DOCSLIB.ORG

Lecture 19 1 IP = PSPACE

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Lecture 19 1 IP = PSPACE Notes on Complexity Theory Last updated: November, 2011 Lecture 19 Jonathan Katz 1 IP = PSPACE A small modi¯cation of the previous protocol gives an interactive proof for any language in PSPACE, and hence PSPACE ⊆ IP. Before showing this, however, we quickly argue that IP ⊆ PSPACE. To see this, ¯x some proof system (P; V) for a language L (actually, we really only care about the veri¯er algorithm V). We claim that L 2 PSPACE. Given an input x 2 f0; 1gn, we compute exactly (using polynomial space) the maximum probability with which a prover can make V accept. (Although the prover is allowed to be all-powerful, we will see that the optimal strategy can be computed in PSPACE and so it su±ces to consider PSPACE provers in general.) Imagine a tree where each node at level i (with the root at level 0) corresponds to some sequence of i messages exchanged between the prover and veri¯er. This tree has polynomial depth (since V can only run for polynomially many rounds), and each node has at most 2nc children (for some constant c), since messages in the protocol have polynomial length. We recursively assign values to each node of this tree in the following way: a leaf node is assigned 0 if the veri¯er rejects, and 1 if the veri¯er accepts. The value of an internal node where the prover sends the next message is the maximum over the values of that node's children. The value of an internal node where the veri¯er sends the next message is the (weighted) average over the values of that node's children. The value of the root determines the maximum probability with which a prover can make the veri¯er accept on the given input x, and this value can be computed in polynomial space. If this value is greater than 2=3 then x 2 L; if it is less than 1=3 then x 62 L. 1.1 PSPACE ⊆ IP We now turn to the more interesting direction, namely showing that PSPACE ⊆ IP. We will now work with the PSPACE-complete language TQBF, which (recall) consists of true quanti¯ed boolean formulas of the form: 8x19x2 ¢ ¢ ¢ Qnxn Á(x1; : : : ; xn); where Á is a 3CNF formula. We begin by arithmetizing Á as we did in the case of #P; recall, if Á has m clauses this results in a degree-3m polynomial © such that, for x1; : : : ; xn 2 f0; 1g, we have ©(x1; : : : ; xn) = 1 if Á(x1; : : : ; xn) is true, and ©(x1; : : : ; xn) = 0 if Á(x1; : : : ; xn) is false. We next must arithmetize the quanti¯ers. Let © be an arithmetization of Á as above. The arithmetization of an expression of the form 8xn Á(x1; : : : ; xn) is Y def ©(x1; : : : ; xn) = ©(x1; : : : ; xn¡1; 0) ¢ ©(x1; : : : ; xn¡1; 1): xn2f0;1g If we ¯x values for x1; : : : ; xn¡1, then the above evaluates to 1 if the expression 8xn Á(x1; : : : ; xn) is true, and evaluates to 0 if this expression is false. The arithmetization of an expression of the 19-1 form 9xn Á(x1; : : : ; xn) is a def ¡ ¢ ¡ ¢ ©(x1; : : : ; xn) = 1 ¡ 1 ¡ ©(x1; : : : ; xn¡1; 0) ¢ 1 ¡ ©(x1; : : : ; xn¡1; 1) : xn2f0;1g Note again that if we ¯x values for x1; : : : ; xn¡1 then the above evaluates to 1 if the expression 9xn Á(x1; : : : ; xn) is true, and evaluates to 0 if this expression is false. Proceeding in this way, a quanti¯ed boolean formula 9x18x2 ¢ ¢ ¢ 