Lecture 22: Oct 29, Interactive proof for graph non-isomorphism
|
|
- Derick Hart
- 6 years ago
- Views:
Transcription
1 E0 4 Computational Complexity Theory Indian Institute of Science, Bangalore Fall 04 Department of Computer Science and Automation Lecture : Oct 9, 04 Lecturer: Chandan Saha <chandan@csa.iisc.ernet.in> Scribe: Pawan umar. Interactive proof for graph non-isomorphism In this lecture we will show that the language GNI is in class IP. Two graphs G and G are isomorphic if there is a permutation π of the labels of the nodes of G such that π(g ) G, where π(g ) is the labeled graph obtained by applying π on its vertex labels. Definition.. GNI {< G, G >: G G i.e. G and G are nonisomorphic} Definition.. GI {< G, G >: G G i.e. G and G are isomorphic} Claim: GI NP Proof. The certificate is the description of permutation π. One can apply the permutation π on the vertices of G and check whether π(g ) G in polynomial time. Interactive protocol for GNI Input: Adjacency matrices of G and G. (w.l.o.g. let n be the no. of vertices in G &G ) V: Verifier picks i R {, } and a random π S n, where set S n contains all permutations of first n natural numbers. Computes H π(g i ), sends H to prover. P: Prover sends j {, } to V after seeing H. V: If i j then accept else reject. observation: If (G, G ) GNI then P s.t. P r [Out V < V, P > (G, G ) ] If (G, G ) GNI then P P r [Out V < V, P > (G, G ) ] Remark It appears the fact that verifier is keeping it s random coins secret is crucial. Class IP was defined in a work by Goldwasser, Micali, Rackoff in 985. Laszlo Babai defined the classes AM(& MA) using public coins. Definition.. Class AM[k] (Arthur-Merlin) : For any k N, AM[k] is a subclass of IP[k], where the verifier only sends random strings to the prover and it is not allowed to use any other random bits that has not been revealed to the prover. Class AM[] is also denoted by AM. -
2 Lecture : Oct 9, 04 - Definition.4. Class MA (Merlin-Arthur) : It is the class of languages with a two round public-coin interactive proof with the prover sending first message. Lemma : For every k>0, AM[k] AM Recall: BP.NP {L : L R SAT } Lemma : AM BP.NP Proof. AM BP.NP : Suppose L AM, we need to show that L BP.NP. Let x L, for fixed input x V picks a random string r and send r to P. Upon receiving r prover sends a g(x, r) to verifier. Now V runs polytime algorithm say f(x, r, a). If x L then If x L then P s.t. P r r [Out V < V, P > (x, a, r) ] P P r r [Out V < V, P > (x, a, r) ] Note that for any strings x, r the execution between verifier and prover can be interpreted as non-deterministic computation such that V on input (x, r) has access to some witness a (provided by P), which is checked by the polytime V. That is the language L {(x, r) : a s.t. V (x, r, a) } is in NP, and therefore there exist a formula φ x,r such that (x, r) L φ x,r SAT. Observe that Out V < V, P > (x, a, r) if & only if (x, r) L φ x,r SAT. Hence x L P r r [φ x,r SAT ] x L P r r [φ x,r SAT ] Hence, L BP.NP BP.NP AM : Suppose L BP.NP, we need to show that L AM. Since L BP.NP there is a polytime algorithm f for constructing a formula φ x,r f(x, r) such that for every string x x L P r r [φ x,r SAT ] x L P r r [φ x,r SAT ] The -round protocol for deciding L is as follows: The verifier sends to the prover a random string r, and the prover replies with a satisfying assignment for φ x,r. At the end, the verifier checks that indeed the assignment is satisfying for φ x,r. Theorem.5. (Goldwasser-Sipser) For every k : N N, with k(n) computable in polytime, IP[k] AM[k+] We ll now show an AM protocol for GNI. Claim : Define the following set for two graphs G and G. S {(H, π) : H G orh G and π auto(h) } where π is an automorphism of H. Case : If G G then S n! Case : If G G then S n! Proof. For an n-vertex graph consider the multiset all(g) {π (G),..., π n! (G)} of all permuted version of G. This is indeed a multi-set since it is possible that π i (G) π j (G) even when π i π j. Let auto(g) {π π(g) G} be
