Constructive proofs of concentration bounds
APPROX/RANDOM'10 Proceedings of the 13th international conference on Approximation, and 14 the International conference on Randomization, and combinatorial optimization: algorithms and techniques
General hardness amplification of predicates and puzzles
TCC'11 Proceedings of the 8th conference on Theory of cryptography
An efficient parallel repetition theorem
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Parallel repetition theorems for interactive arguments
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Counterexamples to hardness amplification beyond negligible
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
The knowledge tightness of parallel zero-knowledge
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
A Parallel Repetition Theorem for Constant-Round Arthur-Merlin Proofs
ACM Transactions on Computation Theory (TOCT)
Hi-index | 0.00 |
The question of whether or not parallel repetition reduces the soundness error is a fundamental question in the theory of protocols. While parallel repetition reduces (at an exponential rate) the error in interactive proofs and (at a weak exponential rate) in special cases of interactive arguments (e.g., 3-message protocols --- Bellare, Impagliazzo and Naor [FOCS '97], and public-coin protocols --- Haastad, Pass, Pietrzak and Wikstrom [Manuscript '08]), Bellare et. al gave an example of interactive arguments for which parallel repetition does not reduce the soundness error at all. We show that by slightly modifying any interactive argument, in a way that preserves its completeness and only slightly deteriorates its soundness, we get a protocol for which parallel repetition does reduce the error at a weak exponential rate. In this modified version, the verifier flips at the beginning of each round an (1-(1/4m), 1/4m) biased coin (i.e., 1 is tossed with probability 1/4m), where m is the round complexity of the (original) protocol. If the coin is one, the verifier halts the interaction and accepts, otherwise it sends the same message that the original verifier would. At the end of the protocol (if reached), the verifier accepts if and only if the original verifier would.