Interactive Proofs for E#SAT: Arithmetization and Soundness, Study notes of Computational Methods

In this lecture of cs221: computational complexity, professor salil vadhan discusses the unsoundness issue in an interactive proof system for the e#sat problem and proposes a solution using arithmetization. How to extend boolean functions to low-degree polynomials, allowing the verifier to verify the polynomial itself. The benefits of this modification include maintaining the original formula equality, ensuring the polynomial can be evaluated in polynomial time, and improving soundness.

Typology: Study notes

2010/2011

Uploaded on 10/28/2011

thecoral
thecoral 🇺🇸

4.5

(30)

395 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CS221: Computational Complexity Prof. Salil Vadhan
Lecture 29: P#PI P
12/4 Scribe: Dave Fetterman
Contents
1 Announcements 1
2 The unsound protocol 1
3 Arithmetization 2
1 Announcements
Class Friday in MD-125.
Relevant Readings for this lecture: PCMI lecture notes (Handout), Papadimitriou 12.2.
2 The unsound protocol
Last time, we started proving the following theorem.
Theorem 1 P#PIP
Recall we were giving an interactive proof system for the following problem: E#SAT ={(φ, k) :
φhas exactly ksatisfying assignments}.
Last time we saw a protocol exhibiting completeness but not soundness. Here is the old protocol,
which we will subsequently fix.
Observation: φhas exactly ksatisfying assignments iff there exist k0, k1such that:
k0+k1=k
φ0(x1, x2,· · · xn)φ(0, x2, . . . , xn) has exactly k0satisfying assignments.
φ1(x1, x2,· · · xn)φ(1, x2, . . . , xn) has exactly k1satisfying assignments.
First attempt at an IP for E#SAT:
φ, k given to both Prover and Verifier
1
pf3
pf4

Partial preview of the text

Download Interactive Proofs for E#SAT: Arithmetization and Soundness and more Study notes Computational Methods in PDF only on Docsity!

CS221: Computational Complexity Prof. Salil Vadhan

Lecture 29: P

#P

⊆ IP

12/4 Scribe: Dave Fetterman

Contents

1 Announcements 1

2 The unsound protocol 1

3 Arithmetization 2

1 Announcements

  • Class Friday in MD-125.
  • Relevant Readings for this lecture: PCMI lecture notes (Handout), Papadimitriou 12.2.

2 The unsound protocol

Last time, we started proving the following theorem.

Theorem 1 P

#P ⊆ IP

Recall we were giving an interactive proof system for the following problem: E#SAT = {(φ, k) :

φ has exactly k satisfying assignments}.

Last time we saw a protocol exhibiting completeness but not soundness. Here is the old protocol,

which we will subsequently fix.

Observation: φ has exactly k satisfying assignments iff there exist k 0

, k 1

such that:

  • k 0 + k 1 = k
  • φ 0

(x 1

, x 2

, · · · x n

) ≡ φ(0, x 2

,... , x n

) has exactly k 0

satisfying assignments.

  • φ 1

(x 1

, x 2

, · · · x n

) ≡ φ(1, x 2

,... , x n

) has exactly k 1

satisfying assignments.

First attempt at an IP for E#SAT:

  • φ, k given to both Prover and Verifier

Prover:

  • Send k 0 and k 1 to Verifier

Verifier:

  • Choose b ∈ { 0 , 1 } at random.
  • Send b to Prover.

As in the last lecture, the prover’s strategy is to recursively show that (φb, kb) ∈ E#SAT, and at

the end of n iterations, the verifier can be sure that the trivial formulae will be true or false.

This clearly works correctly if (φ, k) ∈ E#SAT, but we see that the soundness condition can be

violated with probability exponentially near to 1, causing the verifier to accept a false input.

How do we avoid this problem?

  • We have the latter two conditions from above, and on false input, we can only guarantee that

one is violated. Verifier has no way of deciding this efficiently.

  • Solution: Allow the verifier choices is a larger set (larger than b ∈ { 0 , 1 }).
  • Idea: Allow variables to take values in a large set F and guarantee that most values reflect

inconsistency, rather than just half of them.

3 Arithmetization

We will extend φ : { 0 , 1 }

n

→ { 0 , 1 } to

φ : F

n → F, where F is a large finite field, so

φ is a low-degree

polynomial. The benefits of this will stem from the fact that distinct, low-degree polynmials agree

in very few places. Note that we recently saw a very general way of extending boolean functions to

low-degree polys, but that only ensures that

φ can be computed in PSPACE

φ , whereas we need

the verifier to be able to verify

φ itself. Thus we must do this in a very particular way, exploiting

the structure of SAT. What we will achieve is:

φ| { 0 , 1 }

n (^) = φ.

  • d ≡ deg(

φ) ≤ |φ|

φ(x) can be evaluated in polynomial time given φ and x ∈ F

n .

Now on to the recursive definition, φ 7 →

φ:

  • x i

→ x i

  • ¬φ 7 → 1 −

φ

  • φ ∧ ψ 7 →

φ ·

ψ

  • Choose α n

∈ F randomly

  • Check p n

(α n

φ(α 1

,... , α n

  • Accept if all of these checks pass, failing otherwise.

Claim 2 This is an interactive proof for E#SAT.

Proof:

  • Efficiency: V is poly-time by inspection and our choice of arithmetization.
  • Completeness: By construction.
  • Soundness: Suppose φ does not have exactly k satisfying assignments. We’ll show that

∀P

∗ , Pr[V accepts : (P

∗ , V )(φ, k)] ≤

nd

|F|

nd

2

d

→ 0. Let p

1

,... , p

n

be polynomials sent by

P

. Let p 1

,... , p n

be polynomials computed according to specified P-strategy. Assume

p 1

(0) + p 1

(1) = # satisfying assignments to φ 6 = k. Then either p

1

(0) + p

1

(1) 6 = k or p

1

= p 1

In the first case, V rejects immediately. Otherwise, w.p. ≥ 1 −

d

|F|

, p

1

(α 1 ) 6 = p 1 (α 1 ) by the

Basic Theorem of Algebra (two distinct polynomials of degree d agree in at most d places).

Suppose p

1

(α 1 ) 6 = p 1 (α 1 ) = p 2 (0) + p 2 (1). Then either

  • p

2

(0) + p

2

(1) 6 = p

2

(α 1

) ⇒ V rejects immediately.

  • p

2

= p 2 ⇒ w.p. 1 −

d

|F|

over α 2 , p

2

(α 2 ) 6 = p 2 (α 2 )

  • etc...

So by union bound overall, Pr[V rejects or p

n

(αn) 6 = pn(αn)] ≥ 1 − n

d

|F|

2

3

Now that we see interactive proofs are so much more powerful than classical proofs, containing all

of P

#P (and hence the entire PH, by Toda), we’d like to fully characterize their power. This was

done shortly thereafter:

Theorem 3 (Shamir) : IP = PSPACE

You will show on the problem set IP ⊆ PSPACE. The other direction is based on the arithmeti-

zation ideas above, applied to QBF. See the PCMI notes for details. But how are we to interpret

this? Think about PSPACE-complete problems like GO or CHESS. If we have Kasparov (an

“optimal chess oracle”), he can efficiently convince you (a weak, poly-time verifier) that a move is

optimal. Additionally, there emerge many nice philosophical interpretations. For example, it vali-

dates our everyday intuition that one can be taught more through interaction (as in a classroom)

than just by reading.