Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Chapter 4

Structure of NP

In order to understand the difficulty of solving the P versus NP problem, we study in this chapter the internal structure of the complexity class NP. We demonstrate some natural problems as candidates of incomplete problems in NP–P and study the notion of one-way functions. We also introduce the notion of relativization to help us understand the possible relations between subclasses of NP. One of the main proof techniques used in this study is stage-construction diagonalization, which has been used extensively in recursion theory.

4.1 Incomplete Problems in NP

We have seen many NP-complete problems in Chapter 2. Many natural problems in NP turn out to be NP-complete. There are, however, a few interesting problems in NP that are not likely to be solvable in deterministic polynomial time but also are not known to be NP-complete. The study of these problems is thus particularly interesting, because it not only can classify the inherent complexity of the problems themselves but can also provide a glimpse of the internal structure of the class NP. We start with some examples.

Example 4.1

There are many number-theoretic problems in NP that are neither known to be NP-complete nor known to be in P. We list three of them that have major applications in cryptography. An integer $c04-math-0009$ is called a quadratic residue modulo n if $c04-math-0011$ for some $c04-math-0012$ . We write $c04-math-0013$ to denote this fact.

Example 4.2

INTEGER FACTORING (FACTOR): Given a positive integer n, find its prime factors.
QUADRATIC RESIDUOSITY (QR): Given two integers n and $c04-math-0016$ , determine whether $c04-math-0017$ .
SQUARE ROOT MODULO AN INTEGER (SQRT): Given two integers n and $c04-math-0019$ , find a $c04-math-0020$ such that $c04-math-0021$ .

All these three problems are easily seen to be in NP. For the problems FACTOR and SQRT, we need to reformulate them as decision problems:

FACTOR: Given integers $c04-math-0022$ , determine whether there is an integer d, $c04-math-0024$ , that divides n.SQRT: Given integers n, $c04-math-0027$ , and $c04-math-0028$ , determine whether there is a $c04-math-0029$ such that $c04-math-0030$ and $c04-math-0031$ .

We are going to see in Chapter 8 that if n is a prime, then the problem SQRT has a polynomial-time probabilistic algorithm and, hence, not likely to be NP-complete. For the case of composite n, there is some evidence showing that the problem SQRT is solvable in deterministic polynomial time if and only if FACTOR is solvable in deterministic polynomial time (see Rabin (1979)).

The above examples suggest that there are problems in NP–P that are not complete for NP. However, we do not even know that such sets exist at all. In the following we show, in an abstract form, that such sets indeed exist, if $c04-math-0034$ . To prepare for the proof of the theorem, we recall from Chapter 1 that there exists an effective enumeration $c04-math-0035$ ofall polynomial-time DTMs, as well as an effective enumeration $c04-math-0036$ of all polynomial-time oracle DTMs. For the following theorem, we need an even stronger property of these enumerations, that is, the enumerations can be done in polynomial time in the sense that the functions $c04-math-0037$ [code of M_i] and $c04-math-0039$ [code of N_i] are polynomial-time computable. It is easy to see that this stronger property follows from our enumeration method in Section 1.5. Also, in the following theorem, we let $c04-math-0041$ denote the set difference between two sets A and B, that is, $c04-math-0044$ .

Theorem 4.3

Proof

Let $c04-math-0049$ and $c04-math-0050$ be the enumerations of machines as described above. Also let $c04-math-0051$ be a deterministic TM accepting SAT. We want to construct a set A satisfying (1) $c04-math-0053$ , (2) $c04-math-0054$ , and (3) SAT $c04-math-0055$ . In terms of the enumerations $c04-math-0056$ and $c04-math-0057$ , we can restate these requirements as follows:

R₁: $c04-math-0059$ ,
$c04-math-0060$ : $c04-math-0061$ , i ≥ 1,
$c04-math-0063$ : $c04-math-0064$ , i ≥ 1,

and we need to satisfy $c04-math-0066$ . To satisfy R₁, we will construct a set $c04-math-0068$ and define $c04-math-0069$ . Then, it is easy to see that $c04-math-0070$ . (Why?) The set S will be constructed in stages. At an even stage 2i, we will construct S to satisfy requirement $c04-math-0074$ , and at stage $c04-math-0075$ , we will construct S to satisfy requirement $c04-math-0077$ .

