Algebraic Metho ds for Interactive Pro of Systems Carsten Lund y Lance Fortnow z Howard Karlo University of Chicago x Noam Nisan Hebrew University Abstract We present a new algebraic technique for the construction of interactive pro of systems We use our technique to prove that every language in the p olynomial time hierarchy has an interactive pro of system This technique played a pivotal role in the recent pro ofs that IPPSPACE S and that MIPNEXP BFL Intro duction NP can b e viewed as the set of languages L with this prop erty there is a deterministic p olynomialtime verier Vanna and an innitelyp owerful prover Pat such that for all x if x is in L then in p olynomial time Pat can p ersuade Vanna that x is in L and if x is not in L then no prover Pat or any other can p ersuade Vanna that x is in L Pat and Vanna communicate on a twoway channel though twoway communication is not necessary here For example Pat can convince Vanna that a graph G is colorable by exhibiting a coloring If G is not colorable no prover will ever succeed in p ersuading Vanna that G is colorable Of course coNPcomplete languages are not thought to b e in NP No prover is known who can convince a skeptical deterministic verier that G is not colorable if it is not colorable We can extend this idea of provability by allowing Vanna to ip coins and by requiring instead that if x is in L with probability at least Pat p ersuades Vanna that x is in L and if x is not in L no prover can convince Vanna that x is in L with probability more than Babai B and Goldwasser Micali and Racko GMR develop ed this interactive proof system mo del A summary of previous results on interactive pro of systems can b e found in BM While certain problems such as graph nonisomorphism which are not known to b e in NP were known to have interactive pro of systems GMW theoretical computer scientists generally b elieved that the class Supp orted by a fellowship from the University of Arhus y Supp orted by NSF grant CCR z Supp orted by NSF grant CCR x Some of this work was p erformed at MIT and supp orted by NSF grant CCR and ARO grant DLLK IP of languages accepted by interactive pro of systems was not much larger than NP In particular it was b elieved that coNPcomplete languages did not have interactive pro of systems We prove that interactive pro of systems have far greater p ower than originally b elieved Our main result is an interactive pro of system for the language fA sjs is the p ermanent of matrix Ag When combined with the fact that the p ermanent of matrices is Pcomplete V and the fact that P is hard for the p olynomialtime hierarchy T the existence of an interactive pro of system for the p ermanent implies that every language in the p olynomialtime hierarchy has an interactive pro of system In particular this means that every language in coNP has an interactive pro of system even the complement of COLORABILITY for example For the pro of we develop a new technique for reducing the problem of verifying the value of a lowdegree p olynomial at two given p oints to verifying the value at one new p oint Shamir S has used this technique to prove that all languages in PSPACE have interactive pro of systems From the fact that IPPSPACE F it follows that IPPSPACE Babai Fortnow and Lund BFL have also used this technique in their pro of that every language in nondeterministic exp onential time has a twoprover interactive pro of system in which the provers cannot communicate with one another Our results also have implications for program checking verication and selfcorrection in the context of Blum and Kannan BK Blum Luby and Rubinfeld BLR and Lipton L In fact the BlumLubyRubinfeld and Lipton pap ers inspired our result Our result do es not relativize Fortnow and Sipser FS have created an oracle under which coNP do es not have an interactive pro of system To our knowledge this is the rst result to go contrary to a previouslypublished oracle Subsequent to the announcement of our result Chor Goldreich and Hastad CGH proved the same relativized result for a random oracle Denitions A verier V is a p olynomialtime probabilistic Turing machine with a sp ecial communication tap e A prover P is an arbitrary map f from each nite sequence x q q q where x f g and each q f g to 1 2 3 i a string The computation pro ceeds as follows Both P and V get x f g V then computes for a while and writes a query q f g on her communication tap e P resp onds by replacing the q with f x q V 1 1 1 computes overwrites f x q with a query q f g and awaits P s resp onse f x q q This pro cess 1 2 1 2 continues until V halts and accepts or rejects x A round is a query from V followed by a resp onse from P The