Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Chapter 10

Interactive Proof Systems

Those who consider a thing proved simply

because it is in print are fools.

—Maimonides

The complexity classes RP and BPP are the probabilistic extensions of the deterministic feasible class P. In this chapter, we study interactive proof systems as the probabilistic extension of the polynomial-time hierarchy and the class PSPACE. Although the original motivation of interactive proof systems is for their applications in the theory of cryptography, they have found many interesting applications in complexity theory too. In particular, we will discuss characterizations of complexity classes between NP and PSPACE in terms of interactive proof systems. We also demonstrate an interesting application of this study in which some intractable problems in NP are proved to be not NP- complete unless the polynomial-time hierarchy collapses.

10.1 Examples and Definitions

The notion of interactive proof systems is most easily explained from a game-theoretic view of the complexity classes. In the general setting, each problem A is interpreted as a two-person game in which the first player, the prover, tries to convince the second player, the verifier, that a given instance x is in A. On a given instance x, each player takes turn sending a string y_i to the other player, where the ith string y_i may depend on the input x and the previous strings y₁, $c10-math-0010$ , $c10-math-0011$ . After a number m of moves, the prover wins the game if the verifier is able to verify that the strings x, y₁, $c10-math-0015$ , y_m satisfy a predetermined condition; otherwise, the verifier wins. Depending on the computational power of the two players, and on the type of protocols allowed between the two players, this game-theoretic view of the computational problems can be used to characterize some familiar complexity classes.

As a simple example, consider the famous NP-complete problem SAT. To prove that a Boolean formula F is satisfiable, the prover simply sends a truth assignment t on the variables that occurred in F to the verifier, then the verifier verifies, in polynomial time, whether t satisfies F or not and accepts F if t indeed satisfies F. Thus, we say that SAT has a proof system with the following properties:

The verifier has the power of a polynomial-time DTM, and the prover has the unlimited computational power.
The game lasts for one round only, with the prover making the first move.
A formula F is in SAT if and only if the prover is able to win the game on F.

Indeed, it is easy to see that the class NP consists of exactly those sets having proof systems of the above properties.

A more interesting example is the proof systems for the polynomial-time hierarchy. Recall the following alternating quantifier characterization of the polynomial-time hierarchy (Theorem 3.8): A set A is in $c10-math-0028$ if and only if there exist a polynomial-time computable predicate R and a polynomial q such that for all x,

where $c10-math-0033$ if k is odd and $c10-math-0035$ if k is even. From the game-theoretic point of view, the above characterization means that a set A in $c10-math-0038$ has a proof system of the following properties:

The verifier has the power of a polynomial-time DTM, and the prover has the unlimited computational power.
The game lasts for exactly k rounds, with the verifier making the first move.
An instance x is in A if and only if the prover has a winning strategy on x.

The above game-theoretic view of the complexity classes in PH, though helpful in our understanding of the problems in these classes, does not help us to prove them efficiently in practice. For instance, consider the above game for some set $c10-math-0043$ . This game consists of only two moves: the verifier sends to the prover a string y₁ and the prover responds with a string y₂. Following these two moves, the verifier verifies whether $c10-math-0046$ holds and decides who wins the game. In this game, even if the prover is able to win the games on the same input x polynomially many times (with respect to different strings y₁), the verifier is not necessarily convinced that the prover has a winning strategy. The reason is that the verifier has an exponential number of choices for the first string y₁ and only polynomially many of them have been defeated by the prover. The prover might simply be lucky in winning in these special cases. An exhaustive proof by the prover would convince the verifier that x indeed belongs to A but it would, unfortunately, take an exponential amount of time.