Assume that in stage $c04-math-0078$ , we have defined a number $c04-math-0079$ such that the membership of strings of length $c04-math-0080$ in S have been determined. (Let n₁ be an arbitrary number, say, 0, and let $c04-math-0083$ .) Then, at stage 2i, we will determine the integer $c04-math-0085$ and let $c04-math-0086$ for all x of length $c04-math-0088$ . To determine $c04-math-0089$ , we note that we need $c04-math-0090$ be large enough so that the requirement $c04-math-0091$ is satisfied by set $c04-math-0092$ in the sense that there exists a string x of length $c04-math-0094$ such that $c04-math-0095$ . By the assumption that $c04-math-0096$ , such an x must exist. We consider a TM U, which operates as follows: On input i, it first simulates the stages $c04-math-0100$ to get integers n_j, for $c04-math-0102$ . Then it simulates M_i and $c04-math-0104$ on x of length $c04-math-0106$ , in the increasing order, until an x is found in $c04-math-0108$ , and it outputs this x. We define $c04-math-0110$ to be the number of moves of U taken on input i. Note that if x is the output of U(i), then $c04-math-0115$ . Therefore, the requirement $c04-math-0116$ is satisfied.

At stage $c04-math-0117$ , we assume that $c04-math-0118$ is already determined by stage 2i. We will determine $c04-math-0120$ and let $c04-math-0121$ for all x of length $c04-math-0123$ . Our requirement here is $c04-math-0124$ and we need a witness $c04-math-0125$ . However, set A isnot completely defined yet. What we can do is to pretend that $c04-math-0127$ is equal to A. That is, we will satisfy the requirement $c04-math-0129$ instead of $c04-math-0130$ and, in later stages, make sure that the computation of $c04-math-0131$ on x is the same as the computation of $c04-math-0133$ on x, where x is the witness found in stage $c04-math-0136$ .

To do this, we consider the following TM V: On input i, it first simulates the stages $c04-math-0139$ to get integers n_j, for $c04-math-0141$ . Then it simulates machines $c04-math-0142$ and $c04-math-0143$ on input x of length $c04-math-0145$ , in the increasing order. For each x, if machine N_i queries whether a string y is in $c04-math-0149$ , it answers YES if and only if $c04-math-0150$ for some $c04-math-0151$ and $c04-math-0152$ . Finally, the machine V on input i outputs the smallest x of length $c04-math-0156$ which is in $c04-math-0157$ . (As $c04-math-0158$ is a finite set, such an x exists by the assumption that $c04-math-0160$ .) We let $c04-math-0161$ be the runtime of the machine V on input i. Note that $c04-math-0164$ , where x is the output of V(i), and all queries made by $c04-math-0167$ on x are of length $c04-math-0169$ . By setting this $c04-math-0170$ and noticing that, in later stages, we will not change the membership of strings of length $c04-math-0171$ , we conclude that $c04-math-0172$ , and the requirement $c04-math-0173$ is satisfied.

Finally, we let S be the set $c04-math-0175$ . We need to prove that set S is computable in polynomial time. To see this, we first observe that the simulation of stage j can be done in time $c04-math-0178$ , because n_j is the runtime of stage j to find n_j. Now, for any x, we can determine whether it is in S as follows: We simulate stages j, j ≥ 1, in the increasing order, and keep a counter to count the number ofmoves simulated up to that point. Before the simulation of stage j, we know that $c04-math-0187$ . During the simulation of stage j, if the value of the counter becomes bigger than $c04-math-0189$ , then we know that $c04-math-0190$ , and we halt and output that $c04-math-0191$ if and only if j is even. This completes the proof of the theorem.

The above proof method is called the delayed diagonalization, because the diagonalization requirements $c04-math-0193$ and $c04-math-0194$ are satisfied by a search process that always halts but the amount of time for the search is not known in advance.

The following theorem, an analog of Post's problem in the classical recursion theory, reveals further structural properties of languages in NP. It can be proved using the technique of delayed diagonalization. We leave its proof as an exercise.

