1: \documentclass[10pt,twoside]{article}
2: \usepackage{graphicx}
3: \usepackage{amsmath}
4: \usepackage{Latex-document}
5: \def\s{\rule{0in}{.30in}} % strut to increase space
6: \newcommand\ang[1]{\left\langle #1 \right\rangle}
7: \newcommand\from{:}
8: \newcommand\mystar{\mbox{$~\star~$}}
9: \newcommand\card[1]{\left| #1 \right|}
10: \newcommand\set[1]{\left\{#1\right\}}
11: \newcommand\poly{\mbox{poly}}
12: \newcommand\qed{{\large$\Box$}}
13: \def\mn{\medskip\noindent}
14: \def\ra{\rightarrow}
15: \newcommand\ball{\mbox{Ball}}
16: \newcommand\ass{\theta}
17: %\newcommand\th{\strut^{\mbox{\tiny\underline{th}}}}
18:
19: %COMPLEXITY CLASSES
20: \newcommand\p{\mbox{P}}
21: \newcommand\pcp{\mbox{PCP}}
22: \newcommand\rpcp{\mbox{RPCP}}
23: \newcommand\np{\mbox{NP}}
24: \newcommand\nexp{\mbox{NEXPTIME}}
25: \newcommand\cnp{\mbox{co-NP}}
26: \newcommand\ip{\mbox{IP}}
27: \newcommand\mip{\mbox{MIP}}
28: \newcommand\pspace{\mbox{PSPACE}}
29: \newcommand\exptime{\mbox{EXPTIME}}
30: \newcommand\ph{\mbox{PH}}
31:
32: %SP'l LETTERS
33: \def\sub{\mbox{\it sub}}
34: \def\Q{\mbox{\bf Q}}
35: \def\R{\mbox{\bf R}}
36: \def\Z{\mbox{\bf Z}}
37: \newcommand\E{\mbox{E}}
38: \newcommand\F{\mbox{F}}
39: \newcommand\G{\mbox{G}}
40: \newcommand\GF{\mbox{GF}}
41: \newcommand\N{\mbox{N}}
42: \newcommand\cB{{\cal B}}
43: \newcommand\cC{{\cal C}}
44: \newcommand\cD{{\cal D}}
45: \newcommand\cE{{\cal E}}
46: \newcommand\cL{{\cal L}}
47: \newcommand\cS{{\cal S}}
48: \newcommand\cU{{\cal U}}
49: \newcommand\cP{{\cal P}}
50: \newcommand\cPt{\tilde{{\cal P}}}
51: \newcommand\tO{\tilde{O}}
52: \newcommand\mindist{\mbox{min-dist}}
53: % \newcommand\baseh[1]{{\left[#1\right]_h}%\cB_h(#1)}
54:
55: \def\volumeno{III}
56:
57: \markboth{New Definition of NP}{S.~Arora}
58: \title{\bf How NP Got a New Definition: A Survey \vskip -2mm
59: of Probabilistically Checkable Proofs\thanks{Supported by David
60: and Lucile Packard Fellowship, NSF Grant CCR-0098180, and an NSF
61: ITR Grant.}\vskip 6mm}
62:
63: \author{Sanjeev Arora\vspace*{-0.5cm}\thanks{Department of Computer Science,
64: Princeton University, Princeton, NJ 08544, USA. Email: arora@cs.princeton.edu, Web page:
65: www.cs.princeton.edu/\~{}arora/}}
66:
67: \date{\vspace{-8mm}}
68:
69: \begin{document}
70:
71: \maketitle
72:
73: \thispagestyle{first} \setcounter{page}{637}
74:
75: \begin{abstract}
76:
77: \vskip 3mm
78:
79: We survey a collective achievement of a group of researchers:
80: the PCP Theorems. They give
81: new definitions of the class \np, and imply that computing
82: approximate solutions to many \np-hard problems is itself \np-hard.
83: Techniques developed to prove them have had many other consequences.
84:
85: \vskip 4.5mm
86:
87: \noindent {\bf 2000 Mathematics Subject Classification:} 68Q10,
88: 68Q15, 68Q17, 68Q25.
89:
90: \noindent {\bf Keywords and Phrases:} Complexity theory, NP,
91: Probabilistically checkable proofs, Approximation algorithms.
92: \end{abstract}
93:
94: \vskip 12mm
95:
96: \section{PCP theorems: an informal introduction} \label{sec:intro}\setzero
97: \vskip-5mm \hspace{5mm}
98:
99: Suppose a mathematician circulates a proof of an important result, say
100: Riemann Hypothesis, fitting several thousand pages. To verify it would
101: take you and your doubting colleagues
102: several years. Can you do it faster?
103: Yes, according to the PCP Theorems. He can
104: rewrite his proof so you can verify it by probabilistically
105: selecting (i.e., using a source of random bits) a constant number of bits
106: ---as low as $3$ bits---to examine in it. Furthermore, this verification
107: has the following properties: (a) A correct proof will never fail
108: to convince you (that is, no choice of the random bits will make
109: you reject a correct proof) and (b) An incorrect proof will
110: convince you with only negligible probability ($2^{-100}$ if you
111: examine $300$ bits). In fact, a stronger assertion is true: if the
112: Riemann hypothesis is false, then you are guaranteed to reject
113: {\em any string of letters placed before you} with high
114: probability after examining a constant number of bits. (c) This
115: proof rewriting is completely mechanical---a computer could do
116: it---and does not greatly increase its size. ({\em Caveat}: Before
117: journal editors rush to adopt this new proof verification, we
118: should mention that it currently requires proofs written in a
119: formal axiomatic system
120: ---such as Zermelo Fraenkel set theory---since computers do not
121: understand English.)
122:
123: This result has a strong ring of implausibility.
124: A mathematical proof is invalid if it has even a single error somewhere.
125: How can this error spread itself all over the rewritten proof,
126: so as to be apparent after
127: we have probabilistically examined a few bits in the proof?
128: (Note that the simple idea of just making multiple copies of
129: the erroneous line everywhere
130: does not work: the unknown mathematician could hand you a proof
131: in which this does not happen, yet that does not make the proof correct.)
132: The methods used to achieve this level of redundancy
133: are reminiscent of the theory of
134: error-correcting codes, though they are novel and interesting in their own
135: right, and their full implications are still being felt (see Section~\ref{sec:proof}).
136:
137: \subsection{New definition of \np}
138: \vskip -5mm \hspace{5mm}
139:
140: The PCP Theorems provide interesting new definitions for the
141: complexity class \np. (Clarification: the singular form ``PCP
142: Theorem'' will refer to a single result $\np =\pcp(\log n, 1)$
143: proved in \cite{arsa,ALMSS}, and the plural form ``PCP Theorems''
144: refers to a large body of results of a similar ilk, some
145: predating the PCP Theorem.) Classically, \np\ is defined as the
146: set of decision problems for which a ``Yes'' answer has a short
147: certificate verifiable in polynomial time (i.e., if the instance
148: size is $n$, then the certificate size and the verification time
149: is $n^c$ for some fixed constant $c$). The following are two
150: examples:
151:
152: \vskip 1mm
153:
154: \noindent 3-SAT $=$ satisfiable boolean formulae of the form AND of
155: clauses of size at most $3$, e.g.,
156: $(x_1 \vee \neg x_2 \vee x_3) \wedge (\neg x_1 \vee x_2 \vee x_3) \wedge (x_4)$.
157: (The certificate for satisfiability is simply
158: an assignment to the variables that makes the formula true.)
159:
160: \vskip 1mm
161:
162: \noindent $\mbox{MATH-THEOREM}_{ZFC}$ $=$ set of strings of the form
163: $(T, 1^n)$ where
164: $T$ is a mathematical statement that is a theorem in Zermelo Fraenkel set theory
165: that has a proof $n$ bits long. (The ``certificate'' for theoremhood
166: is just the proof.)
