


Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Prof. Salil Vadhan, Computer Science, Computational Complexity, Multiprover Interactive Proofs, Probabilistically Checkable Proofs, Babai–Fortnow–Lund, PCP Theorem, Harvard, Lecture Notes
Typology: Study notes
1 / 4
This page cannot be seen from the preview
Don't miss anything!



CS221: Computational Complexity Prof. Salil Vadhan
12/09 Scribe: Qian Zhang
Note on hardness of approximate counting: Even though we used allowed randomized algo- rithms in our definition of α-approximation algorithm, the reductions we give to show hardness of approximate counting are not randomized. For example, if there is deterministic polynomial time algorithm to approximate the number of cycles in a graph, we can conclude P = NP.
Figure 1: Complexity classes involving interactive proofs
AM andMA seem much closer to NP than IP does. There even exists some evidence that AM = MA = NP. (Shown in CS225)
We want to generalize IP to have several cooperating provers. The provers are cooperating since they all want to convince the verifier of the same thing, however, the provers are not allowed to communicate with each other. This is similar to the interrogation of criminals where each suspect is interrogated separately and without allowing them to hear what the others have told the police.
Definition 1 A k-prover proof system for a language L is a protocol between k provers (P 1 ,... , Pk) and verifer V such that
k-MIP is the class of languages with k-prover proof systems, and MIP =
k k-MIP.
More generally, one may also allow the number of provers to grow (polynomially) with the input, but we stick to a constant number of provers for simplicity.
The original motivation for studying MIP was cryptography (specifically, one can construct zero- knowledge MIP’s for NP without any intractability assumptions such as the existence of one-way functions). But our interest in them is complexity-theoretic: Does MIP contain more languages than IP? Is it true that (k + 1 )-MIP ) k-MIP? We answer that question below.
Instead of a prover, we have a proof “oracle”. The proof oracle is like a memory-less prover. Thus, while normally provers can remember the history of its interaction with the verifier to avoid contradicting itself, the proof oracle cannot.
Definition 2 A language L has a probabilistically checkable proof (PCP) if there exists a proba- bilistic polynomial-time verifier V such that
V π ∗ (x) = accept
PCP is the class of languages possessing probabilistically checkable proofs.
We will sometimes write πx to emphasize that the PCP may depend on the input x. (With IP and
MIP we gave the input x to the provers.)
Theorem 3 PCP = MIP = 2 - MIP
Note the gap between the completeness probability (1 − 2 −n) and the soundness probability (1 − 1 / 2 m). Repeating the PCP verifier Θ(m) times, we can amplify the gap to any desired constant.
While we have this nice equivalence between MIP and PCP, we still have not answered the question of whether MIP is more powerful than IP = 1 - MIP. Soon after IP = PSPACE, the power of MIP was completely characterized:
Theorem 4 (Babai–Fortnow–Lund) MIP = PCP = NEXP
We won’t prove this theorem, but rather look at a remarkable “scaling down” of it that characterizes NP.
Theorem 5 (PCP Theorem) NP equals PCP where the verifier tosses O(log n) coins and reads only a constant number of bits from the proof.