3 Lecture : Oct 9, 04 - the automorphisms of G. Let iso(g) be the set {π(g) π is a permutation}. We claim that for any n-vertex graph G we have: auto(g). iso(g) n! The reason is that our original set all(g) has exactly n! elements in it, but each graph in iso(g) appears exactly auto(g) times in all(g) (because auto(g) auto(π(g)) for any permutation π) Note that if G G then H isomorphic to G it is isomorphic to G ; also the number of automorphisms of any such H is exactly auto(g ). So the size of S is exactly auto(g ). iso(g ) n!. On the other hand, if G G then the graphs isomorphic to G are distinct from those graphs isomorphic to G. So the size of S in this case is auto(g ). iso(g ) + auto(g ). iso(g ) n! Definition.6. Pairwise independent hash functions: Let H m, be a collection of functions from {0, } m to {0, }. H m, is pairwise independent if x, x {0, } m with x x and y, y {0, }, P r {h(x) y and h(x ) y }. m, Protocol: Goldwasser-Sipser Set Lower Bound Protocol Notations: Let S {0, } m be a set such that membership in S can be certified efficiently. The prover s goal is to convince the verifier that S and if S then verifier will reject with high probability, where n! and be such that < V: Verifier picks a random h H m, H(say), picks y R {0, } and sends h, y to prover P. P: Prover returns an x {0, } m and a z (an honest prover returns an x in S s.t. h(x) y if such an x exists and z certifies that x S). V: If h(x) y and z certifies that x S then accept; otherwise reject. Theorem.7. GNI AM Proof. We need to show that there exists a -round protocol s.t. if < G, G > GNI i.e. G G then probability of acceptance is high. if < G, G > GNI i.e. G G then probability of acceptance is low. The protocol is defined above. By using the above claim we compute the acceptance probability in two cases: Case : If S n! P r { x S, s.t. h(x) y} n! + (.) y R {0,} Case : If S n! P r { x S, s.t. h(x) y}? (.) y R {0,} Now we fix y arbitrarily and compute the probability P r { x S, s.t. h(x) y} Let E x be the event that h(x) y, according to inclusion exclusion principle { } P r E x P r {E x } P r {E x E x } (.) x x x x
4 Lecture : Oct 9, 04-4 Now put the value of euation.6 in euation. P r {E x } (.4) P r {E x E x } (as h is picked from H m,) (.5) P r x S x x (.6) P r { x S, s.t. h(x) y} x S x x S S.. ( + ) ( + ) 4 Lemma: Let p S then 4 p P r { x, h(x) y} p y R {0,} Note: If we repeat the lower bound protocol independently M times, where M is in poly( x ), we can tightly bound the probability of acceptance by using Chernoff bound. Case : If S i.e. G G and verifier accepts then this is bad event P r [ Bad Event ] P r [ V accepts ] Case : If S i.e. G G and verifier accepts then this is good event Remark: For single iteration if case then P r [ V accepts ] if case then P r [ V accepts ] 4. P r [ Good Event ] P r [ V accepts ] 4. Let X i be the indicator random variable defined as below, { if V accepts in i X i th iteration 0 if V rejects in i th iteration
5 Lecture : Oct 9, 04-5 Let X M i X i, For case E [X] For case E [X] 4 P r [X i ] P r [V accepts] [ M ] E [X] E X i M M i M E [X i ] (linearity of expectation as X is are iids) i M P (X i ) i If the expected value is close to M then output G G, if expected value is close to 4 M then output G G. We know that for case expected value is less than eual to M and the error probability is P r [X > ( + δ)e [X]]. In case expected value is greater than eual to 4 M and the error probability is P r [X < ( δ)e [X]]. We ll apply Chernoff bound to restrict these error probabilities as follows For case P r [X > ( + δ)e [X]] e E[X]δ For case P r [X < ( δ)e [X]] e E[X]δ We need to upper bound the error probability in both the cases. Case : In this case P r [Error] P r [ X > ( + δ) M ] and E [X] M we can not directly apply the Chernoff bound because if E [X] 0 then P r [Error] which is obvious and is of no use. Hence we ll apply the Markov s ineuality. By Markov s ineuality [ P r [Error] P r X > ( + δ) ] M E [X] ( + δ) M If E [X] M then Pr[Error] Else i.e. (E [X] M) we need to apply the chernoff bound
6 Lecture : Oct 9, 04-6 E [X] M ( + δ)e [X] ( + δ) M if X > ( + δ) M then X > ( + δ)e [X] [ P r X > ( + δ) ] M P r [X < ( + δ)e [X]] e E[X]δ (using chernoff bound) e E[X]δ e M δ 9 as E [X] M Remark: By increasing the number of rounds i.e. M we can decrease the error probability. Error probability for this case say EP P r [Error] min(, ) e C.M, where C δ 9 is constant. Case : In this case P r [Error] P r [ X < ( δ) 4 M ] E [X] 4 M ( δ)e [X] ( δ) 4 M if X < ( δ) M then X < ( δ)e [X] 4 [ P r X < ( δ) ] 4 M P r [X < ( δ)e [X]] e E[X]δ (using chernoff bound) e E[X]δ e 4 M δ Remark: Error probability for this case say EP P r [Error], where C e C.M 4 overall error probability P r [Error] max(ep, EP ) Choose a δ such that ( + δ) + M < ( δ) + M δ is constant. Hence the ( + δ) < ( δ) ( + δ) ( δ) < For example, δ 0 suffices. Lemma: If GI is NP-Complete then PH collapses.
