Results 1  10
of
33
Proof verification and hardness of approximation problems
 IN PROC. 33RD ANN. IEEE SYMP. ON FOUND. OF COMP. SCI
, 1992
"... We show that every language in NP has a probablistic verifier that checks membership proofs for it using logarithmic number of random bits and by examining a constant number of bits in the proof. If a string is in the language, then there exists a proof such that the verifier accepts with probabilit ..."
Abstract

Cited by 719 (46 self)
 Add to MetaCart
We show that every language in NP has a probablistic verifier that checks membership proofs for it using logarithmic number of random bits and by examining a constant number of bits in the proof. If a string is in the language, then there exists a proof such that the verifier accepts with probability 1 (i.e., for every choice of its random string). For strings not in the language, the verifier rejects every provided “proof " with probability at least 1/2. Our result builds upon and improves a recent result of Arora and Safra [6] whose verifiers examine a nonconstant number of bits in the proof (though this number is a very slowly growing function of the input length). As a consequence we prove that no MAX SNPhard problem has a polynomial time approximation scheme, unless NP=P. The class MAX SNP was defined by Papadimitriou and Yannakakis [82] and hard problems for this class include vertex cover, maximum satisfiability, maximum cut, metric TSP, Steiner trees and shortest superstring. We also improve upon the clique hardness results of Feige, Goldwasser, Lovász, Safra and Szegedy [42], and Arora and Safra [6] and shows that there exists a positive ɛ such that approximating the maximum clique size in an Nvertex graph to within a factor of N ɛ is NPhard.
SelfTesting/Correcting with Applications to Numerical Problems
, 1990
"... Suppose someone gives us an extremely fast program P that we can call as a black box to compute a function f . Should we trust that P works correctly? A selftesting/correcting pair allows us to: (1) estimate the probability that P (x) 6= f(x) when x is randomly chosen; (2) on any input x, compute ..."
Abstract

Cited by 345 (27 self)
 Add to MetaCart
Suppose someone gives us an extremely fast program P that we can call as a black box to compute a function f . Should we trust that P works correctly? A selftesting/correcting pair allows us to: (1) estimate the probability that P (x) 6= f(x) when x is randomly chosen; (2) on any input x, compute f(x) correctly as long as P is not too faulty on average. Furthermore, both (1) and (2) take time only slightly more than Computer Science Division, U.C. Berkeley, Berkeley, California 94720, Supported by NSF Grant No. CCR 8813632. y International Computer Science Institute, Berkeley, California 94704 z Computer Science Division, U.C. Berkeley, Berkeley, California 94720, Supported by an IBM Graduate Fellowship and NSF Grant No. CCR 8813632. the original running time of P . We present general techniques for constructing simple to program selftesting /correcting pairs for a variety of numerical problems, including integer multiplication, modular multiplication, matrix multiplicatio...
Robust Characterizations of Polynomials with Applications to Program Testing
, 1996
"... The study of selftesting and selfcorrecting programs leads to the search for robust characterizations of functions. Here we make this notion precise and show such a characterization for polynomials. From this characterization, we get the following applications. ..."
Abstract

Cited by 328 (39 self)
 Add to MetaCart
The study of selftesting and selfcorrecting programs leads to the search for robust characterizations of functions. Here we make this notion precise and show such a characterization for polynomials. From this characterization, we get the following applications.
A SubConstant ErrorProbability LowDegree Test, and a SubConstant ErrorProbability PCP Characterization of NP
 IN PROC. 29TH ACM SYMP. ON THEORY OF COMPUTING, 475484. EL PASO
, 1997
"... We introduce a new lowdegreetest, one that uses the restriction of lowdegree polynomials to planes (i.e., affine subspaces of dimension 2), rather than the restriction to lines (i.e., affine subspaces of dimension 1). We prove the new test to be of a very small errorprobability (in particular, ..."
Abstract

Cited by 282 (21 self)
 Add to MetaCart
We introduce a new lowdegreetest, one that uses the restriction of lowdegree polynomials to planes (i.e., affine subspaces of dimension 2), rather than the restriction to lines (i.e., affine subspaces of dimension 1). We prove the new test to be of a very small errorprobability (in particular, much smaller than constant). The new test enables us to prove a lowerror characterization of NP in terms of PCP. Specifically, our theorem states that, for any given ffl ? 0, membership in any NP language can be verified with O(1) accesses, each reading logarithmic number of bits, and such that the errorprobability is 2 \Gamma log 1\Gammaffl n . Our results are in fact stronger, as stated below. One application of the new characterization of NP is that approximating SETCOVER to within a logarithmic factors is NPhard. Previous analysis for lowdegreetests, as well as previous characterizations of NP in terms of PCP, have managed to achieve, with constant number of accesses, error...
Software Reliability via RunTime ResultChecking
 JOURNAL OF THE ACM
, 1994
"... We review the field of resultchecking, discussing simple checkers and selfcorrectors. We argue that such checkers could profitably be incorporated in software as an aid to efficient debugging and reliable functionality. We consider how to modify traditional checking methodologies to make them more ..."
Abstract

Cited by 101 (2 self)
 Add to MetaCart
We review the field of resultchecking, discussing simple checkers and selfcorrectors. We argue that such checkers could profitably be incorporated in software as an aid to efficient debugging and reliable functionality. We consider how to modify traditional checking methodologies to make them more appropriate for use in realtime, realnumber computer systems. In particular, we suggest that checkers should be allowed to use stored randomness: i.e., that they should be allowed to generate, preprocess, and store random bits prior to runtime, and then to use this information repeatedly in a series of runtime checks. In a case study of checking a general realnumber linear transformation (for example, a Fourier Transform), we present a simple checker which uses stored randomness, and a selfcorrector which is particularly efficient if stored randomness is allowed.
Efficient Checking of Polynomials and Proofs and the Hardness of Approximation Problems
, 1992
"... The definition of the class NP [Coo71, Lev73] highlights the problem of verification of proofs as one of central interest to theoretical computer science. Recent efforts have shown that the efficiency of the verification can be greatly improved by allowing the verifier access to random bits and acce ..."
Abstract

