggests the notions of a prover a party able of generating pro ofs and a verier a party capable of validating pro ofs Typically the veriers task is easier than the provers task In order to fo cus on the complexity of the verication task it is convenient to assume that the prover has unlimited p ower For many years NP was considered the formulation of whatever can be eciently veried This stemmed from the asso ciation of deterministic p olynomialtime computation with ecient computation The growing acceptability of probabilistic p olynomialtime computations as reecting ecient computations is the basis of more recent formalizations of whatever can b e eciently veried In these formalizations due to Goldwasser Micali and Racko GMR and Babai B and shown to b e equivalent by Goldwasser and Sipser GS the p olynomial time verier is allowed to toss coins and arbitrarily interact with the prover furthermore he can accept or reject based on overwhelming statistical evidence Ruling by overwhelming statistical evidence means relaxing the completeness and soundness conditions so that any valid statement can b e proved with a very high probability while any false statement has only negligible probability to b e proved For a denition of interactive proof systems we refer the reader to Goldwasser and Sipsers article in this volume GS We denote by IP the class of languages for which there exists an interactive pro of system Clearly NP IP P S P AC E It is b elieved that the class NP is strictly contained in IP Evidence for this may p erhaps b e derived from the fact that relative to some oracle interactive A A pro ofs are even not contained in the p olynomialtime hierarchy ie A st IP PH see AGH It is also interesting to note that natural languages as Graph NonIsomorphism and Matrix Group NonMembership which are not known to b e in NP where shown to b e in IP by GMW and B resp ectively Considering an interactive pro of system it seems that in some sense the prover is resp onsible for the completeness condition while the verier is resp onsible for the soundness condition If this intuition is correct and the prover has unrestricted p ower why should the completeness condition b e relaxed Namely can one mo dify the interactive pro of such that the prover never fails in demonstrating the validity of true statements while maintaining soundness By perfect completeness we mean that the prover never fails to prove the membership of inputs that are indeed in the language while perfect soundness means that the verier never accepts inputs that are not in the language Perfect completeness and p erfect soundness are not only theoretically interesting but are also of practical imp ortance This is the case since probabilistic completeness and soundness are dened with resp ect to ideal unbiased coin tosses and may not hold when using pseudorandom sequences even in the sense of Blum and Micali BM and Yao Y On the other hand p erfect completeness and soundness are indep endent of the quality of the verier coin tosses Our main result is that Interactive Proofs with Perfect Completeness are as p owerful as Interactive Proofs The pro of of the main result is in fact a transformation that given an interactive pro of for a language L yield an ArthurMerlin interactive pro of with p erfect completeness for L This transformation preserves the number of interactions of the original interactive pro of An alternative pro of which uses dierent ideas and in particular a proto col for random selection app ears in GMS An alternative characterization of complexity classes dene by b ounded ArthurMerlin games was presented in ZF They use p olynomially + + b ounded quantiers where means roughly for most For all quantier strings + Q Q of equal length over f g the notation Q Q represents the classes of languages 1 2 1 2 satisfying x L Q y P x y 1 x L Q y P x y 2 + + + for some p olytime computable predicate P In this notation resp + denotes the class of languages that are accepted by a general resp p erfect com pleteness p erfect soundness twomove ArthurMerlin pro of system MODEL AND DEF INITIONS We state and prove our main result for the Arthur Merlin games introduced by Babai B Using the result of GS our main result applies also to the interactive pro of systems of GMR In this section we provide a precise denition of Arthur Merlin games and auxiliary terminology in order to facilitate the presentation of our result Since we are interested only in the complexity theoretic asp ects of pro of systems we may assume that the prover Merlin uses an optimal strategy and therefore with no loss of generality is deterministic In the following denition we assume that in all interactions of Arthur and Merlin on inputs of the same length the same number of messages are exchanged and that all these messages are of the same length Clearly this condition is immaterial and is only placed in order to facilitate the analysis Denition Arthur Merlin games An ArthurMerlin game is a pair of interactive programs A and M and a predicate such that On common input x exactly q jxj messages of length mjxj each are exchanged where q and m are xed p olynomials and jxj denotes the length of x Arthur A go es rst and at iteration i q jxj chooses at random a string r of length i mjxj with uniform probability distribution Merlins reply in the ith iteration denoted y is a function of all the previous choices of i Arthur and the common input x More formally y Mx r r In other words M is i 1 i the strategy of Merlin For every program M a conversation b etween A and M on input x is a string r y r y 1 1 q (jxj) q (jxj) 0 M where for every i q jxj y M x r r We denote by CONV the set of all i 1 i x 0 M q (jxj)m(jxj) conversations b etween A and M on input x Note that jCONV j x The predicate is a p olynomialtime computable predicate This predicate maps the input x and a conversation r y r y to a Bo olean value called the value of the conversation 1 1 q (jxj) q (jxj) We asso ciate tr ue with accept and f al se with r ej ect The predicate is called the value ofthegame predicate Notation Let A and M b e programs and b e a predicate as ab ove 0 M Then AC C denotes the set x 0 M fr r jy y st r y r y CONV r y r y accept g 1 q (jxj) 1 q (jxj) 1 1 q (jxj) q (jxj) q (jx j) q (jx j) x 0 M Intuitively AC C is the set of all the random choices leading A to accept x when interacting x 0 M with M Note that AC C dep ends only on Merlin M and the predicate since we assume x 0 M jAC C j x that Arthur follows the proto col The ratio is the probability that Arthur accepts x 0 M jCONV j x when interacting with M Denition Arthur Merlin pro of systems An ArthurMerlin proof system for language L is an ArthurMerlin game satisfying the following two conditions M jAC C j 2 x This condition There exists a strategy for Merlin M such that for all x L M jCONV j 3 x is hereafter referred to as probabilisticcompleteness 0 M jAC C j 1 x This condition is hereafter For every strategy M and for any x L 0 M 3 jCONV j x referred to as probabilisticsoundness p(jxj) p(jxj) An equivalent denition is obtained by replacing by and by where p is an arbitrary p olynomial satisfying pn n Denition p erfect completeness An ArthurMerlin pro of system with perfectcompleteness for a language L is an ArthurMerlin pro of system for L satisfying M x L jAC C j CONVSIZE x Perfectcompleteness of an ArthurMerlin pro of system means that Merlin always succeeds in convincing Arthur to accept inputs in the language Denition p erfect soundness An ArthurMerlin pro of system