Interactive Proof Systems and Alternating Time-Space - DocsLib

sign in sign up

<<

Home , DTIME, Interactive proof system, NC (complexity), NSPACE

INTERACTIVE PROOF SYSTEMS AND

ALTERNATING TIMESPACE

COMPLEXITY

Lance Fortnow

Carsten Lund

University of Chicago

Dept of Computer Science

E th Street

Chicago IL

Abstract We show a rough equivalence b etween alternating timespace

complexity and a publiccoin interactive pro of system with the verier

having a p olynomial related timespace complexity Sp ecial cases include

All of NC has interactive pro ofs with a logspace p olynomialtime

publiccoin verier vastly improving the b est previous lower b ound

of LOGCFL for this mo del

All languages in P have interactive pro ofs with a p olynomialtime

publiccoin verier using olog n space

All exp onentialtime languages have interactive pro of systems with

publiccoin p olynomialspace exp onentialtime veriers

To achieve b etter b ounds we show how to reduce a k tap e alternat

ing Turing machine to a tap e alternating Turing machine with only a

constant factor increase in time and space

Intro duction

In Chandra Kozen and Sto ckmeyer intro duced alternating Tur

ing machines an extension of nondeterministic computation where the Turing

1

Supp orted by NSF Grant CCR

2

Supp orted by a fellowship from the University of Arhus

Fortnow Lund

machine can make b oth existential and universal moves In Goldwasser

Micali and Racko and Babai intro duced interactive pro of systems

an extension of nondeterministic computation consisting of two players an in

nitely p owerful prover and a probabilistic p olynomialtime verier The prover

will try to convince the verier of the validity of some statement However the

verier do es not trust the prover and will only accept if the prover manages to

convince the verier of the validity of the statement

There are some obvious similarities b etween alternating Turing machines

and interactive pro of systems In fact Goldwasser and Sipser show the

equivalence of interactive pro of systems to a Turing machine alternating b e

tween nondeterministic and probabilistic moves However until recently com

puter scientists generally b elieved that alternating Turing machines had far

more p ower than the interactive pro of systems

A series of results by Lund Fortnow Karlo and Nisan and Shamir

show that the set of languages accepted by an interactive pro of system

equals the class of languages accepted in deterministic p olynomial space Since

Chandra Kozen and Sto ckmeyer have shown PSPACE equivalent to the

languages accepted by a p olynomialtime alternating Turing machine in this

case alternating Turing machine and interactive pro of systems have identical

p ower

We generalize the work of to show a broader equivalence b etween

alternating Turing machines and interactive pro of systems We lo ok at time

space complexity rst studied for alternating Turing machines by Ruzzo

and for interactive pro of systems by Condon

We show a general relationship b etween time and space b ounded alternating

Turing machines and time and space b ounded veriers We show that all

languages accepted by an interactive pro of system with a tntime snspace

b ounded verier can also b e accepted by an alternating Turing machine using

tn log tntime and snspace Conversely we show that an interactive pro of

system can simulate any tntime snspace alternating Turing machine using

a p olynp olytntime and p olysnspace b ounded verier

We use this close relationship b etween alternating Turing machine and in

teractive pro of systems to show a publiccoin interactive pro of system for all

languages in NC with a p olynomialtime logspace verier and a pro of sys

tem for all languages in P with a p olynomialtime verier using less then log

squared space The previous b est known result by Fortnow and Sipser

shows LOGCFL has a publiccoin interactive pro of system with a p olynomial

time logspace verier LOGCFL consists of all languages logspace reducible

to contextfree languages and is known to lie in NC

Interactive Pro ofs

We also use these theorems to get strong relationships b etween interac

tive pro of systems and deterministic computation similar to the relationships

b etween alternating Turing machine and deterministic computation found in

With the notable exception of Theorem most of the results in this

pap er do not relativize Fortnow and Sipser have shown an oracle A such

A

that some language in coNP do es not have interactive pro ofs relative to A

However our result implies every language in PSPACE has interactive pro ofs

Background and Denitions

An interactive pro of system consists of a proververier pair P V The

prover and verier share a reliable communication tap e and access to an input

tap e The verier also has access to his own work tap es and a random bit

generator such as a fair coin The prover can b e any function from the messages

previously sent to the prover to a p olynomiallength resp onse P and V form

an interactive proto col for a language L if

If x L then PrP V x accepts

If x L then for all P PrP V x accepts

Goldwasser Micali and Racko and Babai require the verier com

putes in probabilistic p olynomial time and space Lund Fortnow Karlo

and Nisan showed an interactive pro of system for every language in the

