Parallelization of entanglement-resistant multi-prover interactive proofs

https://doi.org/10.1016/j.ipl.2014.05.005Get rights and content

Highlights

  • We study classical multi-prover interactive proofs which are sound also against entangled provers.

  • Such interactive proofs have been studied widely in quantum complexity theory.

  • We prove such interactive proofs can be parallelized to two rounds by adding one prover.

Abstract

Multi-prover interactive proof systems are said to be entanglement-resistant if the soundness holds even when provers are allowed to share an arbitrary quantum state before the interaction starts. This letter proves that every entanglement-resistant multi-prover interactive proof system can be parallelized to two rounds without ruining its entanglement resistance at the expense of adding one prover.

Introduction

Multi-prover interactive proof systems [4] are a computational model in which a randomized polynomial-time verifier tries to decide whether some claim is true or false with small error by interacting with computationally unbounded provers who jointly try to convince the verifier that the claim is true. The provers are not allowed to communicate with each other during the interaction. The class of decision problems having a multi-prover interactive proof system is denoted by MIP. It has been long known that multi-prover interactive proof systems are equivalent to NEXP in their computational power [2], even in the restricted case with two provers, one round, and exponentially small one-sided error [10].

A standard convexity argument implies that allowing provers to share randomness does not affect the computational power of multi-prover interactive proof systems. Cleve, Høyer, Toner, and Watrous [8] introduced the important variation of this model in which provers are allowed to share a quantum state of their choice before the interaction begins. Such provers are called “entangled provers” because in general they are allowed to share entangled quantum states. In contrast, we call provers without shared quantum states “local provers.” At first sight one may think by an analogy from shared randomness that this will not change the computational power of the model. However, Ref. [8] pointed out that allowing a shared quantum state breaks the soundness of some multi-prover interactive proof systems. This is a computational complexity consequence of what has been known in physics as “the violation of Bell inequalities” [3], [6].

Allowing provers to share a quantum state increases their power. Note that this has two potential consequences to the computational power: on the negative side, it increases the power of dishonest provers, and therefore it may break the soundness of protocols. On the positive side, it increases the power of honest provers, and therefore it may allow for new protocols. Because of this, until recently [14] neither direction of inclusion was known between MIP and MIP, where the latter is defined as the class of decision problems having a multi-prover interactive proof system with entangled provers.

Some multi-prover interactive proof systems are known to have the desirable properties of both MIP and MIP: the completeness holds with local provers, and the soundness holds with entangled provers. Such protocols are said to be entanglement-resistant. Several entanglement-resistant multi-prover interactive proof systems are known [[15], [7], [13], [12]].

It is useful to consider how entanglement-resistant multi-prover interactive proof systems can be transformed to “more efficient” ones. Given that every multi-prover interactive proof system in the classical world can be transformed to one with two provers, one round, and exponentially small one-sided error as stated above, it is natural to ask whether a similar transformation is possible for an entanglement-resistant one. This paper shows that every entanglement-resistant multi-prover interactive proof system with bounded error can be parallelized to two rounds by adding one prover, without ruining its entanglement-resistance. Moreover, it shows that if the starting system is non-adaptive, the resulting system can be further parallelized to one round.

Comparisons to related results

Our result can be viewed as a generalization of a result by Kempe, Kobayashi, Matsumoto, Toner, and Vidick [15] that every problem in PSPACE has an entanglement-resistant two-prover one-round interactive proof system: if we apply our parallelization to a public-coin (and therefore non-adaptive) single-prover (and therefore trivially entanglement-resistant) interactive proof system for PSPACE, we recover the construction in Ref. [15].

Kempe, Kobayashi, Matsumoto, and Vidick [16] proved that quantum multi-prover interactive proof systems with entangled provers, where the verifier is allowed to operate on quantum states and exchange quantum messages with provers, can be parallelized to three turns (one and a half rounds) without increasing the number of provers. Our result is not comparable to this result because the parallelized interactive proof system constructed by their transformation requires quantum messages even if the verifier in the original interactive proof system is classical. Although quantum multi-prover interactive proof systems with entangled provers can be transformed to classical ones with entangled provers (shown by Reichardt, Unger, and Vazirani [20], [19] motivated in part by a proposal by Broadbent, Fitzsimons, and Kashefi [5]), this cannot be combined with the result of Ref. [16] to reproduce our result because doing so would result in proof systems with a polynomially many rounds.

