this paper we consider a further generalization of the proof system model, due to Ben-Or, Goldwasser, Kilian and Wigderson [6], where instead of a single prover there may be many. This apparently gives the model additional power. The intuition for this may be seen by considering the case of two criminal suspects who are under interrogation to see if they are guilty of together robbing a bank. Of course they (the provers) are trying to convince Scotland Yard (the verifier) of their innocence. Assuming that they are in fact innocent, it is clear that their ability to convince the police of this is enhanced if they are questioned in separate rooms and can corroborate each other's stories without communicating. We shall see later in this paper that this sort of corroboration is the key to the additional power of multiple provers. Interactive proof systems have seen a number of important applications to cryptography [23, 22], algebraic complexity [3], program testing [7, 8] and distributed computation [16, 23]. For example, a chain of results concerning interactive proof systems [22, 3, 24, 9] conclude that if the graph isomorphism problem is NP-complete then the polynomial time hierarchy collapses. Multiple-prover interactive proof systems have also seen several important applications including the analysis of program testing [7, 4] and the complexity of approximation algorithms [14, 2, 1]. Brief summary of results: First we give a simple characterization of the power of the multi-prover model in terms of probabilistic oracle Turing machines. Then we show that every language accepted by multiple prover interactive proof systems can be computed in nondeterministic exponential time. Babai, Fortnow and Lund [4] have since shown this bound is tight. We then show results like th...

Abstract Many tasks in cryptography (e.g., digital signature verification) call for verification of a basicoperation like modular exponentiation in some group: given ( g, x, y) check that gx = y. Thisis typically done by re-computing gx and checking we get y. We would like to do it differently,and faster. The approach we use is batching. Focusing first on the basic modular exponentiation oper-ation, we provide some probabilistic batch verifiers, or tests, that verify a sequence of modular exponentiations significantly faster than the naive re-computation method. This yields speedupsfor several verification tasks that involve modular exponentiations.

) L'aszl'o Babai Noam Nisan y Lance Fortnow z Avi Wigderson University of Chicago Hebrew University Abstract We show that BPP can be simulated in subexponential time for infinitely many input lengths unless exponential time ffl collapses to the second level of the polynomial-time hierarchy, ffl has polynomial-size circuits and ffl has publishable proofs (EXPTIME=MA). We also show that BPP is contained in subexponential time unless exponential time has publishable proofs for infinitely many input lengths. In addition, we show BPP can be simulated in subexponential time for infinitely many input lengths unless there exist unary languages in MA n P . The proofs are based on the recent characterization of the power of multiprover interactive protocols and on random self-reducibility via low degree polynomials. They exhibit an interplay between Boolean circuit simulation, interactive proofs and classical complexity classes. An important feature of this proof is that it does not ...

We review the field of result-checking, discussing simple checkers and selfcorrectors. We argue that such checkers could profitably be incorporated in software as an aid to efficient debugging and reliable functionality. We consider how to modify traditional checking methodologies to make them more appropriate for use in realtime, real-number computer systems. In particular, we suggest that checkers should be allowed to use stored randomness: i.e., that they should be allowed to generate, pre-process, and store random bits prior to run-time, and then to use this information repeatedly in a series of run-time checks. In a case study of checking a general real-number linear transformation (for example, a Fourier Transform), we present a simple checker which uses stored randomness, and a self-corrector which is particularly efficient if stored randomness is allowed.

This chapter is a self-contained survey of recent results about the hardness of approximating NP-hard optimization problems.

We extend the notion of program checking to include programs which alter their environment. In particular, we consider programs which store and retrieve data from memory. The model we consider allows the checker a small amount of reliable memory. The checker is presented with a sequence of requests (on-line) to a data structure which must reside in a large but unreliable memory. We view the data structure as being controlled by an adversary. We want the checker to perform each operation in the input sequence using its reliable memory and the unreliable data structure so that any error in the operation of the structure will be detected by the checker with high probability. We present checkers for various data structures. We prove lower bounds of log n on the amount of reliable memory needed by these checkers where n is the size of the structure. The lower bounds are information theoretic and apply under various assumptions. We also show time-space tradeoffs for checking random access memories as a generalization of those for coherent functions. 1

Abstract not found

This paper puts forward a new notion of a proof based on computational complexity and explores its implications for computation at large. Computationally sound proofs provide, in a novel and meaningful framework, answers to old and new questions in complexity theory. In particular, given a random oracle or a new complexity assumption, they enable us to 1. prove that verifying is easier than deciding for all theorems; 2. provide a quite effective way to prove membership in computationally hard languages (such as Co-NP-complete ones); and 3. show that every computation possesses a short certificate vouching its correctness. Finally, if a special type of computationally sound proof exists, we show that Blum’s notion of program checking can be meaningfully broadened so as to prove that NP-complete languages are checkable.

Nonrobustness refers to qualitative or catastrophic failures in geometric algorithms arising from numerical errors. Section...

We describe the Monitoring and Checking (MaC) framework which assures the correctness of the current execution at run-time. Monitoring is performed based on a formal specification of system requirements. MaC bridges the gap between formal specification and verification, which ensures the correctness of a design rather than an implementation, and testing, which partially validates an implementation. An important aspect of the framework is a clear separation between implementation-dependent description of monitored objects and high-level requirements speci cation. Another salient feature is automatic instrumentation of executable code. The paper presents an overview of the framework and two languages to specify monitoring scripts and requirements, and briefly explain our on-going prototype implementation.