p olynomialtime hierarchy Using their techniques Shamir showed that

the set of languages accepted by these interactive pro of systems coincides with

the class of languages decidable in deterministic p olynomial space In this pa

p er we will examine the complexity of interactive pro of systems with veriers

having diering restrictions on time and space

In general the verier may use private coins where the prover do es not

know what the coin tosses were A publiccoin interactive pro of system allows

the prover access to the veriers coin Equivalently we require the veriers

messages to consist of exactly the veriers coin tosses since the previous round

Goldwasser and Sipser show the class of languages accepted by interactive

pro ofs with a p olynomialtime verier do es not dep end on whether the verier

uses public or private coins

However a dierence b etween private and public coins do es seem to hold

for time and space b ounded veriers Condon show that interactive pro of

systems with private coins and p olynomialtime logspace veriers can simu

late any standard interactive proto col and thus accept any PSPACE language

Fortnow Lund

However a deterministic p olynomialtime Turing machine can simulate any

publiccoin interactive pro of system with a p olynomialtime logspace verier

Corollary Thus assuming P PSPACE private coins are strictly

more p owerful than public coins in an interactive pro of system with a time and

space b ounded verier In this pap er we study the complexity of the publiccoin

interactive pro of system mo del

In this pap er we contrast the p ower of interactive pro of systems with al

ternating Turing machines as develop ed by Chandra Kozen and Sto ckmeyer

An alternating Turing machine is a generalization of a nondeterministic

machine where the machine may make b oth existential and universal choices

A string is accepted by an alternating Turing machine M if there exists a rst

existential choice such that for all rst universal choices there exists a second

existential choice such that M accepts See for a complete technical

denition

Let n represent the length of the input string Let ATIMEtn b e the

set of languages accepted by an alternating Turing machine running in time

O tn Let ASPACEsn b e the analogous class for space Chandra Kozen

and Sto ckmeyer show the following relationships

S

sn

For sn log n ASPACEsn DTIMEc

c

For tn n ATIMEtn DSPACEtn ATIMEtn

This implies for example that P ASPACElog n and PSPACE

S

k

ATIMEn

k

We assume throughout this pap er that tn sn log n nondecreasing

and fully time and space constructible in the following strong sense There

exists a deterministic Turing machine M such that given m written in binary

sm

will output the pair tm where tm is written in binary Furthermore

M uses O tm time and O sm space Note most natural functions fulll

these conditions We also assume all inputs are elements of f g We say

that t s is timespace constructible

We dene the following time and space classes generalizing the TISP ter

minology intro duced by Bruss and Meyer to describ e deterministic compu

tation b ounded in b oth time and space

A language L is in ATISPtn sn if some alternating Turing machine M

accepts L and M runs in time O tn and space O sn on every computation

path

A language L is in IPTISPtn sn if there exists an publiccoin in

teractive pro of for L such that the verier uses at most O tn time and

Interactive Pro ofs

O sn space on every computation path with every p ossible prover We de

ne IPTIMEtn and IPSPACEsn analogously For IPSPACEsn we

restrict the interactive pro ofs systems to having nite computation paths

If an alternating Turing machine or a verier ever enters the same cong

uration twice then it will have an innite computation path Thus we may

always assume sn log tn

Ruzzo rst studied time and space b ounded alternating Turing machine

k

k k

complexity showing ATISPlog n log n NC for all k where NC is the

set of languages accepted by a logspace uniform circuit family of p olynomial

k

size and log n depth

Condon rst studied the complexity class IPTISPt s under the name

BCTIMESPACE In she showed that

IPTISPpol y tn log tn DTIMEpol y tn

S

k

IPTISPn log n Fortnow and Sipser studied the class BPNL

k

They show LOGCFL BPNL P where LOGCFL NC is the class of

languages logspace reducible to contextfree languages

Restricted Alternating Turing Machines

We will use the random access input mo del for an alternating Turing

machine ATM similar to the one describ ed by Ruzzo This will allow

us to study ATMs which use sublinear time In our mo del the alternating

machine M has two sp ecial states q and q When M enters the state q with

j

a value i written in binary on its rst work tap e M will accept if the ith bit

of the input is j and will reject otherwise Note that we can simulate arbitrary

access to the input by guessing the value of the input and universally verifying

that value We additionally assume that b oth the verier and the alternating

Turing machine have some constant numb er k of readwrite tap es each with

its own head

In order to eciently arithmetize alternating computation we intro duce a

sp ecial typ e of alternating Turing machine It will b e a restriction of the mo del

