Notes
Notes
Lukas Prokop
February 14, 2024
Contents
1
This lecture took place on 2nd of Oct 2013.
Contents:
• Extended view on complexity theory and modern applications
• Focus on algorithms, optimization problems and cryptography
2 sections:
1. Complexity theory
• randomized complexity classes
• polynomial hierarchy
• interactive protocols (zero knowledge systems)
• probabilistically checkable proof (PCP theorem)
2. Approximation of complexity
• complexity theory of heuristic algorithms
0.2 Literature
• C. Papadimitriou, “Computational complexity”, 1994 [old, classic].
• I. Wegener, „Komplexitätstheorie (Grenzen in der Effizienz von Algorith-
men)”, 2003 [modern, non-comprehensive].
• S. Arora, B. Barak, Computational complexity (A modern approach),
2009 [modern, exhaustive].
2
1 Randomized complexity classes
tcs2_bipartite_graph_perfect_matching.pdf
(ui , vj ) ∈ E
xi,j
|{z}
ai,j = symbolic variable
(ui , vj ) ∈
0 /E
X n
Y
det A(G) = σ(π) · aj,πj
π∈Sn j=1
(
1 π is an even permutation
σ(π) =
−1 π is an odd permutation
3
Observation:
Remarks:
• This alternative method given above is based on the evaluation of det A(G).
• We are interested in the evaluation of a symbolic determinant.
For given values of xi,j ∈ Q we can evaluate det A(G) in polynomial time (eg. via
gaussian elimination). For the symbolic determinant evaluation no algorithm is
known (actually, the question whether a specific coefficient is the coefficient of
the symbolic non-zero determinant, is an NP-complete problem).
Select a random configuration for xi,j and evaluate the resulting determinant.
If the determinant is 0, then we have found the zero function or a root in the
function. In the other case G has a perfect matching (result: YES). In the first
case, we have to proceed with further evaluations.
Case distinction:
4
Is not 0. We have a polynomial of degree ≤ d in zm such that ≤ d null points
can exist for each combination of z1 , . . . , zm−1 . Therefore ≤ d M m−1
further null points of p. Addition of (m − 1) in M m−1 with d with M m−1
results in ≤ m · d with M m−1 . So this lemma is proven.
This algorithm returns with “no error” or “I don’t know”. This algorithm is
part of the complexity class RP.
• If the answer is Yes (there exists an perfect matching), the answer is always
correct (no false positives).
• If the graph does not have a perfect matching, the answer of the algorithm
is not complete. Consider the answer “No” if the number of repetitions
with the answer “I don’t know” exceeds some threshold (therefore, false
negatives are possible).
In the case of a Yes-answer we can see that the error probability (applying the
algorithm once) is ≤ 12 (recognize that d = 1 here). With k applications, we get
a probability ≤ 21k .
Find. Is ϕ satisfiable?
5
2-SAT. Restrict boolean equation to CNF with 2 literals per clause.
2-SAT has been show to be polynomially decidable (eg. with flow theory). Here
the following algorithm shall be given:
• No, even for 3-SAT there are known instances of the problem where a
6
polynomial r fails.
• For 2-SAT for r = 2n2 we have an error probability of ≤ 12 . Therefore we
have a Monte-Carlo algorithm for 2-SAT.
Given. A polynomial
tcs2_algebraic_circuit.pdf
Remarks:
7
1.3.1 The class ZeroP
Let ZeroP be the complexity class of algebraic circuits, which evaluate whether
a polynomial (which is identical) is a zero-polynomial.
c = c′ ⇔ c − c′ = 0
This is why the name ZeroP was chosen. A special case of this problem is the
previous problem to determine whether a perfect matching exists.
˜ For example
Is p(x1 , . . . , xn ) a polynomial of total degree max d.
x21 x32 x3 x74 has max-degree 13 for all terms.
S is a finite set of integers. If aj , . . . , an is selected randomly out of
S.
In this case:
d˜
P (p(a1 , . . . , an ) ̸= 0) ≥ 1 −
|S|
8
We evaluate C mod k where k is randomly selected from 1, . . . , 22m (further
constraints are mentioned later). Instead of y, we get y mod k. If y = 0, then
also y mod k = 0.
1
If y ̸= 0, then we can show that k (with probability ≥ δ = 4m ) does not split.
1
This probability is small enough that O( δ ) are enough repetitions to gain our
result. We do only accept ak , if for all runs the result was 0.
Given. n is odd
In this section we want to given a quick overview for the definitions required to
discuss this topic. See table ?? for the class overview.
9
failure/error probability failure/error probability
(bounded) (not bounded)
Two-sided error BPP PP
One-sided error RP, co-RP NP, co-NP
RP = Monte-Carlo algorithms
No error, ZPP = RP ∩ co − RP NP ∩ co − NP
but failure is possible (Las Vegas Algorithms)
No error, no failure P
• If x ∈
/ L then all computations of N for x end with the result “No” (no
false positives).
• If x ∈ L then more than half of the evaluations for x result in “Yes”. Hence
the probability of false negatives is ≤ 21 where 12 is a configurable constant.
The set of all languages for which there exists a Monte-Carlo turing machine is
called RP.
Remark:
Repetitions:
1
1 − ϵ with ϵ < is the error probability of false positives
2
For k repetitions: Error probability for false negatives is (1 − ϵ)k . Choose k:
1 1
k= − probability for false negatives is ≤
log2 (1 − ϵ) 2
RP lies between P and NP. co-RP is the complement of RP (ie. the result
“Yes”/“No”/“I don’t know” is exchanged).
10
1.7 Complexity class ZPP
In other words, there exists a Monte-Carlo algorithm which does not return any
false positives and an analogon which does not return false negatives (no error,
but failure is possible). This is the definition of Las-Vegas algorithms.
1
If probability of false positives and false negatives ≤ 2 (after k repetitions).
1.8.1 NP ⊆ PP
1. Evaluation with N
11
2. Randomized selection of one evaluation path (for all inputs x of same size
answer always with “YES”).
A majority of evaluations for N ’ for x ends with “Yes”. This corresponds to:
more than 1 evaluation of N for x ends with “YES”. This corresponds to x ∈ L.
Remarks:
3
• For all inputs x with x ∈ L ends with probability ≥ 4 of the evaluations
of N of x with acceptance.
3
• For all inputs x with x ∈
/ L ends with probability ≥ 4 of the evaluations
of N of x with rejection.
Remarks:
1
• Any value > 2 and < 1 can be used instead of 34 .
• For 34 : 1
4 error probability for false positives and false negatives.
1
• RP ⊆ BPP (Monte-Carlo algorithm with error probability 2 repeated
twice in different direction)
• co-RP ⊆ BPP
• BPP ⊆ PP (can easily be derived from the definition; has fewer con-
straints)
• Open issues:
12
– BPP ⊆ NP?
– ∃ BPP-complete problems?
• BPP is closed under complement.
• BPP is basically a model for “practical polynomial randomized algorithm”.
All these complexity classes require some concept of probability; for example
random bits set on the turing machine. Question in practice:
Assume we don’t have any fair dice / coins (probability (heads) ̸= 12 ). Does this
define a new complexity class?
You can create a fair die with polynomial effort using an unfair die. So RP and
BPP (etc) are not influenced.
Take a coin with probability (heads) = ρ with ρ ̸= 21 . The following two lemmas
apply:
bj = pj ∀j ∈ {1, . . . , i}
13
M throws pair of coins (2 coins) with bias ρ. Repeat these paired throws until
2 different results are given. We return “heads” for the result heads-tails and
“tails” for tails-heads.
From this lemma it follows that (if we allow expected polynomial time1 ) we
don’t lose any properties for a biased coin. We can also show this for polynomial
runtime rather than expected runtime (by splitting the bitstring into blocks).
randomized_complexity_classes.pdf
The position of BPP is partially unknown; partially we will discuss them later
on.
2 The class FP
14
answers than “YES” or “NO”). Two examples are FSAT and TSP.
Find. Is there any satisfying assignment for ϕ? If so, return it. Otherwise
report “No”.
Assume that a polynomial SAT algorithm exists for the decision problem SAT,
then we can solve FSAT in polynomial time: ϕ is a SAT equation with variables
x1 , x2 , . . . , xn .
fsat.pdf
D = (dij ) dij ∈ Z+
0
where dij specifies the distance between the vertices i and j. D is called distance
matrix.
15
Specifically, TSP is given as decision problem TSPDEC :
We show that when a polynomial algorithm for TSPDEC exists, then there is a
polynomial algorithm for TSP:
Step 1 Determine the requested target function value (length of optimal tour).
Binary search for the optimal value for the optimal value. Always ask: is there
any tour with length (≤ 2q−1 )? We get a binary tree always with two branches
“Yes” and “No”. On the second level we ask is there any tour with length
(≤ 2q−2 ).
After a polynomial number O(log2 (2q ) = O(q) of steps, c∗ —the length of the
requested tour—is known.
Step 2 Determine a required tour (a tour with length c∗ ). Consider the values
of D in arbitrary order one after another. dij is the current item we look at.
