DOCSLIB.ORG

Private Coins Versus Public Coins in Interactive Proof Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Private Coins Versus Public Coins in Interactive Proof Systems Private Coins versus Public Coins in Interactive Proof Systems Shaft Goldwasser* Michael Sipser** Computer Science Department Computer Science Department MIT University of California at Berkeley and Mathematics Department MIT second, due to Babai, [B] requires that the outcome of the verifier's coin tosses be public Abstract and thus accessible to the prover. An interactive proof system is a method Our main result is that these two sys- by which one party of unlimited resources, tems are equivalent in power with respect to called the prover, can convince a party of lim- language recognition. ited resources, call the verifier, of the truth of The notion of interactive proof system a proposition. The verifier may toss coins, may be seen to yield a probabilistic analog to ask repeated questions of the prover, and run NP much as BPP is the probabilistic analog efficient tests upon the prover's responses to P. We define the probabilistic, nondeter- before deciding whether to be convinced. ministic, polynomial time Turing machine and This extends the familiar proof system impli- show that it is also equivalent in power to cit in the notion of NP in that there the these systems. verifier may not toss coins or speak, but only listen and verify. Interactive proof systems 1. Introduction may not yield proof in the strict mathemati- In this century, the notions of proof and cal sense: the "proofs" are probabilistic with computation have been formalized and under- an exponentially small, though non-zero stood. With the arrival of complexity theory, chance of error. the notion of what is efficiently provable We consider two notions of interactive became of interest. The class NP captured proof system. One, defined by Goldwasser, this notion, containing those languages for Micali, and Rackoff [GMR] permits the which proofs of membership can be verified verifier a coin that can be tossed in private, by a deterministic polynomial time Turing i.e., a secret source of randomness. The machine. We can view NP as a proof-system Permission to copy without ice all or part of this material is granted consisting of two communicating Turing provided that the copies are not made or distributed for direct machines: the prover who guesses the proof commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by * Research supported in part by NSF G r a n t 8509905 permission of the Association for Computing Machinery. To copy DCR. otherwise, or to republish, requires a fee and/or specific permission. ** Research supported in part by NSF Grant MCS- © 1986 ACM 0-89791-193-8/86/0500/0059 $00.75 8304769 a n d Air Force Grant AFOSR-82-0326. 59 and the polynomial time deterministic computations on them and send the outcome verifier, who checks the correctness of the of the computation to the prover. In particu- proof. lar, he need not show the outcome of the Randomization has been recognized to be coins to the prover. a fundamental ingredient in defining what is The secrecy of the verifier's coin tosses efficiently computable (e.g RP, BPP, RNC). seemed essential to certain examples of In this paper, we seek to understand how ran- interactive proof systems. The most notable domization affects the definition of what is is a recent result of Goldreich, Micali and efficiently provable. Wigderson [GMW] showing an interactive A conventional deterministic NP verifier proof-system for the graph non-isomorphism does not accept statistical evidence as a con- problem. This is somewhat remarkable in vincing argument, regardless of how light of the fact that graph non-isomorphism overwhelming it may be. As a consequence, is not known to be in NP. We sketch this the kind of languages contained in NP are example in section 2.1. precisely those whose proofs of membership The interactive proof system (IP) defines can be fully put down in writing and shown a hierarchy of languages. Namely, L is in to others. The verifier does not actively parti- IP[k] if there exists a k-move (k alternations cipate in the proof process or interact with of message exchanges between prover and the prover in any way. It suffices for the verifier with the verifier sending the first prover to speak and the verifier to listen. message) interactive proof system such that: Randomization and interaction are for every input x(L, the probability that the essential ingredients of two recent formaliza- verifier accepts is greater than 2/3, and for tions of the concept of an efficient proof sys- every input x not in L, even against an tem. One formalization is due to Babai [B] optimal prover, the probability that the and the other to Goldwasser, Micali and verifier accepts is less than 1/3. Rackoff [GMR]. Both definitions would col- lapse to NP if no coins were flipped. Arthur-Merlin Games: An Interactive Proof System with a Public Coin Interactive Proof Systems Babai's formalization of efficient proof In defining what they called interactive system attempts to capture the smallest class proof systems, Goldwasser, Micali and of languages extending NP, for which statisti- Rackoff's intent was to make as general a cal proofs of membership exist. The primary definition as possible of what is provable to a motivation was to place the matrix group probabilistic verifier willing to accept