Probabilistically checkable proof
This article includes a list of references, but its sources remain unclear because it has insufficient inline citations. (November 2012) (Learn how and when to remove this template message)
In computational complexity theory, a probabilistically checkable proof (PCP) is a type of proof that can be checked by a randomized algorithm using a bounded amount of randomness and reading a bounded number of bits of the proof. The algorithm is then required to accept correct proofs and reject incorrect proofs with very high probability. A standard proof (or certificate), as used in the verifier-based definition of the complexity class NP, also satisfies these requirements, since the checking procedure deterministically reads the whole proof, always accepts correct proofs and rejects incorrect proofs. However, what makes them interesting is the existence of probabilistically checkable proofs that can be checked by reading only a few bits of the proof using randomness in an essential way.
Probabilistically checkable proofs give rise to many complexity classes depending on the number of queries required and the amount of randomness used. The class PCP[r(n),q(n)] refers to the set of decision problems that have probabilistically checkable proofs that can be verified in polynomial time using at most r(n) random bits and by reading at most q(n) bits of the proof. Unless specified otherwise, correct proofs should always be accepted, and incorrect proofs should be rejected with probability greater than 1/2. The PCP theorem, a major result in computational complexity theory, states that PCP[O(log n),O(1)] = NP.
A probabilistically checkable proof system with completeness c(n) and soundness s(n) over alphabet Σ for a decision problem L, where 0 ≤ s(n) ≤ c(n) ≤ 1, is a randomized oracle Turing Machine V (the verifier) that, on input x and oracle access to a string π ∈ Σ* (the proof), satisfies the following properties:
- Completeness: If x ∈ L then for some π, Vπ(x) accepts with probability at least c(n),
- Soundness: If x ∉ L then for every π, Vπ(x) accepts with probability at most s(n).
The randomness complexity r(n) of the verifier is the maximum number of random bits that V uses over all x of length n.
The query complexity q(n) of the verifier is the maximum number of queries that V makes to π over all x of length n.
The verifier is said to be non-adaptive if it makes all its queries before it receives any of the answers to previous queries.
The complexity class PCPc(n), s(n)[r(n), q(n)] is the class of all decision problems having probabilistically checkable proof systems over binary alphabet of completeness c(n) and soundness s(n), where the verifier is nonadaptive, runs in polynomial time, and it has randomness complexity r(n) and query complexity q(n).
The shorthand notation PCP[r(n), q(n)] is sometimes used for PCP1, ½[r(n), q(n)]. The complexity class PCP is defined as PCP1, ½[O(log n), O(1)].
History and significance
The theory of probabilistically checkable proofs studies the power of probabilistically checkable proof systems under various restrictions of the parameters (completeness, soundness, randomness complexity, query complexity, and alphabet size). It has applications to computational complexity (in particular hardness of approximation) and cryptography.
The definition of a probabilistically checkable proof was explicitly introduced by Arora and Safra in 1992, although their properties were studied earlier. In 1990 Babai, Fortnow, and Lund proved that PCP[poly(n), poly(n)] = NEXP, providing the first nontrivial equivalence between standard proofs (NEXP) and probabilistically checkable proofs. The PCP theorem proved in 1992 states that PCP[O(log n),O(1)] = NP.
The theory of hardness of approximation requires a detailed understanding of the role of completeness, soundness, alphabet size, and query complexity in probabilistically checkable proofs.
For extreme settings of the parameters, the definition of probabilistically checkable proofs is easily seen to be equivalent to standard complexity classes. For example, we have the following:
- PCP[0, 0] = P (P is defined to have no randomness and no access to a proof.)
- PCP[O(log(n)), 0] = P (A logarithmic number of random bits doesn't help a polynomial time Turing machine, since it could try all possibly random strings of logarithmic length in polynomial time.)
- PCP[0,O(log(n))] = P (Without randomness, the proof can be thought of as a fixed logarithmic sized string. A polynomial time machine could try all possible logarithmic sized proofs in polynomial time.)
- PCP[poly(n), 0] = coRP (By definition of coRP.)
- PCP[0, poly(n)] = NP (By the verifier-based definition of NP.)
The PCP theorem and MIP = NEXP can be characterized as follows:
- PCP[O(log n),O(1)] = NP (the PCP theorem)
- PCP[poly(n),O(1)] = PCP[poly(n),poly(n)] = NEXP (MIP = NEXP).
- Arora, Sanjeev; Barak, Boaz (2007), Computational Complexity: A Modern Approach, Cambridge University Press, p. 241, ISBN 978-0-521-42426-4
- Arora, Sanjeev; Safra, Shmuel (1998), "Probabilistic checking of proofs: A new characterization of NP", Journal of the ACM, 45 (1): 70–122, doi:10.1145/273865.273901
- Babai, László; Fortnow, Lance; Lund, Carsten (1990), "Nondeterministic exponential time has two-prover interactive protocols", Proceedings of the 31st Annual Symposium on Foundations of Computer Science (FOCS 1990), doi:10.1109/FSCS.1990.89520
- Arora, Sanjeev; Lund, Carsten; Motwani, Rajeev; Sudan, Madhu; Szegedy, Mario (1998), "Proof verification and the hardness of approximation problems", Journal of the ACM, 45 (3): 501–555, doi:10.1145/278298.278306