but we will use the rest of this section to show that it is not a restriction in

computational p ower

First we will restrict the numb er of tap es to one and we prove that this

do es not decrease the computational p ower

Paul Prauss and Reischuk in proved such a theorem for ATIMEt

Fortnow Lund

Theorem Paul Prauss and Reischuk Let L b e a language

in ATIMEtn There exists a tap e alternating turing machine M such that

M works in time O tn and LM L

We need to extend their result to ATISPt s Recall that ATISPt s is

the class of languages that is recognized by alternating Turing machines in

time tn and space sn From their pro of it is clear that their simulation

uses O tn space We will present a simulation of a k tap e ATM that works

in time tn and space sn by a tap e ATM that works in time O tn and

space O sn In our pro of we will use b oth their result and the ideas of their

pro of

Theorem Let L ATISPtn sn There exists a tap e alternating

Turing machine M that works in time O tn and space O sn and LM

L

Proof Let N b e a k tap e ATM that recognizes L such that N works in time

O tn and space O sn We construct M such that it simulates N in phases

corresp onding to time blo cks of size sn At the b eginning of each phase M

will have the contents of N s tap es stored on a track on its work tap e M will

start each phase by guessing the next sn displays of N on a second track of

its work tap e The display of N at time i consists of the state and the content

of each of the k cells that N scans at time i M will b e in a universal resp

existential state if N is in a universal resp existential state It will next on

a third track existentially guess the content of N s tap es after the phase Note

that if the displays corresp ond to a valid computation path of N then there

exist such tap e contents which is unique

Thereafter M checks the validity of its guesses Observe that checking the

validity of the guesses can easily b e done on a k tap e deterministic Turing

machine M in time O sn Hence b ecause of Theorem M can simulate

M using one tap e in time O sn If the guesses corresp ond to a computation

path in N then M starts a new phase If not it has to gure out which typ e of

state it was in when it made the rst wrong guess Note that M has to reject

resp accept if it guessed wrong in an existential resp universal state But a

k tap e deterministic Turing machine M can in time O sn easily nd the

typ e of the state where the rst wrong guess was made M can simulate M

in time O sn using Theorem Furthermore if at some p oint N accepts

or rejects M do es the same It is easy to see that LM LN and that M

works in time O tn and space O sn 2

Interactive Pro ofs

We will restrict our mo del even further We will let the ATM rst make an

existential move consisting only of two p ossible moves followed by a universal

move of again two p ossible moves and so on This will make the computation

tree a binary tree and with alternating levels of AND gates and OR gates

Furthermore we will assume that all computation paths have even length It

is easy to see that given an arbitrary ATM M we can construct an ATM N

that has a computation tree as describ ed ab ove and that N works in time and

space prop ortional to the time and space used by M

Hence the machines we will consider are restricted Alternating Turing ma

chines M such that

M has only one tap e which at the start of the computation contains the

binary representation of n jxj

M s computation tree is a binary tree with alternating levels of AND

gates and OR gates and all computation paths have even length

On each computation path M will only read one input bit and will do

that at the very end A computation path will accept or reject dep ending

on the ith bit of the input if the binary representation of i is stored in

the rst dlog ne cells on the work tap e at the end of the computation

otherwise it will reject

Arithmetization of Alternating Computation

The pro of of our main result extends the algebraic techniques which was

used in the recent results on the p ower of interactive pro of systems

Let L ATISPt s and let M b e a restricted ATM such that LM L

We will assume without loss of generality that M works in time tn and uses

sn space Let b e the work alphab et and let Q b e the set of M s states

Given an input string x we will dene an arithmetic expression E such that

x

the value of E determines if x L We construct E in this section and in the

x x

next section we will show how an interactive pro of system can verify the value

of E

x

n

A Boolean function in n variables is a function f g f g A p olyno

mial g x x x over some eld interpolates a Bo olean function f on n

n

variables if for all substitutions the Bo olean value of f and the arith

metic value of g agree A p olynomial is multilinear if it is linear in every

variable

Fortnow Lund

A Boolean expression is a wellformed expression built from the the con

stants and variable symb ols using the op erations and A

Boolean formula is a Bo olean expression using only the op erations and

A Bo olean expression represents a Bo olean function in the obvious sense

An arithmetic expression is a wellformed expression built from the the

Q P

constants and variable symb ols using the op erations and

An arithmetic formula is an arithmetic expression using only the op erations

and An arithmetic expression represents a p olynomial function in the

obvious sense over any eld

An expression corresp ond to a lab eled tree where the leaves are lab eled by

constants or variable symb ols and the internal no des are lab eled by op erations