statisti- non-membership and matrix group order prob- cal evidence. Their broader goal was to lems in a complexity class "just above NP". define the concept of the "knowledge" com- His proof-system, presented as a game, con- municated during a proof. sists of a powerful prover (capable of optimal moves) called Merlin, and a probabilistic poly- An interactive proof system consists of a nomial time verifier called Arthur which prover with unlimited computation power and receive a common input x. Merlin wins the a probabilistic polynomial time verifier who game if he can make Arthur accept x. receive a common input x. The prover and Arthur and Merlin alternate exchanging mes- the verifier can exchange messages back and sages back and forth for at most a polynomial forth for a polynomial in the length of x in the length of x times. At the end of the number of times. There are no restrictions on interaction, Arthur decides whether to accept how the verifier may use his coin tosses: he or reject (i.e., whether Merlin won or lost). can toss coins, perform any polynomial time 60 The difference between the Arthur- i.e., the GMR proof system is as powerful as Merlin proof system and the GMR proof sys- the Babai proof system. tem is in the restricted way that Arthur is allowed to use his coin tosses during the 2. Examples and Related Work game. Arthur's moves consist merely of toss- ing coins and sending their outcomes to Mer- 2.1. An Example of An Interactive Proof lin. Thus the Arthur-Merlin game is a special System case of an interactive proof system. Goldreich, Micali and Wigderson [GMW] The Arthur-Merlin games define a have recently demonstrated the following hierarchy of complexity classes, in a manner interactive proof system for the graph non- similar to IP. We say L is in AM[k] if there isomorphism problem. exists an Arthur-Merlin k-move game (i.e., k Let NONISO={(Go G1) such that the alternating message exchanges between graph G 1 is not isomorphic to the graph Go}. Arthur and Merlin, Arthur sending first) such Theorem (GMW): NONISO ~ IP. that for every input x~L, the probability that Arthur accepts x is greater than 2/3; and for proof." Let the prover and verifier receive as every input x not in L, the probability that input two n node graphs G o and G 1 on ver- an optimal Merlin wins is less than 1/3. tices V. The following steps 1 and 2 get exe- cuted n times in parallel. The elegant simplicity of the definition of the Arthur-Merlin game facilitates addi- step 1: The verifier flips a fair coin to tional results. Babai showed that for every choose cC{0,1} and a random permuta- constant k, AM[k] collapses to AM[2]. This tion ~ of V. The verifier then computes in turn is a subset of both H2P and R = ~(Gc) and sends R to the prover. nonuniform-NP. The relative power of proof step 2: The prover tells the verifier systems with a bounded and an unbounded whether c=0 or 1. number of exchanged messages remains an final step: if the prover makes a mistake interesting open question. in step 2 in guessing what c is, the In this paper we prove the equivalence of verifier rejects, otherwise he accepts. these two types of interactive proofs with If the two input graphs G 1 and G 2 are respect to language recognition. As a conse- not isomorphic to each other, then there quence the above results extend to IP. exists a prover who can distinguish the case that R is isomorphic to G O from the case that Our Result R is isomorphic to G1, and thus can always Let Q denote a polynomial. Let IP[Q] tell correctly in step 2 of the protocol whether (and AM[Q]) denote those languages L for c =0 or c=l, and make the verifier accept. which there exists a Q-move interactive proof On the other hand, if Go is isomorphic to system (and Q-move Arthur-Merlin proof- G1, then by the randomness of the permuta- system respectively).
Load more

Recommended publications
  • Complexity Theory Lecture 9 Co-NP Co-NP-Complete
    Complexity Theory 1 Complexity Theory 2 co-NP Complexity Theory Lecture 9 As co-NP is the collection of complements of languages in NP, and P is closed under complementation, co-NP can also be characterised as the collection of languages of the form: ′ L = x y y <p( x ) R (x, y) { |∀ | | | | → } Anuj Dawar University of Cambridge Computer Laboratory NP – the collection of languages with succinct certificates of Easter Term 2010 membership. co-NP – the collection of languages with succinct certificates of http://www.cl.cam.ac.uk/teaching/0910/Complexity/ disqualification. Anuj Dawar May 14, 2010 Anuj Dawar May 14, 2010 Complexity Theory 3 Complexity Theory 4 NP co-NP co-NP-complete P VAL – the collection of Boolean expressions that are valid is co-NP-complete. Any language L that is the complement of an NP-complete language is co-NP-complete. Any of the situations is consistent with our present state of ¯ knowledge: Any reduction of a language L1 to L2 is also a reduction of L1–the complement of L1–to L¯2–the complement of L2. P = NP = co-NP • There is an easy reduction from the complement of SAT to VAL, P = NP co-NP = NP = co-NP • ∩ namely the map that takes an expression to its negation. P = NP co-NP = NP = co-NP • ∩ VAL P P = NP = co-NP ∈ ⇒ P = NP co-NP = NP = co-NP • ∩ VAL NP NP = co-NP ∈ ⇒ Anuj Dawar May 14, 2010 Anuj Dawar May 14, 2010 Complexity Theory 5 Complexity Theory 6 Prime Numbers Primality Consider the decision problem PRIME: Another way of putting this is that Composite is in NP.