7 Lecture : Oct 9, 04-7 Proof. Let us assume GI NP-Complete GNI Co NP C SAT P GNI SAT BP.NP (as GNI AM BP.NP ) SAT R SAT Co NP BP.NP NP /poly Note: Assignment Problem If Co-NP NP /poly then PH collapses to P. (This is also known as Yap s theorem). References [M] S. ARORA and B. BARA Computational Complexity: A Mordern Approach, Cambridge University Press, 009
Complexity Theory. Jörg Kreiker. Summer term Chair for Theoretical Computer Science Prof. Esparza TU München
Complexity Theory Jörg Kreiker Chair for Theoretical Computer Science Prof. Esparza TU München Summer term 2010 2 Lecture 15 Public Coins and Graph (Non)Isomorphism 3 Intro Goal and Plan Goal understand
More information2 Natural Proofs: a barrier for proving circuit lower bounds
Topics in Theoretical Computer Science April 4, 2016 Lecturer: Ola Svensson Lecture 6 (Notes) Scribes: Ola Svensson Disclaimer: These notes were written for the lecturer only and may contain inconsistent
More informationLecture 12: Interactive Proofs
princeton university cos 522: computational complexity Lecture 12: Interactive Proofs Lecturer: Sanjeev Arora Scribe:Carl Kingsford Recall the certificate definition of NP. We can think of this characterization
More informationNotes on Complexity Theory Last updated: November, Lecture 10
Notes on Complexity Theory Last updated: November, 2015 Lecture 10 Notes by Jonathan Katz, lightly edited by Dov Gordon. 1 Randomized Time Complexity 1.1 How Large is BPP? We know that P ZPP = RP corp
More informationLecture 18: Zero-Knowledge Proofs
COM S 6810 Theory of Computing March 26, 2009 Lecture 18: Zero-Knowledge Proofs Instructor: Rafael Pass Scribe: Igor Gorodezky 1 The formal definition We intuitively defined an interactive proof to be
More information1 Recap: Interactive Proofs
Theoretical Foundations of Cryptography Lecture 16 Georgia Tech, Spring 2010 Zero-Knowledge Proofs 1 Recap: Interactive Proofs Instructor: Chris Peikert Scribe: Alessio Guerrieri Definition 1.1. An interactive
More informationInteractive Proofs. Merlin-Arthur games (MA) [Babai] Decision problem: D;
Interactive Proofs n x: read-only input finite σ: random bits control Π: Proof work tape Merlin-Arthur games (MA) [Babai] Decision problem: D; input string: x Merlin Prover chooses the polynomial-length
More informationLecture 26: Arthur-Merlin Games
CS 710: Complexity Theory 12/09/2011 Lecture 26: Arthur-Merlin Games Instructor: Dieter van Melkebeek Scribe: Chetan Rao and Aaron Gorenstein Last time we compared counting versus alternation and showed
More informationCS151 Complexity Theory. Lecture 13 May 15, 2017
CS151 Complexity Theory Lecture 13 May 15, 2017 Relationship to other classes To compare to classes of decision problems, usually consider P #P which is a decision class easy: NP, conp P #P easy: P #P
More informationLecture 17: Interactive Proof Systems
Computational Complexity Theory, Fall 2010 November 5 Lecture 17: Interactive Proof Systems Lecturer: Kristoffer Arnsfelt Hansen Scribe: Søren Valentin Haagerup 1 Interactive Proof Systems Definition 1.
More information2 Evidence that Graph Isomorphism is not NP-complete
Topics in Theoretical Computer Science April 11, 2016 Lecturer: Ola Svensson Lecture 7 (Notes) Scribes: Ola Svensson Disclaimer: These notes were written for the lecturer only and may contain inconsistent
More informationInteractive Proof System
Interactive Proof System We have seen interactive proofs, in various disguised forms, in the definitions of NP, OTM, Cook reduction and PH. We will see that interactive proofs have fundamental connections
More informationCS151 Complexity Theory. Lecture 14 May 17, 2017
CS151 Complexity Theory Lecture 14 May 17, 2017 IP = PSPACE Theorem: (Shamir) IP = PSPACE Note: IP PSPACE enumerate all possible interactions, explicitly calculate acceptance probability interaction extremely
More informationCSCI 1590 Intro to Computational Complexity
CSCI 1590 Intro to Computational Complexity Interactive Proofs John E. Savage Brown University April 20, 2009 John E. Savage (Brown University) CSCI 1590 Intro to Computational Complexity April 20, 2009
More informationLecture 5. 1 Review (Pairwise Independence and Derandomization)
6.842 Randomness and Computation September 20, 2017 Lecture 5 Lecturer: Ronitt Rubinfeld Scribe: Tom Kolokotrones 1 Review (Pairwise Independence and Derandomization) As we discussed last time, we can
More informationLecture 15: Interactive Proofs
COM S 6830 Cryptography Tuesday, October 20, 2009 Instructor: Rafael Pass Lecture 15: Interactive Proofs Scribe: Chin Isradisaikul In this lecture we discuss a new kind of proofs that involves interaction
More informationZero-Knowledge Proofs 1
Zero-Knowledge Proofs 1 CS 702 SEMINAR Theme : Cryptography Instructor : Prof. C. Pandu Rangan ZERO-KNOWLEDGE PROOFS G. Venkatesan CS 93133 Dept. of C.S & E I.I.T Madras Zero-Knowledge Proofs 2 Outline
More information-bit integers are all in ThC. Th The following problems are complete for PSPACE NPSPACE ATIME QSAT, GEOGRAPHY, SUCCINCT REACH.
