Proof systems where a polynomial-time probabilistic verifier can spot-check a given written proof by inspecting a few randomly selected symbols of the proof. Cost: Introducing some error.

📖Definition 48 (PCP verifier). A (non-adaptive) PCP verifier VV is a polynomial-time probabilistic Turing machine equipped with an additional random access proof tape together with a write-only query tape and a read-only answer tape. Two additional states: query state and continue state. The symbols on the proof tape are given by a proof alphabet.

Operation of VV: relative to the proof π\pi placed on the proof tape.

Denote VV together with π\pi: VπV^\pi. During computation VπV^\pi can enter the query state at most once.

  • Contents of the query tape is a list of positions of proof tape.
  • Symbols of the proof tape placed in those positions are placed on the answer tape, after which computation resumes in the continue state.

We restrict that only ONE ACCESS to the proof.

Important parameters of PCP verifier:

  1. Number of random bits used during computation
  2. Number of queries made to the proof tape.

📖Definition 49 (PCP languages). Let r:NN,q:NNr:\N\to\N,q:\N\to\N be functions, let Σ\Sigma be a non-empty finite set, and let 0s<c10\le s\lt c\le1 be reals. PCPc,sΣ(r(n),q(n))PCP_{c,s}^\Sigma(r(n),q(n)) is the class of languages LL for which there exist a PCP verifier VV that on input xx of length nn uses at most r(n)r(n) random bits and queries at most q(n)q(n) positions of a proof πΣ\pi\in\Sigma^* s.t.

xL,πΣ:Pr[Vπ(x)=yes]cx∉L,πΣ:Pr[Vπ(x)=yes]s\forall x\in L,\exist\pi\in\Sigma^*:\Pr[V^\pi(x)=yes]\ge c\\ \forall x\not\in L,\exist\pi\in\Sigma^*:\Pr[V^\pi(x)=yes]\le s

cc for completeness, ss for soundness.

We often use the notion as follows:

  • PCPc,s(r(n),q(n))PCP_{c,s}(r(n),q(n)) when Σ={0,1}\Sigma=\{0,1\}
  • PCPΣ(r(n),q(n))PCP^\Sigma(r(n),q(n)) when c=1,s=1/2c=1,s=1/2
  • PCP(r(n),q(n))PCP(r(n),q(n)) when both Σ={0,1}\Sigma=\{0,1\} and c=1,s=1/2c=1,s=1/2.

🤔Proposition 17.

  1. P=PCP(0,0)P=PCP(0,0)
  2. NP=PCP(0,nO(1))NP=PCP(0,n^{O(1)})
  3. coRP=PCP(nO(1),0)coRP=PCP(n^{O(1)},0)

By enumerating over all strings of O(logn)O(\log n) bits and using these in place of the random bits one obtain the slightly stronger statements P=PCP(O(logn),0)P=PCP(O(\log n),0) and NP=PCP(O(logn),nO(1))NP=PCP(O(\log n),n^{O(1)}).

By enumerating over all possible proofs of length O(logn)O(\log n) one obtains P=PCP(0,O(logn))P=PCP(0,O(\log n)).

Verifier of PCP(r(n),q(n))PCP(r(n),q(n)) is able to access at most 2r(n)q(n)2^{r(n)}q(n) different positions of the proof string π\pi.

🤔Proposition 18. PCP(r(n),q(n))NTIME(nO(1)2r(n))PCP(r(n),q(n))\subseteq NTIME(n^{O(1)}2^{r(n)}).

🎯Theorem 50 (PCP theorem). NP=PCP(O(logn),O(1))NP=PCP(O(\log n),O(1)).

🎯Theorem 51. NEXP=PCP(nO(1),nO(1))NEXP=PCP(n^{O(1)},n^{O(1)}).

A weak version of the PCP theorem

🎯Theorem 52. NPPCP((logn)O(1),(logn)O(1))NP\subseteq PCP((\log n)^{O(1)},(\log n)^{O(1)}).

Some observations about interactive proofs and probabilistically checkable proofs.

  1. Consider an interactive proof system (P,V)(P,V). On input xx, we tabulate all possible replies P(x,m1,,mi)P(\lang x,m_1,\cdots,m_i\rang) a prover PP may send during a run of the protocol with input xx into a written proof π\pi.

    Then verifier VV may be viewed as an adaptive PCP verifier that instead of communicating with PP simply queries the proof π\pi.

