IP=PSPACE (Sketch)

Fortnow and Sipser 1988 give an oracle `A` that `coNP^A !=IP^A`.
So it was surprising, when in 1990 LKFN and Shamir, showed `IP=PSPACE`.
That `IP\subseteq PSPACE`, is a HW5 problem.
The idea of the proof that `PSPACE \subseteq IP` involves coming up with IP protocol for the PSPACE-complete problem TQBF and using the fact that IP is closed under p-time reductions.
Given an instance `psi := \forall x_1 \exists x_2, ..., \exists x_n phi(x_1, x_2, ...,x_n)` of TQBF where `phi` is a 3SAT instance of `m` clauses, the protocol involves converting `psi` to an `n`-variable polynomial over the integers mod `p` where `p in (2^n, 2^{3n}]`.
This "arithmetization" of the problem is how the relativized negative result is avoided.
...

Arithmetization of Formulas

Given a literal `l_i` in `phi` we convert it to the polynomial `x_i` if `l_i = x_i`, and `1-x_i` if `l_i = bar{x_i}`. Given a clause `C`, let `p_C` be the 3-variable polynomial where the literals are converted as just described and where `vv` is converted to `+`. Let `p_{phi}` be the polynomial that results by taking the product of the `p_C` for clauses in `phi`.
The degree of this polynomial is at most `3m`, and if we multiplied it out, `p_{phi}` would need `O(m)` coefficients.
If we evaluate `p_{phi}` according to a truth assignment `nu` for `phi`, then if `nu` doesn't satisfy `phi`, `p_{phi} = 0`. Further, one can show by the Chinese Remainder Theorem that if `nu` satisfies `phi`, for some prime in `(2^n, 2^{3n}]`, `p_{phi} > 0`.
To get a polynomial for `p_{psi}`, we use three operators on a polynomial `p(x_1, ..., x_n)`:
`L_i(p) := x_i \cdot p(x_1, ..., x_{i-1},1, x_{i+1}, ..., x_n)` (Linearization)
`\qquad\qquad + (1-x_i)p(x_1, ..., x_{i-1},0, x_{i+1}, ..., x_n)`
`A_i(p) := p(x_1, ..., x_{i-1},1, x_{i+1}, ..., x_n)` (All quantification)
`\qquad\qquad \cdot p(x_1, ..., x_{i-1},0, x_{i+1}, ..., x_n)`
`E_i(p) := p(x_1, ..., x_{i-1},1, x_{i+1}, ..., x_n)` (Exists quantification)
`\qquad\qquad + p(x_1, ..., x_{i-1},0, x_{i+1}, ..., x_n)`
We convert a TQBF formula `psi := \forall x_1 \exists x_2, ..., \exists x_n phi(x_1, x_2,..., x_n)` as
`p_psi := p_{0} := A_1 L_1 p_{1}(x_1)`
`p_{1}(x_1) := E_2 L_1 L_2 p_{2}(x_1, x_2)`
`p_{2}(x_1, x_2) := A_3 L_1 L_2 L_3 p_{3}(x_1, x_2, x_3)`
...
`p_{n-1}(x_1, ..., x_{n-1}) := E_{n-1} L_1 ... L_n p_{n}(x_1, ... x_n)`
`p_{n}(x_1, ... x_n) = p_{phi}(x_1, ... x_n)`.
The conversion is modified in the natural way, if the outermost quantifier is `\exists` and innermost is `forall`.
We also remark that TQBF instances can have multiple quantifiers of the same type before switching to a different type and to convert we use the appropriate `A_i` or `E_i` operator.
The linearization operators are used to ensure the degree of `p_{psi}` remains polynomial in the number of classes, and so will be evaluatable by the verifier.

Arithmetization Check Protocol

P: Sends prime p∈(2ⁿ, 2³ⁿ], 
   a number A₀ purported to be the value of p_ψ:=p₀ mod p,
   and coefficients of p₁(x₁).
V: Checks `p` of right size and prime. (Could use AKS 2002). Since outer quantifier in 
   example was ∀, checks that A₀=p₁(0)∙p₁(1) mod p
   Sends a random value r₁ mod p.
P: Optimal prover then computes A₁ = p₁(r₁), the coefficients of 
   the polynomial p₂(r₁, x₂), and sends them to V.
V: Since next quantifier in example was ∃, checks that A₁=p₂(r₁,0) + p₂(r₁,1) mod p
   Sends a random value r₂ mod p.
...
P: Optimal prover then computes A_n-1 = p_n-1(r₁,...,r_n-1) sends it to V.
V: In this case, p_φ = p_n, and the verifier can directly substitute 
   in values for the non-multiplied out version of p_φ.
   Since the last quantifier in example was ∃, the verifier checks that
   A_n-1=p_n(r₁,...,r_n-1,0) + p_n(r₁,...,r_n-1, 1) mod p.