The size of a expression is the numb er of op erations used to build the expression

Hence the size is equal to the numb er of internal no de in the tree corresp onding

to the expression The depth of a expression is the length of the longest path

from the ro ot to a leaf in the tree corresp onding to the expression

First we need a prop osition stating that every Bo olean function is interp o

lated by a multilinear p olynomial

n

Proposition Given a Bo olean function f f g f g there exists

n

a unique multilinear function g Z Z interp olating f

Proof Left to the reader

2

The basic idea in the arithmetization is to rst construct a Bo olean predi

cate that is true if and only if x L Thereafter we arithmetize the Bo olean

predicate

Let I x b e the predicate that is true if and only if from the conguration

i

describ ed by the ID I in at most i steps M will accept x We will assume

that I describ es M to b e in an existential state Let M I denote the machine

M in the conguration describ ed by I Because of the simple structure of the

computation of the restricted machine M it is clear for i that M I accepts

x in at most i steps if

M I makes an existential guess a followed by a universal guess b and

ends up having an ID I such that M I accepts x in at most i

steps

We will make the assumption that when M enters a nal conguration it will

stay in this conguration indenitely For i M I accepts x if and only

if I describ es an accepting conguration This gives an inductive denition of

Interactive Pro ofs

I x

i

g I if i

x

I x

i

abI f I I a b I x otherwise

i

where f I I a b is the predicate stating that M I on input x on an exis

tential guess a and a universal guess b gets into the conguration describ ed by

I The predicate g I states that M accepts input x if in conguration I

x

If N dtne and I is the ID describing the start conguration then

clearly

I x M accepts x

N

We will extend the ideas by Shamir and BabaiFortnow to arithme

tize I x The technique is p olynomial extrap olation of truth values We

N

will given a Bo olean expression construct an arithmetic expression A The

following table inductively denes A

A

x x

i i

0

A

00 0

A A

00 0

A A

Q

0

x x x A

x

0

x x x A

x

Q

0 0

x A x is a short hand for A where

x x

In what follows we will use these rule except with a slight mo dication in

P

0

x This A the case of x x In some cases we will let A

x

will b e in the case where we know that x is true for at most one value of x

The advantage is that the degree of the p olynomial A is at most the degree

0

whereas in the original case the degree double It is crucial to keep the of A

degree low as we will see later

Using these rule we get that

if is true

A

otherwise

This can easily b e proven by induction

Fortnow Lund

First we will need an enco ding of IDs in order to arithmetize f I I a b

and g I

x

Our enco ding of IDs will b e a compact version of a binary enco ding The

binary enco ding enco des I as a tuple q c c c h h h where

sn sn

0

is a binary enco ding of the state of M where k q q q q

k

dlog jQje

c c c c is a binary enco ding of the content of the ith cell

i i i ik

where k dlog jje

h is if and only if the head of M is scanning the ith cell

i

We will rst describ e how to arithmetize I x using the binary enco ding

N

and later we will extend the arithmetization to a more compact enco ding

In order to arithmetize the computation of M we will rst assume that the

h head is scanning the ith cell Let I q c h and I q c

sn

sn

Given the head p osition it is lo cally decidable if I follows I on the guesses a