167:
168: The famous conjecture $\p \neq \np$ ---now one of seven Millenium Prize
169: problems in math~\cite{clayprobs}---says that not every \np\ problem is
170: solvable in polynomial time. In other words,
171: though the certificate is easy
172: to check, it is not always easy to find.
173:
174: The PCP Theorem gives a new definition of \np: it is the set of
175: decision problems for which a ``Yes'' answer has a polynomial-size
176: certificate which can be probabilistically checked using $O(\log n)$ random
177: bits and by examing $O(1)$ (i.e., constant) number of bits in it.
178:
179: Our earlier claim about proof verification follows from the PCP Theorem,
180: since $\mbox{MATH-THEOREM}_{ZFC}$ is in $\np$,
181: and hence there is a way to certify a YES answer (namely,
182: theoremhood) that
183: satisfies properties (a) and (b).
184: (Property (c) follows from the
185: constructive nature of the proof of the PCP Theorem in \cite{arsa,ALMSS}.)
186:
187: Motivated by the PCP Theorems, researchers have proved new
188: analogous definitions of other complexity classes
189: such as PSPACE~\cite{cfls2} and PH~\cite{klrss}.
190:
191: \subsection{Optimization, approximation, and PCP theorems}
192: \vskip -5mm \hspace{5mm}
193:
194: The $\p$ versus $\np$ question is
195: important because of {\em $\np$-completeness} (also, \np-{\em
196: hardness}). Optimization problems in a variety of disciplines are
197: \np-hard~\cite{GarJon}, and so if $\p \neq \np$ they cannot be
198: solved in polynomial time. The following is one such optimization
199: problem.
200:
201: %\medskip
202:
203: \noindent MAX-3SAT: Given a 3-CNF boolean formula $\varphi$, find an assignment
204: to the variables that maximizes the number of satisfied clauses.
205:
206: {\em Approximation algorithms} represent a way to deal with \np-hardness.
207: An algorithm {\em achieves an approximation ratio\/}
208: $\alpha$ for a maximization problem if, for {\em every\/} instance,
209: it produces a solution of value at least $OPT/\alpha$, where $OPT$ is
210: the value of the optimal solution. (For a minimization problem,
211: achieving a ratio $\alpha$ involves finding a solution of
212: cost at most $\alpha \,OPT$.) Note that the approximation
213: ratio is $\geq 1$ by definition. For MAX-3SAT we now know a
214: polynomial-time algorithm that achieves an approximation ratio $8/7$~\cite{KZ}.
215:
216: Though approximation algorithms is a well-developed
217: research area (see~\cite{hochbook,vijaybook}),
218: for many problems no good approximation algorithms have been found.
219: The PCP Theorems suggest
220: a reason: for many NP-hard problems, including
221: MAX-CLIQUE, CHROMATIC NUMBER, MAX-3SAT, and SET-COVER,
222: achieving certain reasonable approximation ratios is
223: no easier than computing optimal solutions. In other words,
224: approximation is NP-hard. For instance, achieving a ratio
225: $8/7 -\epsilon$ for MAX-3SAT is \np-hard~\cite{hastadmtsat}.
226: %Proving such results was a major impetus in the
227: %discovery of the PCP Theorems.
228:
229: Why do the PCP Theorems lead to such results? Details appear
230: in the survey~\cite{arlu} (and [Feige 2002], these proceedings), but
231: we hint at the reason
232: using 3SAT and MAX-3SAT as examples.
233: Cook and Levin~\cite{cook,levin} showed how to reduce any \np\ problem
234: to 3SAT, by constructing, for any nondeterministic
235: machine, a 3CNF formula whose satisfying assignments
236: represent the transcripts of accepting computations.
237: %Thus every \np\ problem
238: %reduces in polynomial time to 3SAT.
239: Thus it is difficult to satisfy all clauses.
240: Yet it is easy to find assignmenent
241: satisfying $1 -o(1)$ fraction of the clauses!
242: The reason is that a computation transcript is a very {\em non-robust\/}
243: object: changing even a bit affects its correctness.
244: %obtained from Cook-Levin
245: %are {\em almost satisfiable}:
246: Thus the Cook-Levin reduction does not prove the inapproximability of
247: MAX-3SAT. By providing a more
248: robust representation of a computation, the PCP Theorems
249: overcome this difficulty.
250: We note that MAX-3SAT is a central problem in
251: the study of inapproximability: once we have proved its inapproximability,
252: other inapproximability results easily follow (see \cite{arlu};
253: the observation in a weaker form is originally from work on
254: MAX-SNP~\cite{PY}).
255:
256: %In a survey article, Arora and Lund~\cite{arlu} briefly describe
257: %how to prove most known inapproximability results. They list at least two dozen
258: %important problems for which inapproximability was
259: %proved using \pcp-based techniques. They make the empirical observation that
260: %these problems divide into four broad classes, based upon the
261: %approximation ratio that is provably hard to achieve for them.
262: %Class I contains all problems for which achieving
263: %an approximation ratio $1+\epsilon$
264: %is \np-hard for some fixed $\epsilon >0$. Classes II, III, and
265: %IV contain problems for which the corresponding ratios
266: %are $\Theta(\log n)$, $2^{\log^{1-\epsilon}n}$ for every fixed
267: %$\epsilon >0$, and $n^{\epsilon}$ for some fixed $\epsilon >0$.
268: %(Of course, each class contains every higher numbered class.)
269: %Inapproximability results within a class seem to use similar
270: %techniques, and in fact the authors identify a canonical problem in each
271: %class which can be used to
272: %prove the inapproximability results for all other problems in that
273: %class. The inapproximability of the canonical problems can be
274: %proved using MAX-3SAT.
275: %The authors pose an open question whether or not
276: %these empirically observed classes can be derived from
277: %some deeper theory. (Only Class I seems to have an
278: %explanation, using
279:
280: \subsection{History and context}
281: \vskip -5mm \hspace{5mm}
282:
283: PCPs evolved from {\em interactive
284: proofs}, which were invented by Goldwasser, Micali, and
285: Rackoff~\cite{GMR} and Babai~\cite{babai} as a probabilistic
286: extension of NP and proved useful in cryptography and complexity
287: theory (see Goldreich's survey~\cite{G}), including some early
288: versions of PCPs~\cite{FRS}. In 1990, Lund, Fortnow, Karloff and
289: Nisan~\cite{LFKN} and Shamir~\cite{Sha} showed IP=PSPACE, thus
290: giving a new probabilistic definition of PSPACE in terms of
291: interactive proofs. They introduced a revolutionary algebraic way
292: of looking at boolean formulae. In restrospect, this
293: algebraization can also be seen as a ``robust'' representation of
294: computation.
295: %(cf.~Section~\ref{sec:history}).
296: The inspiration to use polynomials
297: came from works on {\em program checking}~\cite{BK} (see also
298: \cite{lipton,befe,BLR}).
299: Babai, Fortnow, and Lund~\cite{BFL} used similar methods to give a
300: new probabilistic definition of NEXPTIME, the exponential analogue of
301: \np. To extend this result to \np, Babai, Fortnow, Levin, and
302: Szegedy~\cite{BFLS} and Feige, Goldwasser, Lov{\'a}sz, Safra, and
303: Szegedy~\cite{FGLSS} studied variants of what we now call
304: probabilistically checkable proof
305: systems (Babai et al.~called their systems {\em holographic\/}
306: proofs).
307:
308: Feige et al.~also proved the first inapproximability result
309: in the PCP area: if any polynomial-time algorithm can achieve a
310: constant approximation
311: ratio for the MAX-CLIQUE problem, then every $\np$ problem is solvable
312: in $n^{O(\log \log n)}$ time. This important result
313: drew everybody's attention to the (as yet unnamed)
314: area of probabilistically checkable proofs.
315: A year later, Arora and Safra~\cite{arsa}
316: formalized and named the class PCP and used it to give a new probabilistic
317: definition of \np. (Babai et al. and Feige et al.'s results were
318: precursors of this new definition.) They also showed that approximating
319: MAX-CLIQUE is \np-hard.
