Strong ETH Breaks With Merlin and Arthur: Short Non-Interactive Proofs of Batch Evaluation

We present an efficient proof system for Multipoint Arithmetic Circuit Evaluation: for every arithmetic circuit $C(x_1,\ldots,x_n)$ of size $s$ and degree $d$ over a field ${\mathbb F}$, and any inputs $a_1,\ldots,a_K \in {\mathbb F}^n$, $\bullet$ the Prover sends the Verifier the values $C(a_1), \ldots, C(a_K) \in {\mathbb F}$ and a proof of $\tilde{O}(K \cdot d)$ length, and $\bullet$ the Verifier tosses $\textrm{poly}(\log(dK|{\mathbb F}|/\varepsilon))$ coins and can check the proof in about $\tilde{O}(K \cdot(n + d) + s)$ time, with probability of error less than $\varepsilon$. For small degree $d$, this "Merlin-Arthur" proof system (a.k.a. MA-proof system) runs in nearly-linear time, and has many applications. For example, we obtain MA-proof systems that run in $c^{n}$ time (for various $c < 2$) for the Permanent, $\#$Circuit-SAT for all sublinear-depth circuits, counting Hamiltonian cycles, and infeasibility of $0$-$1$ linear programs. In general, the value of any polynomial in Valiant's class ${\sf VP}$ can be certified faster than "exhaustive summation" over all possible assignments. These results strongly refute a Merlin-Arthur Strong ETH and Arthur-Merlin Strong ETH posed by Russell Impagliazzo and others. We also give a three-round (AMA) proof system for quantified Boolean formulas running in $2^{2n/3+o(n)}$ time, nearly-linear time MA-proof systems for counting orthogonal vectors in a collection and finding Closest Pairs in the Hamming metric, and a MA-proof system running in $n^{k/2+O(1)}$-time for counting $k$-cliques in graphs. We point to some potential future directions for refuting the Nondeterministic Strong ETH.

[1]  Ron Rothblum,et al.  Non-interactive proofs of proximity , 2015, computational complexity.

[2]  Russell Impagliazzo,et al.  A Satisfiability Algorithm for Sparse Depth Two Threshold Circuits , 2012, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[3]  Russell Impagliazzo,et al.  A lower bound for DLL algorithms for k-SAT (preliminary version) , 2000, SODA '00.

[4]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[5]  Rosario Gennaro,et al.  Publicly verifiable delegation of large polynomials and matrix computations, with applications , 2012, IACR Cryptol. ePrint Arch..

[6]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[7]  Huacheng Yu,et al.  More Applications of the Polynomial Method to Algorithm Design , 2015, SODA.

[8]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[9]  Ryan Williams,et al.  A new algorithm for optimal 2-constraint satisfaction and its implications , 2005, Theor. Comput. Sci..

[10]  Christopher Umans,et al.  Fast Polynomial Factorization and Modular Composition , 2011, SIAM J. Comput..

[11]  Amir Abboud,et al.  Popular Conjectures Imply Strong Lower Bounds for Dynamic Problems , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[12]  Ryan Williams,et al.  Non-uniform ACC Circuit Lower Bounds , 2011, 2011 IEEE 26th Annual Conference on Computational Complexity.

[13]  Oded Goldreich,et al.  On the Complexity of Interactive Proofs with Bounded Communication , 1998, Inf. Process. Lett..

[14]  A. M. Odlyzko,et al.  Computing pi(x): An Analytic Method , 1987, J. Algorithms.

[15]  Ryan Williams,et al.  Improving exhaustive search implies superpolynomial lower bounds , 2010, STOC '10.

[16]  Avi Wigderson,et al.  Algebrization: A New Barrier in Complexity Theory , 2009, TOCT.

[17]  Karl Bringmann,et al.  Why Walking the Dog Takes Time: Frechet Distance Has No Strongly Subquadratic Algorithms Unless SETH Fails , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[18]  Toniann Pitassi,et al.  Circuit Complexity, Proof Complexity, and Polynomial Identity Testing , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[19]  Journal of the Association for Computing Machinery , 1961, Nature.

[20]  Ellis Horowitz,et al.  A Fast Method for Interpolation Using Preconditioning , 1972, Information Processing Letters.

[21]  Carsten Lund,et al.  Algebraic methods for interactive proof systems , 1992, JACM.

[22]  R. Raz,et al.  How to delegate computations: the power of no-signaling proofs , 2014, Electron. Colloquium Comput. Complex..

[23]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, IEEE Symposium on Security and Privacy.

[24]  Dániel Marx,et al.  Lower bounds based on the Exponential Time Hypothesis , 2011, Bull. EATCS.

[25]  Sanjeev Arora,et al.  Computational Complexity: A Modern Approach , 2009 .

[26]  Carsten Lund,et al.  Algebraic methods for interactive proof systems , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[27]  Russell Impagliazzo,et al.  Strong ETH holds for regular resolution , 2013, STOC '13.