    [Show full text]
  • On the Randomness Complexity of Interactive Proofs and Statistical Zero-Knowledge Proofs*
    On the Randomness Complexity of Interactive Proofs and Statistical Zero-Knowledge Proofs* Benny Applebaum† Eyal Golombek* Abstract We study the randomness complexity of interactive proofs and zero-knowledge proofs. In particular, we ask whether it is possible to reduce the randomness complexity, R, of the verifier to be comparable with the number of bits, CV , that the verifier sends during the interaction. We show that such randomness sparsification is possible in several settings. Specifically, unconditional sparsification can be obtained in the non-uniform setting (where the verifier is modelled as a circuit), and in the uniform setting where the parties have access to a (reusable) common-random-string (CRS). We further show that constant-round uniform protocols can be sparsified without a CRS under a plausible worst-case complexity-theoretic assumption that was used previously in the context of derandomization. All the above sparsification results preserve statistical-zero knowledge provided that this property holds against a cheating verifier. We further show that randomness sparsification can be applied to honest-verifier statistical zero-knowledge (HVSZK) proofs at the expense of increasing the communica- tion from the prover by R−F bits, or, in the case of honest-verifier perfect zero-knowledge (HVPZK) by slowing down the simulation by a factor of 2R−F . Here F is a new measure of accessible bit complexity of an HVZK proof system that ranges from 0 to R, where a maximal grade of R is achieved when zero- knowledge holds against a “semi-malicious” verifier that maliciously selects its random tape and then plays honestly.
    [Show full text]
  • On Uniformity Within NC
    On Uniformity Within NC David A Mix Barrington Neil Immerman HowardStraubing University of Massachusetts University of Massachusetts Boston Col lege Journal of Computer and System Science Abstract In order to study circuit complexity classes within NC in a uniform setting we need a uniformity condition which is more restrictive than those in common use Twosuch conditions stricter than NC uniformity RuCo have app eared in recent research Immermans families of circuits dened by rstorder formulas ImaImb and a unifor mity corresp onding to Buss deterministic logtime reductions Bu We show that these two notions are equivalent leading to a natural notion of uniformity for lowlevel circuit complexity classes Weshow that recent results on the structure of NC Ba still hold true in this very uniform setting Finallyweinvestigate a parallel notion of uniformity still more restrictive based on the regular languages Here we givecharacterizations of sub classes of the regular languages based on their logical expressibility extending recentwork of Straubing Therien and Thomas STT A preliminary version of this work app eared as BIS Intro duction Circuit Complexity Computer scientists have long tried to classify problems dened as Bo olean predicates or functions by the size or depth of Bo olean circuits needed to solve them This eort has Former name David A Barrington Supp orted by NSF grant CCR Mailing address Dept of Computer and Information Science U of Mass Amherst MA USA Supp orted by NSF grants DCR and CCR Mailing address Dept of
    [Show full text]
  • EXPSPACE-Hardness of Behavioural Equivalences of Succinct One
    EXPSPACE-hardness of behavioural equivalences of succinct one-counter nets Petr Janˇcar1 Petr Osiˇcka1 Zdenˇek Sawa2 1Dept of Comp. Sci., Faculty of Science, Palack´yUniv. Olomouc, Czech Rep. [email protected], [email protected] 2Dept of Comp. Sci., FEI, Techn. Univ. Ostrava, Czech Rep. [email protected] Abstract We note that the remarkable EXPSPACE-hardness result in [G¨oller, Haase, Ouaknine, Worrell, ICALP 2010] ([GHOW10] for short) allows us to answer an open complexity ques- tion for simulation preorder of succinct one counter nets (i.e., one counter automata with no zero tests where counter increments and decrements are integers written in binary). This problem, as well as bisimulation equivalence, turn out to be EXPSPACE-complete. The technique of [GHOW10] was referred to by Hunter [RP 2015] for deriving EXPSPACE-hardness of reachability games on succinct one-counter nets. We first give a direct self-contained EXPSPACE-hardness proof for such reachability games (by adjust- ing a known PSPACE-hardness proof for emptiness of alternating finite automata with one-letter alphabet); then we reduce reachability games to (bi)simulation games by using a standard “defender-choice” technique. 1 Introduction arXiv:1801.01073v1 [cs.LO] 3 Jan 2018 We concentrate on our contribution, without giving a broader overview of the area here. A remarkable result by G¨oller, Haase, Ouaknine, Worrell [2] shows that model checking a fixed CTL formula on succinct one-counter automata (where counter increments and decre- ments are integers written in binary) is EXPSPACE-hard. Their proof is interesting and nontrivial, and uses two involved results from complexity theory.