320: Soon, Arora, Lund, Motwani, Sudan, and Szegedy~\cite{ALMSS} proved
321: the PCP Theorem (see below) and showed that MAX-SNP-hard problems do not have a PTAS
322: if $\p \neq \np$. Since the second paper relied heavily on the still-unpublished
323: first paper, the the PCP theorem is
324: jointly attributed to \cite{arsa,ALMSS}. For surveys of these
325: developments see~\cite{babaisurvey,G,johnsonsurvey,MPS}.
326: %In the years since the discovery
327: %of the PCP Theorem,
328: %other variants of PCP have been studied and used in
329: % inapproximability results, and we will refer to them collectively as
330: %PCP Theorems.
331:
332: %The major PCP Theorems are in ALMSS, Hastad, Raz.
333:
334: \section{Definitions and results} \label{sec:PCP}
335:
336: \vskip-5mm \hspace{5mm}
337:
338: Now we define the class \pcp. We will use ``language membership'' and ``decision
339: problem'' interchangeably.
340: A $(r(n), q(n))$-{\em restricted verifier} for a language $L$,
341: where $r, q$ are integer-valued functions, is a probabilistic turing machine
342: $M$ that, given an input of size $n$, checks membership certificates for the input
343: in the following way. The certificate is an array of bits to which
344: the verifier has random-access (that is, it
345: can {\em query\/} individual bits of the certificate).
346: \begin{itemize}
347: \item The verifier reads the input, and
348: uses $O(r(n))$ random bits to compute a sequence of $O(q(n))$ addresses in
349: the certificate.
350: \item The verifier queries the bits at those addresses, and depending upon
351: what they were, outputs ``accept'' or ``reject''.
352: \item \begin{equation}
353: \label{eqn:complete}
354: \forall x \in L~~\mbox{$\exists$ certificate $\Pi$ s.t.
355: $\Pr[M^{\Pi}\mbox{accepts}] =1$},
356: \end{equation}
357: \begin{equation}
358: \label{eqn:sound}
359: \forall x \not \in L~~\mbox{$\forall$ certificate $\Pi$,
360: $\Pr[M^{\Pi}\mbox{accepts}] \leq 1/2$}
361: \end{equation}
362: (In both cases the probability is over the choice of the verifier's random
363: string.)
364: \end{itemize}
365: $\pcp(r(n), q(n))$ is the complexity class consisting of every language with an \linebreak $(r(n),
366: q(n))$-restricted verifier. Since \np\ is the class of languages whose membership certificates can be checked by a
367: deterministic polynomial-time verifier, $\np =\cup_{c\geq 0}\pcp(0, n^c)$. The PCP Theorem gives an alternative
368: definition:
369: %\begin{equation}
370: $\np =\pcp(\log n, 1)$.
371: %\end{equation}
372: Other \pcp-like classes have been defined by using variants of
373: the definition above, and shown to equal \np\ (when the parameters
374: are appropriately chosen). We mention some variants
375: and the best results known for them; these are the ``PCP Theorems'' alluded to earlier.
376:
377: \begin{enumerate}
378: \item The probability $1$ in condition~(\ref{eqn:complete}) may be
379: allowed to be $c <1$. Such a verifier is said to have
380: {\em imperfect completeness} $c$.
381: \item The probability $1/2$ in condition~(\ref{eqn:sound}) may be allowed to
382: be $s <c$. Such a verifier is said to have {\em soundness} $s$.
383: Using standard results on
384: random walks on expanders, it can be shown from the PCP theorem
385: that every \np\ language has verifiers with perfect completeness
386: that use $O(k)$ query bits for soundness $2^{-k}$ (here $k\leq O(\log n)$).
387: \item The number of query bits, which was $O(q(n))$ above, may be specified
388: more precisely together with the leading constant. The constant is important
389: for many inapproximability results.
390: Building upon past results on PCPs and using fourier analysis,
391: H{\aa}stad~\cite{hastadmtsat} recently proved
392: that for each $\epsilon >0$, every \np\
393: language has a verifier with completeness $1-\epsilon$, soundness
394: $1/2$ and only $3$ query bits. He uses this to show the
395: inapproximability of MAX-3SAT upto a factor $8/7 -\epsilon$.
396: \item The {\em free bit} parameter may be used instead of
397: query bits~\cite{FKcli,BS}.
398: This parameter is defined as follows. Suppose the query bit
399: parameter is $q$. After the
400: verifier has picked its random string, and picked a sequence of $q$ addresses,
401: there are $2^q$ possible sequences of bits that could be contained in
402: those addresses.
403: If the verifier accepts for only $t$ of those sequences, then we say that
404: the free bit parameter is $\log t$ (note that this number need not be
405: an integer). Samorodnitsky and Trevisan show how to reduce the soundness
406: to $2^{-k^2/4}$ using $k$ free bits~\cite{ST}.
407: \item {\em Amortized free bits} may be used~\cite{BS}. This parameter
408: is $\lim_{s \to 0} f_s/\log (1/s)$, where
409: $f_s$ is the number of free bits needed by the verifier to make
410: soundness $<s$. H{\aa}stad~\cite{hastadcli}
411: shows that for each $\epsilon >0$,
412: every \np\ language has a verifier that uses $O(\log n)$ random bits
413: and $\epsilon$ amortized free bits.
414: He uses this to show (using a reduction from~\cite{FGLSS} and
415: modified by \cite{FKcli,BS}) that MAX-CLIQUE is inapproximable
416: upto a factor $n^{1-\delta}$.
417: \item The certificate may contain not bits
418: but letters from a larger alphabet $\Sigma$. The verifier's
419: soundness may then depend upon $\Sigma$.
420: In a {\em $p$ prover 1-round interactive proof system},
421: the certificate consists of $p$ arrays of letters from $\Sigma$.
422: The verifier is only allowed to query $1$ letter from each array.
423: Since each letter of $\Sigma$ is represented by
424: $\lceil \log \card{\Sigma} \rceil$
425: bits, the number of {\em bits} queried may be viewed as
426: $p\cdot\lceil \log \card{\Sigma} \rceil$.
427: Constructions of such proof systems for \np\ appeared in
428: \cite{BGKW,LS,FL,BGLR,FKcli,raz}. Lund and Yannakakis~\cite{LY} used these
429: proof systems to prove inapproximability results for
430: SETCOVER and many subgraph maximization problems.
431: The best construction of such proof systems is due to
432: Raz and Safra~\cite{razsaf}. They
433: show that for each $k \leq \sqrt{\log n}$,
434: every \np\ language has a verifier that uses
435: $O(\log n)$ random bits, has $\log \card{\Sigma} = O(k)$ and soundness
436: $2^{-k}$. The parameter $p$ is $O(1)$.
437: \end{enumerate}
438:
439: \section{Proof of the PCP theorems} \label{sec:proof}
440:
441: \vskip-5mm \hspace{5mm}
442:
443: A striking feature of the PCP Theorems is that each builds upon the
444: previous ones.
445: %Consequently,
446: %a proof of H{\aa}stad's MAX-CLIQUE
447: %result from first principles would fill well over 100 pages!
448: However, a few ideas recur.
449: First, note that it suffices to design verifiers for
450: 3SAT since 3SAT is \np-complete and a verifier for any other language can
451: transform the input to a 3SAT instance as a first step.
452: The verifier then expects a certificate for a ``yes'' answer
453: to be an encoding of a satisfying assignment; we define this next.
454:
455: For an alphabet $\Sigma$ let $\Sigma^m$ denote the set of $m$-letter words.
456: The {\em distance} between two words $x, y \in \Sigma^m$,
457: denoted $\delta(x, y)$, is the fraction
458: of indices they differ on. For a set $\cC \subseteq \Sigma^m$, let
459: the {\em minimum distance} of $\cC$, denoted $\mindist(\cC)$, refer to
460: $\min_{x, y \in \cC; x \neq y}\set{\delta(x, y)}$
461: and let $\delta(x, \cC)$ stand for $\min_{y \in \cC}\set{\delta(x, y)}$.