and b Dene

c is correct given that the head scans cell i

mi

m

h is correct given that the head scans cell i

mi

m

q is correct given that the head scans cell i

i

We will rst lo ok at which variables the ab ove predicates dep end on

dep ends only on c and c if m fi i i g since in two

mi m

m

steps M can only change the content of cells i i i For m

fi i i g dep ends on q c c c a b and c

mi i i i

m

if m fi i i i i g since in two dep ends only on h

mi

m

steps M can only move its head two p ositions For m fi i

i i i g dep ends on q c c c a b and h

mi i i i

m

dep ends on the variables q c c c a b and q

i i i i

Let f b e the predicate that is true if and only if I follows I on the guesses

i

a and b given that the head is scanning the ith cell From the ab ove denitions

Interactive Pro ofs

we can write down a simple Bo olean formula for f We get that f is true if

i i

and only if

sn

mi mi i

m

is true

But since h describ es if the head is at cell i in I f can b e written down as

i

sn

h f

i i

i

Given this description of f it is now straightforward to arithmetize f By

Prop osition any predicate can b e interp olated by a multilinear p olynomial

P If only dep ends on a xed numb er of variables then P can b e computed

that and F F by a formula F of xed size Hence we obtain formulas F

i mi mi

compute multilinear p olynomials that interp olate and resp ectively

mi mi i

This gives arithmetic formulas that compute p olynomials that interp olate

f and f

i

sn

Y

F F F F

f

mi mi i i

m

sn

X

h F F

i f f

i

i

0

k snk

Lemma For any I I f g where I is an enco ding of a valid

ID and for any a b f g

if f I I a b is true

F I I a b

f

otherwise

Furthermore the degree of any variable in F is at most sizeF O s n

f f

and depthF O log sn

f

Proof That F interp olates f is clear when we observe that for at most

f

one i h f is true The reason b eing that for at most one i h is true since

i i i

I is an enco ding of a valid ID Thus at most one of the summands of F is one

f

To nd the degree of say q note that in f it is only

i i ii ii

and that dep end on q Hence q will only

ii ii ii ii ii ii

b e a variable in the corresp onding formulas each of which is multilinear

and therefore in F The follow Hence the degree of q is at most in F

f f

i

ing table gives a complete description of the b ounds on the degrees for every

variable

Fortnow Lund

q q c c h h a b

j mj m

j mj m

F

f

i

F

f

This completes the pro of

2

To arithmetize g observe that b ecause M is restricted g dep ends only on

x x

c c c q and x In order for I to b e an accepting ID c c c

dlog ne dlog ne

should b e the binary representation of some numb er j f ng and

furthermore the input bit x should b e or dep ending on q So for each j

j

and l f dlog neg we dene c to b e true if and only if c enco des

j l l l

the l th bit in the binary representation of j Furthermore we dene q x

j j

to b e true if and only if in state q M immediately accepts if the j th input is

x Hence

j

dlog ne

n

A

g c q x

x j l l j j

j

l

This gives us the following arithmetic formula

dlog ne

n

Y X

A

F q x F c F

g j l

x

j

j l

j

l

are formulas that compute multilinear p olynomials that and F where F

j

j l

interp olate and resp ectively

j l j

0

k snk

where I is an enco ding of a valid Lemma For any I f g

ID

if g I is true

x

F I

g

x

otherwise

Furthermore the degree of any variable in F is at most sizeF O n log n

g g

x x

and depthF O log n

g

x

Proof Clear since there exists at most one j such that

dlog ne

A

c q x

j l l j j

l

is true

2

We improve the space complexity of the enco ding of IDs by using a more

log snc binary compact enco ding Cho ose an and enco de m b

Interactive Pro ofs

m

symb ols into a new symb ol f g just by

m

P

m

i m

letting Let X f g To deco de the new symb ol

i

i

dene D X f g that maps an mbit numb er into the ith bit of The

i

deco ding is obtained using Lagrange interp olation by the following formula

Y X

x v

D u F x

i D

i

u v

uX

v u

m

The degree of the p olynomial computed by F is and sizeF

D D

i i

m

O and depthF O m Dene

D

i

0

a b y y y F y y y

0

n

n

y F y F F F y F y F a b y

0

D D f D D D

m m

2 1 1 n

0

k snk

e In other words we mo dify the formula F For each where n d

f

m

leaf l containing a variable z that enco des part of an ID we are replacing l

with the subformula that deco des z from the appropriate variable of F For

example if z is z the rst binary variable that enco des I then the subformula

y since y enco des z is F

D

1

0

n

where I is an enco ding of a valid ID and for Lemma For any I I X

any a b f g

if f I I a b is true

F I I a b

otherwise

m

Furthermore the degree of any variable in F is at most s n

m

sizeF O s n O s n and depth F O log sn

Proof Follows from Lemma

2

We dene G in a way similar to that of the denition of F

x g

x

0 0

F G y y y F y F F y F y F y

g x n D D D D D n

x m m

2 1 1

0

n

where I is an enco ding of a valid ID Lemma For any I X

if g I is true

x

G I

x

otherwise

m

Furthermore the degree of any variable in G is at most s n

x

m

sizeG O n log n O s nn log n and depthG O log sn

x x

log n

Fortnow Lund

Proof Clear from Lemma

2

With the arithmetization of f and g we get an arithmetization of I x

x i

by inductively dening

G I if i

x

Q P

A I x

i

0

F I I a b A I x otherwise

0 n

i

a b

I X

Q

m

q x q x where X f g Rememb er that

x x

0

n

0

X Lemma If I y y y is the enco ding of M s starting

n

conguration then

if x L

A I x

N

otherwise

Proof We prove by induction that for all i and for all enco dings I of valid

IDs

if I x is true

i

A I x

i

otherwise

For i this follows from Lemma

For i observe that there is one I such that f I I a b is true Observe

that b oth I and I are enco dings of valid IDs Now it follows from Lemma

and the inductive hyp othesis that

if I x is true

i

A I x

i

otherwise

2

Interactive Pro of Systems for ATISP(t s)

