DOCSLIB.ORG

Probabilistic Proof Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Probabilistic Proof Systems Chapter Probabilistic Pro of Systems A pro of is whatever convinces me Shimon Even The glory attached to the creativity involved in nding pro ofs makes us forget that it is the less gloried pro cess of verication that gives pro ofs their value Conceptu ally sp eaking pro ofs are secondary to the verication pro cess whereas technically sp eaking pro of systems are dened in terms of their verication pro cedures The notion of a verication pro cedure presumes the notion of computation and furthermore the notion of ecient computation This implicit stipulation is made explicit in the denition of NP where ecient computation is asso ciated with deterministic p olynomialtime algorithms However as argued next we can gain a lot if we are willing to take a somewhat nontraditional step and allow probabilistic verication pro cedures In this chapter we shall study three types of probabilistic pro of systems called interactive proofs zeroknowledge proofs and probabilistic checkable proofs In each of these three cases we shall present fascinating results that cannot b e obtained when considering the analogous deterministic pro of systems Summary The asso ciation of ecient pro cedures with deterministic p olynomialtime pro cedures is the basis for viewing NPpro of systems as the canonical formulation of pro of systems with ecient verica tion pro cedures Allowing probabilistic verication pro cedures and moreover ruling by statistical evidence gives rise to various types of probabilistic pro of systems Indeed these probabilistic pro of systems carry a probability of error which is explicitly b ounded and can b e reduced by successive application of the pro of system yet they of fer various advantages over the traditional deterministic and errorless pro of systems Randomized and interactive verication pro cedures giving rise to inter active proof systems seem much more p owerful than their deterministic CHAPTER PROBABILISTIC PROOF SYSTEMS counterparts In particular such interactive pro of systems exist for any set in P S P AC E coNP eg for the set of unsatised prop ositional formulae whereas it is widely b elieved that some sets in coNP do not have NPpro of systems ie NP coNP We stress that a pro of in this context is not a xed and static ob ject but rather a randomized and dynamic pro cess in which the verier interacts with the prover Intuitively one may think of this interaction as consisting of questions asked by the verier to which the prover has to reply convincingly Such randomized and interactive verication pro cedures allow for the meaningful conceptualization of zeroknowledge proofs which are of great theoretical and practical interest esp ecially in cryptography Lo osely sp eaking zeroknowledge pro ofs are interactive pro ofs that yield nothing to the verier b eyond the fact that the assertion is indeed valid For example a zeroknowledge pro of that a certain prop o sitional formula is satisable do es not reveal a satisfying assignment to the formula nor any partial information regarding such an assignment eg whether the rst variable can assume the value true Thus the successful verication of a zeroknowledge pro of exhibit an extreme contrast b etween b eing convinced of the validity of a statement and learning nothing else while receiving such a convincing pro of It turns out that under reasonable complexity assumptions ie assuming the existence of oneway functions every set in NP has a zeroknowledge pro of system NPpro ofs can b e eciently transformed into a redundant form that oers a tradeo b etween the number of lo cations randomly exam ined in the resulting pro of and the condence in its validity In par ticular it is known that any set in NP has an NPpro of system that supp orts probabilistic verication such that the error probability de creases exp onentially with the number of bits read from the alleged pro of These redundant NPpro ofs are called probabilistically checkable proofs or PCPs In addition to their conceptually fascinating nature PCPs are closely related to the study of the complexity of numerous natural approximation problems Introduction and Preliminaries Conceptually sp eaking pro ofs are secondary to the verication pro cess Indeed b oth in mathematics and in reallife pro ofs are meaningful only with resp ect to commonly agreed principles of reasoning and the verication pro cess amounts to checking that these principles were prop erly applied Thus these principles which are typically taken for granted are more fundamental than any sp ecic pro of that applies them that is the mere attempt to reason ab out anything is based on commonly agreed principles of reasoning The commonly agreed principles of reasoning are asso ciated with a verication pro cedure that distinguishes prop er applications of these principles from improp er ones A line of reasoning is considered valid with resp ect to such xed principles and is thus deemed a pro of if and only if it pro ceeds by a prop er applications of these principles Thus a line of reasoning is considered valid if and only if it is accepted by the corresp onding verication pro cedure This means that technically sp eaking pro ofs are dened in terms of a predetermined verication pro cedure or are dene with resp ect to such a pro cedure Indeed this state of aairs is b est illustrated in the formal study of pro ofs ie logic which is actually the study of formally dened pro of systems The p oint is that these pro of systems are dened often explicitly and sometimes only implicitly in terms of their