462: If $\mindist(\cC) =\gamma$, and $\delta(x, \cC) <\gamma/2$, then triangle inequality implies
463: there is a unique $y \in \cC$ such that $\delta(x, y) = \delta(x, \cC)$.
464: We will be interested in $\cC$ such that $\mindist(\cC)\geq 0.5$; such
465: sets are examples of {\em error-correcting codes} from information theory,
466: where $\cC$ is thought of as a map from strings of $\log \card{\cC}$ bits (``messages'')
467: to $\cC$. When encoded this way, messages can be recovered even
468: if transmitted over a noisy channel
469: that corrupts up to $1/4$th of the letters.
470:
471: The probabilistically checkable certificate is required to contain the
472: encoding of a satisfying assignment using some such $\cC$.
473: When presented with such a string, the verifier needs to check, first, that
474: the string is {\em close} to some codeword, and second, that the (unique) closest
475: codeword is the encoding of a satisfying assignment.
476: As one would expect, the set $\cC$ is defined using mathematically interesting objects
477: (polynomials, monotone functions, etc.) so the final technique may be seen as
478: a ``lifting'' of the satisfiability question to some mathematical domain (such as
479: algebra). The important new angle is ``local checkability,'' namely, the
480: ability to verify global properties by a few random spot-checks. (See below.)
481:
482: Another important technique introduced in~\cite{arsa} and used in all
483: subsequent papers is {\em verifier composition}, which composes two
484: verifiers to give a new verifier some of whose parameters are lower
485: than those in either verifier. Verifier composition relies on
486: the notion of a {\em probabilistically checkable split-encoding},
487: a notion to which Arora and Safra were led by results in \cite{BFLS}.
488: (Later PCP Theorems use other probabilistically checkable encodings:
489: {\em linear function codes}~\cite{ALMSS}, and {\em long codes}~
490: \cite{BGS,hastadcli,hastadmtsat}.)
491: One final but crucial ingredient in recent PCP Theorems
492: is Raz's {\em parallel repetition theorem}~\cite{raz}.
493:
494: \subsection{Local tests for global properties}
495: \vskip -5mm \hspace{5mm}
496:
497: The key idea in the PCP Theorems is to
498: design probabilistic local checks that verify global properties
499: of a provided certificate. Designing such local tests involves
500: proving a statement of the following type: if a certain object
501: satisfies some local property ``often'' (say, in $90\%$ of the
502: local neighborhoods) then it satisfies a global property. Such
503: statements are reminiscent of theorems in more classical areas of
504: math, e.g., those establishing properties of solutions to PDEs,
505: but the analogy is not exact because we only require the local
506: property to hold in most neighborhoods, and not all.
507:
508: We illustrate with some examples. (A research area called
509: {\em Property Testing}~\cite{dron} now consists of inventing such local tests
510: for different properties.)
511: There is a set $\cC \subseteq \Sigma^m$
512: of interest, with $\mindist(\cC) \geq 0.5$. Presented with $x \in \Sigma^m$, we
513: wish to read ``a few'' letters in it to determine whether
514: $\delta(x, \cC)$ is small.
515:
516: \begin{enumerate}
517: \item {\em Linearity test}. Here $\Sigma = GF(2)$ and $m=2^n$ for some integer $n$.
518: Thus $\Sigma^m$ is the set of all functions from $GF(2)^n$ to $GF(2)$.
519: Let $\cC_1$ be the set of words that correspond to {\em linear functions}, namely,
520: the set of $f \from GF(2)^n \to GF(2)$ such that $\exists a_1,\ldots, a_n \in GF(2)~\mbox{s.t.} f(z_1, z_2, \ldots,, z_n)= \sum_i a_i z_i.$
521: The test for linearity involves picking $\overline{z}, \overline{u} \in GF(2)^n$
522: randomly and accepting iff $f(\overline{z}) + f(\overline{u}) = f(\overline{z}+
523: \overline{u})$. Let $\gamma$ be the probability that this test does not accept.
524: Using elementary fourier analysis one can show
525: $\gamma \geq \delta(f, \cC_1)/2$~\cite{bchks} (see also earlier weaker results
526: in \cite{BLR}).
527: \item {\em Low Degree Test}. Here $\Sigma =GF(p)$ for a prime $p$ and $m = p^n$
528: for some $n$. Thus $\Sigma^m$ is the set of all functions from $GF(p)^n$ to $GF(p)$.
529: Let $\cC_2$ be the set of words that correspond to
530: {\em polynomials of total degree $d$}, namely, the set of
531: $f \from GF(p)^n \to GF(p)$ such that
532: there is a $n$-variate polynomial $g$ of degree $d$ and
533: $f(z_1, z_2, \ldots,, z_n)= g(z_1, z_2, \ldots,, z_n).$
534: We assume $dn \ll p$ (hence degree is ``low'').
535: Testing for closeness to $\cC_2$ involves
536: picking random lines. A line has
537: the parametric form $\set{(a_1 + b_1t, a_2 + b_2 t, \ldots, a_n + b_n t): t \in GF(p)}$
538: for some $a_1, a_2, \ldots, a_n$, $b_1, b_2,\ldots, b_n \in GF(p)$. (It is
539: a $1$-dimensional affine subspace, hence much smaller than $GF(p)^n$.)
540: Note that if $f$ is described by a degree $d$ polynomial, then its restriction to
541: such a line is described by a univariate degree $d$ polynomial in the line parameter $t$.
542:
543: \vskip 1mm
544:
545: \begin{itemize}
546: \item Variant 1: Pick a random line, read its first $d+1$ points to construct a degree $d$
547: univariate polynomial, and check if it describes $f$ at a randomly chosen point of
548: the line. This test appears in \cite{RS} and is similar to another test in \cite{FGLSS}.
549: %Let $\gamma$ be the probability that the test does not accept. Then
550: %$\gamma \geq \Omega(\delta(f, \cC_2)/d)$.
551: \item Variant 2: This test uses the fact that in the PCP setting, it is
552: reasonable to ask
553: that the provided certificate should contain additional useful information to facilitate
554: the test. We require, together with $f$, a separate table containing a degree $d$
555: univariate polynomial for the line. We do the test above, except after
556: picking the random line
557: we read the relevant univariate polynomial from the provided table. This has the
558: crucial benefit
559: that we do not have to read $d+1$ separate ``pieces'' of information from the
560: two tables.
561: If $\gamma$ is the probability that the test rejects, then
562: $\gamma \geq \min\set{0.1, \delta(f , \cC_2)/2}$ (see~\cite{ALMSS};
563: which uses \cite{RS,arsa}).
564: \end{itemize}
565:
566: \item {\em Closeness to a small set of codewords}. Above, we wanted to check
567: that $\delta(f, \cC) <0.1$, in which case there is a unique word from
568: $\cC$ in $\mbox{Ball}(f, 0.1)$. Proofs of recent PCP Theorems relax this and
569: only require for some $\epsilon$
570: that there is a small set of words $S \subseteq \cC$
571: such that each $s \in S$ lies in $\mbox{Ball}(f, \epsilon)$. (In information
572: theory, such an $S$ is
573: called a {\em list decoding} of $f$.) We mention two important such tests.
574:
575: \medskip
576:
577: \noindent{For degree $d$ polynomials}: The test in Variant 2 works with
578: a stronger guarantee: if $\beta$ is the probability that the test accepts, then
579: there are $\poly(1/\epsilon)$ polynomials whose distance to $f$ is less than
580: $1-\epsilon$ provided $p > \poly(nd/\beta \epsilon)$ (see~\cite{arsu}, and also
581: \cite{razsaf} for an alternative test).
582:
583: \medskip
584:
585: \noindent {\em Long Code test}. Here $\Sigma = GF(2)$ and $m=2^n$ for some integer $n$.
586: Thus $\Sigma^m$ is the set of all functions from $GF(2)^n$ to $GF(2)$.