The verier has to check that A I x The proto col starts by the

N

prover sending the verier a prime p dN n dN n where d

is the maximal degree of any variable in F and G Lemma and Lemma

x

shows that d s n The verier thereafter tests that the numb er the

prover sent is indeed a prime using the primality test of SolovayStrassen

such that the verier will catch the prover with probability at least if the

prover tries to cheat in this initial stage of the proto col

The verier can simplify the arithmetic expression A I x by the tech

N

nique of LundFortnowKarloNisan The verier will b e working over the

Interactive Pro ofs

nite eld F with p elements At any p oint in time the verier will know an

p

arithmetic expression Ay y y which is a sux of A I x and values

k N

F and the verier has to verify that A

k p k

There are three dierent typ es of A

J J P Q

Ay y B y y z where f g and Y f g

k k

z Y

or Y X Observe that B z is a p olynomial q z over F By

k p

insp ecting the denition of A I x we see that the degree of q z is at

N

most d So the proto col is

PV q z a at most d degree p olynomial over F

p

J

V Check q z

z Y

V Cho ose randomly and uniformly F

p

V Continue the proto col and check that B

k

q

Now the pro of of correctness for this step is that if A

k

then q z B z and hence with probability at most dp

k

we have B q We say that if this happ ens then the

k

cheating prover succeeds in this step

0 0 0

Ay y y F y y y A y y y

k n i n i n

0

V Calculate F If then accept if

n

otherwise reject Otherwise continue by checking that

0 0

A y y y

i n i n

0

Ay y y G y y y

k x n

0

Accept if otherwise V Calculate G

x n

reject

We can then prove that the ab ove proto col recognizes L

Lemma The proto col ab ove satises the following statements

i If x L then there exists a prover such that the verier always accepts

ii If x L then for all provers the verier accepts with probability at most

iii The verier works in time

O tns n s nn log n log tn

Fortnow Lund

and uses space

sn log p sn log tn

O O

log sn log sn

Proof

i The prover will always b e able to make A Note that

k

this is the case from the start since A I x In each elimination step

N

the prover accomplish this by always letting q z B z

k

ii The cheating prover has two opp ortunities to make the verier accept

First it can cho ose a comp osite numb er for p Since the verier is doing

the primality test the prover will b e caught with probability at least

Secondly the prover can succeed in one of the elimination steps Note

that in each elimination step the probability that the prover succeeds in

d

assuming that p is a prime Since the prover that step is at most

p

has only N n chances to succeed and since p dN n the

probability that the prover will succeed in any elimination step given

0

dN n

that p is a prime is at most Hence in all this implies that

p

the verier accepts x with probability at most

iii The verier uses O N n jX j T T T additions and

eval F G

x

multiplications in F where T is the numb er of op erations to evaluate

p eval

a p olynomial of degree d at one p oint T is the numb er of op erations to

F

evaluate F at one p oint and T is the numb er of op erations to evaluate

G

x

G at one p oint

x

By Horners Metho d T O d The the numb er of arithmetic op

eval

erations needed to evaluate the arithmetic formula of size S is clearly

O S Hence the numb er of additions and multiplications p erformed by

the verier is

O tns n s nn log n

Furthermore the verier computes O tn inverses

The time for a TM to p erform one addition in F is O log p and mul

p

tiplications can b e done in time O log p To compute an inverse using

the extended GCD algorithm takes time O log p The primality test for

p takes time O log p

