\documentclass{article}
\usepackage{amsmath}
\usepackage{amsfonts}
\usepackage{epsfig}
\setlength{\oddsidemargin}{.25in}
\setlength{\evensidemargin}{.25in}
\setlength{\textwidth}{6in}
\setlength{\topmargin}{-0.4in}
\setlength{\textheight}{8.5in}
\newcommand{\handout}[5]{
\renewcommand{\thepage}{#1-\arabic{page}}
\noindent
\begin{center}
\framebox{
\vbox{
\hbox to 5.78in { {\bf 18.405J/6.841J Advanced
Complexity Theory} \hfill #2 }
\vspace{4mm}
\hbox to 5.78in { {\Large \hfill #5 \hfill} }
\vspace{2mm}
\hbox to 5.78in { {\it #3 \hfill #4} }
}
}
\end{center}
\vspace*{4mm}
}
\newcommand{\lecture}[4]{\handout{#1}{#2}{Lecturer:
#3}{Scribe: #4}{Lecture #1}}
\makeatletter
\def\fnum@figure{{\bf Figure \thefigure}}
\def\fnum@table{{\bf Table \thetable}}
\long\def\@mycaption#1[#2]#3{\addcontentsline{\csname
ext@#1\endcsname}{#1}{\protect\numberline{\csname
the#1\endcsname}{\ignorespaces #2}}\par
\begingroup
\@parboxrestore
\small
\@makecaption{\csname fnum@#1\endcsname}{\ignorespaces #3}\par
\endgroup}
\def\mycaption{\refstepcounter\@captype \@dblarg{\@mycaption\@captype}}
\makeatother
\newcommand{\bigO}{\text{O}}
\newcommand{\hp}{\text{\#}P}
\newcommand{\op}{{\oplus}P}
\newtheorem{theorem}{Theorem}
\newtheorem{example}{Example}
\newtheorem{definition}{Definition}
\newtheorem{claim}[theorem]{Claim}
\newcommand{\qed}{\rule{7pt}{7pt}}
\newenvironment{proof}{\noindent{\bf Proof}\hspace*{1em}}{\qed\bigskip}
\begin{document}
\lecture{21}{April 30, 1998}{Daniel A. Spielman}{Yoav Yerushalmi}
In this lecture, we will prove the following two things:
\begin{itemize}
\item $\hp \subseteq IP$
\item $IP(poly) = PSPACE$
\end{itemize}
The former result is only used as a basis for seeing how to prove the
latter. However, the fact that an interactive protocol with a
polynomial number of rounds is equivalent to a machine running in
polynomial space was a surprising result.
In this lecture, we will only actually prove this for public coins
(that is we will show that $AM(poly) = PSPACE$).
\section{$\hp \subseteq IP$}
This fact was proven using arithmetization. The idea behind
arithmetization is to convert the problem (claim/language) into a
mathematical problem, and then use well established mathematical
formulas to reduce or modify the problem to one that can be solved by
our machine.
\begin{example}[Arithmetization of 3CNF]
Given a 3CNF, we let the variables in the 3CNF formula be variables of
a polynomial, where if a variable's value in the polynomial is 0 it
means the variable is {\bf false} in the 3CNF, and vice-versa.
\begin {eqnarray*}
not(x_i) & = & 1-x_i \\
x_1 \wedge x_2 & = & x_1 \cdot x_2 \\
x_1 \vee x_2 & = & 1 - (1-x_1)(1-x_2) \\
(x_1 \vee x_2 \vee \overline{x_3}) & = & 1 - (1-x_1)(1-x_2)(x_3)\\
\end{eqnarray*}
The second to last formula was derived by DeMorgan's law. Each of
thee clauses in the 3CNF lead to a degree 3 polynomial. All these
polynomials are multiplied (AND) together. The polynomial can equal 1
if and only if the entire equation had a satisfying assignment.