587: Let $\cC_3$ be the set of words that correspond to {\em coordinate functions},
588: namely,
589: $$\set{f \from GF(2)^n \to GF(2):~\exists i \in \set{1, 2,\ldots, n}~\mbox{s.t.}
590: f(z_1, z_2, \ldots, z_n)= z_i.}$$ (This encodes $i\in [1,n]$,
591: i.e., $\log n$ bits of information, using a string of length
592: $2^{n}$, hence the name ``Long Code''.) The following test
593: works~\cite{hastadmtsat}, though we do not elaborate on the exact
594: statement, which is technical: Pick $\overline{z},\overline{w} \in
595: GF(2)^n$ and $\overline{u}\in GF(2)^n$ that is a random vector
596: with $1$'s in $\epsilon$ fraction of the entries. Accept iff
597: $f(\overline{z}+\overline{w}) = f(\overline{z})+ f(\overline{w}+
598: \overline{u})$. (Note the similarity to the linearity test above.)
599: \end{enumerate}
600:
601: \subsection{Further applications of PCP techniques}
602: \vskip -5mm \hspace{5mm}
603:
604: We list some notable applications of PCP techniques. The PCP
605: Theorem is useful in cryptography because many cryptographic
606: primitives involve basic steps that prove Yes/No assertions that
607: are in \np (or even \p). The PCP Theorem allows this to be done
608: in a communication-efficient manner. See
609: \cite{kilian,micaliCS,barak} for some examples. Some stronger
610: forms of the PCP Theorem (specifically, a version involving
611: encoded inputs) have found uses in giving new definitions for
612: polynomial hierarchy~\cite{klrss} and PSPACE~\cite{cfls,cfls2}.
613: Finally, the properties of polynomials and polynomial-based
614: encodings discovered for use in PCP Theorems have influenced new
615: decoding algorithms for error-correcting codes~\cite{GS},
616: constructions of pseudorandom graphs called {\em
617: extractors}~\cite{trevisan,STZ} and derandomization techniques in
618: complexity theory (e.g.~\cite{STV}).
619:
620:
621: \newcommand{\etalchar}[1]{$^{#1}$}
622:
623: \newcommand{\stoc}[1]{\ifnum#1=
624: 71{{\sl Proceedings of the Third Annual Symposium
625: on the Theory of Computing,\/} ACM, 1971}\else{\ifnum#1=
626: 72{{\sl Proceedings of the Fourth Annual Symposium
627: on the Theory of Computing,\/} ACM, 1972}\else{\ifnum#1=
628: 83{{\sl Proceedings of the Fifteenth Annual Symposium
629: on the Theory of Computing,\/} ACM, 1983}\else{\ifnum#1=
630: 84{{\sl Proceedings of the Sixteenth Annual Symposium
631: on the Theory of Computing,\/} ACM, 1984}\else{\ifnum#1=
632: 85{{\sl Proceedings of the Seventeenth Annual Symposium
633: on the Theory of Computing,\/} ACM, 1985}\else{\ifnum#1=
634: 86{{\sl Proceedings of the Eighteenth Annual Symposium
635: on the Theory of Computing,\/} ACM, 1986}\else{\ifnum#1=
636: 87{{\sl Proceedings of the Nineteenth Annual Symposium
637: on the Theory of Computing,\/} ACM, 1987}\else{\ifnum#1=
638: 88{{\sl Proceedings of the Twentieth Annual Symposium
639: on the Theory of Computing,\/} ACM, 1988}\else{\ifnum#1=
640: 89{{\sl Proceedings of the Twenty First Annual Symposium
641: on the Theory of Computing,\/} ACM, 1989}\else{\ifnum#1=
642: 90{{\sl Proceedings of the Twenty Second Annual Symposium
643: on the Theory of Computing,\/} ACM, 1990}\else{\ifnum#1=
644: 91{{\sl Proceedings of the Twenty Third Annual Symposium
645: on the Theory of Computing,\/} ACM, 1991}\else{\ifnum#1=
646: 92{{\sl Proceedings of the Twenty Fourth Annual Symposium
647: on the Theory of Computing,\/} ACM, 1992}\else{\ifnum#1=
648: 93{{\sl Proceedings of the Twenty Fifth Annual Symposium
649: on the Theory of Computing,\/} ACM, 1993}\else{\ifnum#1=
650: 94{{\sl Proceedings of the Twenty Sixth Annual Symposium
651: on the Theory of Computing,\/} ACM, 1994}\else{\ifnum#1=
652: 95{{\sl Proceedings of the Twenty Seventh Annual Symposium
653: on the Theory of Computing,\/} ACM, 1995}\else{\ifnum#1=
654: 96{{\sl Proceedings of the Twenty Eighth Annual Symposium
655: on the Theory of Computing,\/} ACM, 1996}\else{\ifnum#1=
656: 97{{\sl Proceedings of the Twenty Eighth Annual Symposium
657: on the Theory of Computing,\/} ACM, 1997}\else{
658: This STOC not yet defined!}
659: \fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}
660:
661: \newcommand{\focs}[1]{\ifnum#1=
662: 78{{\sl Proceedings of the Nineteenth Annual Symposium
663: on the Foundations of Computer Science,\/} IEEE, 1978}\else{\ifnum#1=
664: 80{{\sl Proceedings of the Twenty First Annual Symposium
665: on the Foundations of Computer Science,\/} IEEE, 1980}\else{\ifnum#1=
666: 82{{\sl Proceedings of the Twenty Third Annual Symposium
667: on the Foundations of Computer Science,\/} IEEE, 1982}\else{\ifnum#1=
668: 85{{\sl Proceedings of the Twenty Sixth Annual Symposium
669: on the Foundations of Computer Science,\/} IEEE, 1985}\else{\ifnum#1=
670: 86{{\sl Proceedings of the Twenty Seventh Annual Symposium
671: on the Foundations of Computer Science,\/} IEEE, 1986}\else{\ifnum#1=
672: 87{{\sl Proceedings of the Twenty Eighth Annual Symposium
673: on the Foundations of Computer Science,\/} IEEE, 1987}\else{\ifnum#1=
674: 88{{\sl Proceedings of the Twenty Ninth Annual Symposium
675: on the Foundations of Computer Science,\/} IEEE, 1988}\else{\ifnum#1=
676: 89{{\sl Proceedings of the Thirtieth Annual Symposium
677: on the Foundations of Computer Science,\/} IEEE, 1989}\else{\ifnum#1=
678: 90{{\sl Proceedings of the Thirty First Annual Symposium
679: on the Foundations of Computer Science,\/} IEEE, 1990}\else{\ifnum#1=
680: 91{{\sl Proceedings of the Thirty Second Annual Symposium
681: on the Foundations of Computer Science,\/} IEEE, 1991}\else{\ifnum#1=
682: 92{{\sl Proceedings of the Thirty Third Annual Symposium
683: on the Foundations of Computer Science,\/} IEEE, 1992}\else{\ifnum#1=
684: 93{{\sl Proceedings of the Thirty Fourth Annual Symposium
685: on the Foundations of Computer Science,\/} IEEE, 1993}\else{\ifnum#1=
686: 94{{\sl Proceedings of the Thirty Fifth Annual Symposium
687: on the Foundations of Computer Science,\/} IEEE, 1994}\else{\ifnum#1=
688: 95{{\sl Proceedings of the Thirty Sixth Annual Symposium
689: on the Foundations of Computer Science,\/} IEEE, 1995}\else{\ifnum#1=
690: 96{{\sl Proceedings of the Thirty Seventh Annual Symposium
691: on the Foundations of Computer Science,\/} IEEE, 1996}\else{\ifnum#1=
692: 97{{\sl Proceedings of the Thirty Eigth Annual Symposium
693: on the Foundations of Computer Science,\/} IEEE, 1997}
694: \else{
695: This FOCS not yet defined!}
696: \fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}
697:
698:
699:
700: \newcommand{\icalp}[1]{\ifnum#1=
701: 78{{\sl Proceedings of ICALP~78,\/} Lecture Notes
702: in Computer Science Vol.~62, Springer-Verlag, 1978}\else{\ifnum#1=
703: 81{{\sl Proceedings of ICALP~81,\/} Lecture Notes
704: in Computer Science Vol.~115, Springer-Verlag, 1981}\else{\ifnum#1=
705: 89{{\sl Proceedings of ICALP~89,\/} Lecture Notes in
706: Computer Science Vol.~372, Springer Verlag, 1989}\else{\ifnum#1=
707: 90{{\sl Proceedings of ICALP~90,\/} Lecture Notes in
708: Computer Science Vol.~443, Springer Verlag, 1990}\else{\ifnum#1=
709: 91{{\sl Proceedings of ICALP~91,\/} Lecture Notes in
710: Computer Science Vol.~510, Springer Verlag, 1991}\else{\ifnum#1=
711: 92{{\sl Proceedings of ICALP~92,\/} Lecture Notes in
712: Computer Science Vol.~623, Springer Verlag, 1992}\else{\ifnum#1=
713: 93{{\sl Proceedings of ICALP~93,\/} Lecture Notes in
714: Computer Science Vol.~700, Springer Verlag, 1993}\else
715: This ICALP not yet defined!