Following the spirit of probabilistic computing, we studied in Chapter 8, it is possible, however, that for a subclass of problems A in $c10-math-0053$ , the prover is able to demonstrate probabilistically that astring x is in A in polynomial time. To do this, the prover first shows the verifier that if $c10-math-0056$ , then there exist not just one but many bad strings y₁ such that $c10-math-0058$ $c10-math-0059$ . (Therefore, only a subclass of problems A in $c10-math-0061$ qualify.) Assume, for instance, there are $c10-math-0062$ such bad y₁'s for some constant c > 0. Then, the verifier may randomly choose a string z₁ of length $c10-math-0066$ and has the probability c to win the game with this string z₁. If this game on x is played repeatedly for a number of times and the prover is able to win the game consistently, then the verifier is more convinced that x is indeed in A (or, the verifier is extremely unlucky). This type of probabilistic game is called a probabilistic interactive proof system or, simply, an interactive proof system. The main difference between the probabilistic proof systems and the deterministic proof systems described earlier is that the verifier is allowed to use a random number generator to help him/her to compute new strings y_i, as well as verifying the final accepting condition. That is, an interactive proof system for a set A is a proof system with the following properties:

The verifier has the power of a polynomial-time PTM, and the prover has the power of a PTM, without a limit on time or space bound.
If an instance x is in A, then the prover is able to win the game of x with probability $c10-math-0077$ ; and if $c10-math-0078$ , then the probability that the prover is able to win the game of x is $c10-math-0080$ , where ε is a constant strictly less than 1/2.¹

We look at some examples before giving the formal definition of interactive proof systems.

Example 10.1

(GRAPH NONISOMORPHISM) Recall that the graph isomorphism problem is GISO $c10-math-0083$ , where $c10-math-0084$ means that G₁ are G₂ are isomorphic. It is known that $c10-math-0087$ and so $c10-math-0088$ . We show that $c10-math-0089$ has a probabilistic interactive proof system. In the following, for any graph $c10-math-0090$ and any permutation π on V, we write $c10-math-0093$ to denote the graph $c10-math-0094$ , where $c10-math-0095$ if and only if $c10-math-0096$ , that is, the graph $c10-math-0097$ is the isomorphic copy of G induced by the permutation π.

Interactive Proof System for $c10-math-0100$ .

Input: $c10-math-0101$ .

Round 1. The verifier chooses a random bit $c10-math-0102$ and chooses a random permutation π on V_b. Then, the verifier sends the graph $c10-math-0105$ to the prover.

Round 2. The prover finds $c10-math-0106$ such that $c10-math-0107$ and sends b^′ to the verifier.

The verifier accepts the input if and only if $c10-math-0109$ .

First assume that G₁ and G₂ are not isomorphic. As the prover has unlimited computational power, he/she can always win the game by finding the correct bit b^′ for the verifier. Therefore, the error probability is 0.² Conversely, assume that $c10-math-0117$ . What is the probability that the prover can cheat the verifier that $c10-math-0118$ ? As $c10-math-0119$ , and as the verifier uses a random bit b to get $c10-math-0121$ , the best the prover can do is to randomly guess a bit b^′ and has only the probability 1/2 to win the game. To get an arbitrarily small error probability, say ε, it is only necessary to repeat the game on the same input $c10-math-0124$ for $c10-math-0125$ times, using an independent random number generator for the bit b.

Example 10.2

(QUADRATIC NONRESIDUES, or QNR) Recall that an integer x is a quadratic residue modulo a positive integer n ( $c10-math-0129$ ) if there exists an integer y such that $c10-math-0131$ . Also recall that $c10-math-0132$ . (See Examples 4.2 and 8.4.) Let $c10-math-0133$ . It is known that $c10-math-0134$ , but it is not known whether it is in NP.

Interactive Proof System for QNR.

Input: $c10-math-0135$ .

Round 1. The verifier chooses a random bit $c10-math-0136$ and a random $c10-math-0137$ . Then, the verifier defines

and sends w to the prover.

Round 2. The prover decides whether $c10-math-0140$ and sends the answer $c10-math-0141$ to the verifier ( $c10-math-0142$ if and only if $c10-math-0143$ ).

The verifier accepts the input if and only if $c10-math-0144$ .

Assume that $c10-math-0145$ . Then, the number w generated by the verifier is a quadratic residue modulo n if and only if b = 1. Thus, the prover, with the unlimited computational power, can always win the game by sending the bit $c10-math-0149$ if and only if $c10-math-0150$ . Conversely, if $c10-math-0151$ , then w is always a quadratic residue modulo n (regardless of b = 0 or b = 1). Furthermore, w is a random quadratic residue modulo n because z was chosen randomly. Therefore, the prover has only the probability 1/2 to guess the correct bit $c10-math-0159$ . As in Example 10.1 above, the error probability can be reduced to $c10-math-0160$ by repeating the game k times.