    [Show full text]
  • On the NP-Completeness of the Minimum Circuit Size Problem
    On the NP-Completeness of the Minimum Circuit Size Problem John M. Hitchcock∗ A. Pavany Department of Computer Science Department of Computer Science University of Wyoming Iowa State University Abstract We study the Minimum Circuit Size Problem (MCSP): given the truth-table of a Boolean function f and a number k, does there exist a Boolean circuit of size at most k computing f? This is a fundamental NP problem that is not known to be NP-complete. Previous work has studied consequences of the NP-completeness of MCSP. We extend this work and consider whether MCSP may be complete for NP under more powerful reductions. We also show that NP-completeness of MCSP allows for amplification of circuit complexity. We show the following results. • If MCSP is NP-complete via many-one reductions, the following circuit complexity amplifi- Ω(1) cation result holds: If NP\co-NP requires 2n -size circuits, then ENP requires 2Ω(n)-size circuits. • If MCSP is NP-complete under truth-table reductions, then EXP 6= NP \ SIZE(2n ) for some > 0 and EXP 6= ZPP. This result extends to polylog Turing reductions. 1 Introduction Many natural NP problems are known to be NP-complete. Ladner's theorem [14] tells us that if P is different from NP, then there are NP-intermediate problems: problems that are in NP, not in P, but also not NP-complete. The examples arising out of Ladner's theorem come from diagonalization and are not natural. A canonical candidate example of a natural NP-intermediate problem is the Graph Isomorphism (GI) problem.
    [Show full text]
  • Dspace 6.X Documentation
    DSpace 6.x Documentation DSpace 6.x Documentation Author: The DSpace Developer Team Date: 27 June 2018 URL: https://wiki.duraspace.org/display/DSDOC6x Page 1 of 924 DSpace 6.x Documentation Table of Contents 1 Introduction ___________________________________________________________________________ 7 1.1 Release Notes ____________________________________________________________________ 8 1.1.1 6.3 Release Notes ___________________________________________________________ 8 1.1.2 6.2 Release Notes __________________________________________________________ 11 1.1.3 6.1 Release Notes _________________________________________________________ 12 1.1.4 6.0 Release Notes __________________________________________________________ 14 1.2 Functional Overview _______________________________________________________________ 22 1.2.1 Online access to your digital assets ____________________________________________ 23 1.2.2 Metadata Management ______________________________________________________ 25 1.2.3 Licensing _________________________________________________________________ 27 1.2.4 Persistent URLs and Identifiers _______________________________________________ 28 1.2.5 Getting content into DSpace __________________________________________________ 30 1.2.6 Getting content out of DSpace ________________________________________________ 33 1.2.7 User Management __________________________________________________________ 35 1.2.8 Access Control ____________________________________________________________ 36 1.2.9 Usage Metrics _____________________________________________________________
    [Show full text]
  • NP-Completeness Part I
    NP-Completeness Part I Outline for Today ● Recap from Last Time ● Welcome back from break! Let's make sure we're all on the same page here. ● Polynomial-Time Reducibility ● Connecting problems together. ● NP-Completeness ● What are the hardest problems in NP? ● The Cook-Levin Theorem ● A concrete NP-complete problem. Recap from Last Time The Limits of Computability EQTM EQTM co-RE R RE LD LD ADD HALT ATM HALT ATM 0*1* The Limits of Efficient Computation P NP R P and NP Refresher ● The class P consists of all problems solvable in deterministic polynomial time. ● The class NP consists of all problems solvable in nondeterministic polynomial time. ● Equivalently, NP consists of all problems for which there is a deterministic, polynomial-time verifier for the problem. Reducibility Maximum Matching ● Given an undirected graph G, a matching in G is a set of edges such that no two edges share an endpoint. ● A maximum matching is a matching with the largest number of edges. AA maximummaximum matching.matching. Maximum Matching ● Jack Edmonds' paper “Paths, Trees, and Flowers” gives a polynomial-time algorithm for finding maximum matchings. ● (This is the same Edmonds as in “Cobham- Edmonds Thesis.) ● Using this fact, what other problems can we solve? Domino Tiling Domino Tiling Solving Domino Tiling Solving Domino Tiling Solving Domino Tiling Solving Domino Tiling Solving Domino Tiling Solving Domino Tiling Solving Domino Tiling Solving Domino Tiling The Setup ● To determine whether you can place at least k dominoes on a crossword grid, do the following: ● Convert the grid into a graph: each empty cell is a node, and any two adjacent empty cells have an edge between them.
