DOCSLIB.ORG

Lecture 2 1 BPP and NP

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Lecture 2 1 BPP and NP Theory of Computer Science to Msc Students, Spring 2007 Lecture 2 Lecturer: Dorit Aharonov Scribe: Bar Shalem and Amitai Gilad Revised: Shahar Dobzinski, March 2007 1 BPP and NP The theory of computer science attempts to capture the notion of computation. To under- stand this notion, we ¯rst need to understand the computing devices. The commonly used de¯nition of a computing device stems from the Church-Turing thesis: The Church-Turing Thesis: A Turing machine can simulate any reasonable physical computational model. In the sixties it became clear that we are interested in e±cient computational devices. The de¯nition of e±cient is absolutely not straightforward. Nowadays, we are interested in understanding the power of polynomial-time algorithms (i.e., polynomial time Turing machines). However, it seems that even polynomial time Turing machine does not fully capture the power of e±cient computation: we might let the algorithm to err with some small probability. That is, we should also consider randomized algorithms. We have already seen the de¯nitions of the relevant complexity classes, namely BPP and RP. Our current knowledge of the complexity classes is described in the next scheme: As the diagram shows, NP contains RP (why?), but the relationship between NP and BPP is unknown. For most problems if a randomized algorithm is known, then also a deterministic algorithm is known. Primality is one example. It is believed that randomness adds no computational power. 2-1 In the recitation, we have also considered the class of P=P oly (a family of polynomial size circuits). What is the power of randomness comparing to this class? Surprisingly, we know of a very interesting connection, known as Hardness vs. Randomness: if there are hard problems (with \large" circuit size), then randomness adds no computational power, and vice versa. Later in this course we will go over this informally-described connection in more details. 2 Polynomial Identity Testing An interesting (an exceptional) example to a program for which we know a randomized algorithm but no deterministic algorithm is known is the problem of testing whether two polynomials are equal. Recall that the degree of a polynomial de¯ned over n variables is de¯ned as the maximum over the monomial degrees. The input to the problem is two polynomials P and Q over n variables X1 ¢ ¢ ¢ Xn and some ¯eld F. The question is to determine if P ¡ Q ´ 0. (Of course, the problem is equivalent to asking if a given polynomial over n variables is zero, by letting the polynomial be P ¡ Q.) For polynomials with one variable of degree d, a solution can be given using algebraic considerations: arbitrarily choose d + 1 points in F and assign them to the polynomials. If the polynomials are equal on all points, then the polynomials are equivalent. This algorithm is always correct. However, this solution is not applicable for general polynomials. Thus we turn to a probabilistic algorithm using the Schwartz-Zippel lemma. Lemma 1 (Schwartz-Zippel Lemma) Let P 6´ 0 be a polynomial over the ¯eld F with degree d, S ⊆ F. Select, uniformly at random, n points ai 2 S. Then, d Pr[P (a ; : : : ; a ) = 0] · 1 n jSj The proof will be given in the recitation. Sanity check: A polynomial P 6´ 0 with a single variable, has at most d (the degree) roots (points where P = 0). Hence, for a random assignment the probability to hit a root is at d most jSj . ? For the sake of our problem (P ´ 0), we choose jSj = 2d and pick a random assignment (uniformly over S) to our polynomial P . using the Schwartz-Zippel Lemma, if P 6´ 0 we 1 ? have probability ¸ 2 to answer P 6´ 0. The general P ´ Q problem, is resolved using the ? Schwartz-Zippel lemma by trivially converting to the equivalent (P ¡ Q) ´ 0 problem. Remark The problem we have just described is complete in RP, in the sense that solving it without randomization power will solve all RP problems as well. Application: Assume we have two (very long) vectors w, z of size n on separate remote machines. We would like to know w =? z without broadcasting w or z. We resort to polynomial identity checking in the following manner. 2-2 1. Select a ¯eld S, s.t. jSj ¸ 2n. S is known to both sides a-priori. def i def i 2. De¯ne polynomials W (x) = §iwix (side A), and Z(x) = §izix (side B). Notice that if W ¡ Z ´ 0 then w = z. 3. Side A chooses x 2 S and sends it to side B, together with W (x). 