[28]  Ron Rothblum,et al.  Non-Interactive Proofs of Proximity , 2015, ITCS.

[29]  Justin Thaler,et al.  Time-Optimal Interactive Proofs for Circuit Evaluation , 2013, CRYPTO.

[30]  Charles M. Fiduccia,et al.  Polynomial evaluation via the division algorithm the fast Fourier transform revisited , 1972, STOC.

[31]  Joachim von zur Gathen,et al.  Modern Computer Algebra , 1998 .

[32]  Leslie G. Valiant,et al.  NP is as easy as detecting unique solutions , 1985, STOC '85.

[33]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[34]  Alexander Shen IP = SPACE: simplified proof , 1992, JACM.

[35]  Ryan Williams,et al.  Finding orthogonal vectors in discrete structures , 2014, SODA.

[36]  Russell Impagliazzo,et al.  On the Complexity of k-SAT , 2001, J. Comput. Syst. Sci..

[37]  Ryan Williams,et al.  Probabilistic Polynomials and Hamming Nearest Neighbors , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[38]  Russell Impagliazzo,et al.  Which problems have strongly exponential complexity? , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[39]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[40]  Avi Wigderson,et al.  On interactive proofs with a laconic prover , 2001, computational complexity.

[41]  Russell Impagliazzo,et al.  Derandomizing Polynomial Identity Tests Means Proving Circuit Lower Bounds , 2003, STOC '03.

[42]  Russell Impagliazzo,et al.  Which Problems Have Strongly Exponential Complexity? , 2001, J. Comput. Syst. Sci..

[43]  Russell Impagliazzo,et al.  The Complexity of Satisfiability of Small Depth Circuits , 2009, IWPEC.

[44]  Ryan Williams Nonuniform ACC Circuit Lower Bounds , 2014, JACM.

[45]  Amir Abboud,et al.  Quadratic-Time Hardness of LCS and other Sequence Similarity Measures , 2015, ArXiv.

[46]  R. Gregory Taylor,et al.  Modern computer algebra , 2002, SIGA.

[47]  Leslie G. Valiant,et al.  NP is as easy as detecting unique solutions , 1985, STOC '85.

[48]  Lance Fortnow,et al.  Nonrelativizing separations , 1998, Proceedings. Thirteenth Annual IEEE Conference on Computational Complexity (Formerly: Structure in Complexity Theory Conference) (Cat. No.98CB36247).

[49]  Amir Abboud,et al.  Tight Hardness Results for LCS and Other Sequence Similarity Measures , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[50]  Vaughan R. Pratt,et al.  Every Prime has a Succinct Certificate , 1975, SIAM J. Comput..

[51]  Russell Impagliazzo,et al.  Complexity of kSAT , 2007 .

[52]  Liam Roditty,et al.  Fast approximation algorithms for the diameter and radius of sparse graphs , 2013, STOC '13.

[53]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[54]  Adi Shamir,et al.  IP = PSPACE , 1992, JACM.

[55]  Richard M. Karp,et al.  Dynamic programming meets the principle of inclusion and exclusion , 1982, Oper. Res. Lett..

[56]  Russell Impagliazzo,et al.  Nondeterministic Extensions of the Strong Exponential Time Hypothesis and Consequences for Non-reducibility , 2016, Electron. Colloquium Comput. Complex..

[57]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[58]  Timothy M. Chan,et al.  Deterministic APSP, Orthogonal Vectors, and More: Quickly Derandomizing Razborov-Smolensky , 2016, SODA.

[59]  Virginia Vassilevska Williams,et al.  Hardness of Easy Problems: Basing Hardness on Popular Conjectures such as the Strong Exponential Time Hypothesis (Invited Talk) , 2015, IPEC.

[60]  Yuval Ishai,et al.  From Secrecy to Soundness: Efficient Verification via Secure Computation , 2010, ICALP.

[61]  Hamidreza Jahanjou,et al.  Local Reductions , 2013, ICALP.

[62]  Piotr Indyk,et al.  Edit Distance Cannot Be Computed in Strongly Subquadratic Time (unless SETH is false) , 2014, STOC.

[63]  Russell Impagliazzo,et al.  Complexity of k-SAT , 1999, Proceedings. Fourteenth Annual IEEE Conference on Computational Complexity (Formerly: Structure in Complexity Theory Conference) (Cat.No.99CB36317).

[64]  Richard P. Brent,et al.  The Parallel Evaluation of General Arithmetic Expressions , 1974, JACM.

[65]  Leslie G. Valiant,et al.  Completeness classes in algebra , 1979, STOC.

[66]  Michal Pilipczuk Lower Bounds Based on the Exponential Time Hypothesis: Edge Clique Cover , 2016, Encyclopedia of Algorithms.

[67]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.