The above two examples demonstrate simple interactive proof systems for some problems in coNP that are not known to be complete for coNP. The next example shows a more complicated interactive proof system for a $c10-math-0162$ -complete problem, with a hint of the general theorem that all problems in PSPACE have interactive proof systems (Theorem 10.26).

Example 10.3

Weak Interactive Proof System for PERM.

Input: An $c10-math-0165$ Boolean matrix A and an integer q. (The prover needs to prove that $c10-math-0168$ .)

Initially, let $c10-math-0169$ and $c10-math-0170$ .

Stage i, $c10-math-0172$ . A_i is an $c10-math-0174$ matrix. The prover sends integers $c10-math-0175$ , $c10-math-0176$ , to the verifier, where B_i,j is the submatrix of A_i obtained by deleting the first row and the jth column of A_i. Next, the verifier verifies that

(10.1) equation

If the above equation does not hold, then the verifier rejects the input (A,q). Otherwise, the verifier chooses a random $c10-math-0183$ and lets $c10-math-0184$ and $c10-math-0185$ . He/she sends $c10-math-0186$ and $c10-math-0187$ to the prover and goes to the next stage.

Stage n. The verifier has a $c10-math-0189$ matrix A_n and an integer q_n. The verifier accepts the input if and only if $c10-math-0192$ .

Assume that $c10-math-0193$ . Then the prover can always compute the correct values $c10-math-0194$ at each stage i and, hence, can prove that $c10-math-0196$ with probability 1.

On the other hand, when $c10-math-0197$ , the error probability could be very large. More precisely, assume that at stage i, $c10-math-0199$ . Then, the prover could give $c10-math-0200$ correct values $c10-math-0201$ and only one incorrect value q_i,j and could still satisfy (10.1). The probability that the verifier chooses this incorrect value to be $c10-math-0203$ is $c10-math-0204$ . As a whole, the probability that all pairs $c10-math-0205$ are incorrect in all stages i is only $c10-math-0207$ . Thus, the above proof system is too weak.

To remedy this problem, we modify the above proof system to reduce the error probability. Let us call a pair (C,r) of a matrix C and an integer r incorrect if $c10-math-0211$ . We have just seen that if at each stage i, the verifier only recursively tests the correctness of a random pair $c10-math-0213$ , then the error probability is too large. On the other hand, if the verifier recursively tests every pair $c10-math-0214$ at stage i, then it would take an exponential amount of time. The idea here is to combine all $c10-math-0216$ pairs $c10-math-0217$ to create a single pair that, with a large probability, is incorrect as long as one of the original pairs is incorrect. Therefore, the total number of pairs $c10-math-0218$ considered is polynomially bounded, and yet the error probability is kept small.

Interactive Proof System for PERM.

Input: (A,q).

Choose a large prime number p such that $c10-math-0221$ . (It could be done in polynomial time by the verifier; or, the prover could send the prime number, together with a short proof that it is indeed a prime, to the verifier.)

Let $c10-math-0222$ and $c10-math-0223$ .

Stage i, $c10-math-0225$ . The prover needs to prove that $c10-math-0226$ .

Substage $c10-math-0227$ . The prover finds $c10-math-0228$ , $c10-math-0229$ and sends them to the verifier, where B_i,j is the submatrix of A_i obtained by deleting the first row and the jth column of A_i. Next, theverifier verifies that

If the above equation does not hold, then the verifier rejects the input (A,q). Otherwise, let $c10-math-0236$ and $c10-math-0237$ , and go to substage $c10-math-0238$ .

Substage $c10-math-0239$ , $c10-math-0240$ . The verifier forms an $c10-math-0241$ linear-polynomial matrix

and sends D(x) to the prover, asking forits permanent f(x) (a polynomial of degree $c10-math-0245$ ). When the verifier receives the permanent polynomial f(x) from the prover, he/she checks that $c10-math-0247$ and $c10-math-0248$ ; if either equation fails, he/she rejects the input. Otherwise, the verifier chooses a random integer $c10-math-0249$ and let $c10-math-0250$ (i.e., C is the $c10-math-0252$ integer matrix obtained by substituting the integer a for the variable x in D) and $c10-math-0256$ .