4. If W (x) = Z(x) then side B declares \w = z", otherwise \w 6= z". Note that all broadcasted messages are of length O(log n). As for the correctness of the protocol, notice that if w is equal to z then we will always output that the strings are equal. Otherwise, by the discussion above, we will output that the strings are not equal 1 with probability of at least 2 . The error probability can be reduced to any ² > 0, by repeating the described procedure O(nlog ²) times. 3 Finding a Perfect Matching We will now see another application of the polynomial identity problem: ¯nding a perfect matching in a graph. First recall that a matching in a graph G is a set of non-adjacent edges. A perfect matching is a matching which covers all vertices of the graph (i.e. every vertex of the graph is incident in exactly one edge of the matching). Our goal will be to reduce the perfect matching problem to the polynomial identity problem. To do so, we ¯rst de¯ne the following matrix: ½ x ; if (i; j) 2 E M = i;j i;j 0; otherwise This means that the (i; j) entry contains the xi;j variable if the edge (i; j) appears in the graph, and 0 otherwise. The key step is understanding that all we have to do is to check if the determinant of M is 0. sign(σ) n det(M) = §σ2Sn (¡1) ¦i=1Mi,σ(i) where Sn is the set of all permutations, and sign(σ) is the parity permutation. Computing the determinant results in a polynomial of a degree of at most n, over n2 variables. We claim that there is no perfect matching in the graph if and only if det(M) = 0. Let us start by sketching the proof of the \only if" direction. First note that in a perfect matching no two edges ar adjacent to a common vertex. Thus, the edges in a perfect match- ing are actually represented by a one-to-one correspondence between the vertices 1; :::; n to themselves, meaning a permutation. In our case, the perfect matching is represented by the monomial x1,σ(1) ¢ ¢ ¢ xn,σ(n). Thus, if no perfect matching exists, all monomials equal zero, meaning that det(M) = 0. 2-3 As for the \if" direction, observe that if a perfect matching exists, the perfect matching de¯nes a unique permutation, represented by a unique monomial (each edge is represented by a di®erent variable). Therefore the sum will not be zero, thus det(M) 6= 0. In order to determine if there is a matching in the bipartite graph G, we can check the polynomial which is the determinant of M, using the Schwarz-Zippel lemma. Notice that it is not clear that we can compute the determinant in polynomial time, since the matrix is symbolic. One could wonder why we would want such a probabilistic algorithm, if other deter- ministic algorithms for this problem exist. One answer is that the algorithm we have just described can be parallelized. 4 Polynomial Reductions The class NP contains most of the \interesting" problems. For example, it contains math- ematical theorems with polynomial proofs and SAT. We would like to compare between problems, i.e. to have an order of \hardness". This results in the following de¯nitions of the reduction term: De¯nition 2 We say that a language L is Karp-reducible to L' if there exist a polynomial- time function f, such that: 8x : x 2 L , f(x) 2 L0 Thus, L is \no-harder" than L0. Another de¯nition for a reduction is the Cook reduction: De¯nition 3 We say that a language L is Cook-reducible to L0 if there exists a polynomial- time Turing machine that decides L with the help of an (oracle) Turing machine that decides L0. Cook reduction is weaker than Karp reduction, since any Karp reduction is also a Cook reduction. We note that SAT is Cook reducible to SAT . Also, it is known that SAT 2 coNP (prove it!), but we do not know whether SAT 2 coNP . However, using Karp-reduction, the problems are in the same class. The next scheme illustrates the relationships between NP problems. There are 3 possi- bilities: P=NP P NP P NP We know that the rightmost option is not possible. This means that unless P = NP, there are NP problems which are a bit \easier", but still not in P. For example, consider 3-SAT: if we adapt the random-walk we presented for 2-SAT to 3-SAT, we get a biased 1 2 random walk (using the probabilities 3 and 3 ). The probability of getting to a solution 2-4 3 n after n iterations is 4 . As before, we will reach a solution with high probability (if one 3 n n exists) after 3n ¢ ( 4 ) steps.
