Abstract:Interactive oracle proofs ( \(\mathsf {IOP} \) s) are a hybrid between interactive proofs and \(\mathsf {PCP} \) s. In an \(\mathsf {IOP} \) the prover is allowed to interact with a verifier (like in an interactive proof) by sending relatively long messages to the verifier, who in turn is only allowed to query a few of the bits that were sent (like in a \(\mathsf {PCP} \) ). Efficient \(\mathsf {IOP} \) s are currently at the core of leading practical implementations of highly efficient proof-systems. In this work we construct, for a large class of \(\mathsf {NP} \) relations, \(\mathsf {IOP} \) s in which the communication complexity approaches the witness length. More precisely, for any \(\mathsf {NP} \) relation for which membership can be decided in polynomial-time with bounded polynomial space (i.e., space n ξ for some sufficiently small constant ξ > 0; e.g., \(\mathsf {SAT} \) , \(\mathsf {Hamiltonicity} \) , \(\mathsf {Clique} \) , \(\mathsf {Vertex\text{-}Cover} \) , etc.) and for any constant γ > 0, we construct an \(\mathsf {IOP} \) with communication complexity (1 + γ ) · n , where n is the original witness length. The number of rounds, as well as the number of queries made by the \(\mathsf {IOP} \) verifier, are constant. This result improves over prior works on short \(\mathsf {IOP} \) s/ \(\mathsf {PCP} \) s in two ways. First, the communication complexity in these short \(\mathsf {IOP} \) s is proportional to the complexity of verifying the \(\mathsf {NP} \) witness, which can be polynomially larger than the witness size. Second, even ignoring the difference between witness length and non-deterministic verification time, prior works incur (at the very least) a large constant multiplicative overhead to the communication complexity. In particular, as a special case, we also obtain an \(\mathsf {IOP} \) for \(\mathsf {CircuitSAT} \) with communication complexity (1 + γ ) · t , for circuits of size t and any constant γ > 0. This improves upon the prior state-of-the-art work of Ben Sasson et al. (ICALP, 2017) who construct an \(\mathsf {IOP} \) for \(\mathsf {CircuitSAT} \) with communication length c · t for a large (unspecified) constant c ≥ 1. Our proof leverages the local testability and (relaxed) local correctability of high-rate tensor codes, as well as their support of a sumcheck-like procedure. In particular, we bypass the barrier imposed by the low rate of multiplication codes (e.g., Reed-Solomon, Reed-Muller or AG codes) - a key building block of all known short \(\mathsf {PCP} \) / \(\mathsf {IOP} \) constructions.

What problem does this paper attempt to address?

### Problems the paper attempts to solve The paper aims to solve how to construct Interactive Oracle Proofs (IOPs) such that the communication complexity is close to the original witness length. Specifically, for a large class of NP relations (i.e., NP problems that can be verified in polynomial time with finite polynomial space, such as SAT, Hamiltonian path, clique problem, vertex cover, etc.), the authors construct IOPs whose communication complexity is close to the witness length. ### Main contributions 1. **Communication complexity close to witness length**: - For any NP relation, if its membership can be determined in polynomial time with finite polynomial space (i.e., space \(O(n^\epsilon)\)) and for any constant \(\epsilon > 0\), the authors construct an IOP whose communication complexity is \((1 + \epsilon)\cdot m\), where \(m\) is the original witness length. The number of rounds and the number of queries in the IOP are both constants. 2. **Improvement of existing work**: - Compared with previous short IOPs/PCPs, this result is improved in two aspects: - The communication complexity of previous short IOPs is proportional to the complexity of verifying NP witnesses, which may be much larger than the witness size. - Even ignoring the difference between witness length and non - deterministic verification time, previous IOPs have at least a large constant multiplicative overhead. 3. **Special case: CircuitSAT**: - As a special case, the authors also construct an IOP with a communication complexity of \((1 + \epsilon)\cdot m\) for CircuitSAT, where \(m\) is the size of the circuit. This improves the work of Ben Sasson et al. (ICALP, 2017), who constructed an IOP with a communication length of \(O(m)\) but with a large multiplicative constant. ### Technical methods 1. **Encoding selection**: - The authors use high - rate tensor codes, which have local testability and (relaxed) local correctability and support sumcheck - like procedures. This avoids the limitations of low - rate multiplication codes (such as Reed - Solomon codes, Reed - Muller codes or AG codes). 2. **Local testability and local correctability**: - The local testability and local correctability of high - rate tensor codes are established by recent research work. These properties enable the verifier to efficiently check whether the encoding is valid. 3. **sumcheck - like process**: - The authors utilize the sumcheck - like property of the encoding to achieve the key technical challenge, that is, to ensure that the encoded message is a valid accepting computation. This process is similar to the sumcheck protocol in the classical PCP technology, but is optimized to meet the needs of IOP. ### Conclusion The paper significantly improves the existing results of short IOPs/PCPs by constructing IOPs whose communication complexity is close to the witness length. This is of great significance for the construction of efficient proof systems, especially in the fields of cryptography and complexity theory.

Local Proofs Approaching the Witness Length

Quasi-Linear Size PCPs with Small Soundness from HDX

Generalized Tsirelson Inequalities, Commuting-Operator Provers, and Multi-prover Interactive Proof Systems

Interactive proofs with approximately commuting provers

A Non-interactive Range Proof with Constant Communication.

A Structural Theorem for Local Algorithms with Applications to Coding, Testing, and Verification

Witnessing Matrix Identities and Proof Complexity

Compact Proofs of Partial Knowledge for Overlapping CNF Formulae

Quantum PCPs: on Adaptivity, Multiple Provers and Reductions to Local Hamiltonians

Space-Time Tradeoffs for Distributed Verification

Local Verifications in Distributed Data Structures

High rate locally-correctable and locally-testable codes with sub-polynomial query complexity

Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation

Collaborative CP-NIZKs: Modular, Composable Proofs for Distributed Secrets

Sum-of-Squares Lower Bounds for the Minimum Circuit Size Problem

G T ] 9 A pr 2 01 8 Rational Proofs with Non-Cooperative Provers

Inductive Predicate Synthesis Modulo Programs (Extended)

Making $\textsf{IP}=\textsf{PSPACE}$ Practical: Efficient Interactive Protocols for BDD Algorithms

From Proof Complexity to Circuit Complexity via Interactive Protocols

Between proof construction and SAT-solving

Approximability and proof complexity