Results 11  20
of
435
Algebraic Methods for Interactive Proof Systems
, 1990
"... We present a new algebraic technique for the construction of interactive proof systems. We use our technique to prove that every language in the polynomialtime hierarchy has an interactive proof system. This technique played a pivotal role in the recent proofs that IP=PSPACE (Shamir) and that MIP ..."
Abstract

Cited by 351 (28 self)
 Add to MetaCart
We present a new algebraic technique for the construction of interactive proof systems. We use our technique to prove that every language in the polynomialtime hierarchy has an interactive proof system. This technique played a pivotal role in the recent proofs that IP=PSPACE (Shamir) and that MIP=NEXP (Babai, Fortnow and Lund).
A SubConstant ErrorProbability LowDegree Test, and a SubConstant ErrorProbability PCP Characterization of NP
 IN PROC. 29TH ACM SYMP. ON THEORY OF COMPUTING, 475484. EL PASO
, 1997
"... We introduce a new lowdegreetest, one that uses the restriction of lowdegree polynomials to planes (i.e., affine subspaces of dimension 2), rather than the restriction to lines (i.e., affine subspaces of dimension 1). We prove the new test to be of a very small errorprobability (in particular, ..."
Abstract

Cited by 337 (20 self)
 Add to MetaCart
We introduce a new lowdegreetest, one that uses the restriction of lowdegree polynomials to planes (i.e., affine subspaces of dimension 2), rather than the restriction to lines (i.e., affine subspaces of dimension 1). We prove the new test to be of a very small errorprobability (in particular, much smaller than constant). The new test enables us to prove a lowerror characterization of NP in terms of PCP. Specifically, our theorem states that, for any given ffl ? 0, membership in any NP language can be verified with O(1) accesses, each reading logarithmic number of bits, and such that the errorprobability is 2 \Gamma log 1\Gammaffl n . Our results are in fact stronger, as stated below. One application of the new characterization of NP is that approximating SETCOVER to within a logarithmic factors is NPhard. Previous analysis for lowdegreetests, as well as previous characterizations of NP in terms of PCP, have managed to achieve, with constant number of accesses, error...
Checking Computations in Polylogarithmic Time
, 1991
"... . Motivated by Manuel Blum's concept of instance checking, we consider new, very fast and generic mechanisms of checking computations. Our results exploit recent advances in interactive proof protocols [LFKN92], [Sha92], and especially the MIP = NEXP protocol from [BFL91]. We show that every no ..."
Abstract

Cited by 270 (11 self)
 Add to MetaCart
. Motivated by Manuel Blum's concept of instance checking, we consider new, very fast and generic mechanisms of checking computations. Our results exploit recent advances in interactive proof protocols [LFKN92], [Sha92], and especially the MIP = NEXP protocol from [BFL91]. We show that every nondeterministic computational task S(x; y), defined as a polynomial time relation between the instance x, representing the input and output combined, and the witness y can be modified to a task S 0 such that: (i) the same instances remain accepted; (ii) each instance/witness pair becomes checkable in polylogarithmic Monte Carlo time; and (iii) a witness satisfying S 0 can be computed in polynomial time from a witness satisfying S. Here the instance and the description of S have to be provided in errorcorrecting code (since the checker will not notice slight changes). A modification of the MIP proof was required to achieve polynomial time in (iii); the earlier technique yields N O(log log N)...
How to Go Beyond the BlackBox Simulation Barrier
 In 42nd FOCS
, 2001
"... The simulation paradigm is central to cryptography. A simulator is an algorithm that tries to simulate the interaction of the adversary with an honest party, without knowing the private input of this honest party. Almost all known simulators use the adversary’s algorithm as a blackbox. We present t ..."
Abstract

Cited by 244 (13 self)
 Add to MetaCart
The simulation paradigm is central to cryptography. A simulator is an algorithm that tries to simulate the interaction of the adversary with an honest party, without knowing the private input of this honest party. Almost all known simulators use the adversary’s algorithm as a blackbox. We present the first constructions of nonblackbox simulators. Using these new nonblackbox techniques we obtain several results that were previously proven to be impossible to obtain using blackbox simulators. Specifically, assuming the existence of collision resistent hash functions, we construct a new zeroknowledge argument system for NP that satisfies the following properties: 1. This system has a constant number of rounds with negligible soundness error. 2. It remains zero knowledge even when composed concurrently n times, where n is the security parameter. Simultaneously obtaining 1 and 2 has been recently proven to be impossible to achieve using blackbox simulators. 3. It is an ArthurMerlin (public coins) protocol. Simultaneously obtaining 1 and 3 was known to be impossible to achieve with a blackbox simulator. 4. It has a simulator that runs in strict polynomial time, rather than in expected polynomial time. All previously known constantround, negligibleerror zeroknowledge arguments utilized expected polynomialtime simulators.
The NPcompleteness column: an ongoing guide
 JOURNAL OF ALGORITHMS
, 1987
"... This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NPCompleteness," W. H. Freem ..."
Abstract

Cited by 231 (0 self)
 Add to MetaCart
(Show Context)
This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NPCompleteness," W. H. Freeman & Co., New York, 1979 (hereinafter referred to as "[G&J]"; previous columns will be referred to by their dates). A background equivalent to that provided by [G&J] is assumed, and, when appropriate, crossreferences will be given to that book and the list of problems (NPcomplete and harder) presented there. Readers who have results they would like mentioned (NPhardness, PSPACEhardness, polynomialtimesolvability, etc.) or open problems they would like publicized, should
Free Bits, PCPs and NonApproximability  Towards Tight Results
, 1996
"... This paper continues the investigation of the connection between proof systems and approximation. The emphasis is on proving tight nonapproximability results via consideration of measures like the "free bit complexity" and the "amortized free bit complexity" of proof systems. ..."
Abstract

Cited by 219 (39 self)
 Add to MetaCart
This paper continues the investigation of the connection between proof systems and approximation. The emphasis is on proving tight nonapproximability results via consideration of measures like the "free bit complexity" and the "amortized free bit complexity" of proof systems.
Derandomizing Polynomial Identity Tests Means Proving Circuit Lower Bounds (Extended Abstract)
, 2003
"... Since Polynomial Identity Testing is a coRP problem, we obtain the following corollary: If RP = P (or, even, coRP ` "ffl?0NTIME(2nffl), infinitely often), then NEXP is not computable by polynomialsize arithmetic circuits. Thus, establishing that RP = coRP or BPP = P would require proving s ..."
Abstract

Cited by 185 (3 self)
 Add to MetaCart
Since Polynomial Identity Testing is a coRP problem, we obtain the following corollary: If RP = P (or, even, coRP ` &quot;ffl?0NTIME(2nffl), infinitely often), then NEXP is not computable by polynomialsize arithmetic circuits. Thus, establishing that RP = coRP or BPP = P would require proving superpolynomial lower bounds for Boolean or arithmetic circuits. We also show that any derandomization of RNC would yield new circuit lower bounds for a language in NEXP.
Interactive proofs and the hardness of approximating cliques
 JOURNAL OF THE ACM
, 1996
"... The contribution of this paper is twofold. First, a connection is shown between approximating the size of the largest clique in a graph and multiprover interactive proofs. Second, an efficient multiprover interactive proof for NP languages is constructed, where the verifier uses very few random b ..."
Abstract

Cited by 178 (13 self)
 Add to MetaCart
(Show Context)
The contribution of this paper is twofold. First, a connection is shown between approximating the size of the largest clique in a graph and multiprover interactive proofs. Second, an efficient multiprover interactive proof for NP languages is constructed, where the verifier uses very few random bits and communication bits. Last, the connection between cliques and efficient multiprover interactive proofs, is shown to yield hardness results on the complexity of approximating the size of the largest clique in a graph. Of independent interest is our proof of correctness for the multilinearity test of functions.
The Hardness of Approximate Optima in Lattices, Codes, and Systems of Linear Equations
, 1993
"... We prove the following about the Nearest Lattice Vector Problem (in any `p norm), the Nearest Codeword Problem for binary codes, the problem of learning a halfspace in the presence of errors, and some other problems. 1. Approximating the optimum within any constant factor is NPhard. 2. If for some ..."
Abstract

Cited by 173 (8 self)
 Add to MetaCart
We prove the following about the Nearest Lattice Vector Problem (in any `p norm), the Nearest Codeword Problem for binary codes, the problem of learning a halfspace in the presence of errors, and some other problems. 1. Approximating the optimum within any constant factor is NPhard. 2. If for some ffl ? 0 there exists a polynomialtime algorithm that approximates the optimum within a factor of 2 log 0:5\Gammaffl n , then every NP language can be decided in quasipolynomial deterministic time, i.e., NP ` DTIME(n poly(log n) ). Moreover, we show that result 2 also holds for the Shortest Lattice Vector Problem in the `1 norm. Also, for some of these problems we can prove the same result as above, but for a larger factor such as 2 log 1\Gammaffl n or n ffl . Improving the factor 2 log 0:5\Gammaffl n to p dimension for either of the lattice problems would imply the hardness of the Shortest Vector Problem in `2 norm; an old open problem. Our proofs use reductions from fewpr...
Efficient probabilistically checkable proofs and applications to approximation
 In Proceedings of STOC93
, 1993
"... 1 ..."
(Show Context)