Hence we infer that the verier works in time

O tns n s nn log n log tn

Interactive Pro ofs

The verier uses space for two indep endent reasons She is storing O n

eld elements and she uses space to evaluate the p olynomials and the

formulas It is clear that a formula can b e evaluated using only a numb er

of registers prop ortional to the depth of the formula Hence the verier

needs O n O sn log sn registers each containing a element from

F Hence the verier uses

p

sn log p sn log tn

O O

log sn log sn

space

2

This gives the main result of this pap er Recall that IPTISPt s is the

class of languages for which there exists an interactive pro of system with a

public coin verier that works in time O tn and space O sn

Theorem Given that t s is fully timespace constructible if

L ATISPtn sn

then L b elongs to

IPTISPs ntn n log ns n log tn sn log tn log sn

Corollary Every language in P has a publiccoin interactive pro of sys

tem with a p olynomialtime verier using O log n log log n space

Proof Let L b e a language in P Chandra Kozen and Sto ckmeyer prove

the existence of an alternating p olynomialtime logspace Turing machine M

that accepts L

2

S

k

Corollary Every language in NC NC has a publiccoin interac

k

tive pro of system with a verier using O log n space and O n log n time

Proof Ruzzo shows that any language in NC can b e accepted by

an alternating Turing machine using p olylog time and log space Hence if

L NC then there exists a constant k such that

k

L ATISPlog n log n

IPTISPnlog nlog log n log n

IPTISPn log n log n 2

Fortnow Lund

Corollary If t s is fully timespace constructible then

IPTISPn t n s n log sn ATISPtn sn

Proof This follows from Theorem since tn sn and sn log tn

2

Alternating Turing Machines for IPTISP(t s)

Theorem Let t s b e fully timespace constructible Then

IPTISPtn sn ATISPtn log tn sn

Proof Let L have a publiccoin interactive pro of system using time tn

and space sn We can assume without loss of generality that the proto col

consists of exactly tn rounds of the verier sending a single coin toss to the

prover followed by the prover sending back a onebit resp onse

From any conguration c the probability that the verier accepts starting

v

tn

c

in conguration c must b e for some integer v with v Let v

c c c

t(n)

b e the value of a conguration c The value of an accepting conguration is

and the value of a rejecting conguration is

If c is the conguration immediately b efore a provers message and if a

prover resp onse of causes the verier to enter conguration c and a resp onse

of causes the verier to enter conguration c then v maxv v If c

c c c

0 1

is the conguration immediately b efore a coin toss c is the conguration the

verier enters after tossing heads and c is the conguration the verier enters

after tossing tails then v v v

c c c

0 1

An alternating machine to accept L can work as follows First existentially

guess the value of the initial conguration and then verify its guess

To verify its guess we notice that maximum addition using carry lo ok

ahead and division by on tnbit numb ers has a uniform space O log tn

circuit of depth O log tn So the value of the initial conguration can b e

calculated by a uniform space O sn circuit of depth O tn log tn By a

result by Ruzzo an alternating Turing machine can evaluate each bit of the

value of the initial conguration in time O tn log tn and space O sn

2

Condon and Fortnow and Sipser indep endently proved the following

fact which follows from Theorem

Interactive Pro ofs

Corollary A deterministic p olynomialtime Turing machine can recog

nize any language accepted by a publiccoin interactive pro of system with a

verier using logarithmic space and p olynomial time

S

k

ATISPn log n ASPACElog n P Proof

2

k

A Hierarchy for IPTISP(t s)