Load more

Recommended publications
  • Complexity Theory Lecture 9 Co-NP Co-NP-Complete
    Complexity Theory 1 Complexity Theory 2 co-NP Complexity Theory Lecture 9 As co-NP is the collection of complements of languages in NP, and P is closed under complementation, co-NP can also be characterised as the collection of languages of the form: ′ L = x y y <p( x ) R (x, y) { |∀ | | | | → } Anuj Dawar University of Cambridge Computer Laboratory NP – the collection of languages with succinct certificates of Easter Term 2010 membership. co-NP – the collection of languages with succinct certificates of http://www.cl.cam.ac.uk/teaching/0910/Complexity/ disqualification. Anuj Dawar May 14, 2010 Anuj Dawar May 14, 2010 Complexity Theory 3 Complexity Theory 4 NP co-NP co-NP-complete P VAL – the collection of Boolean expressions that are valid is co-NP-complete. Any language L that is the complement of an NP-complete language is co-NP-complete. Any of the situations is consistent with our present state of ¯ knowledge: Any reduction of a language L1 to L2 is also a reduction of L1–the complement of L1–to L¯2–the complement of L2. P = NP = co-NP • There is an easy reduction from the complement of SAT to VAL, P = NP co-NP = NP = co-NP • ∩ namely the map that takes an expression to its negation. P = NP co-NP = NP = co-NP • ∩ VAL P P = NP = co-NP ∈ ⇒ P = NP co-NP = NP = co-NP • ∩ VAL NP NP = co-NP ∈ ⇒ Anuj Dawar May 14, 2010 Anuj Dawar May 14, 2010 Complexity Theory 5 Complexity Theory 6 Prime Numbers Primality Consider the decision problem PRIME: Another way of putting this is that Composite is in NP.
    [Show full text]
  • If Np Languages Are Hard on the Worst-Case, Then It Is Easy to Find Their Hard Instances
    IF NP LANGUAGES ARE HARD ON THE WORST-CASE, THEN IT IS EASY TO FIND THEIR HARD INSTANCES Dan Gutfreund, Ronen Shaltiel, and Amnon Ta-Shma Abstract. We prove that if NP 6⊆ BPP, i.e., if SAT is worst-case hard, then for every probabilistic polynomial-time algorithm trying to decide SAT, there exists some polynomially samplable distribution that is hard for it. That is, the algorithm often errs on inputs from this distribution. This is the ¯rst worst-case to average-case reduction for NP of any kind. We stress however, that this does not mean that there exists one ¯xed samplable distribution that is hard for all probabilistic polynomial-time algorithms, which is a pre-requisite assumption needed for one-way func- tions and cryptography (even if not a su±cient assumption). Neverthe- less, we do show that there is a ¯xed distribution on instances of NP- complete languages, that is samplable in quasi-polynomial time and is hard for all probabilistic polynomial-time algorithms (unless NP is easy in the worst case). Our results are based on the following lemma that may be of independent interest: Given the description of an e±cient (probabilistic) algorithm that fails to solve SAT in the worst case, we can e±ciently generate at most three Boolean formulae (of increasing lengths) such that the algorithm errs on at least one of them. Keywords. Average-case complexity, Worst-case to average-case re- ductions, Foundations of cryptography, Pseudo classes Subject classi¯cation. 68Q10 (Modes of computation (nondetermin- istic, parallel, interactive, probabilistic, etc.) 68Q15 Complexity classes (hierarchies, relations among complexity classes, etc.) 68Q17 Compu- tational di±culty of problems (lower bounds, completeness, di±culty of approximation, etc.) 94A60 Cryptography 2 Gutfreund, Shaltiel & Ta-Shma 1.
