Strong ETH Breaks With Merlin and Arthur: Short Non-Interactive Proofs of Batch Evaluation

Cybersecurity and Cyberforensics Conference Pub Date : 2016-01-18 DOI:10.4230/LIPIcs.CCC.2016.2

Richard Ryan Williams

{"title":"Strong ETH Breaks With Merlin and Arthur: Short Non-Interactive Proofs of Batch Evaluation","authors":"Richard Ryan Williams","doi":"10.4230/LIPIcs.CCC.2016.2","DOIUrl":null,"url":null,"abstract":"We present an efficient proof system for Multipoint Arithmetic Circuit Evaluation: for every arithmetic circuit $C(x_1,\\ldots,x_n)$ of size $s$ and degree $d$ over a field ${\\mathbb F}$, and any inputs $a_1,\\ldots,a_K \\in {\\mathbb F}^n$, \n$\\bullet$ the Prover sends the Verifier the values $C(a_1), \\ldots, C(a_K) \\in {\\mathbb F}$ and a proof of $\\tilde{O}(K \\cdot d)$ length, and \n$\\bullet$ the Verifier tosses $\\textrm{poly}(\\log(dK|{\\mathbb F}|/\\varepsilon))$ coins and can check the proof in about $\\tilde{O}(K \\cdot(n + d) + s)$ time, with probability of error less than $\\varepsilon$. \nFor small degree $d$, this \"Merlin-Arthur\" proof system (a.k.a. MA-proof system) runs in nearly-linear time, and has many applications. For example, we obtain MA-proof systems that run in $c^{n}$ time (for various $c < 2$) for the Permanent, $\\#$Circuit-SAT for all sublinear-depth circuits, counting Hamiltonian cycles, and infeasibility of $0$-$1$ linear programs. In general, the value of any polynomial in Valiant's class ${\\sf VP}$ can be certified faster than \"exhaustive summation\" over all possible assignments. These results strongly refute a Merlin-Arthur Strong ETH and Arthur-Merlin Strong ETH posed by Russell Impagliazzo and others. \nWe also give a three-round (AMA) proof system for quantified Boolean formulas running in $2^{2n/3+o(n)}$ time, nearly-linear time MA-proof systems for counting orthogonal vectors in a collection and finding Closest Pairs in the Hamming metric, and a MA-proof system running in $n^{k/2+O(1)}$-time for counting $k$-cliques in graphs. \nWe point to some potential future directions for refuting the Nondeterministic Strong ETH.","PeriodicalId":246506,"journal":{"name":"Cybersecurity and Cyberforensics Conference","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-01-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"57","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cybersecurity and Cyberforensics Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4230/LIPIcs.CCC.2016.2","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 57

Abstract

We present an efficient proof system for Multipoint Arithmetic Circuit Evaluation: for every arithmetic circuit $C(x_1,\ldots,x_n)$ of size $s$ and degree $d$ over a field ${\mathbb F}$, and any inputs $a_1,\ldots,a_K \in {\mathbb F}^n$, $\bullet$ the Prover sends the Verifier the values $C(a_1), \ldots, C(a_K) \in {\mathbb F}$ and a proof of $\tilde{O}(K \cdot d)$ length, and $\bullet$ the Verifier tosses $\textrm{poly}(\log(dK|{\mathbb F}|/\varepsilon))$ coins and can check the proof in about $\tilde{O}(K \cdot(n + d) + s)$ time, with probability of error less than $\varepsilon$. For small degree $d$, this "Merlin-Arthur" proof system (a.k.a. MA-proof system) runs in nearly-linear time, and has many applications. For example, we obtain MA-proof systems that run in $c^{n}$ time (for various $c < 2$) for the Permanent, $\#$Circuit-SAT for all sublinear-depth circuits, counting Hamiltonian cycles, and infeasibility of $0$-$1$ linear programs. In general, the value of any polynomial in Valiant's class ${\sf VP}$ can be certified faster than "exhaustive summation" over all possible assignments. These results strongly refute a Merlin-Arthur Strong ETH and Arthur-Merlin Strong ETH posed by Russell Impagliazzo and others. We also give a three-round (AMA) proof system for quantified Boolean formulas running in $2^{2n/3+o(n)}$ time, nearly-linear time MA-proof systems for counting orthogonal vectors in a collection and finding Closest Pairs in the Hamming metric, and a MA-proof system running in $n^{k/2+O(1)}$-time for counting $k$-cliques in graphs. We point to some potential future directions for refuting the Nondeterministic Strong ETH.

查看原文本刊更多论文

梅林和亚瑟的强ETH断裂:批评估的简短非交互证明

给出了一种有效的多点算术电路求值证明系统，适用于各种算术电路 $C(x_1,\ldots,x_n)$ 大小 $s$ 还有学位 $d$ 越过田野 ${\mathbb F}$，以及任何输入 $a_1,\ldots,a_K \in {\mathbb F}^n$， $\bullet$ 证明者向验证者发送这些值 $C(a_1), \ldots, C(a_K) \in {\mathbb F}$ 还有一个证明 $\tilde{O}(K \cdot d)$ 长度，和 $\bullet$ 验证者抛出 $\textrm{poly}(\log(dK|{\mathbb F}|/\varepsilon))$ 硬币和可以核对的证明在左右 $\tilde{O}(K \cdot(n + d) + s)$ 时间，误差概率小于 $\varepsilon$．对于小程度 $d$，这种“梅林-亚瑟”证明系统(又名ma证明系统)在几乎线性的时间内运行，并且有许多应用。例如，我们获得了运行在 $c^{n}$ 时间(用于各种) $c < 2$); $\#$电路- sat对所有次线性深度电路，计算哈密顿循环，和不可行性 $0$-$1$ 线性规划。一般来说，Valiant类中任何多项式的值 ${\sf VP}$ 可以比对所有可能的赋值进行“穷举求和”更快地证明。这些结果有力地驳斥了Russell Impagliazzo等人提出的Merlin-Arthur Strong ETH和Arthur-Merlin Strong ETH。我们还给出了一个量化布尔公式磨合的三轮证明系统 $2^{2n/3+o(n)}$ 时间，用于计数集合中的正交向量并在Hamming度量中找到最接近对的近线性时间MA-proof系统，以及运行中的MA-proof系统 $n^{k/2+O(1)}$计数时间 $k$-图形中的派系。我们指出了反驳不确定性强ETH的一些潜在的未来方向。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Cybersecurity and Cyberforensics Conference

自引率

0.00%

发文量