Theorem 4.4

4.2 One-Way Functions and Cryptography

One-way functions are a fundamental concept in cryptography, having a number of important applications, including public-key cryptosystems, pseudorandom generators, and digital signatures. Intuitively, a one-way function is a function that is easy to compute but its inverse is hard to compute. Thus it can be applied to develop cryptosystems that need easy encoding but difficult decoding. If we identify the intuitive notion of “easiness” with the mathematical notion of “polynomial-time computability,” then one-way functions are subproblems of NP, because the inverse function of a polynomial-time computable function is computable in polynomial-time relative to an oracle in NP, assuming that the functions are polynomially honest. Indeed, all problems in NP may be viewed as one-way functions.

Example 4.5

Strictly speaking, function $c04-math-0211$ is, however, not really a one-way function because it is not a one-to-one function and its inverse is really a multivalued function. In the following, we define one-way functions for one-to-one functions. We say that a function $c04-math-0212$ is polynomially honest if there is a polynomial function q such that for each $c04-math-0214$ , $c04-math-0215$ and $c04-math-0216$ .

Definition 4.6

The above definition did not define the notion of inverse function of f, because f is not necessarily a surjection. We may arbitrarily define the inverse function $c04-math-0223$ of a one-to-one function f to be

and have the following equivalent definition.

Proposition 4.7

Proof

Following the example $c04-math-0233$ , it is easy to see that if $c04-math-0234$ , then one-way functions do not exist. Indeed, the complexity of weak one-way functions can be characterized precisely by a subclass UP of NP.

Definition 4.8

It is clear that $c04-math-0238$ . The following characterization of UP is a simple extension of Theorem 2.1.

Proposition 4.9

Proposition 4.10

Proof

a: First assume that f is a one-way function. Define $c04-math-0250$ . Then, from the polynomial honesty of f, A_f is in NP, because we only need to guess a string v of length at most $c04-math-0254$ , for some fixed polynomial q, and verify that $c04-math-0256$ . In addition, $c04-math-0257$ because there is at most one string x such that $c04-math-0259$ , and so the witness v, if exists, is unique. Finally, we observe that the inverse function $c04-math-0261$ is polynomial-time computable using A_f as an oracle (cf. Exercise 2.2). Thus, A_f is not in P.

For the converse, we assume that $c04-math-0264$ or, equivalently, there exist a set $c04-math-0265$ and a polynomial p such that for each x,

Define a function

Then, f_A is a one-to-one function, because for each x there is at most one string y satisfying $c04-math-0273$ . It is also easy to see that f_A is polynomially honest. Finally, suppose, for the sake of contradiction, that there is a polynomial-time computable function g such that $c04-math-0276$ for all $c04-math-0277$ . Then, the following algorithm solves the problem A in polynomial time and gives us a contradiction:

For any input x, compute $c04-math-0280$ ;If $c04-math-0281$ , then accept x, else reject it.

Part (b) can be proved in a similar way. We leave it as an exercise (Exercise 4.5).

A one-way function f satisfying the conditions of Definition 4.6 is called a weak one-way function because its inverse is not computable in polynomial time in the very weak worst-case complexity measure. That is, for every polynomial-time computable function g attempting to compute the inverse of f, there are infinitely many instances $c04-math-0286$ , such that $c04-math-0287$ for all i ≥ 1. However, this function g could be a very good approximation to $c04-math-0290$ in the sense that such errors occur only on some very sparsely distributed instances $c04-math-0291$ . In the applications of cryptography, a cryptosystem based on such a one-way function is not secure because the approximation function g allows a fast decoding for a large portion of the input instances. Instead, stronger one-way functions whose inverses are hard to compute for the majority of input instances are needed for a secure cryptosystem. We formulate this notion in the following. We only consider functions defined on alphabet {0,1}.

Definition 4.11

In other words, a function f is strongly one way if any polynomial-time function approximating its inverse succeeds only on a small (or negligible) amount of input instances.¹ As this notion of strong one-way functions is much stronger than that of Definition 4.6, it is questionable whether strong one-way functions really exist. Most researchers in cryptography, however, believe that many strong one-way functions do exist. Several natural candidates for strong one-way functions have been found in number-theoretic problems. In particular, the problems FACTOR and SQRT are believed to be so hard to solve that any attack to them can only solve a negligible portion of the input instances. That is, the functions multiplication and square modulo an integer are candidates of strong one-way functions.²^,³

Corresponding to the notion of strong one-way functions, there are some natural decision problems that are also considered difficult to solve even for a small portion of the input instances. The following definition captures this notion in the spirit of Definition 4.11.