CMPSCI 601: Recall From Last Time Lecture 26 Theorem: All CFL s are in sac. Facts: ITADD, MULT, ITMULT and DIVISION on -bit integers are all in ThC. Th The following problems are complete for PSPACE NPSPACE
More informationCS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky. Lecture 9
CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky Lecture 9 Lecture date: March 7-9, 2005 Scribe: S. Bhattacharyya, R. Deak, P. Mirzadeh 1 Interactive Proof Systems/Protocols 1.1 Introduction
More informationLecture Notes 17. Randomness: The verifier can toss coins and is allowed to err with some (small) probability if it is unlucky in its coin tosses.
CS 221: Computational Complexity Prof. Salil Vadhan Lecture Notes 17 March 31, 2010 Scribe: Jonathan Ullman 1 Interactive Proofs ecall the definition of NP: L NP there exists a polynomial-time V and polynomial
More informationLecture 15 - Zero Knowledge Proofs
Lecture 15 - Zero Knowledge Proofs Boaz Barak November 21, 2007 Zero knowledge for 3-coloring. We gave a ZK proof for the language QR of (x, n) such that x QR n. We ll now give a ZK proof (due to Goldreich,
More informationZero-Knowledge Proofs and Protocols
Seminar: Algorithms of IT Security and Cryptography Zero-Knowledge Proofs and Protocols Nikolay Vyahhi June 8, 2005 Abstract A proof is whatever convinces me. Shimon Even, 1978. Zero-knowledge proof is
More informationLecture 3: Interactive Proofs and Zero-Knowledge
CS 355 Topics in Cryptography April 9, 2018 Lecture 3: Interactive Proofs and Zero-Knowledge Instructors: Henry Corrigan-Gibbs, Sam Kim, David J. Wu So far in the class, we have only covered basic cryptographic
More information6.841/18.405J: Advanced Complexity Wednesday, April 2, Lecture Lecture 14
6.841/18.405J: Advanced Complexity Wednesday, April 2, 2003 Lecture Lecture 14 Instructor: Madhu Sudan In this lecture we cover IP = PSPACE Interactive proof for straightline programs. Straightline program
More informationLecture Notes 20: Zero-Knowledge Proofs
CS 127/CSCI E-127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Lecture Notes 20: Zero-Knowledge Proofs Reading. Katz-Lindell Ÿ14.6.0-14.6.4,14.7 1 Interactive Proofs Motivation: how can parties
More informationLecture 19: Interactive Proofs and the PCP Theorem
Lecture 19: Interactive Proofs and the PCP Theorem Valentine Kabanets November 29, 2016 1 Interactive Proofs In this model, we have an all-powerful Prover (with unlimited computational prover) and a polytime
More informationLimits to Approximability: When Algorithms Won't Help You. Note: Contents of today s lecture won t be on the exam
Limits to Approximability: When Algorithms Won't Help You Note: Contents of today s lecture won t be on the exam Outline Limits to Approximability: basic results Detour: Provers, verifiers, and NP Graph
More informationLecture 11: Non-Interactive Zero-Knowledge II. 1 Non-Interactive Zero-Knowledge in the Hidden-Bits Model for the Graph Hamiltonian problem
CS 276 Cryptography Oct 8, 2014 Lecture 11: Non-Interactive Zero-Knowledge II Instructor: Sanjam Garg Scribe: Rafael Dutra 1 Non-Interactive Zero-Knowledge in the Hidden-Bits Model for the Graph Hamiltonian
More informationLecture 18: Oct 15, 2014
E0 224 Computational Complexity Theory Indian Institute of Science Fall 2014 Department of Computer Science and Automation Lecture 18: Oct 15, 2014 Lecturer: Chandan Saha Scribe:
More informationEssential facts about NP-completeness:
CMPSCI611: NP Completeness Lecture 17 Essential facts about NP-completeness: Any NP-complete problem can be solved by a simple, but exponentially slow algorithm. We don t have polynomial-time solutions
More informationNotes for Lecture 25
U.C. Berkeley CS276: Cryptography Handout N25 Luca Trevisan April 23, 2009 Notes for Lecture 25 Scribed by Alexandra Constantin, posted May 4, 2009 Summary Today we show that the graph isomorphism protocol
More informationLecture 22: Counting
CS 710: Complexity Theory 4/8/2010 Lecture 22: Counting Instructor: Dieter van Melkebeek Scribe: Phil Rydzewski & Chi Man Liu Last time we introduced extractors and discussed two methods to construct them.