716: \fi}\fi}\fi}\fi}\fi}\fi}\fi}
717:
718: \newcommand{\istcs}[1]{\ifnum#1=
719: 93{{\sl Proceedings of the Second Israel Symposium on Theory
720: and Computing Systems\/}, 1993}\else{\ifnum#1=
721: 95{{\sl Proceedings of the Third Israel Symposium on Theory
722: and Computing Systems\/}, 1995}\else
723: This ISTCS not yet defined!
724: \fi}\fi}
725:
726: \newcommand{\fsttcs}[1]{\ifnum#1=
727: 94{{\sl Proceedings of the Fourteenth Annual Symposium on
728: Foundations of Software Technology and
729: Theoretical Computer Science,\/} Lecture Notes in Computer
730: Science Vol.~880, Springer Verlag, 1994} \else
731: This FSTTCS not yet defined!
732: \fi}
733:
734: \newcommand{\stacs}[1]{\ifnum#1=
735: 90{{\sl Proceedings of the Seventh Annual Symposium on
736: Theoretical Aspects of Computer Science,\/} Lecture Notes in
737: Computer Science Vol.~415, Springer Verlag, 1990}\else{\ifnum#1=
738: 91{{\sl Proceedings of the Eighth Annual Symposium on
739: Theoretical Aspects of Computer Science,\/} Lecture Notes in
740: Computer Science Vol.~480, Springer Verlag, 1991}\else{\ifnum#1=
741: 92{{\sl Proceedings of the Ninth Annual Symposium on
742: Theoretical Aspects of Computer Science,\/} Lecture Notes in
743: Computer Science Vol.~577, Springer Verlag, 1992}\else{\ifnum#1=
744: 93{{\sl Proceedings of the Tenth Annual Symposium on
745: Theoretical Aspects of Computer Science,\/} Lecture Notes in
746: Computer Science Vol.~665, Springer Verlag, 1993}\else
747: This STACS not yet defined!
748: \fi}\fi}\fi}\fi}
749:
750: \newcommand{\structures}[1]{\ifnum#1=
751: 88{{\sl Proceedings of the Third Annual Conference on
752: Structure in Complexity Theory\/}, IEEE, 1988}\else{\ifnum#1=
753: 89{{\sl Proceedings of the Fourth Annual Conference on
754: Structure in Complexity Theory\/}, IEEE, 1989}\else{\ifnum#1=
755: 90{{\sl Proceedings of the Fifth Annual Conference on
756: Structure in Complexity Theory\/}, IEEE, 1990}\else{\ifnum#1=
757: 91{{\sl Proceedings of the Sixth Annual Conference on
758: Structure in Complexity Theory\/}, IEEE, 1991}\else{\ifnum#1=
759: 92{{\sl Proceedings of the Seventh Annual Conference on
760: Structure in Complexity Theory\/}, IEEE, 1992}\else{\ifnum#1=
761: 93{{\sl Proceedings of the Eighth Annual Conference on
762: Structure in Complexity Theory\/}, IEEE, 1993}\else{\ifnum#1=
763: 94{{\sl Proceedings of the Ninth Annual Conference on
764: Structure in Complexity Theory\/}, IEEE, 1994}\else{\ifnum#1=
765: 96{{\sl Proceedings of the Eleventh Annual Conference on
766: Complexity Theory\/}, IEEE, 1996}\else{\ifnum#1=
767: 97{{\sl Proceedings of the Twelfth Annual Conference on
768: Complexity Theory\/}, IEEE, 1997}\else
769: This Structures not yet defined!
770: \fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}\fi}
771:
772: \newcommand{\soda}[1]{\ifnum#1=
773: 92{{\sl Proceedings of the Third Symposium on Discrete
774: Algorithms\/}, ACM, 1994}\else{\ifnum#1=
775: 93{{\sl Proceedings of the Third Symposium on Discrete
776: Algorithms\/}, ACM, 1993}\else{\ifnum#1=
777: 94{{\sl Proceedings of the Fifth Symposium on Discrete
778: Algorithms\/}, ACM, 1994}\else{\ifnum#1=
779: 95{{\sl Proceedings of the Sixth Symposium on Discrete
780: Algorithms\/}, ACM, 1995}\else
781: This SODA not yet defined!
782: \fi}\fi}\fi}\fi}
783:
784: \begin{thebibliography}{188}
785: %\bibitem%
786: %{arora:thesis}
787: %{ S.~Arora.}
788: %{\em Probabilistic Checking of Proofs and Hardness of Approximation
789: %Problems.}
790: %PhD thesis, U.C. Berkeley, 1994.
791: %Available from {\tt http://www.cs.princeton.edu/\~{ }arora }.
792:
793: \bibitem{arlu}
794: { S.~Arora and C.~Lund.}
795: \newblock Hardness of approximations.
796: \newblock In~\cite{hochbook}.
797:
798: \bibitem%[ALM{\etalchar{+}}92]
799: {ALMSS}
800: S.~Arora, C.~Lund, R.~Motwani, M.~Sudan, and M.~Szegedy.
801: \newblock Proof verification and intractability of approximation problems.
802: \newblock In {\em Proc. 33rd IEEE Symp. on Foundations of Computer Science},
803: 13--22, 1992.
804:
805: %\bibitem%[AMSSS92]
806: %{amsss}
807: %{ S.~Arora, R.~Motwani, S.~Safra, M.~Sudan, and M.~Szegedy.}
808: %\newblock PCP and approximation problems.
809: %\newblock {\em Unpublished note}, 1992.
810:
811: \bibitem%[ArSa]
812: {arsa}
813: { S. Arora and S. Safra}.
814: Probabilistic checking of proofs:~a new characterization of NP.
815: To appear {\em Journal of the ACM}.
816: Preliminary version in \focs{92}.
817:
818: \bibitem{arsu}
819: { S. Arora and M. Sudan}.
820: Improved low degree testing and its applications.
821: \stoc{97}
822:
823:
824: \bibitem{babai}%[Bab85]
825: L.~Babai.
826: \newblock Trading group theory for randomness.
827: \newblock In {\em Proc. 17th ACM Symp. on Theory of Computing}, 421--429,
828: 1985.
829:
830: \bibitem{babaisurvey}%[Bab94]
831: L.~Babai.
832: \newblock Transparent proofs and limits to approximations.
833: \newblock In {\em Proceedings of the First European Congress of
834: Mathematicians}. Birkhauser, 1994.
835:
836: \bibitem{BFL}%[BFL91]
837: L.~Babai, L.~Fortnow, and C.~Lund.
838: \newblock Non-deterministic exponential time has two-prover interactive
839: protocols.
840: \newblock {\em Computational Complexity}, 1:3--40, 1991.
841:
842: \bibitem{BFLS}%[BFLS91]
843: L.~Babai, L.~Fortnow, L.~Levin, and M.~Szegedy.
844: \newblock Checking computations in polylogarithmic time.
