CS267
Chris Pollett
Nov. 30, 2011
Which of the following is known to be true?
Protocol:
V: Pick `i in {1,2}` uniformly at random. Randomly permutes the vertices of `G_i` to get a new graph `H`. Send `H` to `P`.
P: Identify which of `G_1`, `G_2` was used to produce `H`. Let `G_j` be that graph. Send `j` to `V`.
V: Accept if `i=j`; otherwise reject.
Definition. For every `k` the complexity class `AM[k]` is defined as the subset of `IP[k]` obtained when we restrict the verifier's messages to be random bits, and not allowing it to use any other randoms bits that are not contained in these messages.
An interactive proof of this form is called a public coin proof or Arthur Merlin proof.
Clearly, `AM[k] subseteq IP[k]`.
Theorem. (Goldwasser Sipser 1987). For every `k:NN -> NN` with `k(n)` computable in poly(n).
`IP[k] subseteq AM[k+2]`.
Before we show this proof we show the following subcase:
Theorem. `GNI in AM[2]`
Proof. Let `S = {H | H ~= G_1 mbox( or ) H~= G_2}`. An `n` vertex graph has at most `n!` equivalent graphs. Let's assume this is exactly `n!` for the graphs `G_1` and `G_2`. Then the size of `S` differs by a factor of 2 depending on whether `G_1` and `G_2` are isomorphic.
Now consider the general case where `G_1` or `G_2` may have less than `n!` equivalent graphs. An `n`-vertex graph has less than `n!` equivalent graphs iff it has a nontrivial automorphism, which is a permutation that is not the identity permutation.
Let `aut(G)` denote the automorphisms of `G`. We change the definition of `S` to
`S = {(H, pi) | H ~=G_1 mbox( or ) H ~=G_2 mbox( and ) pi in aut(G)}`.
using the fact that `aut(G)` is a subgroup. One can verify that this `S` has size `2 cdot (n!)` or `n!` depending on whether `G_1` and `G_2` are isomorphic. So to convince the verifier these two graphs are nonisomorphic it suffices for the prover to convince the first case happens rather than the second. We will do this with the set lower bound protocol which we describe on Monday.