verication pro cedures The notion of a verication pro cedure presumes the notion of computation This fact explains the historical interest of logicians in computer science cf Furthermore the verication of pro ofs is supp osed to b e relatively easy and hence a natural connection emerges b etween verication pro cedures and the notion of ecient computation This connection was made explicit by complexity theorists and is captured by the denition of NP and NPpro of systems cf Denition which targets all ecient verication pro cedures Recall that Denition identies ecient verication pro cedures with de terministic p olynomialtime algorithms and that it explicitly restricts the length of pro ofs to b e p olynomial in the length of the assertion Thus verication is performed in a number of steps that is polynomial in the length of the assertion We comment that deterministic pro of systems that allow for longer pro ofs but require that verication is ecient in terms of the length of the alleged pro of can b e mo deled as NPpro of systems by adequate padding of the assertion Indeed NPpro ofs provide the ultimate formulation of eciently veriable pro ofs ie pro of systems with ecient verication pro cedures provided that one asso ciates ecient pro cedures with deterministic p olynomialtime algorithms How ever as we shall see we can gain a lot if we are willing to take a somewhat nontraditional step and allow probabilistic p olynomialtime algorithms and in particular probabilistic verication pro cedures Randomized and interactive verication pro cedures seem much more p owerful than their deterministic counterparts Such interactive pro of systems allow for the construction of meaningful zeroknowledge pro ofs which are of great conceptual and practical interest NPpro ofs can b e eciently transformed into a redundant form that sup p orts sup erfast probabilistic verication via very few random prob es into the alleged pro of In contrast traditional pro of systems are formulated based on rules of inference that seem natural in the relevant context The fact that these inference rules yield an ecient verication pro cedure is merely a consequence of the corresp ondence b etween pro cesses that seem natural and ecient computation CHAPTER PROBABILISTIC PROOF SYSTEMS In all these cases explicit b ounds are imp osed on the computational complexity of the verication pro cedure which in turn is p ersonied by the notion of a verier Furthermore in all these pro of systems the verier is allowed to toss coins and rule by statistical evidence Thus all these pro of systems carry a probability of error yet this probability is explicitly b ounded and furthermore can b e reduced by successive application of the pro of system One imp ortant convention When presenting a pro of system we state all complexity b ounds in terms of the length of the assertion to b e proved which is viewed as an input to the verier Namely when we say p olynomialtime we mean time that is p olynomial in the length of this assertion Indeed as will b ecome evident this is the natural choice in all the cases that we consider Note that this convention is consistent with the foregoing discussion of NPpro of systems Notational Conventions We denote by poly the set of all integer functions that are upp erb ounded by a p olynomial and by log the set of all integer functions b ounded by a logarithmic function ie f log if and only if f n O log n All complexity measures mentioned in this chapter are assumed to b e constructible in p olynomialtime Organization In Section we present the basic denitions and results regard ing interactive pro of systems The denition of an interactive pro of systems is the starting p oint for a discussion of zeroknowledge pro ofs which is provided in Sec tion Section which presents the basic denitions and results regarding probabilistically checkable pro ofs PCP can b e read indep endently of the other sections Prerequisites We assume a basic familiarity with elementary probability theory see App endix
Load more

Recommended publications
  • On the NP-Completeness of the Minimum Circuit Size Problem
    On the NP-Completeness of the Minimum Circuit Size Problem John M. Hitchcock∗ A. Pavany Department of Computer Science Department of Computer Science University of Wyoming Iowa State University Abstract We study the Minimum Circuit Size Problem (MCSP): given the truth-table of a Boolean function f and a number k, does there exist a Boolean circuit of size at most k computing f? This is a fundamental NP problem that is not known to be NP-complete. Previous work has studied consequences of the NP-completeness of MCSP. We extend this work and consider whether MCSP may be complete for NP under more powerful reductions. We also show that NP-completeness of MCSP allows for amplification of circuit complexity. We show the following results. • If MCSP is NP-complete via many-one reductions, the following circuit complexity amplifi- Ω(1) cation result holds: If NP\co-NP requires 2n -size circuits, then ENP requires 2Ω(n)-size circuits. • If MCSP is NP-complete under truth-table reductions, then EXP 6= NP \ SIZE(2n ) for some > 0 and EXP 6= ZPP. This result extends to polylog Turing reductions. 1 Introduction Many natural NP problems are known to be NP-complete. Ladner's theorem [14] tells us that if P is different from NP, then there are NP-intermediate problems: problems that are in NP, not in P, but also not NP-complete. The examples arising out of Ladner's theorem come from diagonalization and are not natural. A canonical candidate example of a natural NP-intermediate problem is the Graph Isomorphism (GI) problem.