If any of the verifier's checks fail during the above protocol the verifier rejects; otherwise, verifier accepts if `A_0 > 0`.

Proof Protocol Works

Let `n` be the number of variables in the TQBF formula. Let `d = O(n^c)` be the max degree of any polynomial `p_i` that needs to be evaluated in the protocol.

Claim. The odds that the prover can cheat the above protocol are less than `(1 - d/p)^n`.

Proof.

The proof the protocol works is by reverse induction on the `n` rounds. Let `j` be our induction variable, we'll consider round `n-j +1`.
If `j=1`, then `n-j +1 = n`. In this case, the prover does not send any polynomials and only sends `A_{n-1}`. `V` can simply evaluate `A_{n-1}=p_n(r_1,...,r_{n-1},0) + p_n(r_1,...,r_{n-1},1) mod p` and check if the prover sent the wrong `A_n` probability `1`.
Assume the statement holds up `i-1`. So far, if the prover was cheating, they were caught with probability `(1 - d/p)^{i-1}`.
Suppose the prover tries to lie. Then `A_{i-1}` must be consistent with the coefficients he sends or the verifier will find out that `A_{i-1}!=p_i(0) ? p_i(1) mod p`. Here `?` is either `\cdot` or `+` depending on the quantifier.
Suppose the prover had sent the coefficients of some polynomials `p'_i` other than `p_i`. As the degree of `p_i(r_1, ... r_{i-1}, x_i) - p'_i(r_1, ... r_{i-1}, x_i)` is at most `d` in `x_i`, it can have at most `d` zeros, and so the odds of lying this round are `1-d/p`. So using the induction hypothesis, the total odds of lying are `(1 - d/p)^{i}`, proving the induction step and the claim.

Quiz

Which of the following statements is true?

Our private coin protocol for graph non-isomorphism might say two graphs are isomorphic even if they aren't.
In `AM[k]`, Arthur's messages consist of his random coin flips.
The set lower bound protocol was used to show `IP[k]` is not a subset of `AM[k+2]`.

The Importance of Circuit Lower Bounds

We switch topics now to study lower bounds for circuits.
Given the close relationship between `P` and `P`/`poly`, and given that circuits are more combinatorial in natural, it was hoped that it would be easier to show `P != NP` by exhibiting a problem in `NP` that required large circuits.
Since by Bennett-Gill we know `BPP \subseteq P`/`poly`, this would also entail `BPP != NP`.
Bennett-Gill also implies that circuit lower bounds might be closely connected to derandomization.
One famous result of this type is Impagliazzo-Widgerson 1998, which shows that if there is a language in `E=DTIME(2^{O(n)})` that requires `2^{\alpha n}` circuit size for some `\alpha > 0`, then `BPP = P`.
We start our examination of circuit lower bounds by trying to find the minimal complexity class in which Shannon's lower bound we gave earlier works.

Reworking Shannon's Argument

Theorem. There is a language in `\Sigma_3`-TIME(`2^{O(n)}`) that requires circuits of size `2^n/{2n}`.

Proof. Our machine operates as follows: On input `x`, let `n =|x|`, guess a string `w` of length `2^n`, the bits of this string correspond to the values output on each row of a truth table. We then universally, guess a circuit `C` of size `2^n/{2n}`, then we cycle over each truth assignment, `y`, on `n` variables and evaluate `C` and compare its output to `w`. If `C` agrees with `w` on all such assignments `y` then we output 0 and halt. We know by Shannon 1949 that there exists boolean functions of `n` inputs that require circuits of `2^n/{2n}`, so some `w` will let us go through this first stage. Next we universally guess another truth table `w'`. If `w'` is not lexicographically smaller than `w`, we output 1 and halt. We assume `w` is not the all `0` truth table as there are circuits of size `2^n/{2n}` computing the `0` truth table. So there exists `w'`, that won't cause us to halt. Next we existentially guess a circuits `C'` of size `2^n/{2n}` and in exponential time check that its truth table has the same outputs as `w'`. If not, we halt and output 0. At this point, we have computed `w`, the lexicographically smallest truth table not computed by a circuit of size `2^n/{2n}`. We then check if `x` for this truth table has value 1. If so, output 1, otherwise, we output 0. Q.E.D.

Circuit Lower Bounds in `PH`

Theorem (Kannan 1982). For any `k > 0`, there is an `L in Sigma_4^p` that does not have circuits of size `O(n^k)`.

Proof.

