IP=PSPACE

Interactive Proof Systems and
An Introduction to PCP
M. Reza Rahimi,
Sharif University of Technology,
Tehran, Iran.

2

Outline
• Introduction
• Another Way to Look at NP
• Interactive Proof Systems (IP)
• Arthur-Merlin Proof Systems (AM)
• IP=PSPACE
• Probabilistically Checkable Proofs (PCPs)
• Conclusion

3

Introduction
• One of the most important events in the
complexity theory is Interactive Proof Systems.
• It sheds light on the characteristic of some
complexity classes.
• It has also influenced on some practical areas
such as Cryptography and Algorithm Design.
• Before presentation of technical points, let’s
start with the source of its main idea and its
philosophy.

4

• Computation is basically a physical fact. This is
the origin of Church-Turing-Markov thesis,
which implies that:

A Partial function is computable (in any accepted informal
sense) if and only if it is computable by some binary Turing
machine.

Any Physical Process
in Universe Turing Machine
Program

5

• So in this view point, efficient solving of a special
problem needs its efficient model of computation.
• Let’s see what happens in human society.
• Men communicate through languages with each
other.
• Consider the following set.

Σ={ x | all symbols that we know}
={A, ⊕∈ ∫∫∫ , ζ ,...},
, ,
∗
Farsi ⊂Σ ,
∗
English ⊂Σ ,....

6

• Remember your childhood. When you was curious
and want to underestand something. What did
you do?

Child::(Verifier) Dad::(Prover)
1. Daddy, Can I play with fire?

2. No.

3. Why?

4. Because You may be burnt.

5. What will happen, if I burn?

6. You will go to hospital and Dr injects you.

Ok!

7

• Let’s model this process according to our
knowledge.
T = {x | All true statements in the universe}.
T ⊆ Σ∗ ,
Input :: x =" Playing with fire is good."
Query :: x ∈T, x ∉T ?

• So, Interaction is one of the instinctive ways that
human being solves its problems.
• It is called Social Computational Model.
• We will show that in another way NP, IP,…, are
abstract models of this model of computation.

8

IP, NP, AM, MA,MIP,
PCP,…. Computational Models.

Social Computational Models.

9

• In society we have some general strategies to
interact with People.
• We start from general questions to detailed
questions.
• If we want to ask all the questions it will be very
time consuming so we select some questions.

We will use these techniques for our
mathematical protocols.

10

Another Way to Look at NP
• We know the following definition about NP:
L ∈ NP ⇔ ∃V(.,.) ∈ P, ∃P(.), ∀x ∈ Σ ∗ ,
1. x ∈ L ⇒ ∃y, y ≤ P( x ) and V(x, y) accepts.
2. x ∉ L ⇒ ∀y, y ≤ P( x ) and V(x, y) rejects.

• We can look at this process like this:

y
Prover Verifier

x x

11

• For prover we don’t consider any limit in time
or space or computation power.
• But verifier is deterministic polynomial time
machine.
• In this model of computation NP is defined
like this:
L ∈ NP ⇔ ∃ Prover, ∃ (Polynomia l Time Verifier) V, ∀x ∈ Σ ∗ ,
1. x ∈ L ⇒ Prover has a strategy t o convince Verifier.
2. x ∉ L ⇒ Prover has no strategy t o convince Verifier.

• So NP is single message interaction. What
will happen if we
– Allow multiple rounds of interactions,
– Verifier can be randomized polynomial time machine?

12

• NP+ Multiple Round Interaction:

Y1
Y2
Prover Y3 Verifier
Yn

x Y1Y2Y3…Yn
x

• According to the above it is obvious that
NP=NP+Multiple Round of Interaction.
• NP+ Randomized Polynomial Time Verifier:

y Randomized
Prover Polynomial Time
Verifier

x x

13

• The languages recognized by the previous model
are in class MA.
Conjecture: MA=NP.
• So, It seems that only using one feature will not
make NP machine stronger. What will happen when
we add both features?
Y1
Y2 Randomized
Y3
Prover Polynomial Time
Yn Verifier

x x
• This machine will lead us to the Interactive Proof
Systems.

14

Interactive Proof Systems (IP)
• IP Model:
q1
x
a1
q2 Polynomial
x
Prover Time
ai Verifier
Random String

OK or NO

15

• IP Class Definition:
L ∈ IP ⇔ ∃V ∈ Probabilistic Polynomial Time TM, ∀x ∈ Σ ∗
2
1. x ∈ L ⇒ ∃P Pr{ V ↔ P ok} ≥ .
3
1
2. x ∉ L ⇒ ∀P Pr{ V ↔ P ok} ≤ .
3

• Note that Prover can not see the random string
of verifier, so Verifier has Private Coin.
• Round of Interaction r(n) =The total number of
messages exchanged.
• IP[K]::K round of interaction.

16

• Example: Graph Non-Isomorphism

NONISO = { G1 , G2 G 1 and G 2 are not isomorphic graphs.}

ISO = { G1 , G2 G 1 and G 2 are isomorphic graphs.}

• It is obvious that ISO є NP so NONISO є CO-NP.
• But we don’t know if it is NP-Complete or not.
These two are very important in complexity theory.
We know that it is in IP.
It is proved that if ISO є NP-Complete then PH collapses.

17

Protocol: Private-Coin Graph Non-Isomorphism

V ∴Pick i ∈{1,2} uniformly randomly. Randomly permute the vertices of G i to get new
graph call it H. Send H to P.
P ∴Show that which of G1 or G 2 was the source of permutation. send its index to verifier.
V ∴Yes if i = j else No.

x ∈ NONISO ⇒ Pr{V ↔P Yes} =1
1
x ∉ NONISO ⇒Pr{V ↔P Yes} ≤
2

18

Arthur-Merlin Proof Systems (AM)
• AM Model:
q1
x
a1
q2 Arthur
x Polynomial
Merlin
Time
ai Verifier Random String

OK or NO
qi , ai = O( Poly ( x ),
Random String = O( Poly ( x ),
Number of Exchanged Messages = O( Poly ( x ),
A( R, x, q1 , a1 , q 2 ,..., ai ) = qi +1 , Yes or No.
M ( R, x, q1 , a1 , q 2 ,..., qi ) = ai .

19

• AM Class Definition:

L ∈ AM ⇔ ∃ A ∈ Probabilistic Polynomial Time TM, ∀x ∈ Σ ∗
2
1.x ∈ L ⇒ ∃M, Pr{ A ↔ M ok} ≥ .
3
1
2.x ∉ L ⇒ ∀M, Pr{ A ↔ M ok} ≤ .
3

• Note that Prover can see the random string of
verifier, so Verifier has Public Coin.
• Round of Interaction r(n) =The total number of
messages exchanged.
• AM[K]=K round of interaction.

20

• It seems that the pervious protocol doesn’t work
for this machine.
• If Merlin can see random bits he always answers
correctly.
• But it is proved that NONISO є AM[2].

Theorem:: (Goldwasser, Sipser)
NONISO є AM[2].

21

Some Results About IP and AM Relation

• IP[K] ⊆ AM[k+2] for all Constants k.
• For constant k ≥ 2 we have AM[K]=AM[2].
• So we can move all of Arthur’s messages
to beginning of interaction:
AMAMAM…AM = AAMMAM…AM
… = AAA…AMMM…M

22

IP=PSPACE ( Shamir’s Theorem)
• We describe it in two phase.

IP ⊆PSPACE
• Proof Idea:
– Given any Verifier V , We will compute a using Polynomial
Space machine.

∀x ∈ Σ* , V ⇒ a = max Pr{ V ↔ P = Ok}

P

23

PSPACE ⊆ IP
• We need only to design an IP protocol for TQBF.
• Before presentation of this protocol Lets review
some basic concepts.
Arithmetization:
Arithmetization

The usefulness of this technique is that we can extract more
property from boolean expressions.

Boolean Domain Polynomial Domain
Φ ( x1 , x2 ,..., xm ) ⇔ P ( x1 , x2 ,..., xm )
x∧ y ⇔ x.y
¬x ⇔ 1− x
x∨ y ⇔ 1-( 1-x)( 1-y).

24

Example:
Example

Φ( x1 , x2 , x3 ) = x1 ∨ x2 ∨ ¬x3 ↔
(1 − (1 − x1 )(1 − x2 )) ∨ (1 − x3 ) →
(1 − (1 − (1 − (1 − x1 )(1 − x2 )))(1 − (1 − x3 )) →
(1 − (1 − x1 )(1 − x2 )) x3 →
P ( x1 , x2 , x3 ) = (1 − (1 − x1 )(1 − x2 )) x3 .
{ x1 ∨ x2 ∨ ¬x3 ⇔ (1 − (1 − x1 )(1 − x2 )) x3 }
Lemma:
Lemma

Φ( x1 , x2 ,..., xm ) = 0 ⇔ P( x1 , x2 ,..., xm ) = 0.
Φ( x1 , x2 ,..., xm ) = 1 ⇔ P( x1 , x2 ,..., xm ) = 1.
∴
∑ ∑
x1∈{0 ,1} x2 ∈{0 ,1}
... ∑ P( x , x ,..., x
xm ∈{0 ,1}
1 2 m )=k

k = Number of Assignment of Φ.

25

• To catch general idea of the TQBF protocol lets
review a protocol for following language.

# SAT = {< Φ , k >: Φ is a cnf - formula with exactly k satisfying assignments}.
Theorem ::
# SAT ∈ IP.

Main Idea :
• Lets investigate the problem intuitively.

26

• Think that we are Verifier and want to know that
if x ∈ SAT is true or not.
• We usually start from General questions to
detailed questions.
• If the prover is trustful he/she will answer all
the questions correctly.
• If not we will catch him/her with detailed
questions.
• Lets review some basic definition.

27

Φ( x1 , x2 ,..., xm ) → P( x1 , x2 ,..., xm )
f i ( x1 , x2 ,..., xi ) = ∑ ∑
xi +1∈ 0 ,1} xi +2 ∈ 0 ,1}
{ {
... ∑ P( x , x ,..., x
xm ∈ 0 ,1}
{
1 2 m )

= Number of satisfying assignment when input is x1 , x2 ,..., xi .

Example :
Φ( x1 , x2 ) → P ( x1 , x2 )
f 0 () = ∑ ∑ P( x , x ) =P(0,0) + P(0,1) + P(1,0) + P(1,1).
x1∈ 0 ,1} x2 ∈ 0 ,1}
{ {
1 2

f1 ( x1 ) = ∑ P( x , x ) =P( x ,0) + P( x ,1).
x2 ∈ 0 ,1}
{
1 2 1 1

f 2 ( x1 , x2 ) = P ( x1 , x2 ).
f 0 () :: Number of satisfying assignment.

In General we have :
f i ( x1 , x2 ,..., xi ) = f i +1 ( x1 , x2 ,..., xi ,0) + f i +1 ( x1 , x2 ,..., xi ,1).

29

• It is obvious that the foregoing Protocol is very
large ( exponential message size).
• So we must use randomness for shortening the
messages and protocol.
• In each phase, the message will be doubled. So we must
reduce this phase.

31

Proof Idea:

• If x ∈ # SAT then trusted prover always answer
correctly.
• Else devoius prover can cheat verifier with low
probability in each phase. It means that:
d n
Pr{ f i = f i } ≤ ≤ n
q 2

32

• Now it is the time to revise the last protocol
for TQBF.
• We know that:
∃ x1∀ x2 ...∀ xm Φ ( x1 , x2 ,..., xm ) ∈ TQBF ⇔ ∑ ∏
x1∈{0,1} x2 ∈{0 ,1}
... ∏ P( x , x ,..., x
xm ∈{0,1}
1 2 m )0

• At first glance it seems when we see ∏
instead of addition we use multiplication.
• But it may increase the size of the polynomial
exponentially.

33

• So, we use clever idea for overcoming this
problem.
Linearization Operator R ::
Rx1 [ P(x1 , x 2 ,..., x m )] ≡ (1 − x1 )P(0, x 2 ,..., x m ) + (x1 )P(1, x 2 ,..., x m )

• Now we use this operator for TQBF.

∃ x1∀ x2 ...∀ xm Φ ( x1 , x2 ,..., xm ) ⇒ ∃ x1 Rx1∀ x2 Rx1Rx2 ...∀ xm Φ ( x1 , x2 ,..., xm )

34

Probabilistically Checkable Proofs
(PCPs)
• Again, lets review the definition of NP class.

L ∈ NP ⇔ ∃V(.,.) ∈ P, ∃P(.), ∀x ∈ Σ∗ ,
1. x ∈ L ⇒ ∃y, y ≤ P( x ) and V(x, y) accepts.
2. x ∉ L ⇒ ∀y, y ≤ P( x ) and V(x, y) rejects.

• So, if the input string is the member of
language, verifier can access the whole bits of
the polynomial size proof.

35

• What will happen if we restrict the verifier to
access the subset of the proof but not all of it?
• It seems that in this case the verifier will lose its
power. (Maybe)
• If we empower the verifier with randomization
what will happen?

• The answers of these questions will lead us to
PCP machine.

36

O(q(n)): The number of query
about the bits of the proof. x
Polynomial Time
Randomized O(r(n)) :Length
Verifier Of random string

Whole Proof

37

Definition :
PCP(r(n), q(n)) is the class of all languages accepted
by an (r(n), q(n)) - restricted verifier V in the following
sense :
x ∈ L ⇒ ∃y, Pr[V y (x) = 1] = 1.
1
x ∉ L ⇒ ∀y, Pr[V y (x) = 1] ≤ .
2

Some Points:
• We don’t have any restriction on the size of the
proof.
• If the Verifier uses its history for the
questioning, it is called adaptive else
nonadaptive.

38

Some Clear Facts:

NP = PCP(0, Poly(n)) =  PCP(0, n c ).
c 0

CoRP = PCP(Poly(n),0).

And this is one of the most important theorems
that describes NP.

PCP Theorem ::
NP = PCP(Log n,1)

39

• Hastaad proved Stronger result : NP Equals
PCP with O(logn) random bits and Exactly 3
query bits.
• PCP technique resaults into finding optimum
band for NP-Hard optimization problems, such
as MAX-3SAT and MAX-CLIQUE.

40

Conclusion
• In this talk I focused on general ideas of IP and
PCP.
• It seems that these results and techniques will
have many things to say, especially in the area of
complexity.
• In future, we would see many wonderful results.

The END

IP=PSPACE

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a IP=PSPACE

Semelhante a IP=PSPACE (20)

Mais de Reza Rahimi

Mais de Reza Rahimi (20)

Último

Último (20)

IP=PSPACE