    [Show full text]
  • EXPSPACE-Hardness of Behavioural Equivalences of Succinct One
    EXPSPACE-hardness of behavioural equivalences of succinct one-counter nets Petr Janˇcar1 Petr Osiˇcka1 Zdenˇek Sawa2 1Dept of Comp. Sci., Faculty of Science, Palack´yUniv. Olomouc, Czech Rep. [email protected], [email protected] 2Dept of Comp. Sci., FEI, Techn. Univ. Ostrava, Czech Rep. [email protected] Abstract We note that the remarkable EXPSPACE-hardness result in [G¨oller, Haase, Ouaknine, Worrell, ICALP 2010] ([GHOW10] for short) allows us to answer an open complexity ques- tion for simulation preorder of succinct one counter nets (i.e., one counter automata with no zero tests where counter increments and decrements are integers written in binary). This problem, as well as bisimulation equivalence, turn out to be EXPSPACE-complete. The technique of [GHOW10] was referred to by Hunter [RP 2015] for deriving EXPSPACE-hardness of reachability games on succinct one-counter nets. We first give a direct self-contained EXPSPACE-hardness proof for such reachability games (by adjust- ing a known PSPACE-hardness proof for emptiness of alternating finite automata with one-letter alphabet); then we reduce reachability games to (bi)simulation games by using a standard “defender-choice” technique. 1 Introduction arXiv:1801.01073v1 [cs.LO] 3 Jan 2018 We concentrate on our contribution, without giving a broader overview of the area here. A remarkable result by G¨oller, Haase, Ouaknine, Worrell [2] shows that model checking a fixed CTL formula on succinct one-counter automata (where counter increments and decre- ments are integers written in binary) is EXPSPACE-hard. Their proof is interesting and nontrivial, and uses two involved results from complexity theory.
    [Show full text]
  • Dspace 6.X Documentation
    DSpace 6.x Documentation DSpace 6.x Documentation Author: The DSpace Developer Team Date: 27 June 2018 URL: https://wiki.duraspace.org/display/DSDOC6x Page 1 of 924 DSpace 6.x Documentation Table of Contents 1 Introduction ___________________________________________________________________________ 7 1.1 Release Notes ____________________________________________________________________ 8 1.1.1 6.3 Release Notes ___________________________________________________________ 8 1.1.2 6.2 Release Notes __________________________________________________________ 11 1.1.3 6.1 Release Notes _________________________________________________________ 12 1.1.4 6.0 Release Notes __________________________________________________________ 14 1.2 Functional Overview _______________________________________________________________ 22 1.2.1 Online access to your digital assets ____________________________________________ 23 1.2.2 Metadata Management ______________________________________________________ 25 1.2.3 Licensing _________________________________________________________________ 27 1.2.4 Persistent URLs and Identifiers _______________________________________________ 28 1.2.5 Getting content into DSpace __________________________________________________ 30 1.2.6 Getting content out of DSpace ________________________________________________ 33 1.2.7 User Management __________________________________________________________ 35 1.2.8 Access Control ____________________________________________________________ 36 1.2.9 Usage Metrics _____________________________________________________________
    [Show full text]
  • Interactive Proofs for Quantum Computations
    Innovations in Computer Science 2010 Interactive Proofs For Quantum Computations Dorit Aharonov Michael Ben-Or Elad Eban School of Computer Science, The Hebrew University of Jerusalem, Israel [email protected] [email protected] [email protected] Abstract: The widely held belief that BQP strictly contains BPP raises fundamental questions: Upcoming generations of quantum computers might already be too large to be simulated classically. Is it possible to experimentally test that these systems perform as they should, if we cannot efficiently compute predictions for their behavior? Vazirani has asked [21]: If computing predictions for Quantum Mechanics requires exponential resources, is Quantum Mechanics a falsifiable theory? In cryptographic settings, an untrusted future company wants to sell a quantum computer or perform a delegated quantum computation. Can the customer be convinced of correctness without the ability to compare results to predictions? To provide answers to these questions, we define Quantum Prover Interactive Proofs (QPIP). Whereas in standard Interactive Proofs [13] the prover is computationally unbounded, here our prover is in BQP, representing a quantum computer. The verifier models our current computational capabilities: it is a BPP machine, with access to few qubits. Our main theorem can be roughly stated as: ”Any language in BQP has a QPIP, and moreover, a fault tolerant one” (providing a partial answer to a challenge posted in [1]). We provide two proofs. The simpler one uses a new (possibly of independent interest) quantum authentication scheme (QAS) based on random Clifford elements. This QPIP however, is not fault tolerant. Our second protocol uses polynomial codes QAS due to Ben-Or, Cr´epeau, Gottesman, Hassidim, and Smith [8], combined with quantum fault tolerance and secure multiparty quantum computation techniques.