845: \newblock In {\em Proc. 23rd ACM Symp. on Theory of Computing}, 21--31,
846: 1991.
847:
848: \bibitem{bamo}%[BaM]
849: L.~Babai and S.~Moran.
850: Arthur-Merlin games: a randomized proof system,
851: and a hierarchy of complexity classes.
852: {\em Journal of Computer and System Sciences},
853: 36:254-276, 1988.
854:
855: \bibitem{barak}
856: B. Barak.
857: \newblock How to Go Beyond the Black-Box Simulation Barrier.
858: In {\em Proc. 42nd IEEE FOCS}, 106--115, 2001.
859:
860: \bibitem{befe}%[BeF]
861: { D.~Beaver and J.~Feigenbaum.}
862: Hiding instances in multioracle queries.
863: \stacs{90}.
864:
865:
866: \bibitem{bchks}%[BCHKS]
867: { M.~Bellare, D.~Coppersmith, J.~H{\aa}stad, M.~Kiwi and M.~Sudan.}
868: Linearity testing in characteristic two.
869: {\em IEEE Transactions on Information Theory\/}
870: 42(6):1781-1795, November 1996.
871:
872: \bibitem{BGS}%[BGS95]
873: M.~Bellare, O.~Goldreich, and M.~Sudan.
874: \newblock Free bits and non-approximability-- towards tight results.
875: \newblock In {\em Proc. 36th IEEE Symp. on Foundations of Computer Science},
876: 1995.
877: \newblock Full version available from ECCC.
878:
879: \bibitem{BGLR}%[BGLR93]
880: M.~Bellare, S.~Goldwasser, C.~Lund, and A.~Russell.
881: \newblock Efficient multi-prover interactive proofs with applications to
882: approximation problems.
883: \newblock In {\em Proc. 25th ACM Symp. on Theory of Computing}, 113--131,
884: 1993.
885:
886:
887: \bibitem{BS}%[BS94]
888: M.~Bellare and M.~Sudan.
889: \newblock Improved non-approximability results.
890: \newblock In {\em Proc. 26th ACM Symp. on Theory of Computing}, 184--193,
891: 1994.
892:
893: \bibitem{BGKW}%[BGKW88]
894: M.~{Ben-or}, S.~Goldwasser, J.~Kilian, and A.~Wigderson.
895: \newblock Multi prover interactive proofs: How to remove intractability
896: assumptions.
897: \newblock In {\em Proc. 20th ACM Symp. on Theory of Computing}, 113--121,
898: 1988.
899:
900:
901: \bibitem{BK}%[BK89]
902: M.~Blum and S.~Kannan.
903: \newblock Designing programs that check their work.
904: \newblock {\em JACM} {\bf 42}(1):269-291, 1995.
905: %In {\em Proc. 21st ACM Symp. on Theory of Computing}, 86--97,
906: % 1989.
907:
908: \bibitem{BLR}
909: M.~Blum, M.~Luby, and R.~Rubinfeld.
910: \newblock Self-Testing/Correcting with Applications to Numerical
911: Problems.
912: \newblock {\em JCSS} 47(3):549--595, 1993.
913: %\newblock {\em Prelim. Version in} \stoc{90}.
914:
915: \bibitem{clayprobs}
916: Clay Institute.
917: \newblock Millenium Prize Problems.
918: %\newblock http://www.claymath.org/prizeproblems/index.htm
919:
920: \bibitem{condon}%[Con93]
921: A.~Condon.
922: \newblock The complexity of the max-word problem and the power of one-way
923: interactive proof systems.
924: \newblock {\em Computational Complexity}, 3:292--305, 1993.
925:
926: \bibitem%[CFLS]
927: {cfls}
928: { A.~Condon, J.~Feigenbaum, C.~Lund and P.~Shor.}
929: Probabilistically Checkable Debate Systems and Approximation
930: Algorithms for PSPACE-Hard Functions.
931: \stoc{93}.
932:
933: \bibitem%[CFLS]
934: {cfls2}
935: { A.~Condon, J.~Feigenbaum, C.~Lund and P.~Shor.}
936: Random debaters and the hardness of approximating stochastic
937: functions.
938: {\em SIAM J. Comp.},
939: 26(2):369-400, 1997.
940:
941: \bibitem{cook}%[Coo71]
942: S.~Cook.
943: \newblock The complexity of theo\-rem-proving procedures.
944: \newblock In {\em Proc. 3rd ACM Symp. on Theory of Computing}, 151--158,
945: 1971.
946:
947:
948: \bibitem{CreKann}%[CK94]
949: P.~Crescenzi and V.~Kann.
950: \newblock A compendium of {NP} optimization problems.
951: \newblock Available from ftp://www.nada.kth.se/Theory/Viggo-Kann/compendium.ps.Z
952:
953: \bibitem%[Fei95]
954: {uri:setcover}
955: U.~Feige.
956: \newblock A threshold of $\ln n$ for approximating set cover.
957: \newblock \stoc{96}, 314--318.
958:
959:
960: \bibitem{FGLSS}%[FGL{\etalchar{+}}91]
961: U.~Feige, S.~Goldwasser, L.~Lov\'asz, S.~Safra, and M.~Szegedy.
962: \newblock Interactive proofs and the hardness of approximating
963: cliques
964: \newblock {\em Journal of the ACM}, 43(2):268--292, 1996.
965: %\newblock {\em Preliminary version:
966: %Approximating clique is almost {NP}-complete, \focs{91}.}
967:
968: \bibitem{FKcli}%[FK94]
969: U.~Feige and J.~Kilian.
970: \newblock Two prover protocols--low error at affordable rates.
971: \newblock In {\em Proc. 26th ACM Symp. on Theory of Computing}, 172--183,
972: 1994.
973:
974:
975: \bibitem{FL}%[FL92]
976: U.~Feige and L.~Lov\'asz.
977: \newblock Two-prover one-round proof systems: Their power and their problems.
978: \newblock In {\em Proc. 24th ACM Symp. on Theory of Computing}, 733--741,
979: 1992.
980:
981: \bibitem{FRS}
982: %[FRS88]
983: L.~Fortnow, J.~Rompel, and M.~Sipser.
984: \newblock On the power of multi-prover interactive protocols.
985: \newblock In {\em Proceedings of the 3rd Conference on Structure in Complexity
986: Theory}, 156--161, 1988.
987:
988:
989: \bibitem%[GJ79]
990: {GarJon}
991: M.~R. Garey and D.~S. Johnson.
992: \newblock {\em Computers and Intractability: a guide to the theory of
993: {NP}-completeness}.
994: \newblock W. H. Freeman, 1979.
995:
996: \bibitem%[Gol94]
997: {G}
998: O.~Goldreich.
999: \newblock Probabilistic proof systems.
1000: %\newblock Technical Report RS-94-28, Basic Research in Computer Science, Center
1001: % of the Danish National Research Foundation, September 1994.
1002: \newblock {\em Proceedings of the International Congress of
1003: Mathematicians}, Birkhauser Verlag 1994.
1004:
1005:
1006: \bibitem{goldreich}
1007: { O. Goldreich.}
1008: A Taxonomy of Proof Systems.
1009: In {\em Complexity Theory Retrospective II},
1010: L.A.~Hemaspaandra and A.~Selman (eds.),
1011: Springer-Verlag, New York, 1997.
1012:
1013:
1014: \bibitem{GGR}
1015: O.~Goldreich, S.~Goldwasser and D.~Ron.
1016: \newblock Property Testing and its Connection to Learning and
1017: Approximation.
1018: \newblock \focs{96}, 339--348.
1019:
1020: \bibitem%[GMR89]
1021: {GMR}
1022: S.~Goldwasser, S.~Micali, and C.~Rackoff.
1023: \newblock The knowledge complexity of interactive proofs.
1024: \newblock {\em SIAM J. on Computing}, 18:186--208, 1989.
1025:
1026: %\bibitem%[GMW87]
1027: %{GMW}
1028: %O.~Goldreich, S.~Micali, and A.~Wigderson.
