Results 1  10
of
13
Proof verification and hardness of approximation problems
 IN PROC. 33RD ANN. IEEE SYMP. ON FOUND. OF COMP. SCI
, 1992
"... We show that every language in NP has a probablistic verifier that checks membership proofs for it using logarithmic number of random bits and by examining a constant number of bits in the proof. If a string is in the language, then there exists a proof such that the verifier accepts with probabilit ..."
Abstract

Cited by 797 (39 self)
 Add to MetaCart
We show that every language in NP has a probablistic verifier that checks membership proofs for it using logarithmic number of random bits and by examining a constant number of bits in the proof. If a string is in the language, then there exists a proof such that the verifier accepts with probability 1 (i.e., for every choice of its random string). For strings not in the language, the verifier rejects every provided “proof " with probability at least 1/2. Our result builds upon and improves a recent result of Arora and Safra [6] whose verifiers examine a nonconstant number of bits in the proof (though this number is a very slowly growing function of the input length). As a consequence we prove that no MAX SNPhard problem has a polynomial time approximation scheme, unless NP=P. The class MAX SNP was defined by Papadimitriou and Yannakakis [82] and hard problems for this class include vertex cover, maximum satisfiability, maximum cut, metric TSP, Steiner trees and shortest superstring. We also improve upon the clique hardness results of Feige, Goldwasser, Lovász, Safra and Szegedy [42], and Arora and Safra [6] and shows that there exists a positive ɛ such that approximating the maximum clique size in an Nvertex graph to within a factor of N ɛ is NPhard.
Definitions And Properties Of ZeroKnowledge Proof Systems
 Journal of Cryptology
, 1994
"... In this paper we investigate some properties of zeroknowledge proofs, a notion introduced by Goldwasser, Micali and Rackoff. We introduce and classify two definitions of zeroknowledge: auxiliary \Gamma input zeroknowledge and blackbox \Gamma simulation zeroknowledge. We explain why auxiliaryinp ..."
Abstract

Cited by 129 (10 self)
 Add to MetaCart
(Show Context)
In this paper we investigate some properties of zeroknowledge proofs, a notion introduced by Goldwasser, Micali and Rackoff. We introduce and classify two definitions of zeroknowledge: auxiliary \Gamma input zeroknowledge and blackbox \Gamma simulation zeroknowledge. We explain why auxiliaryinput zeroknowledge is a definition more suitable for cryptographic applications than the original [GMR1] definition. In particular, we show that any protocol solely composed of subprotocols which are auxiliaryinput zeroknowledge is itself auxiliaryinput zeroknowledge. We show that blackboxsimulation zeroknowledge implies auxiliaryinput zeroknowledge (which in turn implies the [GMR1] definition). We argue that all known zeroknowledge proofs are in fact blackboxsimulation zeroknowledge (i.e., were proved zeroknowledge using blackboxsimulation of the verifier). As a result, all known zeroknowledge proof systems are shown to be auxiliaryinput zeroknowledge and can be used for cryptographic applications such as those in [GMW2]. We demonstrate the triviality of certain classes of zeroknowledge proof systems, in the sense that only languages in BPP have zeroknowledge proofs of these classes. In particular, we show that any language having a Las Vegas zeroknowledge proof system necessarily belongs to RP . We show that randomness of both the verifier and the prover, and nontriviality of the interaction are essential properties of (nontrivial) auxiliaryinput zeroknowledge proofs.
Hardness Of Approximations
, 1996
"... This chapter is a selfcontained survey of recent results about the hardness of approximating NPhard optimization problems. ..."
Abstract

Cited by 117 (5 self)
 Add to MetaCart
This chapter is a selfcontained survey of recent results about the hardness of approximating NPhard optimization problems.
Parallelization, Amplification, and Exponential Time Simulation of Quantum Interactive Proof Systems
 In Proceedings of the 32nd ACM Symposium on Theory of Computing
, 2000
"... In this paper we consider quantum interactive proof systems, which are interactive proof systems in which the prover and verier may perform quantum computations and exchange quantum information. We prove that any polynomialround quantum interactive proof system with twosided bounded error can be p ..."
Abstract