8xnÁ(x1; : : : ; xn) is true i® a Y Y 1 = ¢ ¢ ¢ ©(x1; : : : ; xn): (1) x12f0;1g x22f0;1g xn2f0;1g A natural idea is to use Eq. (1) in the protocols we have seen for coNP and #P, and to have the prover convince the veri¯er that the above holds by \stripping o®" operators one-by-one. While this works in principle, the problem is that the degrees of the intermediate results are too large. For example, the polynomial Y Y P (x1) = ¢ ¢ ¢ ©(x1; : : : ; xn) x22f0;1g xn2f0;1g n Q ` may have degree as high as 2 ¢ 3m (note that the degree of x1 doubles each time a or operator is applied). Besides whatever e®ect this will have on soundness, this is even a problem for completeness since a polynomially bounded veri¯er cannot read an exponentially large polynomial (i.e., with exponentially many terms). 1 To address the above issue, we use a simple trick. In Eq. (1) the fxig only take on boolean k values. But for any k > 0 we have xi = xi when xi 2 f0; 1g. So we can in fact reduce the degree of every variable in any intermediate polynomial to (at most) 1. (For example, the polynomial 5 4 6 7 x1x2 +x1 +x1x2 would become 2x1x2 +x1.) Let Rxi be an operator denoting this \degree reduction" operation applied to variable xi. Then the prover needs to convince the veri¯er that a Y a Y 1 = Rx1 Rx1 Rx2 ¢ ¢ ¢ Rx1 ¢ ¢ ¢ Rxn¡1 Rx1 ¢ ¢ ¢ Rxn ©(x1; : : : ; xn): x12f0;1g x22f0;1g x32f0;1g xn2f0;1g As in the previous protocols, we will actually evaluate the above modulo some prime q. Since the above evaluates to either 0 or 1, we can take q any size we like (though soundness will depend inversely on q as before). We can now apply the same basic idea from the previous protocols to construct a new protocol in which, in each round, the prover helps the veri¯er \strip" one operator from the above expression. Denote the above expression abstractly by: FÁ = O1O2 ¢ ¢ ¢ O` ©(x1; : : : ; xn) mod q ; P Q ` where ` = n (i + 1) and each O is one of , , or R (for some i). At every round k the i=1 j xi xi xi veri¯er holds some value vk and the prover wants to convince the veri¯er that vk = Ok+1 ¢ ¢ ¢ O` ©k mod q; 1Of course, it seems simple in retrospect. 19-2 where ©k is some polynomial. At the end of the round the veri¯er will compute some vk+1 and the prover then needs to convince the veri¯er that vk+1 = Ok+2 ¢ ¢ ¢ O` ©k+1 mod q; for some ©k+1. We explain how this is done below. At the beginning of the protocol we start with v0 = 1 and ©0 = © (so that the prover wants to convince the veri¯er that the given quanti¯ed formula is true); at the end of the protocol the veri¯er will be able to compute ©` itself and check whether this is equal to v`. It only remains to describe each of the individual rounds. There are three cases corresponding to the three types of operators (we omit the \ mod q" from our expressions from now on, for simplicity): Q Case 1: O = (for some i). Here, the prover wants to convince the veri¯er that k+1 xi Y a Y vk = Rx1 ¢ ¢ ¢ ¢ ¢ ¢ Rx1 ¢ ¢ ¢ Rxn ©(r1; : : : ; ri¡1; xi; : : : ; xn): (2) xi xi+1 xn (Technical note: when we write an expression like the above, we really mean 0 1 Y a Y @ A Rx1 ¢ ¢ ¢ ¢ ¢ ¢ Rx1 ¢ ¢ ¢ Rxn ©(x1; : : : ; xi¡1; xi; : : : ; xn) [r1; : : : ; ri¡1]: xi xi+1 xn That is, ¯rst the expression is computed symbolically, and then the resulting expression is evaluated by setting x1 = r1; : : : ; xi¡1 = ri¡1.) This is done in the following way: ² The prover sends a degree-1 polynomial P^(xi). Q ² The veri¯er checks that v = P^(x ). If not, reject. Otherwise, choose random r 2 F , set k xi i i q vk+1 = P^(ri), and enter the next round with the prover trying to convince the veri¯er that: a Y vk+1 = Rx1 ¢ ¢ ¢ ¢ ¢ ¢ Rx1 ¢ ¢ ¢ Rxn ©(r1; : : : ; ri¡1; ri; xi+1; : : : ; xn): (3) xi+1 xn To see completeness, assume Eq. (2) is true. Then the prover can send a Y ^ def P (xi) = P (xi) = Rx1 ¢ ¢ ¢ ¢ ¢ ¢ Rx1 ¢ ¢ ¢ Rxn ©(r1; : : : ; ri¡1; xi; : : : ; xn); xi+1 xn the veri¯er will not reject and Eq. (3) will hold for any choice of ri. As for soundness, if Eq. (2) does not hold then the prover must send P^(xi) 6= P (xi) (or else the veri¯er rejects right away); but then Eq. (3) will not hold except with probability 1=q. ` Case 2: O = (for some i). This case and its analysis are similar to the above and are k+1 xi therefore omitted. Case 3: Ok+1 = Rxi (for some i). Here, the prover wants to convince the veri¯er that Y vk = Rxi ¢ ¢ ¢ Rx1 ¢ ¢ ¢ Rxn ©(r1; : : : ; rj; xj+1; : : : ; xn); (4) xn where j ¸ i. This case is a little di®erent from anything we have seen before. Now: 19-3 ² The prover sends a polynomial P^(xi) of appropriate degree (see below). ³ ´ ^ ² The veri¯er checks that Rxi P (xi) [ri] = vk. If not, reject. Otherwise, choose a new random ri 2 Fq, set vk+1 = P^(ri), and enter the next round with the prover trying to convince the veri¯er that: Y vk+1 = Ok+2 ¢ ¢ ¢ Rx1 ¢ ¢ ¢ Rxn ©(r1; : : : ; ri; : : : ; rj; xj+1; : : : ; xn): (5) xn Completeness is again easy to see: assuming Eq. (4) is true, the prover can simply send Y ^ def P (xi) = P (xi) = Ok+2 ¢ ¢ ¢ Rx1 ¢ ¢ ¢ Rxn ©(r1; : : : ; ri¡1; xi; ri+1; : : : ; rj; xj+1; : : : ; xn) xn and then the veri¯er will not reject and also Eq. (5) will hold for any (new) choice of ri. As for soundness, if Eq. (4) does not hold then the prover must send P^(xi) 6= P (xi); but then Eq.
Load more

Recommended publications
  • CS601 DTIME and DSPACE Lecture 5 Time and Space Functions: T, S
    CS601 DTIME and DSPACE Lecture 5 Time and Space functions: t, s : N → N+ Definition 5.1 A set A ⊆ U is in DTIME[t(n)] iff there exists a deterministic, multi-tape TM, M, and a constant c, such that, 1. A = L(M) ≡ w ∈ U M(w)=1 , and 2. ∀w ∈ U, M(w) halts within c · t(|w|) steps. Definition 5.2 A set A ⊆ U is in DSPACE[s(n)] iff there exists a deterministic, multi-tape TM, M, and a constant c, such that, 1. A = L(M), and 2. ∀w ∈ U, M(w) uses at most c · s(|w|) work-tape cells. (Input tape is “read-only” and not counted as space used.) Example: PALINDROMES ∈ DTIME[n], DSPACE[n]. In fact, PALINDROMES ∈ DSPACE[log n]. [Exercise] 1 CS601 F(DTIME) and F(DSPACE) Lecture 5 Definition 5.3 f : U → U is in F (DTIME[t(n)]) iff there exists a deterministic, multi-tape TM, M, and a constant c, such that, 1. f = M(·); 2. ∀w ∈ U, M(w) halts within c · t(|w|) steps; 3. |f(w)|≤|w|O(1), i.e., f is polynomially bounded. Definition 5.4 f : U → U is in F (DSPACE[s(n)]) iff there exists a deterministic, multi-tape TM, M, and a constant c, such that, 1. f = M(·); 2. ∀w ∈ U, M(w) uses at most c · s(|w|) work-tape cells; 3. |f(w)|≤|w|O(1), i.e., f is polynomially bounded. (Input tape is “read-only”; Output tape is “write-only”.
    [Show full text]
  • EXPSPACE-Hardness of Behavioural Equivalences of Succinct One
    EXPSPACE-hardness of behavioural equivalences of succinct one-counter nets Petr Janˇcar1 Petr Osiˇcka1 Zdenˇek Sawa2 1Dept of Comp. Sci., Faculty of Science, Palack´yUniv. Olomouc, Czech Rep. [email protected], [email protected] 2Dept of Comp. Sci., FEI, Techn. Univ. Ostrava, Czech Rep. [email protected] Abstract We note that the remarkable EXPSPACE-hardness result in [G¨oller, Haase, Ouaknine, Worrell, ICALP 2010] ([GHOW10] for short) allows us to answer an open complexity ques- tion for simulation preorder of succinct one counter nets (i.e., one counter automata with no zero tests where counter increments and decrements are integers written in binary). This problem, as well as bisimulation equivalence, turn out to be EXPSPACE-complete. The technique of [GHOW10] was referred to by Hunter [RP 2015] for deriving EXPSPACE-hardness of reachability games on succinct one-counter nets. We first give a direct self-contained EXPSPACE-hardness proof for such reachability games (by adjust- ing a known PSPACE-hardness proof for emptiness of alternating finite automata with one-letter alphabet); then we reduce reachability games to (bi)simulation games by using a standard “defender-choice” technique. 1 Introduction arXiv:1801.01073v1 [cs.LO] 3 Jan 2018 We concentrate on our contribution, without giving a broader overview of the area here. A remarkable result by G¨oller, Haase, Ouaknine, Worrell [2] shows that model checking a fixed CTL formula on succinct one-counter automata (where counter increments and decre- ments are integers written in binary) is EXPSPACE-hard. Their proof is interesting and nontrivial, and uses two involved results from complexity theory.
    [Show full text]
  • Interactive Proofs 1 1 Pspace ⊆ IP
    CS294: Probabilistically Checkable and Interactive Proofs January 24, 2017 Interactive Proofs 1 Instructor: Alessandro Chiesa & Igor Shinkar Scribe: Mariel Supina 1 Pspace ⊆ IP The first proof that Pspace ⊆ IP is due to Shamir, and a simplified proof was given by Shen. These notes discuss the simplified version in [She92], though most of the ideas are the same as those in [Sha92]. Notes by Katz also served as a reference [Kat11]. Theorem 1 ([Sha92]) Pspace ⊆ IP. To show the inclusion of Pspace in IP, we need to begin with a Pspace-complete language. 1.1 True Quantified Boolean Formulas (tqbf) Definition 2 A quantified boolean formula (QBF) is an expression of the form 8x19x28x3 ::: 9xnφ(x1; : : : ; xn); (1) where φ is a boolean formula on n variables. Note that since each variable in a QBF is quantified, a QBF is either true or false. Definition 3 tqbf is the language of all boolean formulas φ such that if φ is a formula on n variables, then the corresponding QBF (1) is true. Fact 4 tqbf is Pspace-complete (see section 2 for a proof). Hence to show that Pspace ⊆ IP, it suffices to show that tqbf 2 IP. Claim 5 tqbf 2 IP. In order prove claim 5, we will need to present a complete and sound interactive protocol that decides whether a given QBF is true. In the sum-check protocol we used an arithmetization of a 3-CNF boolean formula. Likewise, here we will need a way to arithmetize a QBF. 1.2 Arithmetization of a QBF We begin with a boolean formula φ, and we let n be the number of variables and m the number of clauses of φ.
    [Show full text]
  • Interactive Proofs for Quantum Computations
    Innovations in Computer Science 2010 Interactive Proofs For Quantum Computations Dorit Aharonov Michael Ben-Or Elad Eban School of Computer Science, The Hebrew University of Jerusalem, Israel [email protected] [email protected] [email protected] Abstract: The widely held belief that BQP strictly contains BPP raises fundamental questions: Upcoming generations of quantum computers might already be too large to be simulated classically. Is it possible to experimentally test that these systems perform as they should, if we cannot efficiently compute predictions for their behavior? Vazirani has asked [21]: If computing predictions for Quantum Mechanics requires exponential resources, is Quantum Mechanics a falsifiable theory? In cryptographic settings, an untrusted future company wants to sell a quantum computer or perform a delegated quantum computation. Can the customer be convinced of correctness without the ability to compare results to predictions? To provide answers to these questions, we define Quantum Prover Interactive Proofs (QPIP). Whereas in standard Interactive Proofs [13] the prover is computationally unbounded, here our prover is in BQP, representing a quantum computer. The verifier models our current computational capabilities: it is a BPP machine, with access to few qubits. Our main theorem can be roughly stated as: ”Any language in BQP has a QPIP, and moreover, a fault tolerant one” (providing a partial answer to a challenge posted in [1]). We provide two proofs. The simpler one uses a new (possibly of independent interest) quantum authentication scheme (QAS) based on random Clifford elements. This QPIP however, is not fault tolerant. Our second protocol uses polynomial codes QAS due to Ben-Or, Cr´epeau, Gottesman, Hassidim, and Smith [8], combined with quantum fault tolerance and secure multiparty quantum computation techniques.
    [Show full text]
  • Distribution of Units of Real Quadratic Number Fields
    Y.-M. J. Chen, Y. Kitaoka and J. Yu Nagoya Math. J. Vol. 158 (2000), 167{184 DISTRIBUTION OF UNITS OF REAL QUADRATIC NUMBER FIELDS YEN-MEI J. CHEN, YOSHIYUKI KITAOKA and JING YU1 Dedicated to the seventieth birthday of Professor Tomio Kubota Abstract. Let k be a real quadratic field and k, E the ring of integers and the group of units in k. Denoting by E( ¡ ) the subgroup represented by E of × ¡ ¡ ( k= ¡ ) for a prime ideal , we show that prime ideals for which the order of E( ¡ ) is theoretically maximal have a positive density under the Generalized Riemann Hypothesis. 1. Statement of the result x Let k be a real quadratic number field with discriminant D0 and fun- damental unit (> 1), and let ok and E be the ring of integers in k and the set of units in k, respectively. For a prime ideal p of k we denote by E(p) the subgroup of the unit group (ok=p)× of the residue class group modulo p con- sisting of classes represented by elements of E and set Ip := [(ok=p)× : E(p)], where p is the rational prime lying below p. It is obvious that Ip is inde- pendent of the choice of prime ideals lying above p. Set 1; if p is decomposable or ramified in k, ` := 8p 1; if p remains prime in k and N () = 1, p − k=Q <(p 1)=2; if p remains prime in k and N () = 1, − k=Q − : where Nk=Q stands for the norm from k to the rational number field Q.
    [Show full text]
  • Probabilistic Proof Systems: a Primer
    Probabilistic Proof Systems: A Primer Oded Goldreich Department of Computer Science and Applied Mathematics Weizmann Institute of Science, Rehovot, Israel. June 30, 2008 Contents Preface 1 Conventions and Organization 3 1 Interactive Proof Systems 4 1.1 Motivation and Perspective ::::::::::::::::::::::: 4 1.1.1 A static object versus an interactive process :::::::::: 5 1.1.2 Prover and Veri¯er :::::::::::::::::::::::: 6 1.1.3 Completeness and Soundness :::::::::::::::::: 6 1.2 De¯nition ::::::::::::::::::::::::::::::::: 7 1.3 The Power of Interactive Proofs ::::::::::::::::::::: 9 1.3.1 A simple example :::::::::::::::::::::::: 9 1.3.2 The full power of interactive proofs ::::::::::::::: 11 1.4 Variants and ¯ner structure: an overview ::::::::::::::: 16 1.4.1 Arthur-Merlin games a.k.a public-coin proof systems ::::: 16 1.4.2 Interactive proof systems with two-sided error ::::::::: 16 1.4.3 A hierarchy of interactive proof systems :::::::::::: 17 1.4.4 Something completely di®erent ::::::::::::::::: 18 1.5 On computationally bounded provers: an overview :::::::::: 18 1.5.1 How powerful should the prover be? :::::::::::::: 19 1.5.2 Computational Soundness :::::::::::::::::::: 20 2 Zero-Knowledge Proof Systems 22 2.1 De¯nitional Issues :::::::::::::::::::::::::::: 23 2.1.1 A wider perspective: the simulation paradigm ::::::::: 23 2.1.2 The basic de¯nitions ::::::::::::::::::::::: 24 2.2 The Power of Zero-Knowledge :::::::::::::::::::::: 26 2.2.1 A simple example :::::::::::::::::::::::: 26 2.2.2 The full power of zero-knowledge proofs ::::::::::::
    [Show full text]
  • 26 Space Complexity
    CS:4330 Theory of Computation Spring 2018 Computability Theory Space Complexity Haniel Barbosa Readings for this lecture Chapter 8 of [Sipser 1996], 3rd edition. Sections 8.1, 8.2, and 8.3. Space Complexity B We now consider the complexity of computational problems in terms of the amount of space, or memory, they require B Time and space are two of the most important considerations when we seek practical solutions to most problems B Space complexity shares many of the features of time complexity B It serves a further way of classifying problems according to their computational difficulty 1 / 22 Space Complexity Definition Let M be a deterministic Turing machine, DTM, that halts on all inputs. The space complexity of M is the function f : N ! N, where f (n) is the maximum number of tape cells that M scans on any input of length n. Definition If M is a nondeterministic Turing machine, NTM, wherein all branches of its computation halt on all inputs, we define the space complexity of M, f (n), to be the maximum number of tape cells that M scans on any branch of its computation for any input of length n. 2 / 22 Estimation of space complexity Let f : N ! N be a function. The space complexity classes, SPACE(f (n)) and NSPACE(f (n)), are defined by: B SPACE(f (n)) = fL j L is a language decided by an O(f (n)) space DTMg B NSPACE(f (n)) = fL j L is a language decided by an O(f (n)) space NTMg 3 / 22 Example SAT can be solved with the linear space algorithm M1: M1 =“On input h'i, where ' is a Boolean formula: 1.
    [Show full text]
  • Lecture 16 1 Interactive Proofs
    Notes on Complexity Theory Last updated: October, 2011 Lecture 16 Jonathan Katz 1 Interactive Proofs Let us begin by re-examining our intuitive notion of what it means to \prove" a statement. Tra- ditional mathematical proofs are static and are veri¯ed deterministically: the veri¯er checks the claimed proof of a given statement and is either convinced that the statement is true (if the proof is correct) or remains unconvinced (if the proof is flawed | note that the statement may possibly still be true in this case, it just means there was something wrong with the proof). A statement is true (in this traditional setting) i® there exists a valid proof that convinces a legitimate veri¯er. Abstracting this process a bit, we may imagine a prover P and a veri¯er V such that the prover is trying to convince the veri¯er of the truth of some particular statement x; more concretely, let us say that P is trying to convince V that x 2 L for some ¯xed language L. We will require the veri¯er to run in polynomial time (in jxj), since we would like whatever proofs we come up with to be e±ciently veri¯able. A traditional mathematical proof can be cast in this framework by simply having P send a proof ¼ to V, who then deterministically checks whether ¼ is a valid proof of x and outputs V(x; ¼) (with 1 denoting acceptance and 0 rejection). (Note that since V runs in polynomial time, we may assume that the length of the proof ¼ is also polynomial.) The traditional mathematical notion of a proof is captured by requiring: ² If x 2 L, then there exists a proof ¼ such that V(x; ¼) = 1.
    [Show full text]
  • IP=PSPACE. Arthur-Merlin Games
    Computational Complexity Theory, Fall 2010 10 November Lecture 18: IP=PSPACE. Arthur-Merlin Games Lecturer: Kristoffer Arnsfelt Hansen Scribe: Andreas Hummelshøj J Update: Ω(n) Last time, we were looking at MOD3◦MOD2. We mentioned that AND required size 2 MOD3◦ MOD2 circuits. We also mentioned, as being open, whether NEXP ⊆ (nonuniform)MOD2 ◦ MOD3 ◦ MOD2. Since 9/11-2010, this is no longer open. Definition 1 ACC0 = class of languages: 0 0 ACC = [m>2ACC [m]; where AC0[m] = class of languages computed by depth O(1) size nO(1) circuits with AND-, OR- and MODm-gates. This is in fact in many ways a natural class of languages, like AC0 and NC1. 0 Theorem 2 NEXP * (nonuniform)ACC . New open problem: Is EXP ⊆ (nonuniform)MOD2 ◦ MOD3 ◦ MOD2? Recap: We defined arithmetization A(φ) of a 3-SAT formula φ: A(xi) = xi; A(xi) = 1 − xi; 3 Y A(l1 _ l2 _ l3) = 1 − (1 − A(li)); i=1 m Y A(c1 ^ · · · ^ cm) = A(cj): j=1 1 1 X X ]φ = ··· P (x1; : : : ; xn);P = A(φ): x1=0 xn=0 1 Sumcheck: Given g(x1; : : : ; xn), K and prime number p, decide if 1 1 X X ··· g(x1; : : : ; xn) ≡ K (mod p): x1=0 xn=0 True Quantified Boolean Formulae: 0 0 Given φ ≡ 9x18x2 ::: 8xnφ (x1; : : : ; xn), where φ is a 3SAT formula, decide if φ is true. Observation: φ true , P1 Q1 P ··· Q1 P (x ; : : : ; x ) > 0, P = A(φ0). x1=0 x2=0 x3 x1=0 1 n Protocol: Can't we just do it analogous to Sumcheck? Id est: remove outermost P, P sends polynomial S, V checks if S(0) + S(1) ≡ K, asks P to prove Q1 P1 ··· Q1 P (a) ≡ S(a), where x2=0 x3=0 xn=0 a 2 f0; 1; : : : ; p − 1g is chosen uniformly at random.
    [Show full text]
  • Computational Complexity
    Computational complexity Plan Complexity of a computation. Complexity classes DTIME(T (n)). Relations between complexity classes. Complete problems. Domino problems. NP-completeness. Complete problems for other classes Alternating machines. – p.1/17 Complexity of a computation A machine M is T (n) time bounded if for every n and word w of size n, every computation of M has length at most T (n). A machine M is S(n) space bounded if for every n and word w of size n, every computation of M uses at most S(n) cells of the working tape. Fact: If M is time or space bounded then L(M) is recursive. If L is recursive then there is a time and space bounded machine recognizing L. DTIME(T (n)) = fL(M) : M is det. and T (n) time boundedg NTIME(T (n)) = fL(M) : M is T (n) time boundedg DSPACE(S(n)) = fL(M) : M is det. and S(n) space boundedg NSPACE(S(n)) = fL(M) : M is S(n) space boundedg . – p.2/17 Hierarchy theorems A function S(n) is space constructible iff there is S(n)-bounded machine that given w writes aS(jwj) on the tape and stops. A function T (n) is time constructible iff there is a machine that on a word of size n makes exactly T (n) steps. Thm: Let S2(n) be a space-constructible function and let S1(n) ≥ log(n). If S1(n) lim infn!1 = 0 S2(n) then DSPACE(S2(n)) − DSPACE(S1(n)) is nonempty. Thm: Let T2(n) be a time-constructible function and let T1(n) log(T1(n)) lim infn!1 = 0 T2(n) then DTIME(T2(n)) − DTIME(T1(n)) is nonempty.
    [Show full text]
  • Lecture 14 1 Introduction 2 the IP Protocol 3 Graph Non-Isomorphism
    6.841 Advanced Complexity Theory Apr 2, 2007 Lecture 14 Lecturer: Madhu Sudan Scribe: Nate Ince, Krzysztof Onak 1 Introduction The idea behind interactive proofs came from cryptography. Transferring coded massages usually involves a password known only to the sender and receiver, and a message. When you send an encrypted message, you have to show you know the password to show that your message is official. However, if we do this by sending the password with the message, there’s a high chance the password could be eavesdropped. So we would like a method to let you show you know the password without sending it. Goldwasser, Mikoli, and Rakoff were inspired by this to create the idea of the interactive proof. 2 The IP protocol Let L be some language. We say that L ∈ IP as a protocol between an exponential-time prover P and a polynomial time randomized verifier V so if x ∈ L, then the probabillity that after a completed exchange Π between P and V, P r[V (x, Π) = 1] ≥ 1 − 1/2|x| and if x∈ / L, then the probability that after a completed exchange Π0 between Q and V, where Q is any expon- tential algorithm, P r[V (x, Π0) = 1] ≤ 1/2|x|. We formally define an exchange between P and V as a series of questions and answers q1, a1, a2, q2 . , qn, an so that |qi|, |ai|, n ∈ poly(|x|), q1 = V (x), ai = P (x; q1, a1, . , qi), and qi = V (x, ; q1, a1, . , ai−1; ri−1) for all i ≤ n, where ri is a random string V uses at the ith exchange to determine all “random” decisions V makes.
    [Show full text]
  • (Design And) Analysis of Algorithms NP and Complexity Classes
    Intro P and NP Hard problems CSE 548: (Design and) Analysis of Algorithms NP and Complexity Classes R. Sekar 1 / 38 Intro P and NP Hard problems Search and Optimization Problems Many problems of our interest are search problems with exponentially (or even infinitely) many solutions Shortest of the paths between two vertices Spanning tree with minimal cost Combination of variable values that minimize an objective We should be surprised we find ecient (i.e., polynomial-time) solutions to these problems It seems like these should be the exceptions rather than the norm! What do we do when we hit upon other search problems? 2 / 38 Intro P and NP Hard problems Hard Problems: Where you find yourself ... I can’t find an ecient algorithm, I guess I’m just too dumb. Images from “Computers and Intractability” by Garey and Johnson 3 / 38 Intro P and NP Hard problems Search and Optimization Problems What do we do when we hit upon hard search problems? Can we prove they can’t be solved eciently? 4 / 38 Intro P and NP Hard problems Hard Problems: Where you would like to be ... I can’t find an ecient algorithm, because no such algorithm is possible. Images from “Computers and Intractability” by Garey and Johnson 5 / 38 Intro P and NP Hard problems Search and Optimization Problems Unfortunately, it is very hard to prove that ecient algorithms are impossible Second best alternative: Show that the problem is as hard as many other problems that have been worked on by a host of brilliant scientists over a very long time Much of complexity theory is concerned with categorizing hard problems into such equivalence classes 6 / 38 Intro P and NP Hard problems P, NP, Co-NP, NP-hard and NP-complete 7 / 38 Intro P and NP Hard problems Nondeterminism and Search Problems Nondeterminism is an oft-used abstraction in language theory Non-deterministic FSA Non-deterministic PDA So, why not non-deterministic Turing machines? Acceptance criteria is analogous to NFA and NPDA if there is a sequence of transitions to an accepting state, an NDTM will take that path.
    [Show full text]