\end{example}
The reason we use this polynomial, however, is that it can take inputs
in a domain OTHER than $\{0,1\}$. So, now say we want to convince a
verifier that we know the number of satisfying assignments toa
3CNF. This is analogous to making the claim that we know the value of
the following function:
\[ F() = \sum_{x_1 \in \{0,1\}} \quad \sum_{x_2 \in \{0,1\}} \cdots
\sum_{x_n \in \{0,1\}} p(x_1, x_2, \cdots, x_n) \]
The problem is that the verifier doesn't have the required amount of
time complexity to compute the above function. Our trick will be to
use the prover's extra power to convince the verifier that the value
it claims for the above equation is true by convincing him that an
equation that is directly related to the above, but that the verifier
CAN compute, is correct.
If $P$ can convince $V$ that the value for $F()$ it has provided is
the correct number of satisfying assignments to the 3CNF formula, then
we know that $\hp \subseteq IP$. In order to do this, we need a way to
reduce the equation above. We use a construct named $\epsilon$-links
to do that.
\begin{definition}[$\epsilon$-link]
An $\epsilon$-link is an IP(poly) protocol that takes a proposition
$A$ to another proposition $B$. That is:
\begin{itemize}
\item if $A$ is true, then $\exists P$ prover such that the
proposition $B$ is also true.
\item if $A$ is false, then $\forall P$ provers, the probability that
$B$ is true and the verifier $V$ fails to detect a deception is $\leq
\epsilon$.
\end{itemize}
\end{definition}
Ideally, we only care for $\epsilon$-links that simplify $A$. If we
have an $\epsilon$-link for $A$, we can use $B$ to convince $V$ with
probability $\geq 1-\epsilon$.
Our proof of $\hp \subseteq IP$ will involve a chain of links that
take the difficult 3CNF polynomial to a simple one that $V$ can
perform to convince itself that $P$ has computed $\hp$. We will have
an error bound which is the sum of all the errors we encounter (one
per link), so we will need to set our $\epsilon$ to be small.
Our first $\epsilon$-link will take our original claim:
\[ A: \quad \left[ \sum_{x_1 \in \{0,1\}} \quad \sum_{x_2 \in \{0,1\}} \cdots
\sum_{x_n \in \{0,1\}} p(x_1, x_2, \cdots, x_n) \right] = C \]
to a new claim $B$ using the following protocol:
\begin{enumerate}
\item $P \longrightarrow V$ a polynomial of one variable $q_1()$ which
will be directly related to the $x_1$ value thus:
\[ q_1(x_1) = \sum_{x_2 \in \{0,1\}} \quad \sum_{x_3 \in \{0,1\}} \cdots
\sum_{x_n \in \{0,1\}} p(x_1, x_2, \cdots, x_n) \]
\item $V$ checks that $q_1(0) + q_1(1) = C$. If this is not the case,
we know that the polynomial was not computed correctly or the value we
were given for $C$ was wrong. Therefore, we reject.
\item $V$ then chooses an $\alpha$ at random from a field which we
shall name ${\mathbb F}$ and decide its size to adjust for $\epsilon$
(computation for its size will be done later). $V$ tells $\alpha$ to
$P$, and they now have a simpler equation to work with:
\[ B: \quad \left[ \sum_{x_2 \in \{0,1\}} \quad \sum_{x_3 \in \{0,1\}} \cdots
\sum_{x_n \in \{0,1\}} p(\alpha, x_2, \cdots, x_n) \right] = q_1(\alpha) \]
\end{enumerate}
\begin{claim}
The above protocol is an $\epsilon$-link from $A$ to $B$.
\end{claim}
\begin{proof}
\begin{enumerate}
\item if $A$ is true, and $P$ follows the protocol, $B$ is clearly
true.
\item if $A$ is not true, then $B$ is very likely to be false: Let $N
= |{\mathbb F}|$ (choose $N$ prime). If $A$ is false, then
\[ \Pr_\alpha \left[ q_1(\alpha) = \sum_{x_2 \in \{0,1\}} \quad \sum_{x_3 \in \{0,1\}} \cdots
\sum_{x_n \in \{0,1\}} p(\alpha, x_2, \cdots, x_n) \right] \leq \frac{deg(p)}{N} \]
(We know that $deg(p) \geq(q_1)$). We set $\epsilon =
\frac{deg(p)}{N}$, and voila.