Cited by 77 (19 self)
 Add to MetaCart
(Show Context)
In this paper we consider quantum interactive proof systems, which are interactive proof systems in which the prover and verier may perform quantum computations and exchange quantum information. We prove that any polynomialround quantum interactive proof system with twosided bounded error can be parallelized to a quantum interactive proof system with exponentially small onesided error in which the prover and verier exchange only 3 messages. This yields a simplied proof that PSPACE has 3message quantum interactive proof systems. We also prove that any language having a quantum interactive proof system can be decided in deterministic exponential time, implying that singleprover quantum interactive proof systems are strictly less powerful than multipleprover classical interactive proof systems unless EXP = NEXP. 1. INTRODUCTION Interactive proof systems were introduced by Babai [3] and Goldwasser, Micali, and Racko [17] in 1985. In the same year, Deutsch [10] gave the rst for...
Some Applications of Coding Theory in Computational Complexity
, 2004
"... Errorcorrecting codes and related combinatorial constructs play an important role in several recent (and old) results in computational complexity theory. In this paper we survey results on locallytestable and locallydecodable errorcorrecting codes, and their applications to complexity theory ..."
Abstract

Cited by 65 (2 self)
 Add to MetaCart
(Show Context)
Errorcorrecting codes and related combinatorial constructs play an important role in several recent (and old) results in computational complexity theory. In this paper we survey results on locallytestable and locallydecodable errorcorrecting codes, and their applications to complexity theory and to cryptography.
Limits on the Power of Quantum Statistical ZeroKnowledge
, 2003
"... In this paper we propose a definition for honest verifier quantum statistical zeroknowledge interactive proof systems and study the resulting complexity class, which we denote QSZK ..."
Abstract

Cited by 39 (4 self)
 Add to MetaCart
(Show Context)
In this paper we propose a definition for honest verifier quantum statistical zeroknowledge interactive proof systems and study the resulting complexity class, which we denote QSZK
The approximability of NPhard problems
 In Proceedings of the Annual ACM Symposium on Theory of Computing
, 1998
"... Many problems in combinatorial optimization are NPhard (see [60]). This has forced researchers to explore techniques for dealing with NPcompleteness. Some have considered algorithms that solve “typical” ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
(Show Context)
Many problems in combinatorial optimization are NPhard (see [60]). This has forced researchers to explore techniques for dealing with NPcompleteness. Some have considered algorithms that solve “typical”
Some facets of complexity theory and cryptography: A fivelecture tutorial
 ACM Computing Surveys
"... In this tutorial, selected topics of cryptology and of computational complexity theory are presented. We give a brief overview of the history and the foundations of classical cryptography, and then move on to modern publickey cryptography. Particular attention is paid to cryptographic protocols and ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
In this tutorial, selected topics of cryptology and of computational complexity theory are presented. We give a brief overview of the history and the foundations of classical cryptography, and then move on to modern publickey cryptography. Particular attention is paid to cryptographic protocols and the problem of constructing the key components of such protocols such as oneway functions. A function is oneway if it is easy to compute, but hard to invert. We discuss the notion of oneway functions both in a cryptographic and in a complexitytheoretic setting. We also consider interactive proof systems and present some interesting zeroknowledge protocols. In a zeroknowledge protocol one party can convince the other party of knowing some secret information without disclosing any bit of this information. Motivated by these protocols, we survey some complexitytheoretic
Fibrations and Calculi of Fractions
 Journal of pure and applied algebra
, 1994
"... Given a fibration E ! B and a class \Sigma of arrows of B, one can construct the free fibration (on E over B such that all reindexing functors over elements of \Sigma are equivalences. ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Given a fibration E ! B and a class \Sigma of arrows of B, one can construct the free fibration (on E over B such that all reindexing functors over elements of \Sigma are equivalences.
On the role of algebra in the efficient verification of proofs
 TALK GIVEN AT WORKSHOP ON ALGEBRAIC METHODS IN COMPLEXITY THEORY
"... ..."