    [Show full text]
  • The Complexity Zoo
    The Complexity Zoo Scott Aaronson www.ScottAaronson.com LATEX Translation by Chris Bourke [email protected] 417 classes and counting 1 Contents 1 About This Document 3 2 Introductory Essay 4 2.1 Recommended Further Reading ......................... 4 2.2 Other Theory Compendia ............................ 5 2.3 Errors? ....................................... 5 3 Pronunciation Guide 6 4 Complexity Classes 10 5 Special Zoo Exhibit: Classes of Quantum States and Probability Distribu- tions 110 6 Acknowledgements 116 7 Bibliography 117 2 1 About This Document What is this? Well its a PDF version of the website www.ComplexityZoo.com typeset in LATEX using the complexity package. Well, what’s that? The original Complexity Zoo is a website created by Scott Aaronson which contains a (more or less) comprehensive list of Complexity Classes studied in the area of theoretical computer science known as Computa- tional Complexity. I took on the (mostly painless, thank god for regular expressions) task of translating the Zoo’s HTML code to LATEX for two reasons. First, as a regular Zoo patron, I thought, “what better way to honor such an endeavor than to spruce up the cages a bit and typeset them all in beautiful LATEX.” Second, I thought it would be a perfect project to develop complexity, a LATEX pack- age I’ve created that defines commands to typeset (almost) all of the complexity classes you’ll find here (along with some handy options that allow you to conveniently change the fonts with a single option parameters). To get the package, visit my own home page at http://www.cse.unl.edu/~cbourke/.
    [Show full text]
  • University Microfilms International 300 North Zeeb Road Ann Arbor, Michigan 48106 USA St John's Road
    INFORMATION TO USERS This material was produced from a microfilm copy of the original document. While the most advanced technological means to photograph and reproduce this document have been used, the quality is heavily dependant upon the quality of the original submitted. The following explanation of techniques is provided to help you understand markings or patterns which may appear on this reproduction. 1. The sign or "target" for pages apparently lacking from the document photographed is "Missing Page(s)". If it was possible to obtain the missing page(s) or section, they are spliced into the film along with adjacent pages. This may have necessitated cutting thru an image and duplicating adjacent pages to insure you complete continuity. 2. When an image on the film is obliterated with a large round black mark, it is an indication that the photographer suspected that the copy may have moved during exposure and thus cause a blurred image. You w ill find a good image of the page in the adjacent frame. 3. When a map, drawing or chart, etc., was part of the material being photographed the photographer followed a definite method in "sectioning" the material. It is customary to begin photoing at the upper left hand corner of a large sheet and to continue photoing from left to right in equal sections with a small overlap. If necessary, sectioning is continued again — beginning below the first row and continuing on until complete. 4. The majority of users indicate that the textual content is of greatest value, however, a somewhat higher quality reproduction could be made from "photographs" if essential to the understanding of the dissertation.
