On the Complexity of Interactive Pro ofs with Bounded Communication Johan Hastad Oded Goldreich Department of Computer Science Department of Computer Science Weizmann Institute of Science Royal Institute of Technology Rehovot Israel Sto ckholm Sweden odedwisdomweizmannacil johanhnadakthse November Abstract We investigate the computational complexity of languages which have interactive pro of sys tems of b ounded message complexity In particular denoting the length of the input by n we show that If L has an interactive pro of in which the total communication is b ounded by cn bits then L can b e recognized by a probabilistic machine in time exp onential in O cn logn If L has a publiccoin interactive pro of in which the prover sends cn bits then L can b e recognized by a probabilistic machine in time exp onential in O cn logcn logn If L has an interactive pro of in which the prover sends cn bits then L can b e recognized by a probabilistic machine with an NPoracle in time exp onential in O cn logcn logn Work done while b eing on a sabbatical leave at LCS MIT Introduction Pro of systems are dened in terms of their verication pro cedures The notion of a verication pro cedure assumes the notion of computation and furthermore the notion of ecient computation This implicit assumption is made explicit in the denition of NP in which ecient computation is asso ciated with deterministic p olynomialtime algorithms In light of the growing acceptability of randomized and distributed computations it is only natural to asso ciate the notion of ecient computation with probabilistic and interactive p olynomialtime computations This leads to the notion of an interactive pro of system cf in which the verication pro cedure is interactive and randomized rather than b eing noninteractive and deterministic Intuitively one may think of this interaction as consisting of tricky questions asked by the verier to which the prover has to reply convincingly The last sentence as well as the denition makes explicit reference to a prover whereas a prover is only implicit in the traditional denitions of pro of systems eg NPpro ofs The actual denition of interactive proof systems suggests probabilistic interpretations to the traditional notions of completeness and soundness asso ciated with any pro of system Sp ecically statistical soundness requires that there exists no strategy which makes the verier accept false state ments with probability greater than say A further relaxation of this soundness condition is the notion of computational soundness Here it is only required that there exists no ecient strategy which makes the verier accept false statements with probability greater than The dierence b etween statistical soundness and computational soundness translates to a dierence b etween inter active pro of systems as dened by Goldwasser Micali and Racko and computationallysound pro of systems aka argument systems as dened by Brassard Chaum and Crepeau A signicant dierence b etween interactive pro of systems and computationallysound pro of systems has b een observed in the domain of zeroknowledge On one hand it is widely b elieved that not all languages in NP have perfect zeroknowledge interactive pro ofs cf In particular the negation of this conjecture implies the collapse of the p olynomialtime hierarchy cf On the other hand assuming that factoring is hard all languages in NP have perfect zeroknowledge computationallysound pro ofs Our aim in this note is to p oint out another signicant dierence b etween interactive pro of systems and computationallysound pro of systems Sp ecically we refer to the expressive p ower of the two types of pro of systems when b ounding their message complexity ie the number of bits sent throughout the interaction We will confront known p ositive results regarding the expressive p ower of computationallysound pro of systems of b ounded message complexity with new negative results regarding the expressive p ower of interactive pro of systems of the same message complexity Computationallysound pro ofs of b ounded message complexity In Kilian demon strated that computationallysound pro of systems may b e able to recognize any language in NP while using only p olylogarithmic message complexity Sp ecicall y assuming the existence of hashing functions for which collisions cannot b e found by sub exp onentialsize circuits Kilian showed that any language in NP has a computationallysound pro of system in which b oth the bi directional message complexity and the randomness complexity are p olylogarithmic Furthermore this pro of system is in the publiccoins aka ArthurMerlin mo del of Babai 1 Perfect zeroknowledge is a strict variant of zeroknowledge The ab ove stated b elief do es not refer to the more relaxed notion of zeroknowledge aka computational zeroknowledge In fact assuming the existence of commitment schemes all languages in NP do have computational zeroknowledge interactive pro ofs Interactive pro ofs of b ounded message complexity Our rst observation indicates that Kilians result as stated ab ove is unlikely for interactive pro of rather than computationally sound systems It shows that if we b ound the message and randomness complexity as in Kilians result ie to b e p olylogarithmic then interactive pro ofs may exist only for languages in the class p oly log QuasiPolynomial Time ie Dtime We note that QuasiPolynomial Time is widely b elieved not to contain NP Theorem interactive pro ofs with b ounded message and randomness complexities Let c be an integer function and L f g Suppose that L has an interactive proof system in which both the O c randomness and communication complexities are bounded by c Then L Dtime p oly Theorem is the starting p oint of our investigation Its pro of is facilitated by the fact that the hypothesis contains a b ound on the randomness complexity of the verier However what we consider fundamental in Kilians result is the low message complexity Thus we wish to waive the extra hypothesis In fact waiving the b ound on the randomness complexity we obtain a very similar result Theorem interactive pro ofs with b ounded message complexity Let c be an integer function and L f g Suppose that L has an interactive proof system in which the communication O c complexity is bounded by c Then L BPtime p oly Theorem refers to interactive pro of systems in which the bidirectional communication complex ity is b ounded However it seems that the more fundamental parameter is the unidirectional communication complexity in the provertoverier direction In fact waiving also the b ound on the veriers message length we obtain a similar result for the sp ecial case of publiccoin Arthur Merlin interactive pro of systems Namely Theorem publiccoin interactive pro ofs with b ounded provermessages Let c be an integer function and L f g Suppose that L has a publiccoin interactive proof system in which the O c log c total number of bits sent by the prover is bounded by c Then L BPtime p oly Theorem may not hold for general interactive pro ofs and if it do es this may b e hard to establish The reason b eing that supp osedly hard languages such as Quadratic NonResiduosity and Graph NonIsomorphism have interactive pro of systems in which the prover sends a single bit Thus we are currently content with a weaker result Theorem interactive pro ofs with b ounded provermessages Let c be an integer function and L f g Suppose that L has an interactive proof system in which the total number of bits O c log c NP sent by the prover is bounded by c Then L BPtime p oly Formal Treatment We assume that the reader is familiar with the basic denitions of interactive pro ofs as introduced by Goldwasser Micali and Racko and Babai Here we merely recall them while fo cusing on some parameters In particular we use the more lib eral twosided error versions this only makes our results stronger 2 Recall that Kilians pro of system is of the publiccoin type Interactive Pro of Systems and Parameters Denition interactive pro of systems An interactive proof system for a language L is a pair P V of interactive machines so that V is probabilistic polynomialtime satisfying after Completeness For every x L the verier V accepts with probability at least interacting with P on common input x Soundness For every x L and every potential prover P the verier V accepts with probability at most after interacting with P on common input x An interactive proof system is said to be an ArthurMerlin game if the veriers message in each round consists of al l coins it has tossed in this round Let m and r be integer functions The complexity class IP m r resp AMm r consists of languages having an interactive proof system resp an ArthurMerlin pro of sys tem in which on common input x the interaction consists of at most r jxj communication rounds during which the total number of bits sent from the prover to the verier is bounded by mjxj Our Results NP For an integer function t we let BPtimet resp BPtimet denote the class of languages recognizable by probabilistic ttime machines resp oracle machines with access to an oracle set in NP with error at most Our main result is Prop osition interactive pro ofs with b ounded message and round complexity O mr log r AMm r BPtime p oly O mr log r NP IP m r BPtime p oly Theorem follows from Part of Prop osition whereas Theorem follows from Part Theorems and will b e proven directly b efore proving Prop osition The main ingredient