More informationAdvanced Algorithms (XIII) Yijia Chen Fudan University
Advanced Algorithms (XIII) Yijia Chen Fudan University The PCP Theorem Theorem NP = PCP(log n, 1). Motivation Approximate solutions Definition (Approximation of MAX-3SAT) For every 3CNF formula ϕ, the
More informationPROBABILISTIC COMPUTATION. By Remanth Dabbati
PROBABILISTIC COMPUTATION By Remanth Dabbati INDEX Probabilistic Turing Machine Probabilistic Complexity Classes Probabilistic Algorithms PROBABILISTIC TURING MACHINE It is a turing machine with ability
More informationLecture 8 (Notes) 1. The book Computational Complexity: A Modern Approach by Sanjeev Arora and Boaz Barak;
Topics in Theoretical Computer Science April 18, 2016 Lecturer: Ola Svensson Lecture 8 (Notes) Scribes: Ola Svensson Disclaimer: These notes were written for the lecturer only and may contain inconsistent
More informationCryptographic Protocols Notes 2
ETH Zurich, Department of Computer Science SS 2018 Prof. Ueli Maurer Dr. Martin Hirt Chen-Da Liu Zhang Cryptographic Protocols Notes 2 Scribe: Sandro Coretti (modified by Chen-Da Liu Zhang) About the notes:
More informationGreat Theoretical Ideas in Computer Science
15-251 Great Theoretical Ideas in Computer Science Lecture 28: A Computational Lens on Proofs December 6th, 2016 Evolution of proof First there was GORM GORM = Good Old Regular Mathematics Pythagoras s
More informationRandomness and Computation March 13, Lecture 3
0368.4163 Randomness and Computation March 13, 2009 Lecture 3 Lecturer: Ronitt Rubinfeld Scribe: Roza Pogalnikova and Yaron Orenstein Announcements Homework 1 is released, due 25/03. Lecture Plan 1. Do
More informationNon-Interactive Zero Knowledge (II)
Non-Interactive Zero Knowledge (II) CS 601.442/642 Modern Cryptography Fall 2017 S 601.442/642 Modern CryptographyNon-Interactive Zero Knowledge (II) Fall 2017 1 / 18 NIZKs for NP: Roadmap Last-time: Transformation
More informationMTAT Complexity Theory December 8th, Lecture 12
MTAT.07.004 Complexity Theory December 8th, 2011 Lecturer: Peeter Laud Lecture 12 Scribe(s): Ilya Kuzovkin Introduction On the previous lecture we had a look onto interactive proofs, where the system consists
More information1 Randomized Computation
CS 6743 Lecture 17 1 Fall 2007 1 Randomized Computation Why is randomness useful? Imagine you have a stack of bank notes, with very few counterfeit ones. You want to choose a genuine bank note to pay at
More informationTheory of Computer Science to Msc Students, Spring Lecture 2
Theory of Computer Science to Msc Students, Spring 2007 Lecture 2 Lecturer: Dorit Aharonov Scribe: Bar Shalem and Amitai Gilad Revised: Shahar Dobzinski, March 2007 1 BPP and NP The theory of computer
More informationLecture 26. Daniel Apon
Lecture 26 Daniel Apon 1 From IPPSPACE to NPPCP(log, 1): NEXP has multi-prover interactive protocols If you ve read the notes on the history of the PCP theorem referenced in Lecture 19 [3], you will already
More informationNotes on Zero Knowledge
U.C. Berkeley CS172: Automata, Computability and Complexity Handout 9 Professor Luca Trevisan 4/21/2015 Notes on Zero Knowledge These notes on zero knowledge protocols for quadratic residuosity are based
More informationRandomness in Interactive Proofs. (August 24, 1991) Abstract. Our main result, which applies to the equivalent form of IP known as Arthur-Merlin (AM)
A Preliminary version of this paper appeared in Proceedings of the 3st Annual IEEE Symposium on the Foundations of Computer Science, IEEE (990). Randomness in Interactive Proofs Mihir Bellare Oded Goldreich
More informationBBM402-Lecture 11: The Class NP
BBM402-Lecture 11: The Class NP Lecturer: Lale Özkahya Resources for the presentation: http://ocw.mit.edu/courses/electrical-engineering-andcomputer-science/6-045j-automata-computability-andcomplexity-spring-2011/syllabus/
More informationLecture 23: Alternation vs. Counting
CS 710: Complexity Theory 4/13/010 Lecture 3: Alternation vs. Counting Instructor: Dieter van Melkebeek Scribe: Jeff Kinne & Mushfeq Khan We introduced counting complexity classes in the previous lecture
More informationQUANTUM ARTHUR MERLIN GAMES