    [Show full text]
  • Glossary of Complexity Classes
    App endix A Glossary of Complexity Classes Summary This glossary includes selfcontained denitions of most complexity classes mentioned in the b o ok Needless to say the glossary oers a very minimal discussion of these classes and the reader is re ferred to the main text for further discussion The items are organized by topics rather than by alphab etic order Sp ecically the glossary is partitioned into two parts dealing separately with complexity classes that are dened in terms of algorithms and their resources ie time and space complexity of Turing machines and complexity classes de ned in terms of nonuniform circuits and referring to their size and depth The algorithmic classes include timecomplexity based classes such as P NP coNP BPP RP coRP PH E EXP and NEXP and the space complexity classes L NL RL and P S P AC E The non k uniform classes include the circuit classes P p oly as well as NC and k AC Denitions and basic results regarding many other complexity classes are available at the constantly evolving Complexity Zoo A Preliminaries Complexity classes are sets of computational problems where each class contains problems that can b e solved with sp ecic computational resources To dene a complexity class one sp ecies a mo del of computation a complexity measure like time or space which is always measured as a function of the input length and a b ound on the complexity of problems in the class We follow the tradition of fo cusing on decision problems but refer to these problems using the terminology of promise problems
    [Show full text]
  • Solution of Exercise Sheet 8 1 IP and Perfect Soundness
    Complexity Theory (fall 2016) Dominique Unruh Solution of Exercise Sheet 8 1 IP and perfect soundness Let IP0 be the class of languages that have interactive proofs with perfect soundness and perfect completeness (i.e., in the definition of IP, we replace 2=3 by 1 and 1=3 by 0). Show that IP0 ⊆ NP. You get bonus points if you only use the perfect soundness (not the perfect complete- ness). Note: In the practice we will show that dIP = NP where dIP is the class of languages that has interactive proofs with deterministic verifiers. You may use that fact. Hint: What happens if we replace the proof system by one where the verifier always uses 0 bits as its randomness? (More precisely, whenever V would use a random bit b, the modified verifier V0 choses b = 0 instead.) Does the resulting proof system still have perfect soundness? Does it still have perfect completeness? Solution. Let L 2 IP0. We want to show that L 2 NP. Since dIP = NP, it is sufficient to show that L 2 dIP. I.e., we need to show that there is an interactive proof for L with a deterministic verifier. Since L 2 IP0, there is an interactive proof (P; V ) for L with perfect soundness and completeness. Let V0 be the verifier that behaves like V , but whenever V uses a random bit, V0 uses 0. Note that V0 is deterministic. We show that (P; V0) still has perfect soundness and completeness. Let x 2 L. Then Pr[outV hV; P i(x) = 1] = 1.