pair P V forms an interactive proof system for a language L if for all x f g 2 If x L then Pr V accepts input x when interacting with P 3 1 If x L then for all provers P PrV accepts x when interacting with P 3 IP is the class of all languages which have interactive pro of systems The class P consists of all functions f f g IN for which there exists a p olynomialtime nonde terministic Turing machine M such that for all inputs x the numb er of accepting computations of M on x P equals f x P is the class of languages recognized by a p olynomialtime oracle Turing machine with an oracle for some function f in P Given x the oracle Turing machine can learn f x in one time step by querying its oracle The Proto col We will prove P Theorem Every language in P has an interactive pro of system P Together with To das result that P contains all the languages of the p olynomialtime hierarchy T Theorem implies Corollary Every language in the p olynomialtime hierarchy has an interactive pro of system In partic ular every language in coNP has an interactive pro of system We list some facts ab out the p ermanent of a matrix A that will b e crucial in the pro of of Theorem If P a a a where the sum is over all p ermutations A a is r r the permanent p er A ij 1 (1) 2 (2) r (r ) P of f r g We can equivalently dene the p ermanent recursively as p er A a p er A 1i 1ji 1ir where A the iminor of A is the matrix A without the rst row and the ith column The numb er of 1ji p erfect matchings in an N b oy N girl bipartite graph G is equal to the p ermanent of Gs adjacency matrix We will exhibit an interactive pro of system for verifying the p ermanent of a matrix The following lemma implies that this is sucient to prove Theorem Lemma If L fA sjA is a matrix and p erA s g has an interactive pro of system then every P language in P has an interactive pro of system Pro of Sketch From the fact that computing the p ermanent of matrices is Pcomplete V we can P reduce the memb ership problem for a language L P to that of verifying the p ermanents of matrices Given an interactive pro of system for L it is easy to construct one for L Throughout most of this pap er we will work with the p ermanent over ZZ of an N N matrix A with p entries in ZZ where p is a prime in N N Bertrands Postulate NZ guarantees the existence of such p a prime If A is then the p ermanent of A over ZZ coincides with its p ermanent as an integer matrix p since the p ermanent of an N N matrix cannot exceed N We use the crucial fact that if B is an r r matrix over ZZ whose entries are linear p olynomials over ZZ then p er B is a p olynomial of degree at most p p r over ZZ Compared to p any r N is minuscule p The verier Vanna will use this fact to trip up a cheating prover She will maintain a list of pairs L B q B q B q where the B s are square matrices of the same size and q ZZ 1 1 2 2 t t i i p Initially L A s If s p er A then a prover who truthfully answers all of Vannas questions will induce Vanna eventually to shrink the list to a single pair B q where B is and q p er B At that p oint Vanna will correctly accept the input If s p er A then however the prover answers Vannas questions with very high probability Vanna will maintain this invariant the list contains at least one pair B q such that q p er B Invariant i i i i app ears in quotes b ecause with extremely low probability at some p oint every q might equal p er B i i When the list shrinks to one pair B q where B is and q p er B Vanna will reject the input if not earlier How Vanna manipulates the list is the crux of the proto col When L B q B b i j r ij and r for each i r Vanna constructs the minor B B asks Pat for the p ermanent of B i i 1ji P P r r and gets q in return Vanna checks that q b q if not she halts and rejects If q b q she i 1i i 1i i i=1 i=1 expands L by replacing L by B q B q B q Provided that q p er B q p er B for 1 1 2 2 r r i i some i When the list has more than one pair Vanna shrinks the list by replacing the rst two pairs C c D d by a new pair E e in the following way The function f x p er C xD C is a p olynomial of degree at most r over ZZ Vanna asks Pat for the r co ecients of f and constructs a p olynomial g from the p resp onses Or Vanna could just ask for the value of f at r arbitrary p oints and interp olate herself If g c or g d Vanna rejects 1 Vanna now uniformly cho oses a random a ZZ sends it to Pat constructs E C aD C and p e g a and replaces the pairs C c D d in L by the one pair E e The crucial fact is that if c p er C or d p er D then with probability at least r p p er E e This follows from Lemma Lemma Let C and D b e r r matrices over ZZ Let g b e a p olynomial of degree at most r over