Then set dij temporarily to c∗ +1 (Idea: restrict usage of (i, j)) and ask whether
there is a tour of length ≤ c∗ for the current matrix.
If answer is no, then we have to use the current edge (i, j) and we set dij back
to its old value. In the other case we keep dij as c∗ + 1.
Next task: Generalize the class / reduction term of decision problems for
function problems.
16
Definition: A and B are two function problems. A is reducible to B, iff ∃ string
functions R and S (both computable in polynomial space) such that the relation
illustrated in Figure ?? is given.
function_problem_reduction.pdf
Given. A number n ∈ N
Definition. (total functions) For such function problems there is always a valid
solution.
Definition. (TFNP) partial class of all function problems with total functions.
17
2.4 Exercise 2: Integer sets of same sum
Pn
Given. n numbers a1 , . . . , an ∈ Z+ with i=1 ai < 2n − 1.
Pn
For the special case i=1 ai < 2n − 1 there is always a solution due to the pid-
geonhole principle. Without this constraint, the decision problem is complete.
happy_vertices.pdf
18
Start with a random start state. As long as there are unhappy
P flip them. Because there are ρ values in [−W, W ] with
vertices,
W = {i,j}∈E |wij | and ρ increases with ≥ 2{i,j}∈E , we have shown
the finiteness of the algorithm.
Find. A second hamiltonian cycle (but does not have to exist) (different
from Q).
For cubic graphs (3-regular2 ) there is always a second hamiltonian cycle (if there
is at least one).
fnp.pdf
2.6.1 TSPDEC
2.6.2 Exact-TSP
2 d(v) = 3∀v ∈ V
19
2.6.3 TSP-Cost
Given. n × n matrix D.
2.6.4 TSP
Given. n × n matrix D.
3 Complexity class DP
Remark. DP ̸= P ∩ co-NP.
Examples:
• EXACT-TSP ∈ DP.
Split problem in ≤ c∗ (in NP) and ≥ c∗ (in co-NP) questions.
• SAT-UNSAT
Given a SAT formular ϕ and ϕ′ .
Question: Is ϕ satisfiable or ϕ′ not satisfiable?
Proof:
1. SAT-UNSAT ∈ DP.
L1 = {(ϕ, ϕ′ ) : ϕ is satisfiable}.
L1 ∈ P due to SAT ∈ NP.
L2 = {(ϕ, ϕ′ ) : ϕ is not satisfiable}.
L2 ∈ co-NP due to co-SAT ∈ co-NP (L = L1 ∩ L2 ).
2. SAT-UNSAT is DP-complete.
Is L ∈ DP and L is reducible to SAT-UNSAT.
L ∈ DP → ∃l1 ∈ NP, l2 ∈ co-NP
∃ reduction R1 of L1 to SAT. ∃ reduction R2 of L2 (complement) to SAT.
20
Construct reduction R with R(x) = (R1 (x), R2 (x)) of L to SAT-UNSAT.
R(x) is YES-instance of SAT-UNSAT ⇔ R1 (x) is satisfiable, R2 (x) is not
satisfiable ⇔ x ∈ L1 , x ∈ L2 ⇔ x ∈ L.
(repetition)
SAT-UNSAT ∈ DP-complete.
Proof:
3sat_hamiltonian_path.pdf
There are always 2 possibilities to follow a path. The horizontal lines are fol-
lowed by 2 paths where the paths can be described by a XOR (upper horizontal
line is assigned to a different path than the corresponding lower horizontal line).
21
consistency_graph.pdf
clause_gadgets.pdf
gadgets.pdf
All 3m triangular nodes (of the m clause gadgets) and the last node of the
“Kelle” of the variable gadgets and a new node 3 are connected by all possible
nodes (complete subgraph). We finally add node 2 and edge {2, 3}.
G(ϕ) is now finalized. We can show that the hamiltonian path ∃ ⇔ ϕ is sat-
isfiable. Such a hamiltonian path has to exist between 1 and 2 and without
constrainting of our previous assumption, we start in 1.
22
(all but one variable are satisfied). Introduce a new variable z and insert ∨z to
all clauses and another clause z (can be reduced to a 3SAT normal form). The
new SAT equation requies an almost satisfying assignment (set z = ⊤).
Apply this construction to ϕ and ϕ′ ; G and G′ are created where each of them
contains a broken hamiltonian path.
vertex_combination.pdf
In the left graph we define the edge weights to get an EXACT-TSP instance.
Set
1
if {i, j} is an edge in G or edge in G’
dij := 2 if {i, j} is no edge in G but i,j are vertices of G
3 else
23
3.3 Other problems
A ⊆ σ ∗ is a language.
M ? with A as oracle runs like a traditional turing machine except for the tran-
sition of the query state.
24
3.4 MAX-OUTPUT
Proof: First we show that MAX OUTPUT ∈ FPNP . Idea: Binary search.
Iterate question: Is there an output greater ≥ x? (or > x) (for integers x ∈
0, . . . , 2n−1 ).
This simulation M SAT is deterministic and correct for all operations, that are no
calls to the oracle. Assume that M SAT stops at the first oracle call. An oracle
call corresponds to the question whether this SAT equation ϕ is satisfiable.
N guesses the answer to this question and sets z1 = 1, if the guesses answer is
“Yes” and z1 = 0 otherwise. In the case of z1 = 0, N continues the simulation
25
with state qNo . If z1 = 1, then N guesses an assignment T1 for the variables in
ϕ1 and checks whether T1 satisifies ϕ1 . If this test succeedes, the simulation is
continued in state qYes . Otherwise to stop and resign. N returns the string 0n
as output and halts (non-successful evaluation).
zi ∈ {0, 1} analoguous to z1
In the case that the turingmachine does not halt yet ({z1 , z2 , . . . , zr } as the set
of oracle calls), N writes string z1 , z2 , . . . , zr and possibly padded with zeros at
the end for length n and output of M SAT (x) = F (x).
3.5 MAX-WEIGHT
Find. Truth assignment in such a way that the sum of weights of satisfying
clauses is maximal.
26
Proof:
1. Using binary search and a SAT oracle we can evaluate the greatest total
weight of satisfiable clauses. With variable fixitation like in FSAT we get
an assignment which has the target function value. Thus MAX-WEIGHT
∈ FPNP .
2. Reduce MAX-OUTPUT to MAX-WEIGHT-SAT. The proof of the the-
orem by Cook uses a non-deterministic N and an input 1n . A boolean
equation ϕ(N, n) is constructed such that each satisfying assignment of
ϕ(N, n) corresponds to a correct evaluation of N to 1n .
We use this construction. All clauses of ϕ(N, n) are assigned a high weight
value; for example 2n .
We introduce new clauses. The weight are chosen in such a way that in every
optimal solution of MAX-WEIGHT-SAT all clauses of ϕ(N, n) are satisfied.
ϕ(N, n) contains a variable for the symbol at each position for each string of
N for every step. There are n variables (y1 , y2 , . . . , yn ). Those represent the
positions in the output string if N halts. We add n clauses to ϕ(N, n). Each of
them contains only one literal:
(yi ) i = 1, . . . , n
The weights of this clause 2n−i . Remark: Those clauses together are weighted
less than each ϕ(N, n).
This defines the R-function reduction of the proof. Coming to the S-function. . .
27
• Unweighted MAX-WEIGHT-SAT (maximize number of satisfiable clauses)
For such problems (specifically MAX-CLIQUE) O(log n) oracle calls are suffi-
cient. We get new complexity classes:
PNP[log n] FPNP[log n]
P NP[log n] ⊆ PPARA
NP
For the simulation with a non-adaptive Oracle-TM determine all O(nk ) oracle
calls and answers beforehand. The correct decision path can be derived.
NP
PPARA ⊆ P NP[log n]
NP
L is a language ∈ PPARA . L can be evaluated with a polynomial number of
non-adaptive oracle calls. Firstly we determine with O(log n) NP-oracle calls
(binary search) the number K of Yes-answers for the given non-adaptive oracle
calls.
Remark. The question whether the given set of SAT equations ≥ K is satisfi-
able is a NP-question.
Finally, are there K satisfying truth assignments for K of the n expressions such
that if all others are not satisfiable (for us this is the case because of K max.)
the oracle-TM halts with acceptance? L ∈ P NP[log n] .
δ0 P = Σ0 P = Π0 P := P
28
δi+1 P := P Σi P
Σi+1 P := NPΣi P
Πi+1 P := co-NPΣi P
[
PH := Σi P
i≥0
4.1 Layer 1
δ1 P = P P = P
Σ1 P = NPP = NP
Π1 P = co-NPP = co-NP
4.2 Layer 2
∆2 P = P NP
Σ2 P = NPNP
Π2 P = co-NPNP
29
2. i ≥ 2 and step i − 1 → i
• “⇐”: There exists a relation R according to the theorem (right part
of the equation) additionally L ∈ Σi O = NPΣi−1 P .
Thus, we have to define a non-deterministic oracle turingmachine
which uses an oracle from Σi−1 P and decides L.