    [Show full text]
  • The Complexity Zoo
    The Complexity Zoo Scott Aaronson www.ScottAaronson.com LATEX Translation by Chris Bourke [email protected] 417 classes and counting 1 Contents 1 About This Document 3 2 Introductory Essay 4 2.1 Recommended Further Reading ......................... 4 2.2 Other Theory Compendia ............................ 5 2.3 Errors? ....................................... 5 3 Pronunciation Guide 6 4 Complexity Classes 10 5 Special Zoo Exhibit: Classes of Quantum States and Probability Distribu- tions 110 6 Acknowledgements 116 7 Bibliography 117 2 1 About This Document What is this? Well its a PDF version of the website www.ComplexityZoo.com typeset in LATEX using the complexity package. Well, what’s that? The original Complexity Zoo is a website created by Scott Aaronson which contains a (more or less) comprehensive list of Complexity Classes studied in the area of theoretical computer science known as Computa- tional Complexity. I took on the (mostly painless, thank god for regular expressions) task of translating the Zoo’s HTML code to LATEX for two reasons. First, as a regular Zoo patron, I thought, “what better way to honor such an endeavor than to spruce up the cages a bit and typeset them all in beautiful LATEX.” Second, I thought it would be a perfect project to develop complexity, a LATEX pack- age I’ve created that defines commands to typeset (almost) all of the complexity classes you’ll find here (along with some handy options that allow you to conveniently change the fonts with a single option parameters). To get the package, visit my own home page at http://www.cse.unl.edu/~cbourke/.
    [Show full text]
  • University Microfilms International 300 North Zeeb Road Ann Arbor, Michigan 48106 USA St John's Road
    INFORMATION TO USERS This material was produced from a microfilm copy of the original document. While the most advanced technological means to photograph and reproduce this document have been used, the quality is heavily dependant upon the quality of the original submitted. The following explanation of techniques is provided to help you understand markings or patterns which may appear on this reproduction. 1. The sign or "target" for pages apparently lacking from the document photographed is "Missing Page(s)". If it was possible to obtain the missing page(s) or section, they are spliced into the film along with adjacent pages. This may have necessitated cutting thru an image and duplicating adjacent pages to insure you complete continuity. 2. When an image on the film is obliterated with a large round black mark, it is an indication that the photographer suspected that the copy may have moved during exposure and thus cause a blurred image. You w ill find a good image of the page in the adjacent frame. 3. When a map, drawing or chart, etc., was part of the material being photographed the photographer followed a definite method in "sectioning" the material. It is customary to begin photoing at the upper left hand corner of a large sheet and to continue photoing from left to right in equal sections with a small overlap. If necessary, sectioning is continued again — beginning below the first row and continuing on until complete. 4. The majority of users indicate that the textual content is of greatest value, however, a somewhat higher quality reproduction could be made from "photographs" if essential to the understanding of the dissertation.