At the end of substage $c10-math-0257$ , let $c10-math-0258$ and $c10-math-0259$ .

Stage n. The verifier has a $c10-math-0261$ matrix A_n and an integer q_n. The verifier accepts the input if and only if $c10-math-0264$ .

First notice that an $c10-math-0265$ Boolean matrix A must have $c10-math-0267$ , and so, for any $c10-math-0268$ , $c10-math-0269$ implies $c10-math-0270$ . Thus, we do not lose any generality using arithmetic modulo p. (In the following lemma, we say (C,r) is incorrect if and only if $c10-math-0273$ .) Next, we observe again that if $c10-math-0274$ , then the prover can always compute correct permanent values, including the permanent f of the polynomial matrix D in each substage $c10-math-0277$ , and wins the game with probability 1. We only need to prove that when $c10-math-0278$ , the probability of the prover winning the game is small.

Lemma 10.4

Proof

We observe that if $c10-math-0309$ is incorrect, then after substage $c10-math-0310$ , one of the pairs $c10-math-0311$ is incorrect. Now, following the above lemma, the error in the pair $c10-math-0312$ at stage i will be passed to the next pair $c10-math-0314$ at stage i + 1 with probability $c10-math-0316$ . The total error probability of the above interactive proof system is thus bounded by

which is negligible when n is reasonably large.

From the above examples, we can see that an interactive proof system consists of an honest verifier who wants to learn whether or not a given instance x is in a set A and an unreliable prover whose task is to answer questions of the verifier to maximize his winning probability. As the prover is potentially treacherous, it is the verifier's job to detect the cheating to minimize the error probability. Thus, it is natural to define the interactive proof systems from the verifier's point of view, that is, we define the verifier as a probabilistic machine and let the prover take the role of an oracle. Formally, we define an interactive Turing machine to be a polynomial time oracle PTM M_v that uses an oracle function f_p with the following special rule of making queries: The machine M_v makes a query y to the oracle f_p by writing on the query tape (1) the input x, (2) the whole history of queries and answers exchanged between the machine M_v and the oracle f_p, and (3) the new query y. (This special rule reflects the assumption that the prover can send a message y_i based on the input x as well as the history of the messages exchanged between the prover and the verifier.) Note that the polynomial-time bound on M_v implies that it can only work with polynomial-length-bounded oracle functions f_p. The notion of interactive proof systems can be defined by interactive TMs, working with unreliable oracles. (See Exercise 10.1 for an alternative formulation of the notion of interactive proof systems.)

Definition 10.5

The time complexity of an interactive TM is restricted to be polynomially bounded. In addition to the time complexity, an important complexity measure of an interactive proof system $c10-math-0351$ is the number of queries made by M_v to the oracle f_p. Recall that a computation of a probabilistic oracle machine M, relative to an oracle f, is a sequence of successive configurations of M^f, from a starting configuration to a halting configuration. We define the number of rounds of a computation of an interactive proof system $c10-math-0357$ to be the number of messages (queries and answers) exchanged between the machine M_v and the oracle f_p in this computation. For an integer function r, we say that a set A has an r(n)-round interactive proof system if there exists an interactive proof system $c10-math-0363$ for A such that the number of rounds of all the computations of the system $c10-math-0365$ on all x is bounded by $c10-math-0367$ .³

Definition 10.6

Similar to the probabilistic complexity classes RP and BPP, the classes IP and IP_k remain the same if we change the error bound 1/4 to any constant $c10-math-0372$ .

Proposition 10.7

Proof

Finally, we observe the simple relations that $c10-math-0384$ and $c10-math-0385$ , and that the problems $c10-math-0386$ and QNR of Examples 10.1 and 10.2 above are both in $c10-math-0387$ .