comput. complex. 14 (2005), 122 152 1016-3328/05/020122 31 DOI 10.1007/s00037-005-0194-x c Birkhäuser Verlag, Basel 2005 computational complexity QUANTUM ARTHUR MERLIN GAMES Chris Marriott and John Watrous
More informationGeneralized Lowness and Highness and Probabilistic Complexity Classes
Generalized Lowness and Highness and Probabilistic Complexity Classes Andrew Klapper University of Manitoba Abstract We introduce generalized notions of low and high complexity classes and study their
More informationProof Assistants for Graph Non-isomorphism
Proof Assistants for Graph Non-isomorphism Arjeh M. Cohen 8 January 2007 second lecture of Three aspects of exact computation a tutorial at Mathematics: Algorithms and Proofs (MAP) Leiden, January 8 12,
More information198:538 Complexity of Computation Lecture 16 Rutgers University, Spring March 2007
198:538 Complexity of Computation Lecture 16 Rutgers University, Spring 2007 8 March 2007 In this lecture we discuss Shamir s theorem that PSPACE is the set of languages that have interactive proofs with
More informationTheory of Computation Chapter 12: Cryptography
Theory of Computation Chapter 12: Cryptography Guan-Shieng Huang Dec. 20, 2006 0-0 Introduction Alice wants to communicate with Bob secretely. x Alice Bob John Alice y=e(e,x) y Bob y??? John Assumption
More informationQuantum Information and the PCP Theorem
Quantum Information and the PCP Theorem Ran Raz Weizmann Institute ran.raz@weizmann.ac.il Abstract Our main result is that the membership x SAT (for x of length n) can be proved by a logarithmic-size quantum
More informationLecture Notes CS:5360 Randomized Algorithms Lecture 20 and 21: Nov 6th and 8th, 2018 Scribe: Qianhang Sun
1 Probabilistic Method Lecture Notes CS:5360 Randomized Algorithms Lecture 20 and 21: Nov 6th and 8th, 2018 Scribe: Qianhang Sun Turning the MaxCut proof into an algorithm. { Las Vegas Algorithm Algorithm
More informationPseudo-Deterministic Proofs
Pseudo-Deterministic Proofs Shafi Goldwasser 1, Ofer Grossman 2, and Dhiraj Holden 3 1 MIT, Cambridge MA, USA shafi@theory.csail.mit.edu 2 MIT, Cambridge MA, USA ofer.grossman@gmail.com 3 MIT, Cambridge
More informationIntro to Theory of Computation
Intro to Theory of Computation LECTURE 24 Last time Relationship between models: deterministic/nondeterministic Class P Today Class NP Sofya Raskhodnikova Homework 9 due Homework 0 out 4/5/206 L24. I-clicker
More informationZero-Knowledge Against Quantum Attacks
Zero-Knowledge Against Quantum Attacks John Watrous Department of Computer Science University of Calgary January 16, 2006 John Watrous (University of Calgary) Zero-Knowledge Against Quantum Attacks QIP
More information6.045: Automata, Computability, and Complexity (GITCS) Class 15 Nancy Lynch
6.045: Automata, Computability, and Complexity (GITCS) Class 15 Nancy Lynch Today: More Complexity Theory Polynomial-time reducibility, NP-completeness, and the Satisfiability (SAT) problem Topics: Introduction
More informationInteractive Proofs & Arguments, Low-Degree & Multilinear Extensions. 1 Definitions: Interactive Proofs and Argument Systems
COSC 544 Probabilistic Proof Systems 9/5/17 Interactive Proofs & Arguments, Low-Degree & Multilinear Extensions Lecturer: Justin Thaler 1 Definitions: Interactive Proofs and Argument Systems Throughout
More informationJASS 06 Report Summary. Circuit Complexity. Konstantin S. Ushakov. May 14, 2006
JASS 06 Report Summary Circuit Complexity Konstantin S. Ushakov May 14, 2006 Abstract Computer science deals with many computational models. In real life we have normal computers that are constructed using,
More informationComplexity Theory. Jörg Kreiker. Summer term Chair for Theoretical Computer Science Prof. Esparza TU München
Complexity Theory Jörg Kreiker Chair for Theoretical Computer Science Prof. Esparza TU München Summer term 2010 Lecture 16 IP = PSPACE 3 Goal and Plan Goal IP = PSPACE Plan 1. PSPACE IP by showing QBF
More informationHow many rounds can Random Selection handle?
How many rounds can Random Selection handle? Shengyu Zhang Abstract The construction of zero-knowledge proofs can be greatly simplified if the protocol is only required be secure against the honest verifier.
