Abstract
The Goldwasser-Sipser emulation of general interactive proof systems by public-coins interactive proof systems proceeds by selecting, at each round, a verifier-message such that each message is selected with probability that is at most polynomially larger than its probability in the original protocol. Specifically, the possible messages are essentially clustered according to the probability that they are selected in the original protocol, and the emulation selects a message at random among those that belong to the heaviest cluster.
We consider the natural alternative in which, at each round, if the parties play honestly, then each verifier-message is selected with probability that approximately equals the probability that it is selected in the original (private coins) protocol. This is done by selecting a cluster with probability that is proportional to its weight, and picking a message at random in this cluster. The crux of this paper is showing that, essentially, no matter how the prover behaves, it cannot increase the probability that a message is selected by more than a constant factor (as compared to the original protocol). We also show that such a constant loss is inevitable.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Such a gap can be created by (sufficiently many) parallel executions of the original interactive proof systems. Indeed, this increases the length of messages but not the number of rounds.
- 2.
A set H of functions from D to R is called pairwise-independent if for every \(x\ne y\) in D and \(u,v\in R\) it holds that \( \mathbf{Pr}_{h\in H}[h(x)\!=\!u\, \& \,h(y)\!=\!v]=1/|R|^2\). Note that such “effective” sets are known; for example, for \(D={\{0,1\}}^\ell \) and \(R={\{0,1\}}^t\), the set of all affine transformation will do (e.g., \(h_{M,v}(x)=Mx+v\), where M is a t-by-\(\ell \) Boolean matrix and v (resp., x) is a t-dimensional (resp., \(\ell \)-dimensional) Boolean vector). By effective we mean that it is easy to select functions in the set and easy to evaluate them on a given input. For more details, see [5, Apdx. D.2].
- 3.
The key observations are that the \(L_i\)’s form a martingale and that with probability at least 3/4 all \(L_i\)’s reside in \([0,\log _b r +O(1)]\). Hence, \(\mathbf{Pr}[\sum _{i\in [r]}L_i>(1+o(1))\cdot \mu ]<1/3\). This allows setting \(B=b^{(3(b-1)^2+3b)/(b-1)^2}\), which yields \(B\approx (28266)^{1/3}<31\) at \(b\approx 1.79521\).
- 4.
Furthermore, this alternative argument for a decrease of a b-factor does not capitalize on the variance of weights in clusters.
References
Babai, L.: Trading group theory for randomness. In: 17th STOC, pp. 421–429 (1985)
Babai, L., Moran, S.: Arthur-Merlin games: a randomized proof system, and a hierarchy of complexity clusters. J. Comput. Syst. Sci. 36(2), 254–276 (1988)
Ben-Or, M., Goldreich, O., Goldwasser, S., Hastad, J., Kilian, J., Micali, S., Rogaway, P.: Everything provable is provable in zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 37–56. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_4
Fürer, M., Goldreich, O., Mansour, Y., Sipser, M., Zachos, S.: On completeness and soundness in interactive proof systems. In: Micali, S. (ed.) Randomness and Computation. Advances in Computing Research: A Research Annual, vol. 5, pp. 429–442 (1989)
Goldreich, O.: Computational Complexity: A Conceptual Perspective. Cambridge University Press, Cambridge (2008)
Goldreich, O., Vadhan, S., Wigderson, A.: On interactive proofs with a laconic prover. Comput. Complex. 11(1–2), 1–53 (2002)
Goldwasser, S., Micali, S., Rackoff,C.: The knowledge complexity of interactive proof systems. In: 17th STOC, pp. 291–304 (1985)
Goldwasser, S., Sipser, M.: Private coins versus public coins in interactive proof systems. In: 18th STOC, pp. 59–68 (1986)
Lund, C., Fortnow, L., Karloff, H., Nisan, N.: Algebraic methods for interactive proof systems. J. ACM 39(4), 859–868 (1992)
Shamir, A.: IP = PSPACE. J. ACM 39(4), 869–877 (1992)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Goldreich, O., Leshkowitz, M. (2020). On Emulating Interactive Proofs with Public Coins. In: Goldreich, O. (eds) Computational Complexity and Property Testing. Lecture Notes in Computer Science(), vol 12050. Springer, Cham. https://doi.org/10.1007/978-3-030-43662-9_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-43662-9_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-43661-2
Online ISBN: 978-3-030-43662-9
eBook Packages: Computer ScienceComputer Science (R0)