Download presentation

Presentation is loading. Please wait.

Published byChristine Blake Modified over 2 years ago

1
Dana Moshkovitz

2
Back to NP L NP iff members have short, efficiently checkable, certificates of membership. Is satisfiable? x 1 = truex 11 = true x 2 = falsex 12 = false x 3 = falsex 13 = false x 4 = truex 14 = true x 5 = falsex 15 = false x 6 = truex 16 = true x 7 = falsex 17 = false x 8 = falsex 18 = true x 9 = truex 19 = true x 10 = false…

3
Dana Moshkovitz Interactive Protocols Two new ingredients: Several rounds Several rounds Randomness Randomness

4
Dana Moshkovitz Interactive Proofs Formally Interactive Proof System for L is a game: Completeness: There is a prover strategy P, s.t for x L, P convinces V with probability ⅔. Completeness: There is a prover strategy P, s.t for x L, P convinces V with probability ⅔. Soundness: For x L, any prover strategy P* convinces V with probability ⅓. Soundness: For x L, any prover strategy P* convinces V with probability ⅓. probabilistic polynomial- time verifier unlimited prover Vs.

5
Dana Moshkovitz The Players A verifier is a polynomial function: input random-string past-interaction reply A prover is a function: input past-interaction reply all previous prover and verifier replies

6
Dana Moshkovitz Example: Graph Non-Isomorphism Input: Two graphs G=(V,E), G’=(V’,E’). Input: Two graphs G=(V,E), G’=(V’,E’). Question: Does for every 1-1 map f of V onto V’ exist v,u V s.t (v,u) E but (f(v),f(u)) E’ (or (v,u) E, but (f(v),f(u)) E’ ) ? Question: Does for every 1-1 map f of V onto V’ exist v,u V s.t (v,u) E but (f(v),f(u)) E’ (or (v,u) E, but (f(v),f(u)) E’ ) ?

7
Dana Moshkovitz Are They Isomorphic?

8
Dana Moshkovitz IP for Non-Isomorphism common input chooses one of the graphs at random. send P an isomorphic graph. answers which graph was chosen. 2 OK! 12

9
Dana Moshkovitz Correctness Completeness: non-isomorphic graphs P can check which is isomorphic to the sent one. Completeness: non-isomorphic graphs P can check which is isomorphic to the sent one. Soundness: isomorphic graphs both isomorphic to the sent one. P succeeds with probability ½. Soundness: isomorphic graphs both isomorphic to the sent one. P succeeds with probability ½.

10
Dana Moshkovitz IP Definition: IP is the class of all languages having interactive protocols with polynomial number of rounds. Definition: IP is the class of all languages having interactive protocols with polynomial number of rounds.

11
Dana Moshkovitz Easy Claims Claim: NP IP. Claim: NP IP. Proof’s Idea: Every NP proof is also an IP proof. Proof’s Idea: Every NP proof is also an IP proof. Claim: If L IP, and it has a verifier that does not flip coins, then L NP. Claim: If L IP, and it has a verifier that does not flip coins, then L NP. Proof’s Idea: P would provide the answers for all V’s questions in advance. Proof’s Idea: P would provide the answers for all V’s questions in advance.

12
Dana Moshkovitz Amplification Observation: The constants ⅓ and ⅔ in the definition can be amplified to probabilities 1-2 -p(.) and 2 -p(.), for any polynomial p(.). Observation: The constants ⅓ and ⅔ in the definition can be amplified to probabilities 1-2 -p(.) and 2 -p(.), for any polynomial p(.). Proof’s Sketch: Given a protocol which is correct with probability ⅔, repeat it p(.) times independently. Apply Chernoff’s inequality. Proof’s Sketch: Given a protocol which is correct with probability ⅔, repeat it p(.) times independently. Apply Chernoff’s inequality.

13
Dana Moshkovitz Arthur-Merlin Games … The prover (M for Merlin) is a function of the random string of the verifier (A for Arthur) as well. Define AM/MA – according to who gets to start.

14
Dana Moshkovitz Easy Claim Claim: AM IP. Claim: AM IP. Proof’s Idea: If A is convinced when he assumes M is that powerful, he is surely convinced when M is only less powerful. Proof’s Idea: If A is convinced when he assumes M is that powerful, he is surely convinced when M is only less powerful.

15
Dana Moshkovitz The Graph Non-Isomorphism Example Revisited Is the graph non-isomorphism protocol, also an AM protocol? Is the graph non-isomorphism protocol, also an AM protocol? No! M knows which graph was chosen! No! M knows which graph was chosen! Is there an AM protocol for this language?

16
Dana Moshkovitz IP and AM Theorem (without proof): IP=AM i.e, knowing the random string essentially does not increase M’s power.

17
Dana Moshkovitz IP=PSPACE [Shamir90] given a verifier, construct an optimal prover using poly-space show the PSPACE-complete TQBF is in IP

18
Dana Moshkovitz Optimal Prover... possible verifier coin tosses [defines verifier’s reply]......... rounds best prover reply ??? ??? find recursively prover reply most probable to result in acceptance

19
Dana Moshkovitz Poly-Space Is Sufficient for the Prover Claim: IP PSPACE Claim: IP PSPACE Proof: Given a verifier, the optimal strategy for the prover may be computed in poly-space. [as described above] Proof: Given a verifier, the optimal strategy for the prover may be computed in poly-space. [as described above]

20
Dana Moshkovitz TQBF Instance: A quantified Boolean formula = x 1 x 2 … x m [ (x 1,…,x m )] Instance: A quantified Boolean formula = x 1 x 2 … x m [ (x 1,…,x m )] Goal: Is true? Goal: Is true? x 1 x 2 x 3 (x 1 0 (x 2 >0 (|x 3 |

21
Dana Moshkovitz TQBF and PSPACE Claim (without proof): TQBF is PSPACE- Complete.

22
Dana Moshkovitz The Proof: Evaluation Tree......... x 1 =0x 1 =1 x 1 =0x 1 =1 x 1 x 2 … (x 1,x 2,…) x 2 … (0,x 2,…) x 2 … (1,x 2,…) … (0,0,…)… (0,1,…) ( 0,0,..,0 ) ( 0,0,..,1 ) ( 0,0,...,1,0 ) ( 0,0,...,1,1 ) I can’t scan the entire tree!

23
Dana Moshkovitz IP for TQBF We’ll show the verifier may be convinced (with reasonable confidence) even without scanning the entire (exponential) proof specified by the prover. We’ll show the verifier may be convinced (with reasonable confidence) even without scanning the entire (exponential) proof specified by the prover.

24
Dana Moshkovitz First Idea Represent the QBF by a polynomial. Represent the QBF by a polynomial.

25
Dana Moshkovitz Arithmization xixixixi 1- xixixixi 1-(1- )(1- ) F 0 T 1 x (x)x (x)x (x)x (x) x (x)x (x)x (x)x (x) (0) (1) (0) (1)

26
Dana Moshkovitz Polynomials: Basic Facts Claim: A polynomial of degree ≤ r on d variables over a field F may have ≤ r|F| d- 1 roots, unless it is identically zero. Claim: A polynomial of degree ≤ r on d variables over a field F may have ≤ r|F| d- 1 roots, unless it is identically zero. Corollary: Two polynomials of degree ≤ r on d variables over a field F may agree on ≤ r|F| d-1 places, unless they agree everywhere. Corollary: Two polynomials of degree ≤ r on d variables over a field F may agree on ≤ r|F| d-1 places, unless they agree everywhere.

27
Dana Moshkovitz Polynomials: Basic Facts Corollary: Two different polynomials of degree ≤ r over a field F agree on a random point with probability ≤ r/|F|. Corollary: Two different polynomials of degree ≤ r over a field F agree on a random point with probability ≤ r/|F|.

28
Dana Moshkovitz Low Degree Extension......... P 1 () P 2 (x 1 ) P 3 (x 1,x 2 ) P m (x 1,…,x m )... We can evaluate on a larger field!.........

29
Dana Moshkovitz How To Convince? Check a random path! P 1 () P 2 (x 1 ) P 3 (x 1,x 2 ) P m (x 1,…,x m )...............

30
Dana Moshkovitz How To Convince? P 1 () P 2 (x 1 ) P 3 (x 1,x 2 ) P m (x 1,…,x m )............... verify this is 1 verify P 2 (x 1 ) could have resulted P 1 (). verify P 3 (r 1,x 2 ) could have resulted P 2 (r 1 ). verify P m (r 1,…,r m-1,x m ) could have resulted P m-1 (r 1,…,r m-1 ). r1r1 r2r2 check P m (r 1,…,r m ).

31
Dana Moshkovitz Example What would an honest prover do, given the formula: x 1 x 2 (x 1 x 2 ) ? x1x2x1x2 1- (1-x 1 ∙0)(1-x 1 ∙1) = x 1 0∙1 = 0 verify this is 1 ...

32
Dana Moshkovitz Example What would a (dishonest) prover might do, given the formula: x 1 x 2 (x 1 x 2 ) ? x1x2x1x2 1 1 verify this is 1 verify P 2 (x 1 )=1 could have resulted P 1 (). 1∙1 = 1... 1 verify P 3 (1,x 2 )=x 2 could have resulted P 2 (1). 5 1-(1-0)(1-1) = 1 check P 3 (1,5).

33
Dana Moshkovitz Correctness Completeness: If the formula is true, the prover may compute the true polynomials, and the verifier will always accept. Completeness: If the formula is true, the prover may compute the true polynomials, and the verifier will always accept. Soundness: What if the formula is not true? Soundness: What if the formula is not true?

34
Dana Moshkovitz If The Formula Is False… P 1 () P 2 (x 1 ) P 3 (x 1,x 2 ) P m (x 1,…,x m )............... if this is not 1, we immediately reject if this is not the real P m (x 1,…,x m ), we also immediately reject If we nevertheless accept, we get fooled somewhere!

35
Dana Moshkovitz Soundness The probability we get fooled at some specific level is ≤ r/|F|, where r bounds the polynomials’ degrees. The probability we get fooled at some specific level is ≤ r/|F|, where r bounds the polynomials’ degrees. The probability we get fooled somewhere down the path is ≤ mr/|F| [union-bound] The probability we get fooled somewhere down the path is ≤ mr/|F| [union-bound] |F| can be made polynomially large in m. |F| can be made polynomially large in m. the two different polynomials agree on a random point

36
Dana Moshkovitz Bound The Degrees Alas, the degree of the polynomials might be exponential in m, as each stage up might double it! Alas, the degree of the polynomials might be exponential in m, as each stage up might double it! To solve this problem, we’ll somewhat lengthen the tree, but make sure the degrees are kept small. To solve this problem, we’ll somewhat lengthen the tree, but make sure the degrees are kept small.

37
Dana Moshkovitz Auxiliary Quantifier Suppose now we have a QBF =Q 1 x 1...Q m x m [ ]. Suppose now we have a QBF =Q 1 x 1...Q m x m [ ]. ’=Q 1 x 1 R 1 x 1 Q 2 x 2 R 1 x 1 R 2 x 2...Q m x m R 1 x 1...R m x m [ ]. ’=Q 1 x 1 R 1 x 1 Q 2 x 2 R 1 x 1 R 2 x 2...Q m x m R 1 x 1...R m x m [ ]. R is an auxiliary quantifier, designed to keep the degree of the polynomials small. R is an auxiliary quantifier, designed to keep the degree of the polynomials small. We’ll arithmetize it as follows: We’ll arithmetize it as follows: Rx (x) (1-x)∙ (0) + x∙ (1) The degree of x is made 1. The value remains the same for 0-1 variables

38
Dana Moshkovitz Summing Up Now we can apply the former analysis, and get that PSAPCE IP, Now we can apply the former analysis, and get that PSAPCE IP, Hence IP=PSPACE. Hence IP=PSPACE.

39
Dana Moshkovitz Multi-Prover Interactive Protocol poly many provers

40
Dana Moshkovitz What is MIP? Theorem (without proof): MIP=NEXP

41
Dana Moshkovitz Scaling-Down Similarly, one can show NP is contained in MIP with O(1) provers and O(logn) random bits. Similarly, one can show NP is contained in MIP with O(1) provers and O(logn) random bits. Interestingly, this has implications to hardness of approximation Interestingly, this has implications to hardness of approximation TO BE CONTINUED… TO BE CONTINUED…

Similar presentations

OK

Complexity 24-1 Complexity Andrei Bulatov Interactive Proofs.

Complexity 24-1 Complexity Andrei Bulatov Interactive Proofs.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google