More informationPCP Theorem and Hardness of Approximation
PCP Theorem and Hardness of Approximation An Introduction Lee Carraher and Ryan McGovern Department of Computer Science University of Cincinnati October 27, 2003 Introduction Assuming NP P, there are many
More informationA Framework for Non-Interactive Instance-Dependent Commitment Schemes (NIC)
A Framework for Non-Interactive Instance-Dependent Commitment Schemes (NIC) Bruce Kapron, Lior Malka, Venkatesh Srinivasan Department of Computer Science University of Victoria, BC, Canada V8W 3P6 Email:bmkapron,liorma,venkat@cs.uvic.ca
More informationBasic Probabilistic Checking 3
CS294: Probabilistically Checkable and Interactive Proofs February 21, 2017 Basic Probabilistic Checking 3 Instructor: Alessandro Chiesa & Igor Shinkar Scribe: Izaak Meckler Today we prove the following
More informationQuantum Information and the PCP Theorem
Quantum Information and the PCP Theorem arxiv:quant-ph/0504075v1 10 Apr 2005 Ran Raz Weizmann Institute ran.raz@weizmann.ac.il Abstract We show how to encode 2 n (classical) bits a 1,...,a 2 n by a single
More informationGraph Non-Isomorphism Has a Succinct Quantum Certificate
Graph Non-Isomorphism Has a Succinct Quantum Certificate Tatsuaki Okamoto Keisuke Tanaka Summary This paper presents the first quantum computational characterization of the Graph Non-Isomorphism problem
More informationNon-Interactive ZK:The Feige-Lapidot-Shamir protocol
Non-Interactive ZK: The Feige-Lapidot-Shamir protocol April 20, 2009 Remainders FLS protocol Definition (Interactive proof system) A pair of interactive machines (P, V ) is called an interactive proof
More informationFrom Secure MPC to Efficient Zero-Knowledge
From Secure MPC to Efficient Zero-Knowledge David Wu March, 2017 The Complexity Class NP NP the class of problems that are efficiently verifiable a language L is in NP if there exists a polynomial-time
More informationRational Proofs with Multiple Provers. Jing Chen, Samuel McCauley, Shikha Singh Department of Computer Science
Rational Proofs with Multiple Provers Jing Chen, Samuel McCauley, Shikha Singh Department of Computer Science Outline of the Talk RATIONAL INTERACTIVE PROOFS with MULTI-PROVERs Interactive Proofs [GMR,
More information6.896 Quantum Complexity Theory 30 October Lecture 17
6.896 Quantum Complexity Theory 30 October 2008 Lecturer: Scott Aaronson Lecture 17 Last time, on America s Most Wanted Complexity Classes: 1. QMA vs. QCMA; QMA(2). 2. IP: Class of languages L {0, 1} for
More information6.841/18.405J: Advanced Complexity Wednesday, February 12, Lecture Lecture 3
6.841/18.405J: Advanced Complexity Wednesday, February 12, 2003 Lecture Lecture 3 Instructor: Madhu Sudan Scribe: Bobby Kleinberg 1 The language MinDNF At the end of the last lecture, we introduced the
More informationParallel Coin-Tossing and Constant-Round Secure Two-Party Computation
Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation Yehuda Lindell Dept. of Computer Science and Applied Math. The Weizmann Institute of Science Rehovot 76100, Israel. lindell@wisdom.weizmann.ac.il
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Fun with Public-Key Tonight we ll Introduce some basic tools of public-key crypto Combine the tools to create more powerful tools Lay the ground work for substantial
More informationLecture 59 : Instance Compression and Succinct PCP s for NP
IITM-CS6840: Advanced Complexity Theory March 31, 2012 Lecture 59 : Instance Compression and Succinct PCP s for NP Lecturer: Sivaramakrishnan N.R. Scribe: Prashant Vasudevan 1 Introduction Classical Complexity
More informationLecture 24: Approximate Counting
CS 710: Complexity Theory 12/1/2011 Lecture 24: Approximate Counting Instructor: Dieter van Melkebeek Scribe: David Guild and Gautam Prakriya Last time we introduced counting problems and defined the class
More informationLecture 23: More PSPACE-Complete, Randomized Complexity
6.045 Lecture 23: More PSPACE-Complete, Randomized Complexity 1 Final Exam Information Who: You On What: Everything through PSPACE (today) With What: One sheet (double-sided) of notes are allowed When:
More informationOn the Power of Multi-Prover Interactive Protocols. Lance Fortnow. John Rompel y. Michael Sipser z. Massachusetts Institute of Technology
On the Power of Multi-Prover Interactive Protocols Lance Fortnow John Rompel y Michael Sipser z { Laboratory for Computer Science Massachusetts Institute of Technology Cambridge, MA 02139 1 Introduction
More informationB(w, z, v 1, v 2, v 3, A(v 1 ), A(v 2 ), A(v 3 )).
