This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: 6.841 Advanced Complexity Theory Mar 30, 2009 Lecture 14 Lecturer: Madhu Sudan Scribe: Huy Nguyen 1 Admin The topics for today are: • Interactive proofs • The complexity classes IP and AM Please see Madhu if you have not been assigned a project. 2 Theorems vs. Proofs There is a long history of the notions theorems and proofs and the relation between them. The question about the meaning of these notions is implicit in Hilbert’s program, where he asked if you could prove theorems in various general contexts. Then in Godel’s work, he proved that no logic system can be both complete and consistent. The notion of P and NP came along also from the investigation of this relation, as evident in the title of Cook’s paper “The complexity of theoremproving procedures” [2]. In the early works, a system of logic consists of a set of axioms and the derivation rules. A theorem is just a string of characters. The axioms are the initial true statements and the derivation rules show how to get new true statements from existing ones. A proof is a sequence of strings where each string is a either an axiom or derived from previous ones by derivation rules. The final string of the proof should be the derived theorem . In computational complexity, we abstract this procedure away. Theorems are statements that have proofs such that the pair (theorem, proof) is easy to verify. With this abstraction, we have separated the theorem from the proof. Intuitively, the complexity class P is roughly equivalent to the complexity of verifying proofs, while the complexity class NP is roughly equivalent to the complexity of finding proofs. In a sense, computational complexity is the study of the relation between theorems and proofs. 3 Interactive Proof In cryptography, there are related problems. You want to be able to prove that you are authorized to perform some action e.g. you to want to prove you are allowed to access your bank account and withdraw money, etc. However, someone else who somehow obtained the entire transcript of your transaction cannot repeat the action. In other words, the proof should not be replayable . This is completely different from the conventional settings. Thus it is unclear if nonreplayable proofs are achievable. Goldwasser, Micali, and Rackoff [4] answered this question positively and introduced several new notions....
View
Full
Document
This note was uploaded on 04/02/2010 for the course CS 6.841 taught by Professor Madhusudan during the Spring '09 term at MIT.
 Spring '09
 MadhuSudan

Click to edit the document details