Section snippets

Preliminaries

We write [n]={1,,n}. We denote a tuple of variables using “[n]” and “[n][m]” in subscripts.

We assume that the reader is familiar with the quantum formalism, including density matrices, measurements, and the trace distance between density matrices [17]. In this letter, density matrices are also called quantum states. We also assume that the reader is familiar with basic notions of computational complexity theory [1], [11].

In a t-prover r-round interactive proof system, a verifier and t provers

Our results

Theorem 1

Let t,rpoly such that r(n)1 and c,s:N[0,1], and let s(n)=1(1s(n))2/(25r(n)2). If c(n)>s(n), then it holds that MIPer(t(n),r(n),c(n),s(n))MIPer(t(n)+1,2,c(n),s(n)) and naMIPer(t(n),r(n),c(n),s(n))MIPer(t(n)+1,1,c(n),s(n)).

Before proceeding to the proof, we state corollaries of Theorem 1. By the standard sequential repetition, it holds that for every ppoly such that p(n)2, MIPer(t(n),poly)MIPer(t(n),poly,12p(n),2p(n)) and naMIPer(t(n),poly)naMIPer(t(n),poly,12p(n),2p(n)). By

Proof of Theorem 1

Let LMIPer(t(n),r(n),c(n),s(n)), and let V be a corresponding entanglement-resistant t(n)-prover r(n)-round interactive proof system. We will construct an entanglement-resistant (t(n)+1)-prover two-round interactive proof system V for L which has completeness at least c(n) and soundness error at most s(n)=1(1s(n))2/(25r(n)2).

Construction of protocols

Our construction is similar to that used in Section 5 of Ref. [15] based on Ref. [22], but is modified to make it applicable to multi-prover and adaptive interactive

Concluding remarks

We proved that every entanglement-resistant multi-prover interactive proof system can be parallelized to two rounds at the cost of one additional prover, and to one round if the starting system is non-adaptive. We believe that investigations of possible ways to convert systems are important to understand the computational power of entanglement-resistant multi-prover interactive proof systems and, more generally, the effect of quantum nonlocality on computational complexity. After the completion

Acknowledgements

The author thanks Dominic Berry for pointing out a simplification of the protocol in an earlier version and John Watrous for helpful suggestions and for finding errors in English in an earlier version. He also thanks an anonymous reviewer for helpful comments. The author acknowledges support by NSERC, CIFAR, QuantumWorks, CFI, and ORF.

References (22)

  • S. Even et al.

    The complexity of promise problems with applications to public-key cryptography

    Inf. Control

    (1984)
  • J.-Y. Cai et al.

    PSPACE is provable by two provers in one round

    J. Comput. Syst. Sci.

    (1994)
  • S. Arora et al.

    Computational Complexity: A Modern Approach

    (2009)
  • L. Babai et al.

    Non-deterministic exponential time has two-prover interactive protocols

    Comput. Complex.

    (1991)
  • J.S. Bell

    On the Einstein–Podolsky–Rosen paradox

    Physics

    (1964)
  • M. Ben-Or et al.

    Multi-prover interactive proofs: how to remove intractability assumptions

  • A. Broadbent et al.
  • J.F. Clauser et al.

    Proposed experiment to test local hidden-variable theories

    Phys. Rev. Lett.

    (1969)
  • R. Cleve et al.

    Entanglement-resistant two-prover interactive proof systems and non-adaptive PIRs

    Quantum Inf. Comput.

    (2009)
  • R. Cleve et al.

    Consequences and limits of nonlocal strategies

  • U. Feige et al.

    Two-prover one-round proof systems: their power and their problems

    • Cited by (3)

    1

    This research was conducted while the author was at Institute for Quantum Computing and David R. Cheriton School of Computer Science, University of Waterloo.

    View full text
    Copyright © 2014 Elsevier B.V. All rights reserved.