    [Show full text]
  • The Weakness of CTC Qubits and the Power of Approximate Counting
    The weakness of CTC qubits and the power of approximate counting Ryan O'Donnell∗ A. C. Cem Sayy April 7, 2015 Abstract We present results in structural complexity theory concerned with the following interre- lated topics: computation with postselection/restarting, closed timelike curves (CTCs), and approximate counting. The first result is a new characterization of the lesser known complexity class BPPpath in terms of more familiar concepts. Precisely, BPPpath is the class of problems that can be efficiently solved with a nonadaptive oracle for the Approximate Counting problem. Similarly, PP equals the class of problems that can be solved efficiently with nonadaptive queries for the related Approximate Difference problem. Another result is concerned with the compu- tational power conferred by CTCs; or equivalently, the computational complexity of finding stationary distributions for quantum channels. Using the above-mentioned characterization of PP, we show that any poly(n)-time quantum computation using a CTC of O(log n) qubits may as well just use a CTC of 1 classical bit. This result essentially amounts to showing that one can find a stationary distribution for a poly(n)-dimensional quantum channel in PP. ∗Department of Computer Science, Carnegie Mellon University. Work performed while the author was at the Bo˘gazi¸ciUniversity Computer Engineering Department, supported by Marie Curie International Incoming Fellowship project number 626373. yBo˘gazi¸ciUniversity Computer Engineering Department. 1 Introduction It is well known that studying \non-realistic" augmentations of computational models can shed a great deal of light on the power of more standard models. The study of nondeterminism and the study of relativization (i.e., oracle computation) are famous examples of this phenomenon.
    [Show full text]
  • A Study of the NEXP Vs. P/Poly Problem and Its Variants by Barıs
    A Study of the NEXP vs. P/poly Problem and Its Variants by Barı¸sAydınlıoglu˘ A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Sciences) at the UNIVERSITY OF WISCONSIN–MADISON 2017 Date of final oral examination: August 15, 2017 This dissertation is approved by the following members of the Final Oral Committee: Eric Bach, Professor, Computer Sciences Jin-Yi Cai, Professor, Computer Sciences Shuchi Chawla, Associate Professor, Computer Sciences Loris D’Antoni, Asssistant Professor, Computer Sciences Joseph S. Miller, Professor, Mathematics © Copyright by Barı¸sAydınlıoglu˘ 2017 All Rights Reserved i To Azadeh ii acknowledgments I am grateful to my advisor Eric Bach, for taking me on as his student, for being a constant source of inspiration and guidance, for his patience, time, and for our collaboration in [9]. I have a story to tell about that last one, the paper [9]. It was a late Monday night, 9:46 PM to be exact, when I e-mailed Eric this: Subject: question Eric, I am attaching two lemmas. They seem simple enough. Do they seem plausible to you? Do you see a proof/counterexample? Five minutes past midnight, Eric responded, Subject: one down, one to go. I think the first result is just linear algebra. and proceeded to give a proof from The Book. I was ecstatic, though only for fifteen minutes because then he sent a counterexample refuting the other lemma. But a third lemma, inspired by his counterexample, tied everything together. All within three hours. On a Monday midnight. I only wish that I had asked to work with him sooner.
    [Show full text]
  • IBM Research Report Derandomizing Arthur-Merlin Games And
    H-0292 (H1010-004) October 5, 2010 Computer Science IBM Research Report Derandomizing Arthur-Merlin Games and Approximate Counting Implies Exponential-Size Lower Bounds Dan Gutfreund, Akinori Kawachi IBM Research Division Haifa Research Laboratory Mt. Carmel 31905 Haifa, Israel Research Division Almaden - Austin - Beijing - Cambridge - Haifa - India - T. J. Watson - Tokyo - Zurich LIMITED DISTRIBUTION NOTICE: This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g. , payment of royalties). Copies may be requested from IBM T. J. Watson Research Center , P. O. Box 218, Yorktown Heights, NY 10598 USA (email: [email protected]). Some reports are available on the internet at http://domino.watson.ibm.com/library/CyberDig.nsf/home . Derandomization Implies Exponential-Size Lower Bounds 1 DERANDOMIZING ARTHUR-MERLIN GAMES AND APPROXIMATE COUNTING IMPLIES EXPONENTIAL-SIZE LOWER BOUNDS Dan Gutfreund and Akinori Kawachi Abstract. We show that if Arthur-Merlin protocols can be deran- domized, then there is a Boolean function computable in deterministic exponential-time with access to an NP oracle, that cannot be computed by Boolean circuits of exponential size. More formally, if prAM ⊆ PNP then there is a Boolean function in ENP that requires circuits of size 2Ω(n).