Cited by 69 (9 self)
 Add to MetaCart
The definition of the class NP [Coo71, Lev73] highlights the problem of verification of proofs as one of central interest to theoretical computer science. Recent efforts have shown that the efficiency of the verification can be greatly improved by allowing the verifier access to random bits and accepting probabilistic guarantees from the verifier [BFL91, BFLS91, FGL + 91, AS92]. We improve upon the efficiency of the proof systems developed above and obtain proofs which can be verified probabilistically by examining only a constant number of (randomly chosen) bits of the proof. The efficiently verifiable proofs constructed here rely on the structural properties of lowdegree polynomials. We explore the properties of these functions by examining some simple and basic questions about them. We consider questions of the form: • (testing) Given an oracle for a function f, is f close to a lowdegree polynomial? • (correcting) Let f be close to a lowdegree polynomial g, is it possible to efficiently reconstruct the value of g on any given input using an oracle for f? 2 The questions described above have been raised before in the context of coding theory as the problems of errordetecting and errorcorrecting of codes. More recently
WitnessBased Cryptographic Program Checking and Robust Function Sharing
, 1996
"... We suggest a new methodology for "result checking" that enables us to extend the notion of Blum's program result checking to the online checking of cryptographic functions. In our model, the checker not only needs to be assured of the correctness of the result but the owner of the program needs to ..."
Abstract

Cited by 26 (4 self)
 Add to MetaCart
We suggest a new methodology for "result checking" that enables us to extend the notion of Blum's program result checking to the online checking of cryptographic functions. In our model, the checker not only needs to be assured of the correctness of the result but the owner of the program needs to be sure not to give away anything but the requested result on the (authorized) input. The existing approaches for program result checking of numerical problems often ask the program a number of extra queries (different from the actual input). In the case of cryptographic functions, this may be in contradiction with the security requirement of the program owner. Additional queries, in fact, may be used to gain unauthorized advantage (for example, imagine the implications of the online checking of a decryption device that requires the decryption of extra ciphertexts). In [Blum88], the notion of a simple checker was introduced where, for the purpose of efficiency, extra queries are not allowed...
Locally Random Reductions in Interactive Complexity Theory
 DIMACS Series in Discrete Mathematics and Theoretical Computer Science
, 1993
"... We survey definitions, known results, and open questions in the area of locally random reductions and explore the ramifications of these reductions in complexity theory. This paper is based on a survey talk given at the DIMACS Workshop on Structural Complexity and Cryptography, Rutgers University, ..."
Abstract

Cited by 21 (5 self)
 Add to MetaCart
We survey definitions, known results, and open questions in the area of locally random reductions and explore the ramifications of these reductions in complexity theory. This paper is based on a survey talk given at the DIMACS Workshop on Structural Complexity and Cryptography, Rutgers University, New Brunswick NJ, December 1990. 1 Introduction We consider the question of whether a probabilistic polynomialtime machine A can compute a function f in the following manner. A interacts with one or more machines B 1 , . . ., B k that are not restricted to probabilistic polynomial time. At the end of the interaction, A can use the information obtained from the B i 's to compute f(x). However, the information that A sends to the B i 's is locally random. Informally, this means that no individual B i can use it to figure out what A's private input x is. This study can be motivated by the practical problem of using shared resources for private computations. For example, f may be a financial ...
Certification of computational results
 IEEE Transactions on Computers
, 1995
"... 1 Introduction In this paper we describe a novel and powerful technique for achieving fault tolerance in systems. Although applicable to both hardware and software implementation, we restrict our discussion of this technique to implementation in software. To explain our technique, we will first disc ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
1 Introduction In this paper we describe a novel and powerful technique for achieving fault tolerance in systems. Although applicable to both hardware and software implementation, we restrict our discussion of this technique to implementation in software. To explain our technique, we will first discuss a simpler method. In this method the specification of a problem is given and an algorithm to solve it is constructed. This algorithm is executed on a particular input and the output is stored. Next, the same algorithm is executed again on the same input and the output is compared to the earlier output. If the outputs differ then an error is indicated, otherwise the output is accepted as correct. This method requires additional time, so called time
Transparent Proofs and Limits to Approximation
, 1994
"... We survey a major collective accomplishment of the theoretical computer science community on efficiently verifiable proofs. Informally, a formal proof is transparent (or holographic) if it can be verified with large confidence by a small number of spotchecks. Recent work by a large group of researc ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
We survey a major collective accomplishment of the theoretical computer science community on efficiently verifiable proofs. Informally, a formal proof is transparent (or holographic) if it can be verified with large confidence by a small number of spotchecks. Recent work by a large group of researchers has shown that this seemingly paradoxical concept can be formalized and is feasible in a remarkably strong sense; every formal proof in ZF, say, can be rewritten in transparent format (proving the same theorem in a different proof system) without increasing the length of the proof by too much. This result in turn has surprising implications for the intractability of approximate solutions of a wide range of discrete optimization problems, extending the pessimistic predictions of the PNP theory to approximate solvability. We discuss the main results on transparent proofs and their implications to discrete optimization. We give an account of several links between the two subjects as well ...