    [Show full text]
  • The Correlation Among Software Complexity Metrics with Case Study
    International Journal of Advanced Computer Research (ISSN (print): 2249-7277 ISSN (online): 2277-7970) Volume-4 Number-2 Issue-15 June-2014 The Correlation among Software Complexity Metrics with Case Study Yahya Tashtoush1, Mohammed Al-Maolegi2, Bassam Arkok3 Abstract software product attributes such as functionality, quality, complexity, efficiency, reliability or People demand for software quality is growing maintainability. For example, a higher number of increasingly, thus different scales for the software code lines will lead to greater software complexity are growing fast to handle the quality of software. and so on. The software complexity metric is one of the measurements that use some of the internal The complexity of software effects on maintenance attributes or characteristics of software to know how activities like software testability, reusability, they effect on the software quality. In this paper, we understandability and modifiability. Software cover some of more efficient software complexity complexity is defined as ―the degree to which a metrics such as Cyclomatic complexity, line of code system or component has a design or implementation and Hallstead complexity metric. This paper that is difficult to understand and verify‖ [1]. All the presents their impacts on the software quality. It factors that make program difficult to understand are also discusses and analyzes the correlation between responsible for complexity. So it is necessary to find them. It finally reveals their relation with the measurements for software to reduce the impacts of number of errors using a real dataset as a case the complexity and guarantee the quality at the same study. time as much as possible.
    [Show full text]
  • On the Computational Complexity of Maintaining GPS Clock in Packet Scheduling
    On the Computational Complexity of Maintaining GPS Clock in Packet Scheduling Qi (George) Zhao Jun (Jim) Xu College of Computing Georgia Institute of Technology qzhao, jx ¡ @cc.gatech.edu Abstract— Packet scheduling is an important mechanism to selects the one with the lowest GPS virtual finish time provide QoS guarantees in data networks. A scheduling algorithm among the packets currently in queue to serve next. generally consists of two functions: one estimates how the GPS We study an open problem concerning the complexity lower (General Processor Sharing) clock progresses with respect to the real time; the other decides the order of serving packets based bound for computing the GPS virtual finish times of the ' on an estimation of their GPS start/finish times. In this work, we packets. This complexity has long been believed to be 01%2 answer important open questions concerning the computational per packe [11], [12], [3], [9], where 2 is the number of complexity of performing the first function. We systematically sessions. For this reason, many scheduling algorithms such study the complexity of computing the GPS virtual start/finish 89,/. ,4,/. 8!:1,/. as +-,435.76 [2], [7], [11], and [6] times of the packets, which has long been believed to be ¢¤£¦¥¨§ per packet but has never been either proved or refuted. We only approximate the GPS clock (with certain error), trading also answer several other related questions such as “whether accuracy for lower complexity. However, it has never been the complexity can be lower if the only thing that needs to be carefully studied whether the complexity lower bound of computed is the relative order of the GPS finish times of the ' tracking GPS clock perfectly is indeed 01;2 per packet.
    [Show full text]
  • Glossary of Complexity Classes
    App endix A Glossary of Complexity Classes Summary This glossary includes selfcontained denitions of most complexity classes mentioned in the b o ok Needless to say the glossary oers a very minimal discussion of these classes and the reader is re ferred to the main text for further discussion The items are organized by topics rather than by alphab etic order Sp ecically the glossary is partitioned into two parts dealing separately with complexity classes that are dened in terms of algorithms and their resources ie time and space complexity of Turing machines and complexity classes de ned in terms of nonuniform circuits and referring to their size and depth The algorithmic classes include timecomplexity based classes such as P NP coNP BPP RP coRP PH E EXP and NEXP and the space complexity classes L NL RL and P S P AC E The non k uniform classes include the circuit classes P p oly as well as NC and k AC Denitions and basic results regarding many other complexity classes are available at the constantly evolving Complexity Zoo A Preliminaries Complexity classes are sets of computational problems where each class contains problems that can b e solved with sp ecic computational resources To dene a complexity class one sp ecies a mo del of computation a complexity measure like time or space which is always measured as a function of the input length and a b ound on the complexity of problems in the class We follow the tradition of fo cusing on decision problems but refer to these problems using the terminology of promise problems
    [Show full text]
  • CS 6505: Computability & Algorithms Lecture Notes for Week 5, Feb 8-12 P, NP, PSPACE, and PH a Deterministic TM Is Said to B
    CS 6505: Computability & Algorithms Lecture Notes for Week 5, Feb 8-12 P, NP, PSPACE, and PH A deterministic TM is said to be in SP ACE (s (n)) if it uses space O (s (n)) on inputs of length n. Additionally, the TM is in TIME(t (n)) if it uses time O(t (n)) on such inputs. A language L is polynomial-time decidable if ∃k and a TM M to decide L such that M ∈ TIME(nk). (Note that k is independent of n.) For example, consider the langage P AT H, which consists of all graphsdoes there exist a path between A and B in a given graph G. The language P AT H has a polynomial-time decider. We can think of other problems with polynomial-time decider: finding a median, calculating a min/max weight spanning tree, etc. P is the class of languages with polynomial time TMs. In other words, k P = ∪kTIME(n ) Now, do all decidable languages belong to P? Let’s consider a couple of lan- guages: HAM PATH: Does there exist a path from s to t that visits every vertex in G exactly once? SAT: Given a Boolean formula, does there exist a setting of its variables that makes the formula true? For example, we could have the following formula F : F = (x1 ∨ x2 ∨ x3) ∧ (x1 ∨ x2 ∨ x3) ∧ (x1 ∨ x2 ∨ x3) The assignment x1 = 1, x2 = 0, x3 = 0 is a satisfying assignment. No polynomial time algorithms are known for these problems – such algorithms may or may not exist.