Since for any constant `c >0`, `c\cdot n^k = o(n^{k+1})`, it suffices to show that there is an `L in Sigma_4^p` that does not have circuits of size `n^{k+1}`.
We know from the circuit size hierarchy that there is a circuit family of size `10 \cdot n^{k+1}` not equivalent to any `n^{k+1}`-sized circuit family.
Our language `L in \Sigma_4^p` is computed as follows:
On input `x`, where `|x|=n`
1. Existentially guess an encoding of a circuit `C` of size `10 \cdot n^{k+1}`.
2. Universally check for any encoding of a circuit `C'` of size `n^{k+1}` than can
3. [Existentially guess a string of length `n` on which `C` and `C'` output different values
4. and (universally check for any encoding of a circuit `C''` of size at most `10 \cdot n^{k+1}` lexicographically smaller than `C` that can
5. existentially guess an encoding of a circuit `C'''` of size `n^{k+1}` and can
6. universally check for any string of length `n` that `C''` and `C'''` output the same values)] and
7. `C` accepts `x`.
Lines 3-6 are the conjunction of an `NP=Sigma_1^p` operation with a `\Pi_3^p` operation, so will be `\Pi_3^p`.
We can merge the universal quantifier in line (2), so that lines 2-6 are `\Pi_3^p`, and there lines 1-7 will be `\Sigma_4^p`. Q.E.D.

Circuit Lower Bounds in `PH\quad` continued

Theorem 2 (Kannan 1982). For any `k > 0`, there is an `L in Sigma_2^p \cap Pi_2^p` that does not have circuits of size `O(n^k)`.

Proof. We first observe either `NP` is contained in `P`/`poly` or `NP` is not contained in `P`/`poly`. In the latter case, we are done as we could pick `L` to be a language showing `NP` is not in `P`/`poly`. On the other hand, if `NP` is contained in `P`/`poly`, then we known from Sipser-Gacs-Lauteman that `Sigma_2^p = Pi_2^p = PH`, and so our `\Sigma_4^p` predicate of the previous theorem will in `Sigma_2^p \cap Pi_2^p`.

Circuit Lower Bounds in `P` and `NP`

If we want to use circuit lower bounds to show `P != NP`, we need to be able to come up with circuits of large size in `NP`.
Kannan's argument from the previous two theeorem is essentially guess a large circuit and a check for all smaller circuits that they can't compute something.
This approach gives at least two alternations and so won't be doable in `NP` unless the polynomial hierarchy collapses.
The best known lower bounds for circuitsfor a language in `NP` (Iwama, et al 2002) are actually lower bounds for circuits for a language in `P` and are of the form `5n - o(n)`.
This result as well as earlier results all use the so-called gate-elimination method.
In the case of the Iwama, et al result, they give a p-time construction of a family of boolean functions which are `(n,k)`-strongly two dependent, then use gate-elimination to show these functions cannot be computed by circuits of size `5n-o(n)`.
This proof, although not super-long, would take us further afield than I want, so instead I will show a simpler earlier result (Schnorr 1974) that illustrates this technique.

p-time languages that need `2n-3` size circuits I

Let `f:{0,1}^n -> {0,1}` be the boolean function which checks is the sum of its input bits is `0 mod 3`. This is easily doable in `p`-time.
This function satisfies the following properties that make it slightly non-trivial to compute:
1. `f` depends on all its inputs.
2. for `n \geq 3`, and any two distinct inputs `x_j` and `x_k`, there are at least three sub-functions that can be obtained by setting these inputs to constants. (set both to 0; set either to 1, but not both; set both to 1)
3. Setting any input `x_j` to a constant, yields a function which still satisfies (1), (2) (and for `n \geq 3`), (3).
Call any function which satisfies (1), (2), (3), a `Q_{2,3}^n`-function. So `f` above is a `Q_{2,3}^n`-function.

p-time languages that need `2n-3` size circuits II

Theorem. A `Q_{2,3}^n`-function requires circuits of size `2n-3` even if we allow all 2-input gate types.

The proof is by input on `n`. The first interesting (i.e., nonnegative) base case is when `n=2`. For this case we need to show that a `Q_{2,3}^2`-function `g` requires as least 1 gate (including input gates). This is trivial as by property (1), `g` depends on both of its inputs.

Assume any `Q_{2,3}^{n-1}`-function requires circuits of size `2(n-1)-3`. Let `g` be a `Q_{2,3}^{n}`-function and let `C` be a minimal circuit for it. There must be some gate in this circuit that receives as inputs, two input lines `x_i` and `x_j`. This gate has at most two possible output values, and so by property (2), either `x_i` or `x_j` must occur elsewhere in the circuit.

Without loss of generality, assume `x_i` occurs elsewhere. By property (3), setting `x_i = 1` or `x_i =0` should give a `Q_{2,3}^{n-1}`-function. Once `x_i` has its value set though, we can remove the at least two gates in which it occurs. By the induction hypothesis, these `Q_{2,3}^{n-1}`-functions have size at least `2(n-1)-3` and they don't have the two gates in `g`. So the size of `g` is at least `2(n-1)-3 +2 = 2n-3`. Q.E.D.

IP=PSPACE, Circuit Lower Bounds

Outline