10.2 Arthur–Merlin Proof Systems

In order to analyze the computational power of interactive proof systems, we first study a weaker type of probabilistic proof system called the Arthur–Merlin proof system. An Arthur–Merlin proof system is similar to an interactive proof system where Arthur is a verifier with the power of a polynomial-time PTM and Merlin is a prover, except that Merlin is even more powerful than an ordinary prover so that he is able to read the whole history of the computation of Arthur on the given input, including the random numbers generated by Arthur. If we examine the interactive proof systems of Examples 10.1 and 10.2, we can see that the secrecy of the random bits used by the verifier is critical to the correctness of the system. Indeed, if in Example 10.1 the prover knows the random bit b chosen by the verifier, then he/she can always win the game by sending back the bit b, regardless of whether $c10-math-0390$ or not. Thus, the extra power of Merlin appears to be a strong restriction to the notion of interactive proof systems. Later, however, we will show that this restriction is not really so strong and that the two notions of proof systems are essentially equivalent. Yet, the simplicity of the Arthur–Merlin proof systems allows us to perform detailed analysis of its computational power.

As Merlin is so powerful that Arthur is not able to hide his random numbers from Merlin, we may as well require that in an Arthur–Merlin proof system, Arthur always sends the random numbers he used to Merlin. Furthermore, Merlin can alwayssimulate Arthur's computation to compute the next query to be asked by Arthur from the history of the computation and the new random numbers received from Arthur. Thus, Arthur really does not have to send Merlin anything except the new random numbers generated by the random number generator. In other words, Arthur really plays a passive role whose only task is to verify, at the end, whether the computation satisfies a predetermined condition and whether to accept the input. Formally, we define an Arthur machine to be an interactive TM such that

each new query of Arthur is simply a new sequence of random bits; and
every random number generated by Arthur must be sent to Merlin as a query, even if Arthur does not expect an answer from Merlin (so that the last random number generated by Arthur counts as one round of communication between the two players).

To understand how such a simplistic communication protocol could work, it is helpful to review the interactive proof system of Example 10.3 for the problem PERM and observe that it is actually an Arthur–Merlin system. In particular, at each substage $c10-math-0391$ , $c10-math-0392$ , the verifier only needs to verify that the answer f satisfies the two equations, $c10-math-0394$ and $c10-math-0395$ , and then sends a random number $c10-math-0396$ to the prover. At the next substage, the prover can compute the matrix D by itself and sends its permanent f to the verifier.

Definition 10.8

The notion of the number of rounds in an Arthur–Merlin proof system is defined exactly the same as that of an interactive proof system. Here, we distinguish the proof systems in which Merlin sends the messages first from those in which Arthur sends the messages first.

Definition 10.9

Again, the classes AM and $c10-math-0424$ remain unchanged for any constant error probability ε > 0. We omit the proof.

Proposition 10.10

In the above, we have defined the Arthur–Merlin proof system from Arthur's point of view, that is, we view such a proof system as Arthur working with an unreliable oracle Merlin trying to prove that an instance x is in A. As Merlin knows every random bit Arthur uses and has the unlimited computational power to simulate Arthur's computation, we may also look at this proof system from Merlin's point of view. Namely, we may think that Merlin tries to convince Arthur, who is a passive verifier, that an instance x is in A by showing the complete probabilistic proof to him, where the two players share a common trustable random number generator. That is, Merlin can demonstrate the proof by playing both roles in the game: he nondeterministically generates his messages for himself and randomly generates messages for Arthur. To formalize this idea, we consider a new computational model of probabilistic NTMs.

A probabilistic NTM is an NTM M attached with a random number generator ϕ. The machine M has two nonstandard states: the nondeterministic state and the random state. When the machine enters the nondeterministic state, it generates a bit nondeterministically, and when it enters a random state, it obtains a random bit from the random number generator. We call a probabilistic NTM a Merlin machine if there exists a polynomial p such that for each input x, it always halts in $c10-math-0446$ moves.