    [Show full text]
  • The Correlation Among Software Complexity Metrics with Case Study
    International Journal of Advanced Computer Research (ISSN (print): 2249-7277 ISSN (online): 2277-7970) Volume-4 Number-2 Issue-15 June-2014 The Correlation among Software Complexity Metrics with Case Study Yahya Tashtoush1, Mohammed Al-Maolegi2, Bassam Arkok3 Abstract software product attributes such as functionality, quality, complexity, efficiency, reliability or People demand for software quality is growing maintainability. For example, a higher number of increasingly, thus different scales for the software code lines will lead to greater software complexity are growing fast to handle the quality of software. and so on. The software complexity metric is one of the measurements that use some of the internal The complexity of software effects on maintenance attributes or characteristics of software to know how activities like software testability, reusability, they effect on the software quality. In this paper, we understandability and modifiability. Software cover some of more efficient software complexity complexity is defined as ―the degree to which a metrics such as Cyclomatic complexity, line of code system or component has a design or implementation and Hallstead complexity metric. This paper that is difficult to understand and verify‖ [1]. All the presents their impacts on the software quality. It factors that make program difficult to understand are also discusses and analyzes the correlation between responsible for complexity. So it is necessary to find them. It finally reveals their relation with the measurements for software to reduce the impacts of number of errors using a real dataset as a case the complexity and guarantee the quality at the same study. time as much as possible.
    [Show full text]
  • Theory of Computation
    A Universal Program (4) Theory of Computation Prof. Michael Mascagni Florida State University Department of Computer Science 1 / 33 Recursively Enumerable Sets (4.4) A Universal Program (4) The Parameter Theorem (4.5) Diagonalization, Reducibility, and Rice's Theorem (4.6, 4.7) Enumeration Theorem Definition. We write Wn = fx 2 N j Φ(x; n) #g: Then we have Theorem 4.6. A set B is r.e. if and only if there is an n for which B = Wn. Proof. This is simply by the definition ofΦ( x; n). 2 Note that W0; W1; W2;::: is an enumeration of all r.e. sets. 2 / 33 Recursively Enumerable Sets (4.4) A Universal Program (4) The Parameter Theorem (4.5) Diagonalization, Reducibility, and Rice's Theorem (4.6, 4.7) The Set K Let K = fn 2 N j n 2 Wng: Now n 2 K , Φ(n; n) #, HALT(n; n) This, K is the set of all numbers n such that program number n eventually halts on input n. 3 / 33 Recursively Enumerable Sets (4.4) A Universal Program (4) The Parameter Theorem (4.5) Diagonalization, Reducibility, and Rice's Theorem (4.6, 4.7) K Is r.e. but Not Recursive Theorem 4.7. K is r.e. but not recursive. Proof. By the universality theorem, Φ(n; n) is partially computable, hence K is r.e. If K¯ were also r.e., then by the enumeration theorem, K¯ = Wi for some i. We then arrive at i 2 K , i 2 Wi , i 2 K¯ which is a contradiction.
    [Show full text]
  • Two-Way Automata Characterizations of L/Poly Versus NL
    Two-way automata characterizations of L/poly versus NL Christos A. Kapoutsis1;? and Giovanni Pighizzini2 1 LIAFA, Universit´eParis VII, France 2 DICo, Universit`adegli Studi di Milano, Italia Abstract. Let L/poly and NL be the standard complexity classes, of languages recognizable in logarithmic space by Turing machines which are deterministic with polynomially-long advice and nondeterministic without advice, respectively. We recast the question whether L/poly ⊇ NL in terms of deterministic and nondeterministic two-way finite automata (2dfas and 2nfas). We prove it equivalent to the question whether every s-state unary 2nfa has an equivalent poly(s)-state 2dfa, or whether a poly(h)-state 2dfa can check accessibility in h-vertex graphs (even under unary encoding) or check two-way liveness in h-tall, h-column graphs. This complements two recent improvements of an old theorem of Berman and Lingas. On the way, we introduce new types of reductions between regular languages (even unary ones), use them to prove the completeness of specific languages for two-way nondeterministic polynomial size, and propose a purely combinatorial conjecture that implies L/poly + NL. 1 Introduction A prominent open question in complexity theory asks whether nondeterminism is essential in logarithmic-space Turing machines. Formally, this is the question whether L = NL, for L and NL the standard classes of languages recognizable by logarithmic-space deterministic and nondeterministic Turing machines. In the late 70's, Berman and Lingas [1] connected this question to the comparison between deterministic and nondeterministic two-way finite automata (2dfas and 2nfas), proving that if L = NL, then for every s-state σ-symbol 2nfa there is a poly(sσ)-state 2dfa which agrees with it on all inputs of length ≤ s.
    [Show full text]