\end{enumerate}
\end{proof}
We now have a polynomial that has one less variable ($x_1$ has been
replaced by a more complex polynomial that absorbs $\alpha$). We are
one step closer to making it possible for $V$ to compute $p()$. We now
have to repeat this idea to reduce the polynomial by eliminating one
variable at a time. This leaves us with a remaining proposition:
\[ p(\alpha_1, \alpha_2, \alpha_3, \hdots, \alpha_n) = C_n \]
Which the verifier can easily check, although we have now introduced
$n$ error terms.
If the verifier accepts, the probability that the initial claim was
false is at most $n \cdot \epsilon = n \cdot \frac{deg(p)}{N}$. So, we
simply set $N \gg n \cdot deg(p)$ to ensure a low probability. if $N$
is exponential, we get $< 1/poly()$ error.
We have now shown that we can simulate $\hp$ using $IP$ where $P$
knows the solution, so we've shown that $\hp \subseteq IP(poly)$.
\section {$IP(poly) = PSPACE$}
Now we get onto the impressive result, using stuff we built on in the
previous section. We demonstrate this fact using the standard
technique of showing that $IP \subseteq PSPACE$ and that $IP
\supseteq PSPACE$.
\subsection {$IP(poly) \subseteq PSPACE$}
This is certainly the easier one of the pair. In fact, it's
intuitive. We can simulate the $IP$ protocol using the $PSPACE$
machine.
\subsection {$IP(poly) \supseteq PSPACE$}
We earlier showed that, given $p(x_1, x_2, \hdots, x_n)$ of polynomial
degree, there is an $\epsilon$-link from the assertion that
\[ \sum_{x_1 \in \{0,1\}} \quad \sum_{x_2 \in \{0,1\}} \cdots
\sum_{x_n \in \{0,1\}} p(x_1, x_2, \cdots, x_n) = C \] to
\[ p(\alpha_1, \alpha_2, \alpha_3, \hdots, \alpha_n) = C_n \quad
\text{ with } 1/poly() \text{ error}\]
this time we're going to have polynomials $V$ can't verify, but $P$
will convince $V$ of value of polynomial. Recall the proof from an
earlier lecture that Alternating P-time equals PSPACE. We will follow
a similar line:
\begin{itemize}
\item begin with a PSPACE machine $M$ which works on input $w$.
\item associate with it a graph. The nodes of the graph correspond to
possible (head,tape,state) configurations of the machine, and the
edges correspond to legal transitions.
\item accept if and only if there is a path from the start node to an
accepting node (in this case, there is only one such path since the
machines are both deterministic).
\end{itemize}
We then invented a function named $FromTo(x,y,m)$, which was true if you
could go from node $x$ to node $y$ in $\leq m$ steps. And we made
assertions such as
\[ FromTo(a,b,i) = \exists_z \left( FromTo(a,z,\lfloor i/2 \rfloor)
\wedge FromTo(z,b,\lceil i/2 \rceil) \right) \]
Our base case: $FromTo(x,y,1)$ can be evaluated in polynomial time.
Also, $FromTo(x,y,1)$ can be evaluated by a 3CNF, which can be
evaluated by a polynomial of degree poly(n). It variables are the bits
of $x$ and $y$.
The idea is to start from the original claim $FromTo(x,y,j)$ (using
$m$ bit strings to represent $x,y,j$, and reduce it to a
multiplication (and) of lots of $FromTo$'s os size one using the
following principle:
\[ FromTo(x,y,j) = \sum_{z_1 z_2 z_3 \cdots z_m} FromTo(x,z, j/2)
\cdot FromTo(z,y,j/2) \]
This idea will be explored further and proved in the next lecture.
\end{document}