Lecture 13 PCP Continued Last time we began the proof of the theorem that PCP(poly, poly) = NEXP. May 13, 2004 Lecturer: Paul Beame Notes: Tian Sang We showed that IMPLICIT-3SAT is NEXP-complete where
More informationThe Cook-Levin Theorem
An Exposition Sandip Sinha Anamay Chaturvedi Indian Institute of Science, Bangalore 14th November 14 Introduction Deciding a Language Let L {0, 1} be a language, and let M be a Turing machine. We say M
More informationLecture 18: PCP Theorem and Hardness of Approximation I
Lecture 18: and Hardness of Approximation I Arijit Bishnu 26.04.2010 Outline 1 Introduction to Approximation Algorithm 2 Outline 1 Introduction to Approximation Algorithm 2 Approximation Algorithm Approximation
More informationLecture 10: Zero-Knowledge Proofs
Lecture 10: Zero-Knowledge Proofs Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Some of these slides are based on note by Boaz Barak. Quo vadis? Eo Romam
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 19 November 8, 2017 CPSC 467, Lecture 19 1/37 Zero Knowledge Interactive Proofs (ZKIP) ZKIP for graph isomorphism Feige-Fiat-Shamir
More informationParallel Repetition of Zero-Knowledge Proofs and the Possibility of Basing Cryptography on NP-Hardness
Parallel Repetition of Zero-Knowledge Proofs and the Possibility of Basing Cryptography on NP-Hardness Rafael Pass Cornell University rafael@cs.cornell.edu January 29, 2007 Abstract Two long-standing open
More informationOn Interactive Proofs with a Laconic Prover
On Interactive Proofs with a Laconic Prover Oded Goldreich Salil Vadhan Avi Wigderson February 11, 2003 Abstract We continue the investigation of interactive proofs with bounded communication, as initiated
More informationLecture 24: Randomized Complexity, Course Summary
6.045 Lecture 24: Randomized Complexity, Course Summary 1 1/4 1/16 1/4 1/4 1/32 1/16 1/32 Probabilistic TMs 1/16 A probabilistic TM M is a nondeterministic TM where: Each nondeterministic step is called
More informationFoundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge
Foundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge Handout Mode Iftach Haitner, Tel Aviv University Tel Aviv University. April 1, 2014 Iftach Haitner (TAU) Foundation of Cryptography
More informationAugmented Black-Box Simulation and Zero Knowledge Argument for NP
Augmented Black-Box Simulation and Zero Knowledge Argument for N Li Hongda, an Dongxue, Ni eifang The Data Assurance and Communication Security Research Center, School of Cyber Security, University of
More informationx 2 +2 x 2 x 3 2x 2 +2x +1 (mod 5).
A DETAILED PROOF THAT IP=PSPACE B.J. MARES Abstract. I will define IP, the class of interactive proofs, and present a thorough proof that IP=PSPACE, assuming minimal prior knowledge. Such a presentation
More informationCS154, Lecture 15: Cook-Levin Theorem SAT, 3SAT
CS154, Lecture 15: Cook-Levin Theorem SAT, 3SAT Definition: A language B is NP-complete if: 1. B NP 2. Every A in NP is poly-time reducible to B That is, A P B When this is true, we say B is NP-hard On
More informationLecture 7 Limits on inapproximability
Tel Aviv University, Fall 004 Lattices in Computer Science Lecture 7 Limits on inapproximability Lecturer: Oded Regev Scribe: Michael Khanevsky Let us recall the promise problem GapCVP γ. DEFINITION 1
More informationShow that the following problems are NP-complete
Show that the following problems are NP-complete April 7, 2018 Below is a list of 30 exercises in which you are asked to prove that some problem is NP-complete. The goal is to better understand the theory
More informationLecture 2 (Notes) 1. The book Computational Complexity: A Modern Approach by Sanjeev Arora and Boaz Barak;
Topics in Theoretical Computer Science February 29, 2016 Lecturer: Ola Svensson Lecture 2 (Notes) Scribes: Ola Svensson Disclaimer: These notes were written for the lecturer only and may contain inconsistent
More informationNondeterministic Circuit Lower Bounds from Mildly Derandomizing Arthur-Merlin Games
Nondeterministic Circuit Lower Bounds from Mildly Derandomizing Arthur-Merlin Games Barış Aydınlıo glu Department of Computer Sciences University of Wisconsin Madison, WI 53706, USA baris@cs.wisc.edu Dieter
More informationProbabilistically Checkable Arguments
Probabilistically Checkable Arguments Yael Tauman Kalai Microsoft Research yael@microsoft.com Ran Raz Weizmann Institute of Science ran.raz@weizmann.ac.il Abstract We give a general reduction that converts
More informationLecture Hardness of Set Cover
PCPs and Inapproxiability CIS 6930 October 5, 2009 Lecture Hardness of Set Cover Lecturer: Dr. My T. Thai Scribe: Ying Xuan 1 Preliminaries 1.1 Two-Prover-One-Round Proof System A new PCP model 2P1R Think
More informationThe Computational Complexity of Equivalence and Isomorphism Problems Thomas Thierauf Habilitationsschrift Fakultat fur Informatik Universitat Ulm April 1998 Preface A computational model is a framework
More informationCMPT307: Complexity Classes: P and N P Week 13-1
CMPT307: Complexity Classes: P and N P Week 13-1 Xian Qiu Simon Fraser University xianq@sfu.ca Strings and Languages an alphabet Σ is a finite set of symbols {0, 1}, {T, F}, {a, b,..., z}, N a string x
More informationTheoretical Cryptography, Lectures 18-20
Theoretical Cryptography, Lectures 18-20 Instructor: Manuel Blum Scribes: Ryan Williams and Yinmeng Zhang March 29, 2006 1 Content of the Lectures These lectures will cover how someone can prove in zero-knowledge
More information