Definition 4.12

For instance, let n be an integer that is a product of two prime numbers, p and q. Then, in general, it is considered as an extremely difficult problem to determine whether a given integer x, $c04-math-0315$ , is in QR_n. In theoretical cryptography, it is often assumed that sets QR_n are strongly unpredictable in the sense that there exists an infinite set S of positive integers such that for any polynomial-time computable function $c04-math-0319$ and any polynomial function p,

for almost all $c04-math-0322$ . (See an application in Exercise 4.8.)

In the rest of this section, we present a public-key cryptosystem based on the assumption that the function multiplication is a strong one-way function. We first introduce some terminology for public-key cryptosystems. In a public-key cryptosystem, a sender S needs to send amessage T_P to a receiver R via a communication channel that is open to the public (hence, not secure), and yet the system needs to protect the message from the unauthorized users of the system. To ensure the security, the sender S first applies an encryption algorithm E to map the message T_P (the plaintext) to an encrypted message T_C (the ciphertext) and then sends the message T_C to the receiver R. The receiver R then applies a decryption algorithm D to map T_C back to T_P. Usually, all users in the system use the same encryption and decryption algorithms but each user uses different parameters when applying these algorithms. That is, the encryption and decryption algorithms compute functions of two parameters: $c04-math-0336$ and $c04-math-0337$ . The parameters K_E and K_D are called the encryption key and the decryption key, respectively. Each pair of users S and R may be required to set up their own keys for communication. The transmission of the message is illustrated in Figure 4.1.

**Figure 4.1** A public-key cryptosystem.

In a private-key cryptosystem, both keys K_E and K_D are kept secret from the public. Each pair of users S and R first, through some other secret channel, develops the encryption and decryption keys and keeps them to themselves. Such a system is secure if it is hard to compute a plaintext from the ciphertext alone.

In a public-key cryptosystem, each user R establishes his/her own pair of keys K_E and K_D and makes the encryption key K_E open to the public but keeps the decryption key K_D secret to him/herself. As the encryption key K_E is known not only to the sender S but also to all other users, the system is secure only if it is hard to compute the plaintext from the ciphertext and the encryption key. In particular, the decryption key must be hard to compute from the encryption key. In other words, the function $c04-math-0353$ needs to satisfy the following conditions:

f is easy to compute;
$c04-math-0355$ is hard to compute even if K_E is known; and
$c04-math-0357$ becomes easy to compute if K_D is available.

Such a function is called a trapdoor one-way function. So, a one-way function f can be applied to public-key cryptosystems only if it is also a trapdoor function (i.e., to satisfy condition (3) above).

The Rivest–Shamir–Adleman (RSA) cryptosystem is based on the one-way function exponentiation modulo an integer. In this system, each pair of keys K_E and K_D is selected as follows: First, find two distinct prime numbers p,q, and let $c04-math-0363$ . Next, find a pair of integers $c04-math-0364$ such that

4.1

where $c04-math-0366$ is the Euler function, that is, $c04-math-0367$ is the number of positive integers x with $c04-math-0369$ . Note that for $c04-math-0370$ , $c04-math-0371$ . Let $c04-math-0372$ and $c04-math-0373$ . The encryption function E and the decryption function D are defined as follows:

The following lemma shows that the above functions E and D are inverses of each other.

Lemma 4.13

Proof

To see whether the RSA system is a good public-key cryptosystem, we need to verify whether the encryption function is indeed a trapdoor one-way function. First, we observe that if p,q are known, then the integers e and d satisfying (4.1) are easy to find and, hence, the system is easy to set up. To find the pair (e,d), we first select a prime number e between $c04-math-0411$ and $c04-math-0412$ . As $c04-math-0413$ , we have $c04-math-0414$ , and so e is relatively prime to $c04-math-0416$ . Then, using the Euclidean algorithm, we can find the integer d such that $c04-math-0418$ (see, e.g., Knuth (1981)). Next, it is well known that exponentiation function $c04-math-0419$ can be computed using $c04-math-0420$ modulo multiplications by a simple dynamic programming algorithm. Thus, both E and D are easy to compute. So it is left to determine how hard it is to compute the decryption key $c04-math-0423$ from the encryption key (the public key) $c04-math-0424$ . If the factors p and q of n are known, then $c04-math-0428$ is known and the integer d can be found easily from e. Thus, the security of the RSA system depends on the hardness of factoring an integer into two primes. Conversely, suppose that integer factoring is known to be an intractable problem. Does it mean that the RSA system is secure? In other words, if we have a fast algorithm breaking the RSA system, do we then have a fast factoring algorithm? The answer is yes if we make some modification on the above scheme (see Rabin (1979)). Thus, the complexity of breaking the (modified) RSA system is equivalent to the complexity of factoring the products of two primes, and the RSA system is considered secure, assuming that the function multiplication is a strong one-way function.⁴

4.3 Relativization

The concept of relativization originates from recursive function theory. Consider, for example, the halting problem. We may formulate it in the following form: $c04-math-0433$ halts $c04-math-0434$ , where M_x is the xth TM in a standard enumeration of all TMs. Now, if we consider all oracle TMs, we may ask whether the set $c04-math-0437$ halts $c04-math-0438$ is recursive relative to A. This is the halting problem relative to set A. It is easily seen from the original proof for thenonrecursiveness of K that K_A is nonrecursive relative to A (i.e., no oracle TM can decide K_A using A as an oracle). Indeed, most results in recursive function theory can be extended to hold relative to any oracle set. We say that such results relativize. In this section, we investigate the problem of whether $c04-math-0446$ in the relativized form. First, we need to define what is meant by relativizing the question of whether $c04-math-0447$ . For any set A, recall that P^A (or P(A)) is the class of sets computable in polynomial time by oracle DTMs using A as the oracle and, similarly, NP^A (or $c04-math-0453$ ) is the class of sets accepted in polynomial time by oracle NTMs using oracle set A. Using these natural relativized forms of the complexity classes P and NP, we show that the relativized $c04-math-0457$ question has both the positive and negative answers, depending on the oracle set A.

Theorem 4.14

Proof

Let A be any set that is $c04-math-0464$ -complete for PSPACE. Then, by Savitch's theorem, we have
(The first inclusion follows from the fact that all the query to set A can be simulated in polynomial space.)
First define, for any set B, a set

Then we can see easily that $c04-math-0469$ because for any 0ⁿ, we can guess a string x of length n and check that x is in B by making a single query to B.

We are going to construct a set $c04-math-0476$ such that $c04-math-0477$ ; thus L_B is a set in $c04-math-0479$ . Intuitively, in polynomial time, we can only query the set B a polynomial number of times and leave a lot of strings x of length n unqueried and so cannot decide whether 0ⁿ is in L_B or not. Formally, we use a stage construction like that in Theorem 4.3 to define set B. Recall that the class of polynomial-time oracle TMs are effectively enumerable. We let them be $c04-math-0486$ . In each stage i ≥ 1, we need to construct a portion of set B that satisfies the requirement

R_i: $c04-math-0491$ .

If all requirements R_i, i ≥ 1, are satisfied, then $c04-math-0494$ for any i ≥ 1 and, hence, $c04-math-0496$ . We now describe each stage i ≥ 1 as follows:

Prior to Stage 1, we set $c04-math-0498$ and $c04-math-0499$ . We assume that by the end of stage i − 1, we have already defined integer $c04-math-0501$ and a finite set $c04-math-0502$ .

Stage i. We choose the least integer n such that (i) $c04-math-0505$ , where p_i is the polynomial that bounds the runtime of machine M_i, and (ii) $c04-math-0508$ . Then, let $c04-math-0509$ and $c04-math-0510$ . Simulate M_i on x_i with oracle $c04-math-0513$ . That is, when M_i asks whether y is in the oracle, we simulate with the answer YES if $c04-math-0516$ and with answer NO otherwise. When M_i halts, if it accepts x_i, then we let $c04-math-0519$ (and so $c04-math-0520$ ). If it rejects x_i, then we find a string y of length n_i that was not queried in the computation of $c04-math-0524$ , and let $c04-math-0525$ . (Such a string y always exists, because there are $c04-math-0527$ strings of length n_i, and M_i on x_i can query at most $c04-math-0531$ times.) Note that $c04-math-0532$ .

The above completes the description of each stage i. We let $c04-math-0534$ and claim that each requirement R_i is satisfied by B.

For each i ≥ 1, we note that $c04-math-0538$ accepts if and only if the simulation of $c04-math-0539$ on x_i in stage i accepts. This is true because we set $c04-math-0542$ and so we never add any string to B of length shorter than or equal to $c04-math-0544$ in later stages. In addition, if we add a string y to B_i in stage i, we have made sure that the computation of $c04-math-0548$ never queries y. Thus, the queries made by M_i to B have the same membership in $c04-math-0552$ as in B. This shows that the simulation in stage i is correct and, hence, $c04-math-0555$ if and only if $c04-math-0556$ rejects.

It is interesting to know that the question of whether $c04-math-0557$ can be answered either way relative to different oracles. What does this mean to the original unrelativized version of the question of whether P is equal to NP? Much research has been done on this subject, and yet we do not have a consensus. We summarize in the following sections some of the interesting results in this study.

4.4 Unrelativizable Proof Techniques

First, a common view is that the question of whether P is equal to NP is a difficult question in view of Theorem 4.14. As most proof techniques developed in recursion theory, including the basic diagonalization and simulation techniques, relativize, any attack to the $c04-math-0559$ question must use a new, unrelativizable proof technique. Many more contradictory relativized results like Theorem 4.14 (including some in Section 4.5) on the relations between complexity classes tend to support this viewpoint. On the other hand, some unrelativizable proof techniques do exist in complexity theory. For instance, we will apply an algebraic technique to collapse the complexity class PSPACE to a subclass IP (see Chapter 10). As there exists an oracle X that separates PSPACE^X from IP^X, this proof is indeedunrelativizable. Though this is a breakthrough in the theory of relativization, it seems still too early to tell whether such techniques are applicable to a wider class of questions.

4.5 Independence Results

One of the most interesting topics in set theory is the study of independence results. A statement A is said to be independent of a theory T if there exist two models M₁ and M₂ of T such that A is true in M₁ and false in M₂. If a statement A is known to be independent of the theory T, then neither A nor its negation $c04-math-0574$ is provable in theory T. The phenomenon of contradictory relativized results looks like a mini-independent result: neither the statement $c04-math-0576$ nor its negation $c04-math-0577$ is provable by relativizable techniques. This observation raises the question of whether they are provable within a formal proof system. In the following, we present a simple argument showing that this is indeed possible.

To prepare for this result, we first briefly review the concept of a formal proof system. An axiomatizable theory is a triple $c04-math-0578$ , where Σ is a finite alphabet, $c04-math-0580$ is a recursive set of well-formed formulas, and $c04-math-0581$ is an r.e. set. The elements in T are called theorems. If T is recursive, we say the theory F is decidable. We are only interested in a sound theory in which we can prove the basic properties of TMs. In other words, we assume that TMs form a submodel for F, all basic properties of TMs are provable in F, and all theorems in F are true in the TM model. In the following, we let $c04-math-0588$ be a fixed enumeration of multi-tape DTMs.

Theorem 4.15

Proof

Let A and Bbe two recursive sets such that $c04-math-0597$ and $c04-math-0598$ . Define a TM M such that M accepts (j,x) if and only if among the first x proofs in F there is a proof for the statement “ $c04-math-0604$ ” and $c04-math-0605$ or there is a proof for the statement “ $c04-math-0606$ ” and $c04-math-0607$ . By the recursion theorem, there exists an index j₀ such that $c04-math-0609$ accepts x if and only if M accepts $c04-math-0612$ . (See, e.g., Rogers (1967) for the recursion theorem.)

Now, if there is a proof for the statement “ $c04-math-0613$ ” in F, then for almost all x, M accepts $c04-math-0617$ if and only if $c04-math-0618$ . That is, the set $c04-math-0619$ differs from the set B by only a finite set and, hence, $c04-math-0621$ implies $c04-math-0622$ . Similarly, if there exists a proof for the statement “ $c04-math-0623$ ”, then $c04-math-0624$ differs from A by only a finite set and, hence, $c04-math-0626$ implies $c04-math-0627$ . By the soundness of the theory F, we conclude that neither “ $c04-math-0629$ ” nor “ $c04-math-0630$ ” is provable in F.

Furthermore, because neither “ $c04-math-0632$ ” nor “ $c04-math-0633$ ” is provable in F, the machine $c04-math-0635$ does not accept any input x, that is, $c04-math-0637$ .

We remark that although the above machine $c04-math-0638$ accepts an empty set, this does not imply that the statement $c04-math-0639$ is independent of F because the equivalence of $c04-math-0641$ and P and the equivalence of $c04-math-0643$ and NP are not necessarily provable in the system F. So, the above result proves that for any reasonable formal proof system F, there are some statements of interests to complexity theory that are independent of F. Whether the statement $c04-math-0648$ is independent of any specific formal proof system is yet still unknown.

4.6 Positive Relativization

Still another viewpoint is that the formulation of the relativized complexity class NP^A used in Theorem 4.14 does not reflect correctly the concept of nondeterministic computation. Consider the set L_B in the proof of Theorem 4.14. Note that although each computation path of the oracle NTM M that accepts L_B asks only one question to determine whether 0ⁿ is in B, the whole computation tree of $c04-math-0655$ makes an exponential number of queries. While it is recognized that this is the distinctive property of an NTM to make, in the whole computation tree, an exponential number of moves, the fact that M can access an exponential amount of information about the oracle B immediately makes the oracle NTMs much stronger than oracle DTMs. To make the relation between oracle NTMs and oracle DTMs close to that between regular NTMs and regular DTMs, we must not allow the oracle NTMs to make arbitrary queries. Instead, we would like to know whether an oracle NTM that is allowed to make, in the whole computation tree, only a polynomial number of queries is stronger than an oracle DTM. When we add these constraints to the oracle NTMs, it turns out that the relativized $c04-math-0658$ question is equivalent to the unrelativized version. This result supports the viewpoint that the relativized separation of Theorem 4.14 is due to the extra information that an oracle NTM can access, rather than the nondeterminism of the NTM and, hence, this kind of separation results bear no relation to the original unrelativized questions. This type of relativization is called positive relativization. We present a simple result of this type in the following.

Definition 4.16

Theorem 4.17

Proof

The backward direction is trivial because $c04-math-0673$ . Conversely, assume that $c04-math-0674$ and let $c04-math-0675$ . Let M be a polynomial-time oracle NTM and p a polynomial such that M^A accepts L in time p and that the whole computation tree of $c04-math-0681$ contains at most $c04-math-0682$ queries. We are going to describe a polynomial-time algorithm for L.

Let α be a configuration in the computation of $c04-math-0685$ , $c04-math-0686$ be a sequence of strings of length $c04-math-0687$ and $c04-math-0688$ be a sequence of bits in {0,1}. We say that a configuration β is a q-successor of α with respect to $c04-math-0692$ if the following conditions hold:

β is an accepting configuration or a configuration in a query state whose query string z is different from all y_i, $c04-math-0696$ ; and
There exists a sequence of computation of M of size $c04-math-0698$ , relative to an oracle X, from the configuration α to β without making any queries other than $c04-math-0702$ and, in the case that y_i is queried, the answer to it is b_i, $c04-math-0705$ (i.e., $c04-math-0706$ ).

We define a function f that maps a triple $c04-math-0708$ to the least q-successor β of α with respect to $c04-math-0711$ (under the lexicographic ordering over all configurations) or, if such a q-successor does not exist, to the empty string λ. We claim that f is polynomial-time computable.

To see this, let $c04-math-0714$ there exists a configuration βwhich is a q-successor of α with respect to $c04-math-0717$ such that γ is a prefix of $c04-math-0719$ . Apparently, $c04-math-0720$ . By our assumption of $c04-math-0721$ , $c04-math-0722$ . Thus we can compute $c04-math-0723$ by the prefix search technique (see Exercise 2.2).

Now we describe a deterministic simulation of the computation of $c04-math-0724$ , based on the depth-first search of the computation tree of $c04-math-0725$ . The algorithm is written as a recursive procedure.

Deterministic Algorithm for $c04-math-0726$ :On input x, let α₀ be the initial configuration of $c04-math-0729$ and let $c04-math-0730$ and $c04-math-0731$ be the empty list. Call the procedure Search(α₀). If the procedure Search returns FAIL, then reject x and halt.Procedure Search $c04-math-0734$ ;{In the following, $c04-math-0736$ and $c04-math-0737$ are global variables.} Loop foreverLet $c04-math-0739$ ;Case 1. β is an accepting configuration: accept x and halt;Case 2. $c04-math-0742$ : return (FAIL);Case 3. β is a query configuration with the query string z:Then, query A to get $c04-math-0746$ ;let α₁ be the next configuration following β using answer $c04-math-0749$ ;let $c04-math-0750$ be the concatenation of $c04-math-0751$ and z;let $c04-math-0753$ be the concatenation of $c04-math-0754$ and c;Call the procedure Search $c04-math-0756$ ;If Search $c04-math-0757$ returns FAIL, then continueEnd Loop

We note that Search $c04-math-0758$ halts only when (a) an accepting configuration has been found (and x is accepted) or (b) when the lists $c04-math-0760$ becomesso big that $c04-math-0761$ (and x is rejected). We notice that whenever a query z is added to the list $c04-math-0764$ , the corresponding answer $c04-math-0765$ is added to the list $c04-math-0766$ . Therefore, in case (a), the accepting configuration found must be correct, and so x is correctly accepted. In case (b), $c04-math-0768$ implies that $c04-math-0769$ contains all queries in the whole computation tree of $c04-math-0770$ and that there is no accepting computation in this tree. So the algorithm rejects x correctly.

It remains to show that the algorithm always halts within polynomial time. To analyze the above algorithm, let $c04-math-0772$ and $c04-math-0773$ be the empty list. Notice that the recursive calls generated by the procedure Search $c04-math-0774$ , with the initial lists $c04-math-0775$ and $c04-math-0776$ , form an ordered tree T_x with the following properties:

Each node of the tree T_x has a label α that is a configuration of $c04-math-0780$ . The label of the root of the tree T_x is α₀.
Each edge of the tree is labeled with a pair of lists $c04-math-0783$ . The leftmost edge from the root α₀ has label $c04-math-0785$ .
The child α₁ of node α under the edge $c04-math-0788$ is either (a) $c04-math-0789$ if β is an accepting configuration or if $c04-math-0791$ , and in this case α₁ is a leaf, or (b) the next configuration of $c04-math-0793$ if β is a querying configuration. In the case (b), the leftmost edge of α₁ has label $c04-math-0796$ , where $c04-math-0797$ is the concatenation of $c04-math-0798$ and the query z of β, and $c04-math-0801$ is the concatenation of $c04-math-0802$ and $c04-math-0803$ .
Assume that an internal nodeα has k > 1 children, and assume that the jth leftmost edge, $c04-math-0807$ , has label $c04-math-0808$ . Then, the label of the $c04-math-0809$ th leftmost edge from α is $c04-math-0811$ , where $c04-math-0812$ is the concatenation of list $c04-math-0813$ and all query strings in the jth subtree of α and $c04-math-0816$ is the concatenation of $c04-math-0817$ and all the answers to those queries from oracle A.

Now we observe that because the computation tree $c04-math-0819$ contains at most $c04-math-0820$ queries, and because each internal node of T_x corresponds to a unique query, there are at most $c04-math-0822$ nodes in T_x. Our deterministic algorithm actually performs a depth-first search of this tree T_x. For each edge, it calls the function f once to create the corresponding child node. Thus, the algorithm must halt in polynomial time.

The above theorem shows that we are not able to separate $c04-math-0826$ from P^A for any oracle A unless we can show $c04-math-0829$ . On the other hand, we note that $c04-math-0830$ for all PSPACE-complete sets A. Thus, the relativized collapsing of $c04-math-0832$ to P^A still works, but it only demonstrates the power of a PSPACE-complete set as an oracle and does not provide much information about the unrelativized $c04-math-0834$ question.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter

Create new playlist

Sign In

Sign Up

Structure of NP

4.1 Incomplete Problems in NP

Example 4.1

Example 4.2

Theorem 4.3

Proof

Theorem 4.4

4.2 One-Way Functions and Cryptography

Example 4.5

Definition 4.6

Proposition 4.7

Proof

Definition 4.8

Proposition 4.9

Proposition 4.10

Proof

Definition 4.11

Definition 4.12

Lemma 4.13

Proof

4.3 Relativization

Theorem 4.14

Proof

4.4 Unrelativizable Proof Techniques

4.5 Independence Results

Theorem 4.15

Proof

4.6 Positive Relativization

Definition 4.16

Theorem 4.17

Proof

Table of Contents for
Chapter