To simplify the notion of the accepting probability of a Merlin machine, we assume that such a machine M has two extra read-only tapes, called the Merlin tape and the Arthur tape, in addition to the input/output/work tape. The Arthur tape is just the random-bit tape of a PTM, where a sequence of random bits is supplied by the random number generator ϕ. The Merlin tape contains the messages to be sent from Merlin to Arthur. We assume that when a Merlin machine enters the nondeterministic state, it reads the next bit from the Merlin tape and when the machine enters the random state, it reads the next bit from the Arthur tape. Thus a configuration of a Merlin machine consists of the following information: (1) the current state q, (2) the current string s in the input/output/work tape to the left of the tape head, (3) the current string t at and on the right of the tape head in the input/output/work tape, (4) the current string α on the Merlin tape (from the beginning cell to the cell scanned by the tape head), and (5) the current string β on the Arthur tape (from the beginning cell to the cell scanned by the tape head). We define the successor relation $c10-math-0454$ on configurations and the concept of accepting configurations similar to that for PTMs (see Section 9.2). In particular, a configuration $c10-math-0455$ in the random state (or in the nondeterministic state) has two successor configurations, $c10-math-0456$ and $c10-math-0457$ (or, respectively, $c10-math-0458$ and $c10-math-0459$ ) for some states q₀ and q₁.

To define the notion of the accepting probability, we first define the accepting probability $c10-math-0462$ of a configuration c. For any configuration $c10-math-0464$ , we let $c10-math-0465$ if q is an accepting state and $c10-math-0467$ if q is a rejecting state. If q is a regular deterministic state and c₁ is the unique successor configuration of c, then let $c10-math-0472$ . If q is a random state and c₀ and c₁ are two successor configurations of c, then let $c10-math-0477$ be the average of $c10-math-0478$ and $c10-math-0479$ . If q is a nondeterministic state and c₀ and c₁ are two successor configurations of c, then let $c10-math-0484$ be the maximum of $c10-math-0485$ and $c10-math-0486$ . For any input x, the accepting probability of a Merlin machine on x is equal to $c10-math-0489$ , where c_x is the starting configuration for x. We also write $c10-math-0492$ to denote the accepting probability $c10-math-0493$ of M on x. As a Merlin game always halts in polynomial time, the probability $c10-math-0496$ is well defined.

The concept of rounds can also be defined in a Merlin machine. We define a random round of a computation of a Merlin machine M to be a maximum-length sequence of configurations that are either in a deterministic state or in the random state. Similarly, a nondeterministic round of a computation of a Merlin machine M is a maximum-length sequence of configurations that are either in a deterministic state or in the nondeterministic state. For k ≥ 1, a k-round Merlin machine M is one all of whose computations have at most k random and nondeterministic rounds.

Proposition 10.11

Proof

We first show how to convert an Arthur machine M_A to a Merlin machine M_M. We change each query of M_A to the action of generating a sequence of random bits followed by the action of generating a sequence of nondeterministic bits. Let f be the function that answers each query of the machine M_A to maximize the accepting probability. Then, the accepting probability of M_M on any input x is equal to the accepting probability of $c10-math-0517$ on input x, and $c10-math-0519$ for all oracles g. It follows that if $c10-math-0521$ is an Arthur–Merlin proof system for L with error probability ε, then M_M satisfies conditions (1) and (2).

Conversely, to change a Merlin machine M_M to an Arthur machine M_A, we convert each round of random moves of machine M_M to a query move by Arthur in M_A and each round of nondeterministic move to the action of answering the query. Again, the accepting probability of the machine M_M is equal to the accepting probability of the machine M_A relative to the optimum oracle f. Thus, the machine M_A, together with the optimum oracle f, forms an Arthur–Merlin proof system for L.

It is interesting to observe that the above conversions between the two types of machines preserve the number of rounds in each machine.

10.3 AM Hierarchy Versus Polynomial-Time Hierarchy

In this section, we consider the complexity classes AM_k of sets having Arthur–Merlin proof systems of a bounded number of rounds. It is clear that these classes form a hierarchy:

We are going to see that this hierarchy collapses to the second level. In addition, they are contained in the second level $c10-math-0537$ of the polynomial-time hierarchy.

To begin with, we first give an alternating quantifier characterization for the AM hierarchy like that for the polynomial-time hierarchy in Theorem 3.8. Intuitively, a move by Merlin demonstrates a new piece of proof to Arthur, and so it corresponds to an existential quantifier $c10-math-0538$ , while a move by Arthur is simply a sequence of random bits, and to a probabilistic quantifier $c10-math-0539$ . (Recall that $c10-math-0540$ means “for at least $c10-math-0541$ strings y of length m,” and $c10-math-0544$ is the abbreviation for $c10-math-0545$ .)

Recall that two predicates R₁ and R₀ are complementary if R₁ implies $c10-math-0549$ .

Definition 10.12

A simple induction shows that complementary $c10-math-0577$ - and $c10-math-0578$ -predicates are indeed complementary if $c10-math-0579$ . We are going to show that if $c10-math-0580$ , then the predicates $c10-math-0581$ and $c10-math-0582$ are complementary AM_k-predicates. Before we prove that, we need to show that the notion of complementary AM_k-predicates remains unchanged with respect to different values r. This can be proved by the majority vote technique. As it is more involved than the proofs of Theorems 10.7 and 10.10, we give a complete proof below. In the following, we write $c10-math-0586$ to mean “for more than $c10-math-0587$ numbers $c10-math-0588$ .”

Lemma 10.13

Proof

We prove this lemma by induction on the number of probabilistic quantifiers (or, $c10-math-0601$ ). If k = 0, then $c10-math-0603$ and $c10-math-0604$ are complementary polynomial-time predicates and so are R₁ and R₀. For k ≥ 1, assume that

for some complementary $c10-math-0609$ -predicates S₁ and S₀, where the scope of the quantifiers is the set of all strings of length $c10-math-0612$ for some polynomial q. (For k = 1, let $c10-math-0615$ and $c10-math-0616$ , with $c10-math-0617$ , and the proof is the same as the general case.) Then, we get

Fix an $c10-math-0619$ with each string x_i of length n. Let $c10-math-0622$ , $c10-math-0623$ . Then, $c10-math-0624$ implies that for more than $c10-math-0625$ numbers $c10-math-0626$ , the probability of Y_i (in the space of all strings of length q(n)) is at least r. We fix a set I of size $c10-math-0631$ of integers i such that $c10-math-0633$ , and let

Consider the set Y in the probability space of all $c10-math-0636$ . We can see that $c10-math-0637$ .

The above observation implies that

Similarly, we can derive that

By the inductive hypothesis, the pair of predicates $c10-math-0640$ and $c10-math-0641$ are complementary $c10-math-0642$ -predicates and, hence, R₁ and R₀ are complementary $c10-math-0645$ -predicates.

Theorem 10.14

Proof

We show the implication (a) $c10-math-0659$ (c). The proof is by induction on k. It is obvious for the case k = 0. For the case k = 1, it is the same as Theorem 8.19.

Assume that k ≥ 2. Let $c10-math-0664$ and $c10-math-0665$ be two complementary $c10-math-0666$ -predicates so that

where the scope of the quantifiers on y₁ and y₂ is the set of all strings of length $c10-math-0670$ for some polynomial q. From the majority vote technique of Theorem 8.19, if $c10-math-0672$ , then there exists a constant m₀ such that the probability r of the set

(in the probability space of all $c10-math-0676$ , with each $c10-math-0677$ ) is at least $c10-math-0678$ if we let $c10-math-0679$ . Therefore, we can write $c10-math-0680$ and get

Similarly, we get

From the inductive hypothesis, we can assume that $c10-math-0683$ and $c10-math-0684$ are actually complementary $c10-math-0685$ -predicates, where $c10-math-0686$ (note that m₀ is a constant). Then, $c10-math-0688$ . It follows from Lemma 10.13 that the predicates $c10-math-0689$ and $c10-math-0690$ are complementary $c10-math-0691$ -predicates. This completes the proof of the theorem.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter

Create new playlist

Sign In

Sign Up

Interactive Proof Systems

10.1 Examples and Definitions

Example 10.1

Example 10.2

Example 10.3

Lemma 10.4

Proof

Definition 10.5

Definition 10.6

Proposition 10.7

Proof

10.2 Arthur–Merlin Proof Systems

Definition 10.8

Definition 10.9

Proposition 10.10

Proposition 10.11

Proof

10.3 AM Hierarchy Versus Polynomial-Time Hierarchy

Definition 10.12

Lemma 10.13

Proof

Theorem 10.14

Proof

Table of Contents for
Chapter