For the input x this TM guesses the associated y and asks Σi−1 P
oracle, whether (x, y) ∈ R (or actually— because R is a Σi−1 P
relation—whether (x, y) ∈/ R).
• “⇒”: L ∈ Σi P (additionally with a corresponding relation R).
Because L ∈ Σi P there exists a non-deterministic oracle turingma-
chine M ? with oracle K ∈ Σi−1 P such that M ? decides L. Because
K ∈ Σi−1 P there exists a polynomial balanced relation S with S
decidable in Πi−2 such that z ∈ K ⇔ ∃w : (z, w) ∈ S.
3. We construct R with the help of S. We know x ∈ L ⇔ there exists a valid,
accepted computation of the oracle turingmachine M k for x (several steps
of M k are oracle calls [return Yes/No answers]). The associated certificate
is y.
4. For each oracle call zi with answer “Yes” a certificate wi with (zi , wi ) ∈ S
is returned.
5. Define R has followed: (x, y) ∈ R ⇔ y describes an accepted evaluation of
M k to x together with the certificates wi for all oracle calls zi with answer
“Yes”.
6. Additionally R has the desired properties.
Hypothesis. (x, y) ∈ R can be decided in Πi−1 P .
Proof of hypothesis. First of all we have to test whether all steps M ?
(with k computed by the oracle) are valid. This is possible in determin-
istic polynomial time. Then we have to test for a polynomial number of
pairs (zi , wi ) whether (zi , wi ) ∈ S. This can be computed in Πi−2 P and
therefore also in Πi−1 P . Because k ∈ Σi−1 P , this question is a Πi−1 P
question.
7. So (x, y) ∈ R ⇔ A sequence of questions of Πi−1 P have the answer “Yes”.
Show in Πi−1 P .
30
Proof results from the repeated application of Theorem 2.7 and Corollary 2.8
and adhesion of certificates.
Remarks:
Remark. For i = 1 we can conclude that (under the assumption that P = NP)
the layer 1 already does not tell us anything and the whole hierarchy definition
is useless (“collapse at layer 1”). If the assumption does not hold we still do not
know whether or not the hierarchy collapses at any finite layer.
Conjecture. P ̸= NP and polynomial hierarchy does not collapse for any finite
layer.
Proof. It suffices
Σi P = Πi P
⇒ Σi+1 P = Πi+1 P
Theorem 2.7
Consider L ∈ Σi+1 P ⇒ ∃ relation R in Πi P (= Σi P according to
assumption) with L = {x : ∃y : (x, y) ∈ R}. R is also in Σi P ⇒ (x, y) ∈ R ⇔ ∃z
with (x, y, z) ∈ S for any relation S of Πi−1 P .
4.3 QSATi
Find. Is it true, that a partial truth assignment for X1 exists such that
for all partial truth assignment of variables in X2 there exists partial truth
31
assignments for variables in X3 such that . . . X1 .
Problem can analogously defined to start with ∀ quantifier.
∃X1 ∀X2 ∃X3 . . . ϕ
This is an example at the i-th layer. We now know that at the i-th layer complete
problems do exist.
Proof.
We know:
Thus for the partial assignment of the variable X with x there are values in Y1
such that for all values of variables in Y2 . . . there are values for variables in Yi
and there are values for the variable in Z such that ϕ is satisfied.
32
Theorem 2.12. If there is a PH-complete problem, the polynomial hierarchy
collapses at finite level.
Remarks:
Q1 x1 Q2 x2 . . . Qk xk ϕ(x1 , . . . , xk ) Qi ∈ {∀, ∃} .
| {z }
quantifier-free
is PSPACE-complete.
2. If we define Σi P , Πi P with an alternating oracle-TM, we have to assume
that the number i of quantifiers is not part of the input. This is a con-
straint for the number of allowed quantifiers. There is no constraint for
PSPACE.
3. Because there are PSPACE-complete problems, we can conclude from
PSPACE = PH that the polynomial hierarchy collapses at finite level.
4.4 BPP ⊆ Σ2 P
33
Observation.
1. a ⊕ b = c ⇔ c ⊕ b = a
2. (a ⊕ b) ⊕ b = a. The function ⊕b is reversible with the same argument.
3. a ∈ U is constant, r ∈ U is random value. So a ⊕ r is random value.
We will show that we can return for x ∈ L a relatively small number of transla-
tions which cover U (cardinality p(n)) whereas for every x ∈
/ L there is no such
representation.
Because x ∈ L ⇒ probability(b ∈
/ A(x) ⊕ ti ) ≤ 1
2n = 2−n .
≤ 2−np(n) · |U | = 2−(n−1)·p(n) ≪ 1
|{z}
2p(n)
L = x : ∃T = (t1 , t2 , . . . , tp(n) ) [tj translations]
34
such that ∀b ∈ U ∃j ∈ {1, . . . , p(n)} : b ⊕ tj ∈ A(x).
5 Counting Problems
5.1.1 #SAT
Given a SAT equation, find the number of satisfying truth assignments. Analo-
gously the number of hamiltonian paths - number of hamiltonian paths. Anal-
ogously the number of cliques - number of cliques with ≥ k vertices.
Those examples are counting variants for problems where the basic decision
problem is NP-complete.
Y
aiπ(i) = 1∀i ∈ {1, . . . , n} ⇔ ui , vπ(i) ∈ E∀i ∈ {1, . . . , n} ⇔ aiπ(i) = 1
i=1
35
The number of perfect matchings is given by the permanent
n
X Y
perm(A) = aiπ(i)
π∈Sn i=1
X n
Y
det A(G) = (−1)sign(π) · aiπ(i)
π∈Sn i=1
Given a graph with m edges and n vertices. Find the number of subgraphs of
G (2m at maximum) which contain a path from 1 to n.
5.2 #P
Question. Are there any of these problems #P-complete? (be aware an ap-
propriate reduction term is necessary) #SAT ∈ #P-complete?
36
We extend the concept of oracle TMs to simple function languages (for
∗
oracle TMs: access to an oracle L ⊆ {0, 1} and we can answer questions
∗
like q ∈ L? in one oracle call). Now we provide a function f : {0, 1} →
∗
{0, 1} to the turingmachine M (including an oracle to decide f ). (f :
∗
{0, 1} → N can be applied to binary representation). Thus m has no
access to the language L = {(x, i) with fi (x) = 1} with i as bit index. For
∗ ∗
function f : {0, 1} → {0, 1} FPf denotes the set of functions which can
be decided with a polynomial turingmachine with oracle calls to f .
Formally: Function f is #P-complete iff f ∈ #P and ∀g ∈ #P we conclude
g ∈ FPf . Obviously f ∈ FP ⇒ FPf = FP.
This proof however provides more than that: It provides a method to convert a
certificate x ∈ L to a certificate f (x) ∈ SAT [ie. a satisfying truth assignment]
and vice versa. This is a bijective relation.
Reduction via #SAT (can be dervied from the proof that TSP is FPNP com-
plete).
Question. Are there any #P-complete counting problems whose base problem
(as decision problem) lie in P?
Proof. Goal: perm(A) evaluation for 01 matrices. We use a proof using general
matrices (integers as entries of the matrix).
matrix A
2. For with ai,j ∈ {0, ±1}.
It is easy to state that perm(A) =
n n
| π ∈ Sn : πj=1 aiπ(i) = 1 | − | π ∈ Sn : πi=1 aiπ(i) = −1 |. Two #SAT
call are sufficient.
37
3. A is a n × n matrix with integers as entries. We can consider A as
weighted adjacency matrix of the directed, complete4 graph (rows) with
V = {v1 , . . . , vn } (columns) and the following vertices set: The edge
(vi , vj ) has weight ai,j . Loops are allowed (and are contained).
graphrepresentation.pdf
So-called cycle cover. Each component is a directed cycle and each vertex occurs
in exactly one component.
Define the weight of one cycle cover as the product of the weights of contained
edges: perm(A) is the sume of weights of all cycle covers.
Remark. This way we can show that Permanent ∈ FP#SAT (for arbitrary
integer matrices).
In the following we will omit edges with weight 0 in our drawings (cycle cov-
ers containing such edges have weight 0; therefore we can ignore it). In the
construction we will also allow multiple edges.
cycle_cover.pdf
Each cycle cover of G consists of one cycle cover of G′ and one cycle cover of
G′′ . Therefore we have two possibilities: one with 1 and one with −1 (with
weight ̸= p). For cycle cover with weight ω for G′ we get the terms ω and −ω.
The overall weight sum of all cycle covers is 0.
Now a 3SAT equation ϕ with n variables and m clauses is given. We will con-
struct an integer matrix A or an equivalent directed, weighted graph G(A) (let’s
4 complete, because we assign weight 0 to missing edges
38
call him G̃) (negative entries will be used) such that perm(A) = perm(G̃) = 43m
(#ϕ; which is the number of satisfying assignments of ϕ). G̃ ⇒ P(A).
Later on G̃ → Ĝ with 0-1 weights such that perm(G̃) evaluates perm(Ĝ) (then
we have shown that 01-problems are #P-complete).
The central idea is that there are two types of cycle covers in G̃. The ones that
are assigned to a satisfying assignment of ϕ and the other ones. Similar to the
cycle cover observation we will use negative edge weights to achieve that the
values of cycle covers (which do not contribute to the satisfying assignment)
drop out each other.
Furthermore every cycle cover contributes 43m to each satisfying assignment for
perm(G).
• clause-gadgets
• variable-gadgets
• consistency-gadgets (XOR-gadgets)
example_graph.pdf
• perm(A) = 0
• For perm(B): We can dervice B from A by deleting the first row and
first column ⇒ perm(B) = 0. Or we could also delete the fourth row
39
and fourth column. Or we could also delete the first and fourth row and
column. Also for matrix it results if first and fourth row and first and
fourth column is deleted.
• perm(C) = 4 where B is created by deleting of the first row and fourth
column or the fourth row and first column of matrix A.
schematic.pdf
The upper graph in the illustration can be derived from the upper graph and
the lower graph represents the remaining graph.
example_graph_with_g.pdf
For the modified example graph with g we state: The overall weight of all cycle
covers is 8 (contribution value 4 results from cycle cover with (g, 4) and (1, g) -
this corresponds to deletion of the first row and fourth column and the second
value 4 results from (g, 1) and (4, g) correspondingly.)
We can use this to rewrite XOR: Assume that we have a graph H which contains
the two edges (1, 1′ ) and (2, 2′ ).
Consider the lower graph in the schematic drawing. In combination with the
definitions from above: The sum of all weights, the cycle cover of H which
traverses (1, 1′ ), but does not traverse (2, 2′ ). All other cycle covers result in
value 0.
Regarding clause gadgets: The traversal of an external edge in one cycle cover
corresponds to one not-satisfied corresponding variable. There are three external
edges, one per variable.
40
xor_gadget.pdf
Figure 8: XOR gadget (upper drawing) and its schema (lower drawing)
clause_gadget2.pdf
Figure 9: Clause gadget (upper drawing) and its schema (lower drawing). Red
edges are external ones.
In each clause we have 3 variables which are represented by the two external
edges of this clause. These external edges are connected to the edges of the
corresponding variable gadgets via XOR gadgets (which is equivalent to our
construction of for the hamiltonian path problem).
Observation. There does not exist a cycle cover which goes through all 3
external edges. Furthermore for all proper subsets of the set of 3 external edges
(including the empty set): There exists 1 cycle cover which contains exactly all
those edges and no other ones.
With this specific setup we achieve that the remaining graph G′ satisfies:
Remark. The corresponding external edges are omitted for clauses which con-
tain xi positively and added for clauses containing xi negatively.
Computed in 2 steps:
1. Construct a graph G′′ with edge weights ∈ {0, ±1} and perm(G′′ ) =
perm(G′ ). Edge weights which are powers of 2 (2k ) can be represented
by a path of k edges of weight 2 (all new inner edges of this path do only
′
occur in this path). For an edge of weight 2k + 2k we construct to two
′
parallel paths with weights 2k and 2k . Each edge whose weight is not a
41
variable_gadget.pdf
α-Approximation
0<α<1
∗ f (x)
A provides an α-approximation for f : {0, 1} → N if f (x) ≤ A(x) ≤ α ∀x.
There are counting problems for which even an approximative algorithm for
constant α > 0 is difficult. But there are also problems which are easy to
address approximatively.
For the (01) PERMANENT problem: There exists a FPRAS (fully polynomial
randomized approximation scheme) algorithm which (for a given ε and δ) eval-
∗
uates a (1 − ε) approximation for requested function f : {0, 1} → N (for 01
perm = number of perfect matchings) with probability 1 − δ (with probability
1 1
δ the algorithm is allowed to be faulty) in time p(n, log , log ).
| δ
{z ε}
polynomial
42
5.2.2 Classification of #P: How powerful is counting?
Remark. #P = FP ⇒ NP = P ∧ PH = P.
Idea. We are only interested in the LSB (parity). This defines the complexity
class ⊕P (“parity P”, “odd P”).
43
5.2.4 ⊕ Perm in ⊕ P-complete
Can be solved in polynomial time because the parity of the determinant corre-
sponds to the parity of the permanent (polynomial time!).
5.3 NP ⊆ RP⊕ P
Proof. We will define a polynomial Monte-Carlo algorithm for SAT which has
access to a ⊕ SAT oracle. Given a SAT equation ϕ with variabes x1 , . . . , xn .
Is S ⊆ {1, . . . , n}.
ϕi = ϕi−1 ∧ ηsi
Proof.
44
• No false positive answers.
|T | − 1 1
≤ <
2k+2 2
Opposite probability (they do not correspond) is
1
≥
2
45
6 Interactive protocols
• Prover
• Verifier
A prover creates proofs and the verifier checks those proofs. During this process
they can interact by exchanging messages. At the end the verifier has to decide
whether or not the proof gets accepted.
∗ ∗
Definition. (Message exchange) f, g : {0, 1} → {0, 1} , k ∈ N0 (can depend on
∗
input length). k rounds of interaction is a result of strings a1 , . . . , ak ∈ {0, 1} .
a1 = f (x)
a2 = g(x, a1 )
..
.
a2i+1 = f (x, a1 , . . . , a2i ) 2i < k
a2i+2 = g(x, a1 , . . . , a2i+1 ) 2i + 1 < k
In the end the verifier decides whether or not to accept the proof. This decision
only depends on x and ai ⇒ {0, 1} for acceptance or rejection.
46
Complexity class d|P (“d” for deterministic) contains all languages for which a
deterministic proof system with poly(n) rounds can be found.
6.1.2 Variant 2
The input x is known to both actors. Bob (prover) and Veronica (verifier)
act alternatingly. Bob runs algorithm B̃ and Alice runs algorithm Ṽ . They
exchange messages m1 , m2 , . . . of polynomial size in |x|.
The protocol ends with Veronica’s message “YES” (accept) or “No” (reject).
The tuple (B, V ) decides a language L for all inputs iff
Remark. We can again use repeated runs to reduce the error probability.
Definition. (complexity class IP) The class of languages which can be de-
cided with an interactive protocol (of the previously described manner) with
polynomial rounds.
47
Definition. (complexity class IP(l)) The number of rounds is restricted to l.
Obviously
NP ⊆ IP (no randomization necessary)
BPP ⊆ IP (verifier does not require prover)
Result of Shamir.
IP = PSPACE
3
• We could also replace ≥ 4 with = 1 without modifying complexity class
IP (non-trivial result).
1
• But ≤ 4 cannot be replaced by = 0 without falling back to NP.
GI ∈ NP
⇒ GI ∈ IP(1) ⊆ IP
48
graph_isomorphism.pdf
1. G0 ∼
= G1 : Prover always gets a graph H, which is isomorphic to G0 and
G1 independent of b. Prover cannot derive anything. Can only estimate b
with probability 12 and b̃ is the guessed value. Probability with error = 12 .
2. G0 ≇ G1 : Prover is capable of determining bit b of the Verifier and sets
b̃ = b. Therefore Veronica accepts. Probability for an error = 0.
Definition. AM(k) results from IP(k) if the verifier has no access to private
random bits. Obvisouly AM(k) ⊆ IP(k)
IP(k) ⊆ AM(k + 2)
49
6.5 Regarding complexity of GI
We distinguish between perfect ZKP and its attenuations. In perfect ZKP the
prover doesn’t want to share “any” information with the verifier (to avoid abuse).
For example if the question is: Does any hamiltonian cycle exist? But prover
does not want to share the hamiltonian path itself. So generally, we want to
show that some X satisfies some property, but we don’t want to share X itself.
X might be a certificate of a NP problem.
Given. Given is a room A and room B. They are separated by a magic door
which can only be opened by a secret. An anteroom is externally accessible
and allows to enter room A and room B through separate (simple) doors.
Find. How can Bob verify that he knows the secret without telling Alice
the secret?
Alice stays in the anteroom. Bob goes into room A and comes back from room
B. He must have changed the room through the magic door.
1. Prover and Verifier is in the external area. Prover enters the anteroom
and closes door behind himself. Prover choses bit i randomly and enters
room i. He closes the door behind himself.
2. Verifier enters the anteroom and choses bit j randomly and tells Prover
her choice.
3. Bob appears from one of the doors.
4. Verifier accepts, if Bob comes from room j.
50
Definition. (perfect zero knowledge property) An interactive protocol has the
perfect ZKP (=PZKP) iff the following algorithm does not reveal any informa-
tion:
An interactive protocol for a decision problem L has PZKP iff there is a random-
ized simulation algorithm S for every randomized algorithm V ′ with polynomial
runtime, whose expected maximum runtime is polynomial and which for x ∈ L
can evaluate all information shared via messages between Prover and Verifier
with the same probability.
Defintion. (PZK) Class of all problems with an interactive protocol for which
the verification is possible in polynomial time and the protocol is a PZKP.
Case 1 Prover does not posses secret and detects it with probability 21 .
Case 2 Prover knows secret. He can also come from the correct room and the
Verifier will accept it.
Bob enters anteroom. Alice accepts if Bob’s Double comes from door j. If Alice
rejects, we start a new trial. We have a finite number of trials.
Remark. We could also let the prover choose one random bit and let him
permute the graph. However, this does not change the theoretical points of it.
51
If G0 is isomorphic to G1 the prover can make verifier to accept every input.
Otherwise the probability to detect the false claim is 21 (as always: repetition is
possible).
Is there any PZK protocol for Hamiltonian Path? We guess not (as for any
other NP-complete problem).
GI ∈ IP(1) ∩ co − IP(2)
| {z } | {z }
because in NP we have shown GI ∈ IP(2)
GI NP-complete ⇒ Σ2 P = Π2 (P )
52
The complexity SZK has some theoretically interesting properties. For example
we assume that this class lies exactly between P and NP. But it is (like for PZK)
unlikely that there exists protocols in SZK for NP-complete problems.
It turns out that (under the assumption mentioned below) CZK protocols exist
for NP-complete problems.
∗ ∗
• A function f : {0, 1} → {0, 1} (computable in polynomial time) is a
one-way function, if for all randomized polynomial algorithms A we can
state that
• Integer factorization
• Robin functions
• Discrete logarithm
P ⊆ UP ⊆ NP
7 f (x) is computationally “easy” to determine, but f −1 (x) is computationally infeasible.
Easy means for example a deterministic polynomial algorithm. Infeasible means for example
a randomized algorithm with polynomial runtime cannot compute x.
53
In the following consider the following variants for the concept of a one-way
function f .
∗ 1
1. f is injective and for x ∈ {0, 1} : |x| k ≤ |f (x)| ≤ |x|k for some k > 0.
2. f ∈ FP.
3. f −1 ∈
/ FP.
Theorem 4.6. UP = P ⇔ there does not exist a one-way function (as defined
above).
Claim. Lf ∈ UP \ P.
54
• If we can invert fu in polynomial time, we could decide L in deterministic
polynomial time, because inverting of fu to 1y tells us whether U accepts
y or not.
Remark. The existence of a one-way function is also relevant for other areas.
For example the existence of so-called pseudo random numbers generators and
the Goldreich-Levin theorem.
2 operations:
Desired properties.
Under the assumption that an one-way function exists, there exists such a bit
fixitation method (eg. using RSA).
Theorem 4.7. (Relevant for RSA-like approach) For the Hamiltonian cycle
problem there exists a CZK protocol under the cryptographical standard as-
sumption (of one-way functions).
55
3. If i = 0, Bob publishes the bits for π and π(G). If i = 1, Bob publishes
the bits of n edges of π(G) (this corresponds to the number of n edges
of G). If G has an hamiltonian cycle he also publishes the edges of the
hamiltonian cycle.
4. If i = 0, verifier accepts, if permutation π ′ ∈ Sn and the corresponding
edge list for π ′ (G) was published. If i = 1, verifier accepts if the prover
provided the edges of a hamiltonian cycle. In other cases the verifier
rejects.
1. If G has a hamiltonian cycle, the prover and verifier can always follow the
protocol.
2. If there is no hamiltonian cycle, prover cannot prepare himself for i = 0
and i = 1. If prover permutes the correct graph correctly, he can pass the
test for i = 0, but will fail for i = 1. A malicious prover will be detected
in case i = 0 and will pass i = 1. We get an one-sided error probability 21
(can be reduced by repetition). Therefore our protocol is correct.
Assumption: G has hamiltonian cycle. The prover uses a random secret of fixed
length. Consider the protocol (B, V ′ ). Consider the prover’s revelation as the
secret publication of bit fixitation for π and π(G). Simulation algorithm:
1. Simulation of prover: Select random bit i ∈ {0, 1} and work with hy-
pothesis, such that V ′ algorithm will select i = i′ . If i′ = 0 for random
π ∈ Sn , send bit fixitation for (π, π(G)). If i′ = 1 for random π ∈ Sn ,
send bit fixitation for (π, π(H ′ )) with H ′ as the graph only consists of the
hamiltonian cycle 1, 2, . . . , n.
2. Simulate V ′ for the simulated transmitted data by prover.
3. If i ̸= i′ , we make a new start with step 1.
4. Simulate algorithm of prover. Uncover the information (as given by i).
56
Consider the following interactive protocol
Possible approaches:
57
7 PCPs and the PCP theorem
k
• For the input x of length n and a proof B = {0, 1} , the algorithm V has
r(n)
access to x and a random vector r ∈ {0, 1} (ie. V has r(n) random
bits available).
• Based on this information V computes up to O(q(n)) positions and gets
the corresponding bits of the proof as additional information (in general
V does not know the whole proof).
Because V must have polynomial runtime only polynomial functions are con-
sidered for r(n) and q(n) (this is some kind of resource constraint).
NP = PCP(0, poly(n))
58
Guess those bits non-deterministically (random bitstring). Simulate for ever
random bitstring the control flow of V and accept if all simulations return
acceptance. Computational runtime boundary: 2O(r(n)+log n) .
Consequence.
[
NP = PCP(log n, poly(n)) = PCP(log n, nk )
k≥0
Theorem 5.2. (PCP theorem by Arora, Lund, Motwani, 1992) NP = PCP(log n, 1).
C1 , C2 , . . . , Cm clauses
x1 , x2 , . . . , xn variables
We still have the problem that we depend on a and a requires n bits and is
therefore inappropriate for our purposes.
59
We need method to compute p(a) (=p(ρ) (a)) without knowledge of a.
1
xi i ∈ IΨ
2
xi · xj (i, j) ∈ IΨ
3
xi · xj · xk (i, j, k) ∈ IΨ
n X
n
2 X
La2 : Zn2 → Z2 La2 (y11 , . . . , ynn ) = ai · aj · yij
i=1 j=1
n X
n X
n
3 X
La3 : Zn2 → Z2 La3 (y111 , . . . , ynnn ) = ai · aj · ak · yijk
i=1 j=1 k=1
We can store those function as function tables. For La1 length 2n , for La2 length
2 3 2 3
2n and for La3 length 2n . So the total length is 2n + 2n + 2n . γΨ 1 2
, γΨ and
3 1 2 3 2
γΨ are the characteristical vectors of IΨ , IΨ and IΨ (for example γΨ has a One
at position (i, j) ⇔ (i, j) ∈ IΨ 2
). Now we can state Ψ(a) = γΨ + La1 (γΨ 1
)+
a 2 a 3
L2 (γp si ) + L3 (γΨ ). Ψ(a) can be evaluated without access to a. V can evaluate
La1 (γΨ
1
), La2 (γΨ
2
) and La3 (γΨ
3
) (which is p(a) or pγ (a)) without using a.
We have a function table for La1 , La2 and La3 . We check: p(ρ) (a) for constant,
randomized ρ and accept only if all values are zero.
We need an approach for proofs of random kind. We can assume that proofs
have the “correct” length.
A proof verifier for the general case consists of the following components:
60
• linearity testing
• robust function evaluator
• consistency test
• proof verifier for well-formed proofs
Definition. f : Zm m
2 → Z2 is linear if f (x) + f (y) = f (x + y)∀x, y ∈ Z2 . f is
m
δ-close to a function g (f, g : Z2 → Z2 ) if (for a uniform distribution of x to
Zm2 ) we can state:
probabilityx (f (x ̸= g(x))) ≤ δ
Properties:
To show the first property is immediate. For the second property we have to
show probability(f (x + y) ̸= f (x) + f (y)) ≤ 2δ (f is δ-close to linear function g).
This is a constructive proof. We define a linear function g, which is δ-close to f .
a ∈ Zm2 . We define g(a) as follows: Evaluate all function values f (a + b) − f (b)
with b ∈ Zm 2 (fyi, f (a + b) ∈ [0, 1] and f (b) ∈ Z2 ). We set g(a) = 0 if 0 occurs
more often (or equal) as result for f (a + b) − f (b) then 1. Otherwise g(a) = 1.
• g is linear to u.
• g is δ-close to f .
61
Therefore
probabilityx,y (f (x + y) − f (y) ̸= f (x))
≥ probabilityx,y (f (x + y) − f (y) = g(x), g(x) ̸= f (x))
X
= probabilityy (f (a + y) − f (y) = g(a), g(a) ̸= f (a))
a∈Zm
2
For all a ∈ Zm
2 we can state:
In the first case, the probability (from above) is 0 and in the second case we can
omit the precondition f (a) ̸= g(a).
1 X 1 δ
≥ · >
2m 2 2
a∈Zm
2 ,g(a)̸=f (a)
random x ∈ Zm m
2 → x + a ∈ Z2 is random
| {z } | {z }
uniformly distri. uniformly distri.
δ
probabilityx,y (f (x + a) + f (y) + f (x + a + y)) ≤
2
We call it event 1. This is a requirement in the inequation of bullet point 2.
Analogously, event 2,
δ
probabilityx,y (f (x) + f (y + a) ̸= f (x + a + y)) ≤
2
The probability for the union of both events is bounded by above δ and the
probability of the complement is bounded below by 1 − δ.
62
According to the DeMorgan rules, the intersection of f (x)+f (y+a) is f (x+a+y)
and f (x + a) + f (y) is f (x + a + y). This corresponds to the subset of the event
f (x + a) + f (y) = f (y + a) + f (x).
iid
X
= probabilityx (f (x + a) − f (x) = z). probabilityy (f (y + a) − f (y) = z)
z∈{0,1}
X 2
= [probabilityb (f (x + a) − f (x) = z)]
z∈{0,1}
1 − δ ≤ p(a)2 + (1 − p(a))2
1
1 − p(a) ≤ ≤ p(a)
2
⇒ p(a)2 + (1 − p(a))2 ≤ p(a)2 + p(a)(1 − p(a))
p(a)2 + (1 − p(a))2 = p(a)
So we have proven p(a) ≥ 1 − δ. We will use this result now at three different
occations:
The intersection of all these three events has probability ≥ 1 − 3δ. Add the first
two events and substract the third event:
1
Resulting from the requirement δ < 3 we get:
63
Because the inner condition is independent of x, we get
1
Goal. For δ < 3 the following properties have to be satisfied:
The probability that both events will occur is ≥ 1 − 2δ. From those two events
it follows
f (x + a) − f (x) = g(x + a) − g(x)
| {z }
=g(a)
Because g is linear: f (x+a)−f (x) = g(a). Function evaluator has been proven.
We have 3 function stabilizors f1 , f2 and f3 (in our proof this is La1 , La2 , La3 ).
f1 , f2 and f3 are each linear or δ-close for a linear function (otherwise they will
fail the linearity test).
1
For the consistency test we assume δ < 24 .
64
1. If function stabilizors of f1 , f2 and f3 are linear functions of type La1 , La2
n
and La3 (for any a ∈ {0, 1} ) the consistency test has to succeed.
n
2. If there is no a ∈ {0, 1} such that the functions (represented by the
function tables of f1 , f2 , f3 ) are δ-close to La1 , La2 and La3 , the consistency
test has to succeed with error probability bounded by a constant c.
Define x = x′ by
(x = x′ )ij = xi · x′j → dim n2
x′′ ◦ y by (x′′ ◦ y)ijk = x′′ijk
c′ ⇒ f2 (y) d ⇒ f3 (x′′ ◦ y)
Remark. The linear functions La1 , La2 and La3 will succeed the test of course.
For them the function evaluation value is error free and we can state:
n
! n
n
n X
X X X
La1 (x) · La2 (x′ ) = ai xi · aj x′j = ai aj vi xj
i=1 j=1 i=1 j=1
Analogously
La1 (x′′ ) · La2 (y) = La3 (x′′ ◦ y)
1 1
For our two desired properties for the consistency test: Because δ < 24 , 2δ < 12 .
Because we have 6 calls of the function evaluator and each of them has error
1
probability < 2δ < 12 , the total error probability for function evaluations is 12 .
Consider now the case that all function evaluations are passed successfully. A
linear δ-close function f1 has coefficient ai . A δ-close function f2 has coefficient
bij (Matrix B = (bij )).
If A and B differe in the j-th columns, the probability that xt A and xt B differ
at the j-th position is 21 .
65
Combining all these thoughts, we get a PCP(n3 , 1) verifier for 3 SAT.
In the approximation chapter we will have a fresh look at the PCP theorem from
a different perspective (reformulation with focus on non-approximative results).
Denote the target function value of the solution with s ∈ S(x). Vopt (x) denotes
the optimal target function value for the input x. Furthermore we assume
V (x, s) > 0∀x, s (not required, but makes quality function less complex).
∀x, s ∈ S(x) the encoding length of s and v(x, s) is polynomial in |x| (Back-
ground: our approximation algorithm shall have polynomial runtime).
v(x, s)
r(x, s) = with s ∈ S(x) for min opt problems
vopt (x)
66
vopt (x)
r(x, s) = with s ∈ S(x) for max opt problems
v(x, s)
Remark.
• This definition is possible due to v(x, s) > 0 (no absolute value or division
required).
• We always have r(x, s) ≥ 1. The closer r(x, s) is to 1, the better is s.
• r(x, s) ≤ c with c ≥ 1 is “c-Approximation”.
67
Without loss of generality, we assume that vopt (x) ≥ 2 because vopt (x) = 1
instances are trivially recognizable. Then
29
rBFD (x) ≤
9
29 11
For large values of vopt (x) 9 is far away from 9 and serious quality.
∞ 11 y
For example: rBFD = 9 . When n goes to infinity, vopt (x) = ∞ and vopt (x) to
0.
We will almost only consider classical quality. But there are some problems (bin
packing is one of them) for which asymptotical quality is more powerful.
The complexity class APX(r(n)) contains all optimization problems for which
an algorithm A with maximum approximation quality rA (n) ≤ r(n) can be
found with polynomial runtime.
[
APX := APX(c)
c>1,c const
\
APX∗ := APX(c)
c>1,c const
Problem for every c > 1 with quality c is approximable. Algorithm can depend
on c.
A PTAs as complexity class: contains all optimization problems for which there
exists a PTAs.
68
Definition (FPTAS). fully polynomial time approximation scheme (runtime is
polynomial in |x| and in 1ε ).
1
For PTAS runtime O(n ε ) with n = O(|x|) is allowed. For FPTAS it is not.
Claim. The algorithm above returns vertex cover V ′ and has approximation
quality 2.
• E ′ contains all edges which that the degree of each vertex is ≤ 1. Therefore
E ′ is maximal matching. Therefore V ′ is vertex cover.
69
• Furthermore |E ′ | = k ⇒ |V ′ | ≤ 2k. Quality 2 follows, because for a cover
of E ′ at least k vertices are necessary.
Denote
7
E(xj ) = 7 of 8 clauses satisfied
8
m
X 7
E(X) = E(Xj ) = m
j=1
8
Idea. Fixate the values xi one after another. We have to ensure that for random
selection of an assignment for the remaining variables the number of satisfied
clauses has to be keep ≥ 78 m.
Situation during the running algorithm: 0–3 literals per clause are fixed.
aj = E(xj |xn = b) j = 1, . . . , m
m
X
E(X|xn = b) = E(Xj |xn = b) = a1 + . . . + am
j=1
Decidable in O(m)
1 1
E(X) = · E(X|Xn = 1) + · E(X|xn = 0)
2 2
70
7
We know: E(X) ≥ m
8
7 7
⇒ E(X|xn = 1) ≥ m E(X|xn = 0) ≥ m
8 8
1
Runtime is O(n2 ε ) polynomial in n. So it satisfies the condition to be in PTAS.
71
We have to show that this is a (1 + ε) approximation. Show that:
V (x, s
|{z} ) ≤ (1 + ε)vopt (x)
schedule, solution
Case distinction:
1
Disadvantage: Runtime (PTAS which is no FPTAS, because of 2 ε ).
(
F (k, y − gk+1 ) + vk + 1
F (k + 1, y) = max
F (k, y)
72
F (n, b) is decidable in O(nb) (pseudopolynomial) time.
Dual point of view. (to two variables k and v) M [k, v] is minimal knapsack
weight to reach total value.
Xk k
X
M [k, v] = min gj xj | vj x j = v
j=1 j=1
Initialization:
M [0, v] = ∞ ∀v > 0
M [i, v] = ∞ ∀v < 0, iin {1, . . . , n}
Recursion:
Runtime:
O(n · Vmax ) = O(n2 · vmax )
| {z }
O(n · Vmax )
| {z }
max vj with j∈{1,...,n}
t will be selected as
ε · maxi=1,...,n Vi
t=
(1 + ε)n
New resulting knapsack instance: Values ṽ1 , ṽ2 , . . . , ṽn , weights g1 , . . . , gn and
capacity b.
73
Because ṽi = ⌊ vti ⌋, we conclude vi vi P
t − 1 < ṽi ≤ t . Is OPT := i∈I ∗ vi value of
an optimal solution.
X X vi X
ṽi ≥ t · ( − 1) = vi − t · |I ∗ | = OPT − t · |I ∗ |
∗
t ∗
|{z}
i∈I i∈I
≤n
ε 1
≥ OPT − · OPT = OPT ·
1+ε 1+ε
So we get
OPT
P ≤1+ε
i∈It vi
X OPT
vi ≥
1+ε
i∈It
74
9.1.1 Example: TSP
Thus if P ̸= NP, T SP ∈
/ AP X.
Remark. For particular special cases of TSP better approximation results are
possible. If D is symmetrical and triangle inequation is satisfied (metrical case),
a 32 -approximation algorithm can be provided (Christofides heuristic).
Theorem. (by Arora) If dij are euclidean distances of n points, a PTAS can
be provided.
b = a + 1, a = k, k ∈ N
Theorem. If
• P ̸= NP and
• for a minimization problem only values with integers as target function
values are possible and
• decision whether vopt (x) ≤ k is NP-complete
75
No approximation algorithm with performance guarantee < 32 = 1.5 for Bin-
packing exists if P ̸= NP. But there exists an asymptotical PTAS for BIN-
Packing.
• Clique
• MaxSAT
• Vertex-Cover
76
And unlike Knapsack, Partition.
PCP theorem in our previous definition: NP = PCP(log n, 1). From this point
of view we cannot find any relation to approximation algorithms.
The relation is that the PCP theorem has the following equivalent definition
(PCP theorem in regards of hardness of approximation):
x ∈ L ⇒ val(f (x)) = 1
x∈
/ L ⇒ val(f (x)) < ρ̂
with val(x) as the quotient of maximum number of satisfied clauses
and number of clauses. Distinguishing those cases is a gap-problem.
Now we want to discuss why both definitions of the PCP theorem are equivalent.
Consider this generalization of 3SAT (CSP, constraint satisfaction problem):
77
Therefore for all i ∈ {1, . . . , m} there exists j1 , . . . , jq ∈ {1, . . . , n} such that
n
ϕi (u) = f (uj1 , . . . , ujq )∀u ∈ {0, 1} .
n
If ϕi (u) = 1 we state that u ∈ {0, 1} satisfies the constraint ϕi (otherwise
unsatisfiable).
TheP quotient of the number of satisfied constraints and all constraints is given
m
ϕi (u)
by i=1
m . Denote val(ϕ) as the maximum of all quotients. ϕ is called
satisfiable if val(ϕ) = 1.
We state that ρ-GAP q-CSP is NP-hard for every language L ∈ NP, if there is a
polynomial time computable function f which maps strings to q-CSP instances
such that
x ∈ L ⇒ val(f (x)) = 1
x∈
/ L ⇒ val(f (x)) < ρ
1. NP = PCP(log n, 1)
2. The previous theorem in the statement above. A constant g < I such
that ∀L ∈ NP there exists a polynomial computable function f : Strings
→ (Representation) ∨ 3SAT equations with
x ∈ L ⇒ val(f (x)) = 1
x∈
/ L ⇒ val(f (x)) < g
78
It’s enough that show only a single NP-complete language L (eg. reduce 3SAT
to 12 -GAP q-CSP for appropriate constant q). From NP ⊆ PCP(log n, 1) it
follows that there is a PCP verifier such that the verifier V has a constant
number of proof bits q requested/verified and used c · log n random bits (with c
c·log n
as constant). For given input x and random vector r ∈ {0, 1} define Vx,r
as the function returning 1 as output iff the proof B gets accepted by V .
Because q proof bits are relevant, Vx,r only depends on q positions. Therefore
n
∀x ∈ {0, 1} returns the collection
ϕ = {Vx,r }r∈{0,1}c·log n
Assume ρ-GAP q-CSP is NP-complete for constant q ∈ N, ρ ∈ (0, 1). This can
be translated to PCP-system with q proof bits, logarithmical number of random
bits and error probability ≤ ρ for every language L:
Given input x. The verifier calls the reduction f (x) to gain the q-CSP instance
ϕ = {ϕi }i=1,...,m .
Because 3SAT is special case of ρ-CSP, it immediately follows that the second
definition implies the third. We have to show that the third definition implies
the second.
79
Is ϕ′ the collection of ≤ m · 2ϕ clauses resulting from all ϕi , i ∈ {1, . . . , m}. If ϕ
is a Yes instance of (1 − ε)-GAP q-CSP (ie. ϕ is satisfiable), then there exists a
truth assignment such that all clauses of ϕ′ are satisfied. If ϕ is a No instance
of (1 − ε)-GAP q-CSP then at least the portion ε of constraints of ϕ is violated
in each truth assignment.
From ϕ′ generate ϕ′′ as follows: Apply the technique from above to all clauses
of ϕ′ ; we get a collection of ≤ q · m · 2q clauses.
of constraints of ϕ′′ .
80
We now know that (if P ̸= NP) Max-3-SAT cannot be approximated as close
to q as we wish (NP-hard problem).
∼ ∼
But no particular value g follows from the ideas above such that q -approximation
of Max-3-SAT is NP-hard.
Hastad was able (with an improved version of the PCP theorem) to show for
3SAT that for all ε > 0 if there exists a ( 78 − ε)-approximation of Max-3-SAT,
P ̸= NP follows.
Other approximation results that follow from the second PCP-theorem defini-
tion. So far we have considered Max-3-SAT and CSP.
The second theorem is stronger than the first theorem (“for all”). Vertex-Cover ∈
APX (compare with 2-approximation algorithm from start of this chapter).
9.6.1 Independent-Set
Clique ∈
/ APX if P ̸= NP
NV C = n − NIS
n − β1 NIS
n − NIS
81
This can be arbitrarily bad, especially if IS is close to n. This is no surprise if
we consider the last theorem. We want to provide a proof for this theorem.
First we show (using the PCP theorem) for Independent-Set and Vertex-Cover
that there is some constant ρ > 1 such that ρ-approximation is NP-hard.
82
9.7 Reduction of approximation problems
approximation_reduction.pdf
Especially for PTAS reduction we want to insert a PTAS for B and we require
Proof. We need a PTAS for A (input x, ε). Apply PTAS to B with input f (x)
and guarantee 1 + α(ε). We get solution s′ for B with rB (f (x), s′ ) ≤ 1 + α(ε).
Return s = g(x, s′ , ε). From the third property of the definition we know that
rA (x, s) ≤ 1 + ε
• ≤PTAS is reflective.
(f, g, α = id).
• ≤PTAS is transitive.
83
Example. P1 : Determine clique with maximum number of vertices. P2 : De-
termine an independent set of maximum number of vertices. P1 =PTAS P2 .
f (ϕ) = G with G = (V, E). In the classical reduction we use, that ϕ is satisfiable
⇔ f (ϕ) has clique of cardinality m.
literal_construction.pdf
Edge are introduced between vertices in different rows, which do not correspond
to contradictory clauses → Clique with k vertices.
4-SAT equation ϕ with m clauses. Clause Ci = (li1 ∨ li2 ∨ li3 ∨ li4 ). This is
represented as 2 3SAT clauses
84
Next goal. (completeness term) Introduce class NPO as abstract class for
optimization problem analogously to NP for decision problems.
• for all x and s(x) the target function value v(x, s) is an integer (could be
relaxed to Q).
• for all x and s, the test whether s ∈ S(x) (s is valid) must be computable
in polynomial time.
• v(x, s)∀x, s is computable in polynomial time.
• A ∈ NPO
• ∀B ∈ NPO : B ≤PTAS A
There are MAX-NPO and MIN-NPO complete problems. It can be proven that
MAX-W-SAT is MAX-NPO complete and MIN-W-SAT is MIN-NPO complete.
85
where Φ is a quantifier-free expression of first order, which contains the variables
x1 , . . . , xn and contains graph structure G and S.
9.7.1 Example 1
(meaning there exists an edge between x and y and and an intersecting edge
exists).
G0 (x, y) : x ∨ y is clause
G1 (x, y) : ¬x ∨ y is clause
G2 (x, y) : ¬x ∨ ¬y is clause
86
(y1 , . . . , yk ) where yi neighbors of x are repeated vertices, if they are of degree
x < k.
S is an independent set.
9.8.1 MaxSAT
For clause Ci denominate Vi+ the set of non-negative variables in Ci . Vi− is the
set of negative variables in Ci .
We require (IPMS ):
X X
xi + (1 − xi ) ≥ zj j = 1, . . . , m
xj ∈Vj+ xi ∈Vj−
87
with
xi ∈ {0, 1} , i = 1, . . . , n zj ∈ {0, 1} , j = 1, . . . , m
0 ≤ xi ≤ 1
0 ≤ zj ≤ 1
This can be solved in polynomial time. Denote (x∗ , z ∗ ) as the optimal solution
of LPMS .
We can show the following: The randomized algorithm above has expected
e
guarantee of 1−1 1 = e−1 .
e
m
X
X= Xi
i=1
m
X
E(X) = E(Xi )
i=1
Pk
Helping result. ∀t1 , . . . , tk ∈ R+ +
0 and t ∈ R0 with i=1 ti ≥ t it follows
Qk t k
i=1 (1 − ti ) ≤ (1 − k ) .
88
With helping result
zj∗ kj
probability(Xj = 0) ≤ (1 − )
kj
z∗
where kj is the number of literals in Cj . Thus probability Xj = 1 ≥ 1−(1− kjj )kj .
t k 1?
1 − (1 − ) ≥ (1 − (1 − )k ) · t ∀t ∈ [0, 1], k ∈ N
k k
1 kj
⇒ P (Xj = 1) ≥ (1 − (1 − ) ) · zj∗
kj
m
X 1 kj
⇒ E(X) ≥ (1 − (1 − ) ) · zj∗
j=1
kj
1 kj 1
1 − (1 − ) ≥1−
kj e
QED.
89
xi + xj ≥ 1∀ {i, j} ∈ E
xj ∈ {0, 1} i = 1, . . . , n
x̃ is valid solution for IPVC . This gives us guarantee 2 (compare with Vertex
Cover problem at beginning of lecture notes).
Appendices
A List of algorithms or interactive protocols
• Design and analyze an algorithm to determine whether a perfect matching
exists in a bipartite graph (page ??).
• Design and analyze an algorithm to decide 2-SAT and 3-SAT instances
probabilistically (page ??).
• Design and analyze an algorithm for the Happy Net Problem (page ??).
• Design and analyze an interactive protocol to show that GI ∈ IP (page ??).
• Design and analyze an approximation algorithm for Bin Packing (page ??).
90
B List of mentioned complexity classes
More than 496 complexity classes are currently maintained in the Complexity
Zoo. We mentioned 23 complexity classes.
• mIP • PSPACE
• APX
• NEXP • PTAS
• BPP
• NP • PZK
• coIP
• NPO • RP
• DP
• P • UP
• FP
• PCP • ZPP
• FPTAS
• PH • #P
• IP
• PP • ⊕P
The following definitions for these 23 complexity classes got extracted from
Complexity Zoo.
91
FPTAS The subclass of NPO problems that admit an approximation scheme in
the following sense. For any ε > 0, there is an algorithm that is guaranteed
to find a solution whose cost is within a 1 + ε factor of the optimum cost.
Furthermore, the running time of the algorithm is polynomial in n (the
size of the problem) and in 1ε .
Contained in PTAS and FPT.
IP The class of decision problems for which a “yes” answer can be verified by
an interactive proof. Here a probabilistic polynomial-time verifier sends
messages back and forth with an all-powerful prover. They can have poly-
nomially many rounds of interaction. Given the verifier’s algorithm, at
the end:
1. If the answer is “yes”, the prover must be able to behave in such a
way that the verifier accepts with probability at least 23 (over the
choice of the verifier’s random bits).
2. If the answer is “no”, then however the prover behaves the verifier
must reject with probability at least 23 .
With the motivation of providing a framework for the introduction of zero-
knowledge proofs. Interestingly, the power of general interactive proof
systems is not decreased if the verifier is only allowed random queries (i.e.,
it merely tosses coins and sends any outcome to the prover). The latter
model, known as the Arthur-Merlin (or public-coin) model was introduced
independently (but later), and a strong equivalent (which preserves the
number of rounds) is proved.
Often, it is required that the prover can convince the verifier to accept
correct assertions with probability 1; this is called perfect completeness.
However, the definitions with one-sided and two-sided error can be shown
to be equivalent.
First demonstration to the power of interactive proofs was given by show-
ing that for graph nonisomorphism (a problem not known in NP) has
such proofs. Five years later is was shown that IP contains PH, and in-
deed (this was discovered only a few weeks later) equals PSPACE. On the
other hand, coNP is not contained in IP relative to a random oracle.
mIP Same as IP, except that now the verifier can exchange messages with many
provers, not just one. The provers cannot communicate with each other
during the execution of the protocol, so the verifier can “cross-check” their
assertions (as with suspects in separate interrogation rooms).
Let MIP[k] be the class of decision problems for which a “yes” answer can
be verified with k provers. Then for all k > 2, MIP[k] = MIP[2] = MIP.
MIP equals NEXP; this is a famous non-relativizing result.
92
NP An “NP machine” is a nondeterministic polynomial-time Turing machine.
Then NP is the class of decision problems solvable by an NP machine such
that
1. If the answer is “yes”, at least one computation path accepts.
2. If the answer is “no”, all computation paths reject.
Equivalently, NP is the class of decision problems such that, if the answer
is “yes”, then there is a proof of this fact, of length polynomial in the size of
the input, that can be verified in P (i.e. by a deterministic polynomial-time
algorithm). On the other hand, if the answer is “no”, then the algorithm
must declare invalid any purported proof that the answer is “yes”.
For example, the SAT problem is to decide whether a given Boolean
formula has any satisfying truth assignments. SAT is in NP, since a “yes”
answer can be proved by just exhibiting a satisfying assignment.
A decision problem is NP-complete if (1) it is in NP, and (2) any problem
in NP can be reduced to it (under some notion of reduction). The class
of NP-complete problems is sometimes called NPC.
That NP-complete problems exist is immediate from the definition. The
seminal result of Cook, Karp, and Levin is that many natural problems
(that have nothing to do with Turing machines) are NP-complete.
The first such problem to be shown NP-complete was SAT. Other classic
NP-complete problems include:
NP contains P.
If P equals NP, then NP equals its complement coNP. Whether NP equals
coNP is also open. NP and coNP can be extended to the polynomial
hierarchy PH.
If NP is in BPP then PH collapses to σ2P .
An alternate characterization is NP = PCP(log n, O(1)).
Also, showed that NP is precisely the class of decision problems reducible
to a graph-theoretic property expressible in second-order existential logic.
This leads to the subclass SNP.
NPO The class of function problems of the form, “Find any n-bit string x
that maximizes a cost function C(x), where C is computable in FP (i.e.
polynomial-time).” Contains APX.
P The class of decision problems solvable in polynomial time by a Turing ma-
chine. Contains some highly nontrivial problems, including linear pro-
gramming and finding a maximum matching in a general graph.
Contains the problem of testing whether an integer is prime, an important
result that improved on a proof requiring an assumption of the generalized
Riemann hypothesis.
A decision problem is P-complete if it is in P, and if every problem in P
can be reduced to it in L (logarithmic space). The canonical P-complete
problem is Circuit Evaluation: given a Boolean circuit and an input,
decide what the circuit outputs when given the input.
Important subclasses of P include L, NL, NC, and SC.
93
PCP The class of decision problems such that a “yes” answer can be verified
by a probabilistically checkable proof, as follows.
The verifier is a polynomial-time Turing machine with access to O(r(n))
uniformly random bits. It has random access to a proof (which might be
exponentially long), but can query only O(q(n)) bits of the proof.
Then we require the following:
• If the answer is “yes”, there exists a proof such that the verifier
accepts with certainty.
• If the answer is “no”, then for all proofs the verifier rejects with
probability at least 21 (over the choice of the O(r(n)) random bits).
By definition NP = PCP(0, poly(n)). MIP = PCP(poly(n), poly(n)).
NP = PCP(log n, log n). In fact, NP = PCP(log n, 1)!
On the other hand, if NP is contained in PCP(o(log n), o(log n)), then P
= NP.
Q
PH Let △ 0P = σ0P = 0P = P. Then for i > 0, let
• △i P = P with σi−1 P oracle.
• σi P = NP with σi−1 P oracle.
Q
• i P = coNP with σi−1 P oracle.
Then PH is the union of these classes for all nonnegative constants i.
PH can also be defined using alternating quantifiers: it’s the class of prob-
lems of the form, “given an input x, does there exist a y such that for
all z, there exists a w . . . such that ϕ(x, y, z, w, . . .)”, where y, z, w, . . .
are polynomial-size strings and ϕ is a polynomial-time computable predi-
cate. It’s not totally obvious that this is equivalent to the first definition,
since the first one involves adaptive NP oracle queries and the second one
doesn’t, but it is.
Contained in P with a PP oracle. Contains BPP.
Relative to a random oracle, PH is strictly contained in PSPACE with
probability 1.
PP The class of decision problems solvable by an NP machine such that
1
1. If the answer is “yes” then at least 2 of computation paths accept.
2. If the answer is “no” then less than 12 of computation paths accept.
PP is closed under union and intersection (this was an open problem for
14 years). Contains PNP[log].
PSPACE The class of decision problems solvable by a Turing machine in poly-
nomial space.
Equals NPSPACE, AP, IP, and, assuming the existence of one-way func-
tions, CZK. Contains P with #P oracle.
Relative to a random oracle, PSPACE strictly contains PH with probabil-
ity 1.
94
PSPACE has a complete problem that is both downward self-reducible
and random self-reducible. It is the largest class with such a complete
problem.
#P The class of function problems of the form “compute f (x),” where f is the
number of accepting paths of an NP machine. The canonical #P-complete
problem is #SAT. Any function in #P can be approximated to within a
polynomial factor in BPP with NP oracle. Likewise, any problem in #P
can be approximated to within a constant factor ε by a machine in FP||NP
running in poly(n, ε−1 ) time.
95
⊕P The class of decision problems solvable by an NP machine such that
• If the answer is “yes”, then the number of accepting paths is odd.
• If the answer is “no”, then the number of accepting paths is even.
C Exam questions
1. What does the Cook-Levin theorem state?
11. What is the relation between BPP and the polynomial hierarchy?
12. Define what a counting problem is. How is the class #P defined? Show
at least two problems that are #P-complete.
13. Prove that Permanent ∈ #P-complete.
96
19. Define the perfect zero knowledge property. What does bit commitment
mean?
20. What are the statistical zero knowledge property and the computational
zero knowledge property?
21. Define the complexity class UP. What is the relation between UP and P?
22. What does the PCP-Theorem say? When is a decision problem part of
PCP(r(n), q(n))?
97