CS294: Probabilistically Checkable and Interactive Proof Systems (S2019)

Basics


Instructor(s): Alessandro Chiesa
Teaching Assistant(s): Nick Spooner
Time: Tuesdays and Thursdays 15.30-17:00
Location: 310 Soda Hall
Office Hours: fix appointment via email (to Alessandro or Nick)

Course Description


This course offers a graduate introduction to probabilistically checkable and interactive proof systems. Such proof systems play a central role in complexity theory and in cryptography. Their formulation and construction is arguably one of the leading conceptual and technical achievements in theoretical computer science. Results typically draw on techniques from coding theory, property testing, and graph theory.

Topics covered include:

  • interactive proofs
    • IP=PSPACE
    • public to private coins
    • bounded communication/randomness
    • doubly-efficient interactive proofs (aka interactive proofs for muggles)
    • zero knowledge
  • basic probabilistic checking
    • exponential-size PCPs (Hadamard)
    • polynomial-size PCPs (Reed--Muller)
  • optimized probabilistic checking
    • reducing query complexity (proof composition, parallel repetition, 3-query PCPs, ...)
    • reducing proof length (routing, proximity testing to Reed--Solomon, ...)
  • probabilistic checking via gap amplification

Emphasis is on getting students up to speed for research in the area; lectures will often contain open problems or suggestions for future research.

The Piazza website is here.

Prerequisites


This course requires knowledge of basic algorithms (CS 170) and complexity (CS 172).

Requirements


Completing the course requires regular attendance/participation, completing occasional homework, scribing (once or twice), and a research project.

Grading will be based 20% on attendance/participation/homework; 40% on the scribe notes; and 40% on the research project.

Reading and Resources


This course has no required textbook. We give specific references for each lecture. In addition, the following online resources could be helpful:

Assignments


TBA

Schedule


# Date Topic Reading
1 2019.01.22

Interactive Proofs 1

  • introduction to the course
  • definition of interactive proofs
  • GNI is contained in IP (with private coins)
  • IP is contained in PSPACE

Formulation of interactive proofs:

Video:

2 2019.01.24

Interactive Proofs 2

  • sumcheck protocol
  • coNP contained in IP
    • arithmetization for UNSAT
  • P#P contained in IP
    • arithmetization for #SAT

The sumcheck protocol:

3 2019.01.29

Interactive Proofs 3

  • definition of QBF
  • PSPACE is contained in IP
    • TQBF is the starting point
    • arithmetization of formula and quantifiers
    • Shamir's protocol (with Shen's degree reduction)
  • TQBF is PSPACE-complete

Shamir's protocol:

Additional:

4 2019.01.31

Interactive Proofs 4

  • private coins vs public coins
  • definition of AM[k] and MA[k]
  • GNI is contained in AM[2]
    • reduction to approximate counting
    • approximate counting via pairwise-independent hashing
  • IP[k] is contained in AM[k+2]
    • high-level intuition only

Goldwasser--Sipser transformation:

Additional:

5 2019.02.05

Interactive Proofs 5

  • IPs with bounded communication/randomness
    • complexity classes IP[p,v,r] and AM[p,v,r] (prover bits ≤ p, verifier bits ≤ v, random bits ≤ r)
  • IP[p,v,r] is contained in DTime(2O(p+v+r)poly)
    • compute value of game tree
  • IP[p,v] is contained in BPTime(2O(p+v)poly)
    • approximate value of game tree (sub-sample by random tapes)
    • proof via Chernoff bound and union bound
  • AM[p] is contained in BPTime(2O(p log p)poly)
    • approximate value of game tree (sub-sample by transcript-consistent next messages)
    • refine previous analysis via hybrids
  • IP[p] is contained in BPTime(2O(p log p)poly)NP
    • (sketch) as above but transcript consistency is harder

The results presented in class:

Additional results:

6 2019.02.07

Interactive Proofs 6

  • inefficiency of Shamir's protocol
    • honest prover in Shamir's protocol is 2O(n^2)
    • honest prover in Shen's protocol is 2O(n)
    • T-time S-space machines yield 2O(S log T)-time provers
  • doubly-efficient interactive proofs
    • motivation of delegation of computation
    • theorem statement for log-space uniform circuits
  • low-degree extensions (univariate and multivariate)
  • bare bones protocol for layered circuits
    • one sumcheck per layer

The result presented in class:

A survey:

Additional on implementations of GKR's protocol:

Additional on doubly-efficient interactive proofs:

7 2019.02.12

Interactive Proofs 7

  • IP for GI
  • definition of honest-verifier zero knowledge (HVZK)
  • the IP for GI is HVZK
  • definition of malicious-verifier zero knowledge (ZK)
  • the IP for GI is ZK
  • PZK ⊆ SZK ⊆ CZK
  • towards SZK ⊆ coAM
    • running simulator when x ∉ L
    • IP for GI → IP for GNI (!)

On zero knowledge:

Video:

8 2019.02.14

Basic Probabilistic Checking 1

  • definition of a PCP verifier
  • the complexity class PCPc,s[r,q]Σ
  • simple class inclusions
  • from q queries to 2 queries
  • statement of PCP Theorem

Video:

New York Times article about the PCP Theorem:

9 2019.02.19

Basic Probabilistic Checking 2

  • exponential-size PCPs
    • NP ⊆ PCP1,0.5[poly(n),O(1)]{0,1}
    • good query complexity, bad proof length
  • linear PCPs
    • the complexity class LPCPc,s[l,r,q]Σ
    • NP ⊆ LPCP1,0.75[O(n2),O(m+n),4]{0,1}

The exponential-size constant-query PCP is the inner PCP in this paper:

10 2019.02.21

Basic Probabilistic Checking 3

  • compiling any LPCP into a PCP
  • self-correction
  • linearity testing
    • BLR test
    • analysis via majority decoding

Main:

Additional:

Video:

11 2019.02.26

Basic Probabilistic Checking 4

12 2019.02.28

Basic Probabilistic Checking 5

13 2019.03.05

Basic Probabilistic Checking 6

14 2019.03.07

Reducing Query Complexity 1

15 2019.03.12

Reducing Query Complexity 2

16 2019.03.14

Reducing Query Complexity 3

17 2019.03.19

Reducing Query Complexity 4

18 2019.03.21

Reducing Query Complexity 5

X 2019.03.26

No class (spring break).

X 2019.03.28

No class (spring break).

19 2019.04.02

Reducing Query Complexity 6

20 2019.04.04

Reducing Proof Length 1

21 2019.04.09

Reducing Proof Length 2

22 2019.04.11

Reducing Proof Length 3

23 2019.04.16

Reducing Proof Length 4 & Gap Amplification 1

24 2019.04.18

Gap Amplification 2

25 2019.04.23

Gap Amplification 3

26 2019.04.25

Class Project Presentations 1

27 2019.04.30

Class Project Presentations 2

28 2019.05.02

Class Project Presentations 3

X 2019.05.07

No class.

X 2019.05.09

No class.