Theorem gives a tight hierarchy for ATISPt s

Theorem Given t s and t s fully timespace constructible pairs

of functions

ATISPt s ATISPt s

if

t n ot n and s n os n

Proof Let M M b e an enumeration of tap e alternating Turing

machines such that every Turing machine has arbitrarily long enco dings We

construct an alternating Turing machine M that uses time O t n and space

O s n and that recognizes a language not in ATISPt s

The idea is that M tries to diagonalize against all the machines in the

enumeration It will succeed against all machines using time O t n and

space O s n

On input x M simulates M on input x in the following way If M makes

x x

an existential guess then M will make a universal guess and vice versa Doing

the simulation M keeps track on the time and the space it is using If on some

computation path M discover that it has used more than t n time or s n

space and it will halt and reject the input Otherwise the simulated machine

M halts and M will accept if and only if M rejects the input x Note that

x x

if on all computation paths the simulation succeeds then M accepts x if and

only if M rejects

x

Clearly M uses O t n time and O s n space since t s are time

space constructible Hence LM ATISPt s

Assume that LM ATISPt s Hence we have an alternating Turing

machine M that recognizes LM and it works in time ct n and space cs n

for some constant c Note that given M there exists a constant c such that

M simulates M on an enco ding of M with a slow down of at most c and

Fortnow Lund

uses only a factor of c more space than M Since there are arbitrarily long

enco dings of M let x b e an enco ding of M such that

cc t n t n and cc s n s n

Now M accepts x if and only if M rejects x This contradict that LM

x

LM

2

We get a hierarchy theorem for IPTISPt s as a consequence of our cor

resp ondence b etween ATISPt s and IPTISPt s

Theorem Given t s and t s fully timespace constructible pairs

of functions such that t t n and s s log n

IPTISPt n s n IPTISPt n s n

if for some

t n ot n and s n os n

Proof

IPTISPt n s n ATISPt n log t n s n

1

1

3+2

2

ATISPt n s n

IPTISPn t n s n

IPTISPt n s n

The rst containment is from Theorem the prop er containment is Theorem

and the last containment is from Corollary

2

As a corollary we get that public coin interactive pro of systems with linear

time veriers can not recognize all of IP This should b e contrasted with the

result by Fortnow and Sipser that for probabilistic computation there exists

A

A

an oracle A such that BPTIMEn contains BPP Furthermore Theorem

gives a tighter hierarchy for time and space

Corollary For all reals r s

s r

IPTIMEn IPTIMEn

r s

IPSPACEn IPSPACEn

and

s r

IPSPACElog n IPSPACElog n

Interactive Pro ofs

Proof Given Theorem the pro of is similar to the pro of of similar results

for NSPACEs by Ibarra see Theorem in

2

Interactive Pro of Systems for Deterministic

Computation

Corollaries and exhibit interactive pro of systems with veriers hav

ing low timespace complexity for P and NC We can use Theorem and

Corollary combined with the relationships in describ ed in Section to

prove more general relationships

Corollary For tn n sn log n

S S

k k k

IPTISPtn tn DSPACEtn

k k

S S

k k

sn k sn

DTIME sn IPTISP

k k

From this we get several consequences including

An interactive proto col with a verier using p olylog space and running

p olylogn

in quasip olynomial time accepts the same set of languages

as a deterministic Turing machine running in quasip olynomial time

A public coin interactive proto col with a verier running in p olynomial

time and space accepts exactly the same set of languages as a determin

istic machine using p olynomial space

An interactive proto col with a verier using p olynomial space and exp o

nential time accepts exactly the same set of languages as are determinis

tically recognizable in exp onential time

An interactive proto col with a verier using exp onential time and space

can accept all languages deterministically recognizable in exp onential

space

The second consequence is equivalent to Shamirs result that IP PSPACE

References

L Babai Trading group theory for randomness In Proc of the th ACM

Symp on the Theory of Computing pages

Fortnow Lund

L Babai and L Fortnow Arithmetization a new metho d in structural

complexity theory Computational Complexity

A R Bruss and A R Meyer On timespace classes and their relation to

the theory of real addition Theoretical Computer Science

A Chandra D Kozen and L Sto ckmeyer Alternation J of the ACM

A Condon Space b ounded probabilistic game automata In Proc of the

rd Conference on Structure in Complexity Theory pages

L Fortnow Complexitytheoretic aspects of interactive proof systems PhD

thesis Massachusetts Institute of Technology Lab oratory for Computer

Science Tech Rep ort MITLCSTR

L Fortnow and M Sipser Interactive pro of systems with a logspace

verier Manuscript Later version app ears in

L Fortnow and M Sipser Are there interactive proto cols for coNP lan

guages Information Processing Letters

L Fortnow and M Sipser Probabilistic computation and linear time In

Proc of the st ACM Symp on the Theory of Computing pages

S Goldwasser S Micali and C Racko The knowledge complexity of

interactive pro ofsystems SIAM J on Computing

S Goldwasser and M Sipser Private coins versus public coins in inter

active pro of systems In S Micali editor Randomness and Computation

volume of Advances in Computing Research pages JAI Press

J E Hop croft and J D Ullman Introduction to Automata Theory Lan

guages and Computation AddisonWesley Reading Mass

O H Ibarra A note concerning nondeterministic tap e complexities J

ACM

C Lund L Fortnow H Karlo and N Nisan Algebraic metho ds for

interactive pro of systems J of the ACM Octob er

Interactive Pro ofs

W J Paul E J Prau and R Reischuk On alternation Acta Informat

ica

W Ruzzo On uniform circuit complexity J of Computer and System

Sciences

A Shamir IP PSPACE J of the ACM Octob er

R Solovay and V Strassen A fast MonteCarlo test for primality SIAM

J of Computing See also erratum

I Sudb orough Time and tap e b ounded auxiliary pushdown automata

Mathematical Foundations of Computer Science pages

I Sudb orough On the tap e complexity of deterministic context free lan

guages J of the ACM

Web Analytics