    [Show full text]
  • A Study of the NEXP Vs. P/Poly Problem and Its Variants by Barıs
    A Study of the NEXP vs. P/poly Problem and Its Variants by Barı¸sAydınlıoglu˘ A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Sciences) at the UNIVERSITY OF WISCONSIN–MADISON 2017 Date of final oral examination: August 15, 2017 This dissertation is approved by the following members of the Final Oral Committee: Eric Bach, Professor, Computer Sciences Jin-Yi Cai, Professor, Computer Sciences Shuchi Chawla, Associate Professor, Computer Sciences Loris D’Antoni, Asssistant Professor, Computer Sciences Joseph S. Miller, Professor, Mathematics © Copyright by Barı¸sAydınlıoglu˘ 2017 All Rights Reserved i To Azadeh ii acknowledgments I am grateful to my advisor Eric Bach, for taking me on as his student, for being a constant source of inspiration and guidance, for his patience, time, and for our collaboration in [9]. I have a story to tell about that last one, the paper [9]. It was a late Monday night, 9:46 PM to be exact, when I e-mailed Eric this: Subject: question Eric, I am attaching two lemmas. They seem simple enough. Do they seem plausible to you? Do you see a proof/counterexample? Five minutes past midnight, Eric responded, Subject: one down, one to go. I think the first result is just linear algebra. and proceeded to give a proof from The Book. I was ecstatic, though only for fifteen minutes because then he sent a counterexample refuting the other lemma. But a third lemma, inspired by his counterexample, tied everything together. All within three hours. On a Monday midnight. I only wish that I had asked to work with him sooner.
    [Show full text]
  • NP-Complete Problems and Physical Reality
    NP-complete Problems and Physical Reality Scott Aaronson∗ Abstract Can NP-complete problems be solved efficiently in the physical universe? I survey proposals including soap bubbles, protein folding, quantum computing, quantum advice, quantum adia- batic algorithms, quantum-mechanical nonlinearities, hidden variables, relativistic time dilation, analog computing, Malament-Hogarth spacetimes, quantum gravity, closed timelike curves, and “anthropic computing.” The section on soap bubbles even includes some “experimental” re- sults. While I do not believe that any of the proposals will let us solve NP-complete problems efficiently, I argue that by studying them, we can learn something not only about computation but also about physics. 1 Introduction “Let a computer smear—with the right kind of quantum randomness—and you create, in effect, a ‘parallel’ machine with an astronomical number of processors . All you have to do is be sure that when you collapse the system, you choose the version that happened to find the needle in the mathematical haystack.” —From Quarantine [31], a 1992 science-fiction novel by Greg Egan If I had to debate the science writer John Horgan’s claim that basic science is coming to an end [48], my argument would lean heavily on one fact: it has been only a decade since we learned that quantum computers could factor integers in polynomial time. In my (unbiased) opinion, the showdown that quantum computing has forced—between our deepest intuitions about computers on the one hand, and our best-confirmed theory of the physical world on the other—constitutes one of the most exciting scientific dramas of our time.
    [Show full text]
  • Limits to Parallel Computation: P-Completeness Theory
    Limits to Parallel Computation: P-Completeness Theory RAYMOND GREENLAW University of New Hampshire H. JAMES HOOVER University of Alberta WALTER L. RUZZO University of Washington New York Oxford OXFORD UNIVERSITY PRESS 1995 This book is dedicated to our families, who already know that life is inherently sequential. Preface This book is an introduction to the rapidly growing theory of P- completeness — the branch of complexity theory that focuses on identifying the “hardest” problems in the class P of problems solv- able in polynomial time. P-complete problems are of interest because they all appear to lack highly parallel solutions. That is, algorithm designers have failed to find NC algorithms, feasible highly parallel solutions that take time polynomial in the logarithm of the problem size while using only a polynomial number of processors, for them. Consequently, the promise of parallel computation, namely that ap- plying more processors to a problem can greatly speed its solution, appears to be broken by the entire class of P-complete problems. This state of affairs is succinctly expressed as the following question: Does P equal NC ? Organization of the Material The book is organized into two parts: an introduction to P- completeness theory, and a catalog of P-complete and open prob- lems. The first part of the book is a thorough introduction to the theory of P-completeness. We begin with an informal introduction. Then we discuss the major parallel models of computation, describe the classes NC and P, and present the notions of reducibility and com- pleteness. We subsequently introduce some fundamental P-complete problems, followed by evidence suggesting why NC does not equal P.
    [Show full text]
  • Complexity Theory
    Complexity Theory IE 661: Scheduling Theory Fall 2003 Satyaki Ghosh Dastidar Outline z Goals z Computation of Problems { Concepts and Definitions z Complexity { Classes and Problems z Polynomial Time Reductions { Examples and Proofs z Summary University at Buffalo Department of Industrial Engineering 2 Goals of Complexity Theory z To provide a method of quantifying problem difficulty in an absolute sense. z To provide a method comparing the relative difficulty of two different problems. z To be able to rigorously define the meaning of efficient algorithm. (e.g. Time complexity analysis of an algorithm). University at Buffalo Department of Industrial Engineering 3 Computation of Problems Concepts and Definitions Problems and Instances A problem or model is an infinite family of instances whose objective function and constraints have a specific structure. An instance is obtained by specifying values for the various problem parameters. Measurement of Difficulty Instance z Running time (Measure the total number of elementary operations). Problem z Best case (No guarantee about the difficulty of a given instance). z Average case (Specifies a probability distribution on the instances). z Worst case (Addresses these problems and is usually easier to analyze). University at Buffalo Department of Industrial Engineering 5 Time Complexity Θ-notation (asymptotic tight bound) fn( ) : there exist positive constants cc12, , and n 0 such that Θ=(())gn 0≤≤≤cg12 ( n ) f ( n ) cg ( n ) for all n ≥ n 0 O-notation (asymptotic upper bound) fn( ) : there
    [Show full text]
  • A Coupling-Complexity Metric Suite for Predicting Software Quality
    A COUPLING-COMPLEXITY METRIC SUITE FOR PREDICTING SOFTWARE QUALITY A Thesis Presented to the Faculty of California Polytechnic State University San Luis Obispo In Partial Fulfillment of the Requirements for the Degree Master of Science in Computer Science by Christopher L. Gray June 2008 AUTHORIZATION FOR REPRODUCTION OF MASTER'S THESIS I reserve the reproduction rights of this thesis for a period of seven years from the date of submission. I waive reproduction rights after the time span has expired. Signature Date 11 APPROVAL PAGE TITLE: A Coupling-Complexity Metric Suite for Predicting Software Quality AUTHOR: Christopher L. Gray DATE SUBMITTED: June 2008 Dr. David Janzen Advisor or Committee Chair Dr. Aaron Keen Committee Member Signature Dr. Gene Fisher &ioJWetY=uh Committee Member J\ Signature III Abstract A Coupling-Complexity Metric Suite for Predicting Software Quality by Christopher L. Gray Coupling Between Objects and Cyclomatic Complexity have long been used to measure software quality and predict maintainability and reliability of software systems prior to release. In particular, Coupling Between Objects has been shown to correlate with fault-proneness and maintainability of a system at the class level. We propose a new set of metrics based on a fusion of Coupling Between Objects and Cyclomatic Complexity that can be superior to Coupling Between Objects alone at predicting class quality. The new metrics use Cyclomatic Complexity to 1) augment Coupling Between Objects counting to assign a strength of a coupling between two classes and 2) determine the complexity of a method invocation chain through the transitive relation of invocations involved in a coupling.
    [Show full text]