    [Show full text]
  • Probabilistic Proof Systems: a Primer
    Probabilistic Proof Systems: A Primer Oded Goldreich Department of Computer Science and Applied Mathematics Weizmann Institute of Science, Rehovot, Israel. June 30, 2008 Contents Preface 1 Conventions and Organization 3 1 Interactive Proof Systems 4 1.1 Motivation and Perspective ::::::::::::::::::::::: 4 1.1.1 A static object versus an interactive process :::::::::: 5 1.1.2 Prover and Veri¯er :::::::::::::::::::::::: 6 1.1.3 Completeness and Soundness :::::::::::::::::: 6 1.2 De¯nition ::::::::::::::::::::::::::::::::: 7 1.3 The Power of Interactive Proofs ::::::::::::::::::::: 9 1.3.1 A simple example :::::::::::::::::::::::: 9 1.3.2 The full power of interactive proofs ::::::::::::::: 11 1.4 Variants and ¯ner structure: an overview ::::::::::::::: 16 1.4.1 Arthur-Merlin games a.k.a public-coin proof systems ::::: 16 1.4.2 Interactive proof systems with two-sided error ::::::::: 16 1.4.3 A hierarchy of interactive proof systems :::::::::::: 17 1.4.4 Something completely di®erent ::::::::::::::::: 18 1.5 On computationally bounded provers: an overview :::::::::: 18 1.5.1 How powerful should the prover be? :::::::::::::: 19 1.5.2 Computational Soundness :::::::::::::::::::: 20 2 Zero-Knowledge Proof Systems 22 2.1 De¯nitional Issues :::::::::::::::::::::::::::: 23 2.1.1 A wider perspective: the simulation paradigm ::::::::: 23 2.1.2 The basic de¯nitions ::::::::::::::::::::::: 24 2.2 The Power of Zero-Knowledge :::::::::::::::::::::: 26 2.2.1 A simple example :::::::::::::::::::::::: 26 2.2.2 The full power of zero-knowledge proofs ::::::::::::
    [Show full text]
  • 1 Class PP(Probabilistic Poly-Time) 2 Complete Problems for BPP?
    E0 224: Computational Complexity Theory Instructor: Chandan Saha Lecture 20 22 October 2014 Scribe: Abhijat Sharma 1 Class PP(Probabilistic Poly-time) Recall that when we define the class BPP, we have to enforce the condition that the success probability of the PTM is bounded, "strictly" away from 1=2 (in our case, we have chosen a particular value 2=3). Now, we try to explore another class of languages where the success (or failure) probability can be very close to 1=2 but still equality is not possible. Definition 1 A language L ⊆ f0; 1g∗ is said to be in PP if there exists a polynomial time probabilistic turing machine M, such that P rfM(x) = L(x)g > 1=2 Thus, it is clear from the above definition that BPP ⊆ PP, however there are problems in PP that are much harder than those in BPP. Some examples of such problems are closely related to the counting versions of some problems, whose decision problems are in NP. For example, the problem of counting how many satisfying assignments exist for a given boolean formula. We will discuss this class in more details, when we discuss the complexity of counting problems. 2 Complete problems for BPP? After having discussed many properties of the class BPP, it is natural to ask whether we have any BPP- complete problems. Unfortunately, we do not know of any complete problem for the class BPP. Now, we examine why we appears tricky to define complete problems for BPP in the same way as other complexity classes.
    [Show full text]