    In Sumcheck protocol, all msg of VV consist of uniformly random bits, which means that all queries may be made non-adaptively. Together with Theorem 49, this gives that IPPCP(nO(1),nO(1))IP\subseteq PCP(n^{O(1)},n^{O(1)}).

  2. Arithmetic formula FF in Sumcheck is only evaluated once, at the end of the protocol, and on a uniformly chosen random input (a1,,an)Zpn(a_1,\cdots,a_n)\in\Z_p^n.

For proving Theorem 52, we need to show that 3SATPCP((logn)O(1),(logn)O(1))3SAT\in PCP((\log n)^{O(1)},(\log n)^{O(1)}).

Some details is omitted.

🤔Lemma 18. For any function f:{0,1}Rf:\{0,1\}^\ell\to R, where RR is any ring, there is a unique multilinear polynomial f~\tilde f s.t. f(x)=f~(x)f(x)=\tilde f(x) for all x{0,1}x\in\{0,1\}^\ell.

🤔Lemma 19. Let f:{0,1}{0,1}f:\{0,1\}^\ell\to\{0,1\} and let x{1,,M}x\in\{1,\cdots,M\}^\ell. Then

f~(x)2M=(2M)|\tilde f(x)|\le2^\ell M^\ell=(2M)^\ell

📖Definition 50. Let φ\varphi be a 3CNF3CNF formula with nn var and mm clauses and let functions h1,h2,h3h_1,h_2,h_3 and s1,s2,s3s_1,s_2,s_3 be defined as above. Let a:{0,1}Za:\{0,1\}^\ell\to\Z be any function. We define the arithmetic formula Aφ,aA_{\varphi,a} in 44\ell variables computing a polynomial of total degree 3(2+2)=123(2\ell+2\ell)=12\ell by

Aφ,a(c,v1,v2,v3)=i=13h~i(c,vi)(s~i(c)a~(vi))2.A_{\varphi,a}(c,v_1,v_2,v_3)=\prod_{i=1}^3\tilde h_i(c,v_i)(\tilde s_i(c)-\tilde a(v_i))^2.

We have that a:{0,1}Za:\{0,1\}^\ell\to\Z is an assignment satisfying φ\varphi iff

(c,v1,v2,v3){0,1}4Aφ,a(c,v1,v2,v3)=0.\sum_{(c,v_1,v_2,v_3)\in\{0,1\}^{4\ell}}A_{\varphi,a}(c,v_1,v_2,v_3)=0.

📖Definition 51. Let ff and gg be functions in \ell variables taking values in a set SS. The normalized Hamming distance d(f,g)d(f,g) between ff and gg is

d(f,g)=PrxS[f(x)g(x)].d(f,g)=\Pr_{x\in S^\ell}[f(x)\neq g(x)].

📖Definition 52. Let F\mathbb F be field and let SFS\subseteq\mathbb F. We say that a function f:SFf:S^\ell\to\mathbb F is δ\delta-close to a multilinear polynomial, if there exist a multilinear polynomial PP in \ell variables s.t. d(f,P)δd(f,P)\le\delta, viewing PP as a function P:SFP:S^\ell\to\mathbb F.

The aligned full-line test of a function f:SFf:S^\ell\to\mathbb F consists of the following steps:

  1. Pick i[]i\in[\ell] uniformly at random.
  2. Pick a1,,ai1,ai+1,,aSa_1,\cdots,a_{i-1},a_{i+1},\cdots,a_\ell\in S uniformly at random.
  3. Evaluate ff on the set of inputs L={a1,,ai1,b,ai+1,,abS}L=\{a_1,\cdots,a_{i-1},b,a_{i+1},\cdots,a_\ell|b\in S\}.
  4. Accept if fL(b)=f(a1,,ai1,b,ai+1,,a)f_L(b)=f(a_1,\cdots,a_{i-1},b,a_{i+1},\cdots,a_\ell) is a linear function. Otherwise reject.

🎯Theorem 53. Let S4+2|S|\ge4\ell+2. Let β\beta be the probability that the aligned full-line test rejects the function f:SFf:S^\ell\to\mathbb F. Then either β>18\beta\gt\frac{1}{8\ell} or ff is β\beta\ell-close to a multilinear polynomial.

🤔Corollary 12. Let S4+2|S|\le4\ell+2 and ϵ1/8\epsilon\le1/8. If a function f:SFf:S^\ell\to\mathbb F is not ϵ\epsilon-close to a multilinear polynomial, the aligned full-line test rejects ff with probability at least ϵ/\epsilon/\ell.

别学了,学不明白的……