1029: %\newblock How to play any mental game or a completeness theorem for protocols
1030: % with honest majority.
1031: %\newblock In {\em Proc. 19th ACM Symp. on Theory of Computing}, 218--229,
1032: % 1987.
1033:
1034: \bibitem{GS}
1035: V.~Guruswami and M.~Sudan.
1036: \newblock Improved decoding of Reed-Solomon and Algebraic-Geometric codes.
1037: \newblock {\em IEEE Trans.\ Inf.\ Thy.}, {\bf 45}:1757-1767 (1999).
1038:
1039:
1040: \bibitem%[Has95]
1041: {hastadcli}
1042: J.~H{\aa}stad.
1043: \newblock Clique is Hard to Approximate within $n^{1-\epsilon}$.
1044: \newblock {\em Acta Mathematica}, {\bf 182}:105-142, 1999.
1045:
1046: \bibitem{hastadmtsat}
1047: J.~H{\aa}stad.
1048: \newblock Some optimal inapproximability results.
1049: \newblock \stoc{97}, 1--10.
1050:
1051:
1052: \bibitem{hochbook}
1053: D.~Hochbaum, ed.
1054: \newblock Approximation Algorithms for NP-hard problems.
1055: \newblock PWS Publishing, Boston, 1996.
1056:
1057:
1058: \bibitem%[Joh92]
1059: {johnsonsurvey}
1060: D.~S. Johnson.
1061: \newblock The {NP}-completeness column: an ongoing guide.
1062: \newblock {\em Journal of Algorithms}, 13:502--524, 1992.
1063:
1064: \bibitem{KZ}
1065: H.~Karloff and U.~Zwick.
1066: \newblock A 7/8-Approximation Algorithm for {MAX} 3{SAT}?
1067: \newblock In {\em Proc. IEEE FOCS}, 1997.
1068:
1069: \bibitem%[Kar72]
1070: {karp72}
1071: R.~M. Karp.
1072: \newblock Reducibility among combinatorial problems.
1073: \newblock In Miller and Thatcher, editors, {\em Complexity of Computer
1074: Computations}, 85--103. Plenum Press, 1972.
1075:
1076: \bibitem{kilian}
1077: J.~Kilian.
1078: \newblock Improved Efficient Arguments.
1079: \newblock {\em Advances in Cryptology - CRYPTO 95}
1080: LNCS 963 Coppersmith, D.(ed.), Springer, NY, 311-324, 1995.
1081:
1082: \bibitem{klrss}
1083: M.~Kiwi, C.~Lund, A.~Russell, D.~Spielman, and R.~Sundaram
1084: \newblock Alternation in interaction.
1085: \structures{94}, 294--303.
1086:
1087: \bibitem{kolata}
1088: G.~Kolata.
1089: \newblock New shortcut found for long math proofs.
1090: \newblock {\em New York Times}, April 7, 1992.
1091:
1092:
1093: \bibitem%[LS91]
1094: {LS}
1095: D.~Lapidot and A.~Shamir.
1096: \newblock Fully parallelized multi prover protocols for {NEXPTIME}.
1097: \newblock In {\em Proc. 32nd IEEE Symp. on Foundations of Computer Science},
1098: 13--18, 1991.
1099:
1100:
1101: \bibitem%[Lev73]
1102: {levin}
1103: L.~Levin.
1104: \newblock Universal'ny\u{\i}e pereborny\u{\i}e zadachi (universal search
1105: problems : in {R}ussian).
1106: \newblock {\em Problemy Peredachi Informatsii}, 9(3):265--266, 1973.
1107:
1108:
1109: \bibitem{lipton}
1110: R.~Lipton.
1111: New directions in testing.
1112: \newblock In {\em Distributed Computing and Cryptography},
1113: J. Feigenbaum and M. Merritt, eds.
1114: \newblock Dimacs Series in Discrete Mathematics and Theoretical
1115: Computer Science, 2. AMS 1991.
1116:
1117: \bibitem%[LFKN92]
1118: {LFKN}
1119: C.~Lund, L.~Fortnow, H.~Karloff, and N.~Nisan.
1120: \newblock Algebraic methods for interactive proof systems.
1121: \newblock {\em JACM}, 39(4):859--868, 1992.
1122:
1123: \bibitem%[LY94]
1124: {LY}
1125: C.~Lund and M.~Yannakakis.
1126: \newblock On the hardness of approximating minimization problems.
1127: \newblock {\em JACM}, 41(5):960--981, 1994.
1128:
1129: \bibitem{MPS}
1130: E.~W.~Mayr, H.~J.~Promel, and A.~Steger. (eds)
1131: \newblock Lectures on proof verification and approximation algorithms.
1132: \newblock LNCS Tutorial, Springer Verlag, 1998.
1133:
1134: \bibitem{micaliCS}
1135: S.~Micali.
1136: \newblock Computationally Sound Proofs.
1137: \newblock {\em SIAM J.~Comp}, {\bf 30}(4), 1253--1298.
1138:
1139: \bibitem%[PY91]
1140: {PY}
1141: C.~Papadimitriou and M.~Yannakakis.
1142: \newblock Optimization, approximation and complexity classes.
1143: \newblock {\em Journal of Computer and System Sciences}, 43:425--440, 1991.
1144: %\newblock {\em Prelim.~version in Proc. ACM STOC 1988.}
1145:
1146:
1147: \bibitem%[Raz94]
1148: {raz}
1149: R.~Raz.
1150: \newblock A parallel repetition theorem.
1151: \newblock {\em SIAM J.~Comp} 27(3):763-803(1998).
1152:
1153:
1154: \bibitem%[RS97]
1155: {razsaf}
1156: { R. Raz and S. Safra}.
1157: A sub-constant error-probability low-degree test,
1158: and a sub-constant error-probability PCP characterization of NP.
1159: \stoc{97}.
1160:
1161: \bibitem{dron}
1162: D.~Ron.
1163: \newblock Property testing (A Tutorial). In,
1164: {\em Handbook of Randomized Algorithms},
1165: Pardalos, Rajasekaran, Reif, and Rolim, eds., . Kluwer Academic, 2001.
1166:
1167:
1168: \bibitem%[RS92]
1169: {RS}
1170: R.~Rubinfeld and M.~Sudan.
1171: \newblock Testing polynomial functions efficiently and over rational domains.
1172: \newblock In {\em Proc. 3rd Annual ACM-SIAM Symp. on Discrete Algorithms},
1173: 23--32, 1992.
1174:
1175: \bibitem{STZ}
1176: S.~Safra, A.~Ta-Shma, and D.~Zuckerman.
1177: \newblock Extractors from Reed-Muller codes.
1178: \newblock In {\em Proc. IEEE FOCS}, 2001.
1179:
1180: \bibitem{ST}
1181: A.~Samorodnitsky and L.~Trevisan.
1182: \newblock A PCP Characterization of NP with Optimal Amortized Query Complexity.
1183: \newblock In {\em Proc. 32nd ACM STOC}, 2000.
1184:
1185: \bibitem%[Sha92]
1186: {Sha}
1187: A.~Shamir.
1188: \newblock {IP = PSPACE}.
1189: \newblock {\em JACM}, 39(4):869--877, October 1992.
1190:
1191: \bibitem{STV}
1192: M.~Sudan, L.~Trevisan and S.~Vadhan.
1193: \newblock Pseudorandom Generators Without the XOR Lemma.
1194: \newblock {\em JCSS}, {\bf 62}(2):236-266, 2001.
1195:
1196: \bibitem{trevisan}
1197: Luca Trevisan.
1198: \newblock Extractors and Pseudorandom Generators.
1199: \newblock {\em JACM}, {\bf 48}(4):860-879, 2001.
1200:
1201: \bibitem{vijaybook}
1202: Vijay Vazirani.
1203: \newblock Approximation Algorithms.
1204: \newblock Spring Verlag, 2001.
1205:
1206: \end{thebibliography}
1207:
1208: \label{lastpage}
1209:
1210: \end{document}
1211: