On the Consistency of Circuit Lower Bounds
for Non-Deterministic Time111An extended abstract of part of this work appeared as [2].
Abstract
We prove the first unconditional consistency result for superpolynomial circuit lower bounds with a relatively strong theory of bounded arithmetic. Namely, we show that the theory is consistent with the conjecture that , i.e., some problem that is solvable in non-deterministic exponential time does not have polynomial size circuits. We suggest this is the best currently available evidence for the truth of the conjecture. The same techniques establish the same results with replaced by the class of problems decidable in non-deterministic barely superpolynomial time such as . Additionally, we establish a magnification result on the hardness of proving circuit lower bounds.
1 Introduction
Bounded arithmetics are fragments of Peano arithmetic that formalize reasoning with concepts and constructions of bounded computational complexity. Their language is tailored so that natural classes of bounded formulas define important complexity classes. For example, the set of all bounded formulas defines precisely the problems in and the set of -formulas those in . The central theories are comprised in Buss’ hierarchy [6]
| (1) |
The theory can be understood as formalizing -reasoning, and as formalizing -reasoning. The levels of are determined by induction schemes for properties of bounded computational complexity. E.g., has induction for , and for . Intuitively, these theories can construct and reason with polynomially large objects of various computational complexities. The theories and are extensions with a second sort of variables ranging over bounded sets of numbers and are given by comprehension schemes. Intuitively, these sets represent exponentially large objects.
Low levels of the bounded arithmetic hierarchy formalize a considerable part of contemporary complexity theory. This includes some advanced topics such as the Arthur-Merlin hierarchy [17], hardness amplification [16], Toda’s theorem [7], and the PCP Theorem [30]. We refer to [26, Section 5] for a list of successful formalizations. Concerning circuit complexity, the topic of this paper, Jeřábek proved that his theory of approximate counting [15, 16, 17], which sits below , formalizes Rabin’s primality test, and proves that it is in [16, Example 3.2.10, Lemma 3.2.9]. Concerning lower bounds, many of the known (weak) circuit lower bounds can be formalized in a theory of approximate counting [26] and thus also in the theory . For example, the lower bound for parity has been formalized in [26, Theorem 1.1] via probabilistic reasoning with Furst, Saxe and Sipser’s random restrictions [13], and in [22, Theorem 15.2.3] via Razborov’s [32] proof of Håstad’s switching lemma.
Razborov asked in his seminal work from 1995 for the “right fragment capturing the kind of techniques existing in Boolean complexity” [32, p.344]. Showing that any theory that is strong enough to capture these techniques cannot prove lower bounds for general circuits would give a precise sense in which current techniques are insufficient. This however seems to be very difficult. We refer to [34, Introduction] or [23, Ch.27-30] for a description of the resulting research program, and to [31] for a recent result.
In contrast to unprovability, the first and final words of Krajíček’s 1995 monograph [22] ask for consistency results555The citations to follow refer not to circuit lower bounds but to ., namely to prove the conjecture in question “for nonstandard models of systems of bounded arithmetic”. These are “not ridiculously pathological structures, and a part of the difficulty in constructing them stems exactly from the fact that it is hard to distinguish these structures, by the studied properties, from natural numbers” [22, p.xii]. In particular, showing that a given conjecture is consistent with certain bounded arithmetics, already low ones, would exhibit a world where both the conjecture and a considerable part of complexity theory are true.
We therefore interpret consistency results as giving precise evidence for the truth of the conjecture. This is without doubt preferable to appealing to intuitions, or alluding to the experience that the conjectures appear to be theoretically coherent, exactly because a consistency result gives a precise meaning to this coherence.
1.1 Previous consistency results
Being well motivated, consistency results are also hard to come by, and not much is known. In particular, it is unknown whether is consistent with .
It is not straightforward to formalize because exponentiation is not provably total in bounded arithmetics. On the formal level, call a number small if exists. A size- circuit can be coded by a binary string of length at most , and hence by a number below ; this bound exists for small .
On the formal level, an -problem is represented by a -formula . A sentence expressing that the problem defined by has size circuits looks as follows:
Here, the quantifier on ranges over small numbers above . We think of the quantifier on as ranging over circuits of encoding-size , and of the quantifier on as ranging over length binary strings. Counting the hidden in , this is a bounded -sentence (namely a -sentence).
Now more precisely, the central question whether is consistent with asks for a -formula such that is consistent. As mentioned a model witnessing this consistency would be a world where a considerable part of complexity theory is true and the -problem defined by does not have polynomial-size circuits. This is faithful in that there also exists an -machine that cannot be simulated by small circuits in the model. Namely, proves that is equivalent to a formula
| (2) |
for a suitable -machine , namely a model-checker for . Here, the constant stems from the polynomial running time of . We write for equal to (2). One can also fix the machine in advance to a universal one, namely a model-checker for an -provably -complete problem (e.g., ).
The predominant approach to the consistency of circuit lower bounds is based on witnessing theorems: a proof of in some bounded arithmetic implies a low-complexity algorithm that computes a witness from . E.g., if the theory has feasible witnessing in , then it does not prove for any unless the problem defined by is in . However, is only known to have feasible witnessing in for bounded -sentences and is a -sentence.
Fortunately, a self-reducibility argument implies that the quantifier complexity of this formula can be reduced. Up to suitable changes of , the formula is -provably equivalent to the following sentence of lower quantifier complexity:
where stems from the polynomial runtime of . We define
Note, is a bounded -sentence (namely a -sentence). For such sentences, has feasible witnessing in [6], and has feasible witnessing by certain interactive polynomial-time computations [21]. This was exploited by Cook and Krajíček [12] to prove666 denotes polynomial time with non-adaptive queries to an -oracle. In [12] a distinct but similar formalization of is used. that “” is consistent with unless , and with unless . Since the complexity of witnessing increases with the strength of the theory, it seems questionable whether this method yields insights for much stronger theories: by the Karp-Lipton Theorem [19], implies that “” is true, and true sentences are consistent with any true theory. Moreover, the focus of this work is on unconditional consistency results.
Using similar methods, a recent line of works [24, 8, 9, 10] achieved unconditional consistency results for fixed-polynomial lower bounds, even for instead of (based on [36]). For example, the main result in [8] implies that and are consistent for certain formulas and that define problems in and , respectively. Again it seems questionable whether the underlying methods can yield insights for much stronger theories: by Kannan [18], the lower bound stated by is true for some formula defining a problem in . Moreover, the formulas above depend on and new ideas seem to be required to reach the unconditional consistency of superpolynomial lower bounds.
1.2 New consistency results
The purpose of this paper is to prove the unconditional consistency of with the comparatively strong theory . Consistency results for are meaningful, since is stronger than which, as discussed earlier, can formalize many results in complexity theory. Our approach is not via witnessing but via simulating comprehension.
The problems in are naturally represented on the formal level by -formulas : an existentially quantified set variable followed by a bounded formula. We discuss three ways to formalize , namely with for a -formula , with and with for a suitable universal -machine . We now discuss these formalizations; they are analogous to the formalizations discussed in the previous section.
The “direct formalization” of the consistency of is based on the formulas . These are defined similarly as before but with a -formula:
Definition 1.
Let and let be a -formula (with only one free variable , and in particular without free variables of the set sort). Define
Then our direct formalization of the consistency of is:
Theorem 2.
There exists such that is consistent.
Theorem 2 can be strengthened to establish the consistency of (see Section 2.3) but our focus is on .
Theorem 2 is proved in Section 2.2 but in hindsight is not hard to prove. For take a formula negating the pigeonhole principle: it states that there exists a set coding an injection from into , and thus is expressible as a -formula. The intermediate steps in the usual proof of the pigeonhole principle involve further sets encoding injections, and these can also expressed with -formulas. If these formulas were computed by polynomial-size circuits, then we could use quantifier-free induction to show that the pigeonhole principle is provable in . But it is well known that this is not the case (see [22, Corollary 12.5.5]).
Concerning the faithfulness of the direct formalization we get, as before, a model of where a certain -machine cannot be simulated by small circuits. Indeed, for an explicit -machine we can write the formula (2) using instead of a quantification for a set variable :
| (3) |
Roughly, an explicit -machine is one such that can verify a suitable bound on its runtime; we defer the details to Section 3.1. It turns out that proves that every -formula is equivalent to (3) for a suitable , namely a model-checker for . Proving this is not trivial because is agnostic about the existence of computations of exponential-time machines. One of our contributions is to prove it; we give the details in Section 3.
Definition 3.
For an explicit -machine and we set where is the formula (3).
Intuitively, does not know whether non-trivial exponential-size sets exist, namely sets not given by bounded formulas. But then, how meaningful is the consistency statement of Theorem 2 or the corresponding statement for ? These sentences contain (universal and) existential set quantifiers. It turns out that we can move again to a suitably modified sentence of lower quantifier complexity, namely a sentence all of whose set quantifiers are universal (i.e., ): such sentences do not entail the existence of non-trivial large sets. This does not follow from simple self-reducibility arguments but is a deep result of complexity theory, namely the Easy Witness Lemma of Impagliazzo, Kabanets and Wigderson [14, Theorem 31]. We use Williams’ version as stated in [38, Lemma 3.1] (see [39, Theorem 3.1] for the equivalence):
Lemma 4 (Easy Witness Lemma).
If , then every -machine has polynomial-size oblivious witness circuits.
An oblivious witness circuit for a machine and input length is a circuit with at least inputs such that for every of length , if accepts , then encodes an accepting computation of on . Here, the circuit is obtained from by fixing the first inputs to the bits of , and is the truth table of . In the statement of the lemma, polynomial-size refers to polynomial in , and the qualifier oblivious refers to the fact that depends only on the length of , not on itself.
In the language of two-sorted bounded arithmetic the string corresponds to the set of numbers accepted by . We thus define the formula by replacing by and by :
Definition 5.
For and an explicit -machine we set
In Section 4.1 we define a suitable universal explicit -machine and arrive at our formalization of :
Definition 6.
The main result of this paper is:
Theorem 7.
The theory is consistent with both formalizations of ; concretely, and are consistent.
In the notation introduced above, this gives:
Corollary 8.
is consistent.
Both and are formalizations of . The first has the advantage of being more direct whereas the second has the advantage of having lower quantifier complexity: is while is . In addition, being is instrumental for our magnification result discussed below (Theorem 11). It is easy to see that proves that implies . The converse implication is true too, but depends on the Easy Witness Lemma. It is open whether proves this implication or the Easy Witness Lemma.
We emphasize here that our formalization of through the universal machine and the and sentences refers exclusively to the setting of non-relativized complexity classes.
Second we show that can be lowered to just above . For , define inductively by , and . We prove:
Theorem 9.
is consistent for every positive .
The formalization and proof proceeds similarly and relies on an Easy Witness Lemma for barely superpolynomial time by Murray and Williams [27]. Theorem 9 “almost” settles the central question for the consistency of with a strong bounded arithmetic. Closing the tiny gap, however, seems to require some new ideas.
1.3 Simulating comprehension
The proof of the consistency of circuit lower bounds is based on the complexity of constant depth propositional proofs for the pigeonhole principle. We shall see that (and thus ) proves the pigeonhole principle. This implies Theorem 7 as it is well-known that cannot prove this principle. Thereby, Theorem 7 is ultimately based on the exponential lower bound for this principle in bounded depth Frege systems [1, 4]. On a high level, while the approach based on witnessing uses complexity theoretic methods, our approach is based on methods that arose from mathematical logic, in particular forcing (cf. [3]).
The formulation of “” provides an additional insight into the consistency lower bound. By the Easy Witness Lemma, the inclusion implies that a rich collection of sets is represented by circuits (via their truth tables). A weak theory can quantify over circuits and hence implicitly over this collection. Thus, intuitively, should enable a weak theory to simulate a two-sorted theory of considerable strength. More precisely, we show that can be used to simulate a considerable fragment of -comprehension, i.e., a considerable fragment of .
The sketched idea can be made explicit as follows. By we denote the two-sorted variant of . Its models consist of two universes and interpreting the number and the set sort, respectively. Given such a model that additionally satisfies for some , we will show in Lemma 45 that shrinking to the sets represented by circuits in yields a model of . This has two interesting consequences. The first is:
Theorem 10.
Let be a theory that contains but does not prove all number-sort consequences of . Then is consistent.
By a number-sort formula we mean one that does not use set-sort variables. Note that the corollary refers to number-sort sentences of arbitrary unbounded quantifier complexity. It is conjectured that has more number-sort consequences than all other theories mentioned so far. But this is known only for [37, 20], and there even for -sentences. Theorem 10 directly infers evidence for the truth of “” from progress in mathematical logic on understanding independence. Loosely speaking, we view it in line with the belief that it is mathematical logic that ultimately bears on fundamental complexity-theoretic conjectures (see e.g. again the preface of [22]).
The second consequence is:
Theorem 11.
If does not prove “”, then does not prove “”.
This is a magnification result on the hardness of proving circuit lower bounds: it infers strong hardness (for ) from weak hardness (for ). The term magnification has been coined in [28] in the context of circuit lower bounds where such results are currently intensively investigated (cf. [11]). In proof complexity such results are rare so far. An example in propositional proof complexity appears in [26, Proposition 4.14]. Magnification results are interesting because they reveal inconsistencies in common beliefs about what is and what is not within the reach of currently available techniques. Theorem 11 might foster hopes to complete Razborov’s program to find a precise barrier in circuit complexity (cf. Remark 46).
2 Consistency of the direct formalization
In this section we provide the details of the simple proof of Theorem 2. We begin by recalling the necessary preliminaries on bounded arithmetic. This will be needed also in later sections. We refer to [22, Ch.5] for the missing details.
2.1 Preliminaries: bounded arithmetic
Bounded arithmetics have language , , , , , , , , and built-in equality . Note that Cantor’s pairing is given by a term. Iterating it gives for . A number is called small if it satisfies the formula . We abbreviate by and by . The quantifiers and range over small numbers above . If , we write for and similarly for other exponential functions. E.g., a formula of the form stands for the formula .
Theories.
The theories of bounded arithmetic are given by a set of universal sentences determining the meaning of the symbols, plus induction schemes. For a set of formulas , the set (of the universal closures) of formulas
for , is the scheme of -induction. Restricting to small numbers gives the scheme of -length induction; formally, replace by above. Here, and throughout, when writing a formula as we mean that all free variables of are among .
The set contains all bounded formulas, and , for , are subsets of that are defined by counting alternations of bounded quantifiers , not counting sharply bounded ones . In particular, is the set of sharply bounded formulas. The theories are defined by . The theories are defined by . Full bounded arithmetic has -induction.
Two-sorted theories.
Two-sorted bounded arithmetics are obtained by adding a new set of variables of the set sort. Original variables are of the number sort. We shall use capital letters also for number-sort variables. Therefore, for clarity, from now on we write and for quantifiers on set-sort variables . The language is enlarged by adding a binary relation between the number and the set sort. A number-sort formula is one that uses only the number sort. In particular, it has no set-sort parameters. By a term we mean a term in the number sort. We write for .
Models have the form where is a universe for the number sort and is a universe for the set sort. The symbol is interpreted by a subset of . The standard model is where is the set of finite subsets of ; the number sort symbols are interpreted as usual over and by actual element-hood.
The sets are defined as , allowing free set-variables and the symbol , but not allowing set-sort quantifiers, nor set-sort equalities . Another name for the set is . The theories , , and , are given by and analogous induction schemes as before, namely -induction, -length induction, and -induction, respectively. Additionally, we add the following axioms with the set sort. Recalling the notation introduced above, the new axioms are (the universal closures of):
| set-boundedness axiom: | . |
|---|---|
| extensionality axiom: | . |
We add the scheme of (bounded) -comprehension, given by (the universal closures of) the formulas
| (4) |
where is with respect to the theory defined over the two-sorted language as plus -length-induction, i.e., this theory proves equivalent to both a -formula and a -formula.
For example, this scheme implies that there is a set as described when is where is a function that is -definable in . The superscript indicates that comprises all the free variables of the set sort that appear in the -formula that defines . It is well known [6] that these are precisely the functions that are computable in polynomial time with oracles denoted by the set variables. We do not distinguish (or ) from its variant in the language (resp., ) which has a symbol for all polynomial time functions (resp., with oracles denoted by the set variables). We shall often use that proves induction for quantifier-free -formulas (cf. [22, Lemma 5.2.9]). We write quantifier-free -formulas with latin capital letters; e.g., .
A piece of notation.
For formulas and we write
for the formula obtained from by replacing every atomic subformula of the form , for a term, by the formula , preceded by any necessary renaming of the bound variables of to avoid the capturing of free variables. We use this notation only for formulas without set equalities.
Genuine two-sorted theories.
It is easy to see that the theories have the same number sort consequences as respectively. Also are conservative over their subtheories without -comprehension. Intuitively, the two-sorted versions of bounded arithmetics are the usual ones plus syntactic sugar. Genuine set-sorted theories are obtained from by adding (bounded) -comprehension for certain sets of formulas , i.e., (4) for in .
The set contains all two-sorted formulas with quantifiers of both sorts, but bounded number-sort quantifiers. Again we disallow set equalities. The sets , for , are subsets of defined by counting the alternations of set quantifiers (and not counting number quantifiers). A -formula is of the form
| (5) |
where is a -formula.
For the theory is given by -comprehension. In particular, is given by -comprehension. It has the same number-sort consequences as .
Remark 12.
Sometimes, the sets are defined with bounded set quantifiers and . The difference is not essential: for every -formula there is a term such that proves
where stands for with . By -comprehension, is -provably equivalent to . It follows that every -formula is -provably equivalent to one with bounded set sort quantifiers.
Remark 13.
Disallowing set equalities is convenient but inessential in the sense that does not change when set equalities are allowed in . Indeed, let be a -formula except that set equalities are allowed. Then there is a -formula (without set equalities and) with bounded set quantifiers such that proves
Proof.
The formula is defined by a straightforward recursion on . For example, if is , then is ; a witnessing the equivalence is any common upper bound on and . If is and is already defined, then is where the term is chosen according to the previous remark. ∎
Circuits.
A circuit with gates is coded by a number below . On the formal level we shall only consider small circuits, i.e., , so exists. We use capital letters for number variables when they are intended to range over circuits. There is a -function that (in the standard model) takes a circuit with, say, input gates, and evaluates it on inputs . This means that the input gates of are assigned the bits of the length- binary representation of ; we assume if or if does not code a circuit.
It is notationally convenient to have circuits take finite tuples as inputs; formally, such a circuit has sequences of input gates, the -th taking the bits of . Again, denotes the evaluation function; it outputs if any has length bigger than the length of its allotted input sequence. Our circuits have exactly one output gate, so proves . We write for the quantifier-free -formula ; in some places we also write and instead of and , respectively.
For a circuit taking -tuples as inputs and an -tuple we let be the circuit obtained by fixing the first inputs to ; it takes -tuples as inputs. Formally, is a -term with variables and proves and .
Lemma 14.
For every quantifier-free -formula there is a such that proves
On the formal level, if is a set and is a circuit, then we say that is represented by if . In our notation, such set is written , or . More precisely, for a formula and a circuit we write
for the formula obtained from by replacing every formula of the form by , i.e., by . Note that if the set is represented by a circuit with inputs, then , provably in . For example, we shall use circuits to represent computations of exponential-time machines . Using the notation introduced in Section 3.1,
| “ is a halting computation of on ” |
is a -formula with free variables stating that the circuit represents a halting computation of on .
2.2 Consistency of the direct formalization for
The set of -formulas without free variables of the set sort is a natural class of formulas defining, in the standard model, all the problems in . For such a formula it is straightforward to write down a set of sentences (a.k.a. a theory) stating that does not have polynomial-size circuits. We explicitly define this direct formalization of as the set of all sentences of the form , for , for the sentence defined in the introduction, and then argue that its consistency with follows from known lower bounds in proof complexity.
We are ready to prove Theorem 2.
Proof of Theorem 2:.
The (functional) pigeonhole principle is the following -formula:
Note that is (logically equivalent to) a -formula. For the sake of contradiction assume that is inconsistent. By compactness, there exists such that proves .
Claim: proves .
The claim implies the theorem: it is well known [22, Corollary 12.5.5] that there is an expansion of a model of by an interpretation of a new predicate such that is bounded and witnesses for some (nonstandard) , and, further, models induction for bounded formulas. Let be the collection of bounded sets definable in by bounded formulas. Then is a model of with , so .
We are left to prove the claim. Argue in and set . Then gives a circuit such that
We observe that proves that is inductive, i.e.,
| (6) |
Indeed, if is a set that witnesses , then we construct a set that witnesses as follows. If there does not exist any with , then the set itself is the witness we want. On the other hand, if there exists with , then let be the set of pairs such that the two projections and satisfy the formula below, for the fixed parameters and :
Here, denotes the (truncated) predecessor -function. In the definition of we used the two projections and , also as -functions. Since the definition of is a quantifier-free -formula, the set exists by quantifier-free -comprehension, and it is clear by construction that it witnesses .
To complete the proof, plug for in (6) and quantifier-free -induction gives , and hence . ∎
Remark 15.
The model that witnesses the above consistency is a model of where fails for some nonstandard : otherwise would be true and witnessed by trivial circuits that always reject.
2.3 A strengthening to
While our focus is on , in this section we point out a version of Theorem 2 stating the consistency of .
For , let denote a universal -formula: for every -formula , there are such that (in fact, [22, Corollary 6.1.4]) proves
Intuitively, the parameter serves as a runtime bound of a suitable model-checker coded by . Thus, the formulas for varying define (in the standard model) precisely the problems in the -th level of the polynomial hierarchy .
We incorporate nonuniformity as follows. Again, let be the -functions computing the projections for pairs . Define
Thus, determines the runtime bound and some “advice” . Then is in if there exists and a function such that is polynomially bounded in and such that for all we have if and only if is true (in the standard model).
Definition 16.
Let and let be a -formula (with only one free variable , and in particular without free variables of the set sort). Define
It is clear that is true if and only if the -problem defined by does not belong to . Hence, the following states the consistency of :
Theorem 17.
There exists such that is consistent.
This is proved in almost exactly the same way as the just-given proof of Theorem 2. The only difference is that, working in a model of , the circuit is replaced with the formula for an advice string . The details are left to the reader.
3 Formally verified model-checkers
We shall need to formally reason about certain straightforwardly defined exponential time machines, namely model-checkers and universal machines. A model-checker for a formula has oracle access to and, on input , decides whether is true. For example, by nesting a loop for each bounded quantifier, -formulas have straightforward model-checkers that run in exponential time and polynomial space. We define such model-checkers with care, so that verifies their time and space bounds as well as their correctness. This correctness statement has to be formulated carefully because, in general, cannot prove that a halting computation of on exists. Thus, proving correctness means to show that if a computation exists, then it does what it is supposed to do. To prove this we use some constructions that are similar in spirit to those in [5].
3.1 Preliminaries: explicit machines
In short, a machine will be called explicit if the theory proves that its halting computations terminate within a specified number of steps, using no more than a specified amount of space in its work tapes, and by querying its oracles no further than a specified position.
Machine model.
Our model of computation is the multi-tape oracle Turing machine with one-sided infinite tapes (i.e., cells indexed by ) and an alphabet containing . The content of cell is fixed to a fixed symbol marking the end of the tape. At the start, the heads scan cell . The machines can be deterministic or non-deterministic. Such a machine has read-only input tapes, and work tapes and oracle tapes. If there are input tapes, then its inputs are -tuples of numbers with the length- binary representation of written on the -th input tape. The length of the input is . If does not have oracle tapes, then it is a machine without oracles. If has oracle tapes, then we write for the machine with oracles . When the machine enters a special query state, it moves to one out of many special answer states which codes the answers to the queries written on the oracle tapes, i.e., whether the number written (in binary) on the -th oracle tape belongs to or not.
A partial space- time- query- computation of on comprises configurations, the first one being the starting configuration, every other being a successor of the previous one, and repeating halting configurations, if any. Being space- means that the largest visited cell on each tape is at most , and being query- means that the largest visited cell on each oracle tape is at most most ; in other words, all queries have length at most . Query lengths are bounded by instead of so that all queries are restricted to have polynomial length.
Coding computations.
Fix a machine . Let and consider a partial space-, time-, query- computation of on an unspecified input with unspecified oracles. A configuration is coded by an -tuple of numbers: codes the current state of the machine; codes, for each tape, a position bit indicating whether the index of the currently scanned cell is at most and, for each work or oracle tape, the content of cell . We assume that these numbers are smaller than (the machine is (coded by) a number), so we get an matrix of such numbers. This matrix is coded by the set of numbers bounded by that contains exactly those such that , , and the -entry of the matrix has -bit .
The details of the encoding are irrelevant. What is required is that there is a -function such that gives, about the -th configuration, a number coding the state, the positions of the heads, the contents of the cells they scan, and the numbers that are written in binary in the first cells of the oracle tapes. In the encoding sketched above, to find the position of a specific head, uses binary search to find where its position bit flips; computing the oracle queries is possible because the oracle tapes contain numbers below . Having , it is straightforward to write a natural -formula stating
| (7) |
The free variables of this formula are . Exceptionally, we shall also consider on the formal level, in which case is an additional free number variable. All quantifiers in the -formula (7) can be -provably bounded by for a polynomial , where stands for . If is a machine without oracles, the formula is -provably equivalent to the one with , and we omit ‘query-’. We also omit ‘space ’ if . Further, replacing ‘partial’ by ‘halting’ or ‘accepting’ or ‘rejecting’ are obvious modifications of the formula.
Explicit machines.
Binary search gives a -function such that, provably in , if is a halting time- space- query- computation of on , then is the minimal such that the -th configuration in is halting. We make the further assumption that never writes blank (but can write a copy of this symbol), so heads leave marks on visited cells. Binary search can then compute the maximal non-blank cell in the -th configuration on any tape. By quantifier-free induction for -formulas, proves that this cell number is non-decreasing for . Hence, there is a -function such that, provably in , if is a halting time- space- query- computation of on , then is the maximal cell visited in on any tape. Similarly, there is a -function that computes the maximal cell visited on a query tape.
Definition 18.
A machine is explicit if there are terms such that
We say that the terms witness that is explicit. Further, if is another term, then we say that witnesses that is an
| explicit -machine | if it is non-deterministic | with ; |
| explicit -machine | if it is deterministic | with ; |
| explicit -machine | if it is deterministic | with and ; |
| explicit -machine | if it is non-deterministic | with and ; |
| explicit -machine | if it is deterministic | with and . |
Observe that, if witness that is explicit, and , , are terms such that , then also witness that is explicit. E.g., if witnesses that is an explicit -machine, then also witnesses that is an explicit -machine.
Given an explicit machine , we omit ‘space- time- query-’ in (7) and its variations with ‘halting’, ‘accepting’ or ‘rejecting’. E.g. for an explicit -machine , say witnessed by , we have a -formula
| (8) |
This means that is a space- time- query- computation of on that ends in an accepting halting configuration, and all queries “?” during the computation satisfy . In particular,
| (9) |
provably in . Furthermore, all quantifiers in the -formula (8) can be -provably bounded by for a polynomial , where stands for .
Thereby, our mode of speech follows [22, Definition 8.1.2] in that the time bound is used to determine the bound on the oracle tapes.
Polynomial-time computations.
It is well-known that formalizes polynomial time computations. We shall use this in the form of the following lemma.
For an explicit -machine , its computations can be coded by numbers and we get a -formula
Here, is a number sort variable, and the free variables are . If has a special output tape, we agree that the output of a computation is the number whose binary representation is written in cells up to the first cell not containing a bit. We have a -function such that, provably in , if is a halting computation of on , then is the content of cell of the output tape in the halting configuration in case this is a bit; otherwise . In particular, proves ,
Lemma 19.
For every -function there are an explicit -machine and a -function such that proves
In the statement of the lemma, is a -function computing the -bit of the binary representation of , i.e., (in the standard model). In particular, we have for .
3.2 Deterministic model-checkers
For every -formula in the language we define its bounding term as follows:
-
1.
if is atomic,
-
2.
if ,
-
3.
if ,
-
4.
if .
Lemma 20.
For every -formula there are an explicit -machine , a -formula , terms , and a polynomial , such that
-
(a)
,
-
(b)
,
-
(c)
,
-
(d)
,
-
(e)
witness as explicit - and -machines, respectively.
In addition, if is a -formula, then there are a term and a quantifier-free -formula such that
-
6.
,
-
7.
“ is an accepting computation of on ”.
Proof.
Call a -formula good if it satisfies (a)–(e). Observe that all -formulas are good: they are -provably equivalent to formulas of the form for some -function , and we can choose a machine according to Lemma 19. Recall that an explicit -machine is also an explicit -machine and explicit -machine (in this case, all three witnessed by the same term).
We leave it to the reader to check that the good formulas are closed under Boolean combinations. We are then left to show that if
| (10) |
for a term and a good formula , then is good. To lighten the notation, in the following we drop any reference to the set-parameters in the formulas, and to the oracles in machines, since they remain fixed throughout the proof.
The machine runs a loop searching for a in that satisfies . On input , it writes on a work tape and then loops: it checks whether and, if so, it updates and runs on ; otherwise it halts. It accepts or rejects according to a flag bit stored in its state space: is initially set to , and it is set to 1 when and if an -run accepts.
To prove (a)–(e) we want a quantifier-free -formula that extracts the -computation simulated in the -loop. More precisely, we want to prove that, if is a halting computation of on , then is a halting computation of on . For this, we design the details of in a way so that the -th step of the computation of on is simulated by at a time easily computed from .
Description of . Set where is the term claimed to exist for . Note that proves that for . Additionally to properties (a)–(e) for , we assume inductively that proves that the halting configuration of on equals the initial configuration except for the state, that is, cleans all worktapes and moves all heads back to cell before it halts.
Our machine initially computes and and two binary clocks initially set to and . The terms are evaluated using explicit -machines according to Lemma 19. The initial settings of the clocks are simply computed by scanning the binary representations of and that were computed at the start. This initial computation of terms, and initialization of clocks, takes time exactly for some -function . Further, proves for a suitable term .
The -loop is implemented as follows. First update , the value of the first clock. To do this, sweep over the first clock, and then back, in exactly steps, doing the following: copy without leading ’s to some tape, so this tape holds the length- binary representation of (as expected by ); increase the clock by if , and reset it to if ; in the latter case store a bit signaling this; this signal bit halts the computation (in the next -loop) instead of doing the -update. After this -update, simulate steps of on by an inner loop: in steps sweep twice over the second clock. If its value was smaller that , then increase it by and simulate the next step of ’s computation; this can mean repeating the halting computation. If its value was not smaller than , then set the clock back to . Thus, exactly steps are spent for one step of and one -loop takes exactly steps.
If the signal bit halts the computation, then our machine first cleans all tapes and moves heads back to cell , before halting. We omit a description of this final polynomial time computation. It can be implemented to take exactly steps for a -function , and proves for a suitable term .
Thus runs in time exactly . It simulates steps of on at times
| (11) |
for .
Explicitness: proof of (d)–(e). Let be the term that witnesses as an explicit -machine. Let be a halting computation of on . There is a -function that from computes (a number coding) the initial computation of terms and clocks, and proves its halting configuration is as described. Clearly, proves that the first steps of coincide with this computation. In particular, proves that the clocks computed in have the desired length. Similarly, there is a -function that from computes (a number coding) the space- configuration of at time in .
We prove, by quantifier-free induction, that the computation simulates the steps of at times for and . Assume this holds for time . We verify it for time or time depending on whether or . Assume the former; the latter case is similar. Compute the time- computation (that sweeps twice over the clock and simulates one more step of ) starting at the configuration at time ; then must coincide with this computation between time and time . Hence, simulates a step of at time . Similarly, quantifier-free induction proves that the -configurations at the times in are successors of each others. This yields a quantifier-free -formula as desired.
From the configuration at time one can compute the final steps of the clean-up computation before halts, and the last steps of must coincide with that. Hence, proves that the configuration of at time is halting. Recalling that and , this implies that the term
witnesses as an explicit -machine. Choose a term such that -provably and
Then witnesses as an explicit -machine. This shows (e).
For (d), recall and hence for a suitable polynomial , provably in . Recalling that , and that by (d) for we have provably in , from we get, also provably in , that for a suitable polynomial .
Correctness: proof of (a)–(c). For (a) argue in and suppose is an accepting computation of on . Being accepting means that the final state has flag , while the starting state has flag . By binary search we find a time when flips from to . This time determines such that the loop accepts. Then is an accepting computation of on . Note that exists by -comprehension. Then (a) for implies and thus .
For (b), argue in and suppose is a rejecting computation of on , so the flag is in the final configuration. Let . Then is a rejecting computation of on : otherwise the loop sets the flag to and then binary search finds a time where the flag flips from to in which contradicts the working of . Then (b) for implies . As was arbitrary, we get .
For (c), it is easy to construct from a formula such that proves that the set is the computation of the -loop of on with flag stored in the state space. There is an analogous formula for flag . These formulas just stretch the computation described by and interleave it with the trivial updates of the clocks. The desired formula ‘glues together’ these computations, plus the initial steps of initialization, and the final steps of clean-up. We sketch the definition of : from we can compute such that the truth value of is one of the bits in the code of the computation of the -loop of on , or one of the bits in the code of the initial or final computation. Then states
| (12) |
Proof of (f)–(g). Assume is a -formula. We modify the given construction as follows. Up to -provable equivalence we have
where is a term and is a -function. As before, we drop any reference to the set-parameters , and to the oracles , since they will stay fixed throughout the proof. We define similarly as before with the role of played by a -machine checking according to Lemma 19. The only difference is in the flag bit: it is initially set to , and it is set to when and if a -loop rejects (meaning ).
In this case we can choose small, i.e., equal to for some term , so there is a -function that computes (a number that codes) the computation of the -loop of . Then ‘glues together’ these computations plus suitable initial and final computations. The only problem is to determine the flag stored in the states of . For this we need to know the minimal such that holds, or take if holds. Such exists provably in . This shows (f) for . For (g), assuming we can take directly since in this case the flag bit is always 1 provably in . ∎
Remark 21.
The proof shows that the quantifier complexity of is close to that of . If , then is a quantifier free -formula. If for , then is a Boolean combination of -formulas. Note that if the outer quantifier in (10) is sharply bounded, i.e., for some term , then the -bounded quantifiers in (12) are sharply bounded too.
3.3 Optimality remarks
This subsection offers some remarks stating that Lemma 20.6 cannot be improved in certain respects. This material is not needed in the following.
Proof.
Let for a quantifier-free -formula, and assume (6) holds for instead of . We show proves that, if there is such that , then there is a minimal such . Argue in and suppose . By -comprehension and (6) there is a halting computation of on . By (b) it cannot be rejecting, so is accepting. Our proof of (a) gives for such that the flag flips from 0 to 1 in loop . We claim is minimal. This is clear if . Otherwise we had after the loop on (in ). For contradiction, assume there is with . Then the loop on would set . By quantifier-free induction we find a time between and where flips from 1 to 0. This contradicts the working of . ∎
Fix any machines satisfying the lemma. Call a formula true if its universal closure is true in the standard model.
Remark 23.
Proof.
Otherwise every -formula is equivalent to a quantifier-free -formula . Let be such that and choose in . Choose a -formula defining in , the model where is interpreted by . Note defines in a problem in . Then fails in for some , and hence also in for some bounded (Remark 12). Thus, this equivalence is not true. ∎
Remark 24.
Proof.
Note this is a -formula, so for every defines in a problem in . Choose such that and argue similarly as before. ∎
3.4 Non-deterministic model-checkers
We shall also need model-checkers for -formulas. As a first step we prove a technical lemma showing how to convert an explicit oracle -machine into an explicit -machine that first guesses the oracle on a guess tape, and then simulates . As usual, we need to show that is able to prove that this construction does what is claimed.
Lemma 25.
For every explicit -machine that, as explicit -machine, is witnessed by term , there are an explicit -machine , a term , a polynomial , and quantifier-free -formulas such that
-
(a)
-
(b)
-
(c)
,
-
(d)
The term witnesses as explicit -machine.
Proof.
Set . By assumption, the triple of terms witnesses that is explicit. In particular, every query “?” made by on satisfies and hence . The machine on guesses a binary string of length on a guess tape and then simulates on as follows: an oracle query “?” of is answered reading cell on the guess tape. As in the proof of Lemma 20, to prove (a)–(d) we need to design the details of in a way so that the -th step of the computation of is simulated by at a time easily computed from . To reduce notation, in the following we drop any reference to the oracles as they will remain fixed throughout the proof.
Description of . The machine on first computes and two binary clocks initialized to and , respectively. To write of length on the guess tape the machine checks whether the first clock equals and, if not, increases it by one and moves one cell to the right on the guess tape. This is done in exactly steps. Once the clock equals , the machine moves back to cell on the guess tape and non-deterministically writes or in each step, except in the step that finally rebounds on cell to cell . The terms are computed with explicit -machines according to Lemma 19. The initial computation of terms, and initialization of clocks, takes time exactly for some -function . Therefore, the guess of takes exactly steps. Moreover, proves , where
for a suitable term such that proves .
The machine simulates steps of using the second clock. Comparing this clock with and updating it takes steps. If the value of the clock is less than , then a step of is simulated by reading the -cell of the guess tape where is the content of ’s oracle tape for . This is done as follows. The machine moves forward over the guess tape, and rewinds back to cell . With each step forward it increases the first clock by one and checks whether it equals or . If and when the clock equals , it stores the oracle bit read on the guess tape in its state space. Otherwise, i.e., , the machine stores oracle bit . When the clock equals , the scan of the guess tape ends, and the rewinding to cell starts (in the next step). Doing this takes time exactly and the oracle bit is stored at time . Thus, when the value of the second clock is less than , one step of is simulated in exactly
steps. Otherwise, the simulation halts in an accepting or rejecting state according to ’s state. In total, the machine runs for exactly steps. The steps of on are simulated at times
for . The runtime is bounded by the term
Explicitness. We argue that this bound on the runtime of can be verified in , given a halting computation of on . Note that, unlike the simulation in Lemma 20, a single step is simulated in possibly exponential time . However, this possibly exponential time computation is simply described: Since is an explicit -machine, its configurations can be coded by numbers. Now, given a number coding the configuration of within at time , say with -oracle query , and given a time , we can compute the configuration of the clocks and the state of the (to-be-)stored oracle-bit at time . Now, quantifier-free induction suffices to prove that the oracle bit is stored at the desired time and equals the content of the -cell of the guess tape (or 0 if ). Quantifier-free induction proves that the configurations of within at times for are successors of those preceding them. In particular, proves that the configuration at time is halting. Space and query bounds can be similarly verified, so is explicit and witnessed by .
Proof of (a)–(d). For (a), the quantifier-free formula concatenates an initial polynomial-time computation of the terms and clocks, a guess of , and a simulation of . Each configuration of the guess of is computable in polynomial time. The simulation of stretches each step of to a time computation, each configuration of which is easily computed from and in polynomial time. Quantifier-free induction proves that a -query in is answered according to the bit in the -cell on the guess tape.
For (b), the quantifier-free formula extracts the guess from and the quantifier-free formula extracts the simulated computation at the times for .
For (c) and (d), we already argued that the term witnesses as an explicit -machine. The claim that holds for a suitable polynomial follows by inspection, and proves it. ∎
Now we can state the lemma that proves that every -formula has a formally verified model-checker. In its statement, the bounding term of a -formula as in Equation (5) is defined to be the bounding term of its maximal subformula .
Lemma 26.
For every -formula , there exists an explicit -machine , a term , and a polynomial , such that
-
(a)
-
(b)
-
(c)
,
-
(d)
the term witnesses as explicit -machine.
Furthermore, if the maximal -subformula of is a -formula, then
-
5.
Proof.
Let where is a -formula. Recall that the bounding term of is . In what follows, to lighten the notation, we drop any reference to the set parameters in formulas, and to the oracles in machines, since they remain fixed throughout the proof.
Let be the explicit -machine given by Lemma 20 applied to . Let and be the term and the polynomial also given by that lemma. By Lemma 20.e, the term witnesses as explicit -machine. Therefore, Lemma 25 applies to and and we get an explicit -machine , a term , and a polynomial . We prove (a)–(e) using the quantifier-free -formulas also given by Lemma 25, and the -formula given by Lemma 20.
For (a), argue in and assume holds. Choose such that holds. By Lemma 20.c, the set is a halting computation of on . Note that exists by -comprehension, which defines the theory . By Lemma 20.b, the computation cannot be rejecting, so it is accepting. By Lemma 25.a, the set is an accepting computation of on . Note that exists by -comprehension.
For (b), argue in and assume is an accepting computation of on . By Lemma 25.b we have that is an accepting computation of on , for . Note that exists by -comprehension. By Lemma 20.a we get that holds. Thus follows.
4 Consistency for
In this section we define a suitable universal explicit -machine . We verify the claim from the introduction that both theories and formalize . We finally prove that the consistency of both formalizations with the theory follows from Theorem 2 and our work on formally-verified model-checkers.
4.1 A universal machine
A canonical -complete problem called is:
Given as input, where is a (number coding a) non-deterministic machine, and and are numbers written in binary, does accept in at most steps?
A non-deterministic exponential-time machine for , on input , guesses and verifies a time- computation of on . We ask for an implementation of this so that a weak theory can verify its correctness. This is a quite direct consequence of Lemmas 20 and 26.
Lemma 27.
There exists an explicit -machine with one input-tape and without oracles, such that for every explicit -machine with one input-tape and without oracles, say witnessed by the term , there are quantifier-free -formulas and such that
-
(a)
-
(b)
In particular,
-
3.
Proof.
Let be -functions that extract from . Define -formulas as follows:
Let be the machine given by Lemma 20 applied to , and let be the corresponding term. Since is a -formula, let and be the term and the quantifier-free -formula given by Lemma 20.7. We set to the explicit -machine given by Lemma 25 applied to with term witnessing it as explicit -machine by Lemma 20.e. In the proof of (a)–(b) we use the quantifier-free -formulas given by Lemma 25 on .
For (a) we set where abbreviates and in both cases abbreviates . Argue in and assume is an accepting computation of on . Since is explicit and is a term witnessing it, we have that is an accepting time- computation of on , for . It follows that holds, and hence holds. Since is a -formula, by Lemma 20.7 we have that the set is an accepting computation of on . Such a exists by -comprehension because is a quantifier-free -formula. By Lemma 25.a we get that the set is an accepting computation of on ; i.e., the right-hand side of the implication in (a) holds. Again, exists by -comprehension.
For (b) we set where, again, abbreviates . Argue in and assume is an accepting computation of on . Then, by Lemma 25.b we have that the set is an accepting computation of on for . The two sets and exist by -comprehension. Now, Lemma 20.a implies that holds; i.e., is an accepting time- computation of on , for , and hence also an accepting computation of on . This shows that the right-hand side in the implication in (b) holds.
The final statement follows from (a) and (b) by -comprehension. ∎
4.2 Formalization
The introduction claimed that the theories and both formalize . This is easy to check:
Proposition 28.
The following are equivalent.
-
(a)
.
-
(b)
is true.
-
(c)
is true for some explicit -machine .
-
(d)
is true.
-
(e)
is true for some explicit -machine .
Proof.
We show that (a)-(b)-(c) are equivalent, and that (a)-(d)-(e) are equivalent. To see that (a) implies (b), assume (b) fails; i.e., is true for some . Then . As is -complete, (a) fails. That (b) implies (c) is trivial since is an explicit -machine. That (c) implies (a) is obvious since every explicit -machine defines a language in . To see that (a) implies (d) argue as in the proof that (a) implies (b) swapping for . That (d) implies (e) is trivial since is an explicit -machine. Finally, that (e) implies (a) follows from the Easy Witness Lemma 4. ∎
It is straightforward to see that the equivalences (b)-(c) and (d)-(e) in Proposition 28 have direct proofs (i.e., proofs that do not rely on the easy witness lemma). We use Lemma 27 to prove this on the formal level, for both formalizations.
Lemma 29.
For every and every -input explicit -machine without oracles there is such that proves and .
Proof.
We refer to the implication between ’s as the -case, and to the implication between ’s as the -case. Both have similar proofs, so we prove them at the same time. Let be witnessed by the term . Let and be the formulas given by Lemma 27 on . Argue in and assume or , as appropriate. Let be given. We aim to find a circuit in the -case, and two circuits in the -case, witnessing or , respectively, for the given , and for suitable . Choose such that for all . In the -case, let be a circuit with that witnesses for . In the -case let be circuits with that witness for .
Choose such that and such that . This will be the witness-circuit in the -case, and the first of the two witness-circuits in the -case. For the latter, we choose the second circuit as follows. Choose formulas according to Lemma 27. By Lemma 14 there is a circuit such that
for all with . Then for suitable . This is the we choose in the -case.
We claim that witnesses for the given in the -case, and witness for the given in the -case. Let and choose . Let be any set and let , which exists by -comprehension. If , then and both and imply that is not an accepting computation of on . By Lemma 27.a this means that is not an accepting computation of on . In both cases, this completes one half of the verification of the witnesses. If , then and implies that there exists an accepting computation of on , and implies that is such an accepting computation of on . But then Lemma 27.b implies that , which exists by -comprehension, is an accepting computation of on . In both cases, this completes the other half of the verification of the witness: in the -case, because . ∎
4.3 Consistency
For every explicit -machine , which by default has one input-tape and no oracles, recall that for as in Definition 3. For a theory that extends , consider the following A-statements for :
| A: | is consistent for some explicit -machine , |
| A0: | is consistent. |
Consider also the corresponding B-statements for :
| B: | is consistent for some explicit -machine , |
| B0: | is consistent. |
Next, recall the statement of Theorem 2, which we now state for an arbitrary theory that extends . We refer to it as the C-statement, or the direct consistency statement for :
| C: | is consistent for some -formula . |
Let us explicitly point out that the formula of the C-statement has only one free variable of the number sort, and no free variables of the set sort.
Lemma 30.
For every and every explicit -machine with one input-tape and without oracles, proves .
Proof.
The formula states that the (single) existential set-quantifier in is witnessed by , and this set exists by -comprehension. ∎
We view the following proposition as justification that our formalization is faithful. It takes record of which implications in Proposition 28 hold over weak theories.
Proposition 31.
Let be a theory extending and consider the A,B,C-statements for . Then, the following hold: the A-statements are equivalent, the B-statements are equivalent, and both A-statements imply both B-statements as well as the C-statement.
Proof.
Lemma 30 and compactness show that each A-statement implies the corresponding B-statement. Further, Lemma 29 proves that the A-statements are equivalent, and that the B-statements are equivalent; for the back implications note that is certainly an explicit -machine. Further, it is obvious from the definition of that A implies C and hence both A-statements imply C. ∎
When , we argue below that the model-checker lemmas can be used to show that the implication A-to-C in Proposition 31 can be reversed. It will follow that all A,B,C-statements for are equivalent. Composing with Theorem 2 we get the following corollary, which entails Theorem 7.
Theorem 32.
For all statements C, A, A0, B, B0 are true.
5 Consistency for barely superpolynomial time
In this section we fix such that
-
(r0)
the function is computable in time ;
-
(r1)
;
-
(r2)
;
-
(r3)
for every polynomial there is such that ;
-
(r4)
for every there is such that .
We call a function satisfying (r4) length-superpolynomial. An explicit -machine is an explicit -machine that is witnessed by for some polynomial .
Here, we deviate from our convention that explicit machines are witnessed by terms and allow -symbols. In the notation , the is there to emphasize that the runtime is measured as a function of the input and not its length. If we want to measure runtime as a function of the length of the input, then we use instead of . For example, is given by the collection of explicit -machines with , and the classes and are given by the collections of explicit -machines for and , respectively; the latter two satisfy (r0)-(r4), if in the second.
Remark 33.
(r3) is not implied by the other conditions.
Proof.
We shall define a function which consists of slow growing segments interspersed with fast growing segments. First, choose a fast growing function so that depends only on and so that . For instance works. Second, define be increasing with and with for all . Let and be the first and last numbers of length and , respectively. Finally, let for , and let for . The slow growing segments of are where , and here is chosen to be as slow growing as possible while satisfying (r1) and (r2).
Clearly, and can be chosen so that is in and properties (r0), (r1), (r2), and (r4) hold for . We claim (r3) fails for .
Indeed, let be given and choose such that . Then
where the last inequality follows from (r2). ∎
5.1 A more general universal machine
We start with the analogue of Lemma 27.
Lemma 34.
There is an explicit -machine with one input-tape and without oracles such that for every explicit -machine with one input-tape and without oracles there are and quantifier-free -formulas and such that
-
(a)
-
(b)
In particular,
-
3.
Proof.
Choose according to Lemma 20 a machine and a term for
By the comment after Equation (7), there is a polynomial so that provably in . By Lemma 20.d, there is a polynomial so that provably in . For choose a machine and a term according to Lemma 25. By Lemma 25.c, there is a polynomial so that .
Define to compute on as follows. It first checks that for certain and computes ; if the check fails, the machine stops. After this initial computation runs on . The initial computation can be implemented with explicit -machines (Lemma 19), say with time bound for a polynomial . Then is an explicit -machine. Indeed, it is witnessed by for a polynomial . Here we use that -provably are bounded by , and is non-decreasing with by (r1) and (r2).
Let be an explicit -machine, say witnessed by for a polynomial . Choose for according to (r3).
For (a), argue in and assume is an accepting computation of on . Then is time , so by (r3) we can repeat the halting configuration to get an accepting time computation of on , i.e., holds. By Lemma 20.7, the set is an accepting computation of on the triple . By Lemma 25.a, the set is an accepting computation of on the triple . Compose with an initial computation of on to get an accepting computation of on . It is clear that for some quantifier-free -formula .
For (b), argue in and let be an accepting computation of on . From extract an accepting computation of on the triple . By Lemma 25.b, is an accepting computation of on the triple where . Clearly, can be described by a quantifier-free -formula, so and exist by -comprehension. Hence, by Lemma 20.a, holds, i.e., is an accepting time- computation of on . By (r3) we can shrink to time and get an accepting computation of on . Clearly, for some quantifier-free -formula .
Finally, (c) follows from (a) and (b) by -comprehension. ∎
5.2 Formalization
To faithfully formalize we intend to follow the path paved in Section 4. Some modification are, however, required. First, we need an analogue of the Easy Witness Lemma. This has been achieved by Murray and Williams [27]:
Lemma 35.
Let be a function that is increasing, time-constructible, and superpolynomial. If , then every -machine has polynomial-size witness circuits.
That is superpolynomial means that for every there is such that for all . That has witness circuits of size , where is a function, means that for every that is accepted by , there exists a circuit of size at most such that encodes an accepting computation of on . Note that, in contrast to Lemma 4, the circuit can depend on . We do not know whether Lemma 35 holds true for oblivious witness circuits as in Lemma 4.
Lemma 36 (Lemma 4.1 in [27]).
There are with such that for all increasing time-constructible functions and , and for , if , then every -machine has witness circuits of size , provided that and for a sufficiently large .
Proof of Lemma 35 from Lemma 36.
We start noting that there is a non-deterministic machine that decides the problem defined in Section 4.1 in time on input : after reading the input, guess the non-deterministic choices of and deterministically in time simulate the computation path of on input as determined by those choices, where is a simulation overhead constant that depends only on and that we may assume is at most .
Assume . Fix with and an -machine . We intend to apply Lemma 36 to for a suitably chosen , with in the role of . For that, we will need to show that for the chosen , where is the first of the two constants in Lemma 36.
The restriction of to inputs of the form runs in time . Therefore, the set of pairs such that accepts on input is in , so by the assumption, it is decided by circuits of size for a suitable polynomial .
Now, choose as a polynomial such that for every non-deterministic Turing machine and every that is sufficiently long with respect to it holds that . We verify that : if is a set in and is a non-deterministic Turing machine that witnesses this, then, for sufficiently long , we have that is in if and only if accepts on . Hence, by the choice of , the set is in .
The requirements of Lemma 36 that and for a sufficiently large constant are obviously met because is polynomially bounded and is superpolynomial. Lemma 36 applied to and then gives that has witness circuits of size , where is the second of the two constants in Lemma 36. Since is polynomially bounded, also this function is polynomially bounded. Thus, has polynomial-size witness circuits. ∎
Lemma 35 enables a -formalization of :
Definition 37.
For an explicit -machine with one input-tape and without oracles define
Let be the explicit -machine of Lemma 34. Define
The following is the analogue of Lemma 30 and is similarly proved.
Lemma 38.
For every and every explicit -machine with one input-tape and without oracles, proves .
Lemma 39.
For every and every explicit -machine with one input-tape and without oracles there is such that proves and .
Proof.
This is proved similarly as Lemma 29. We only treat the -case. Choose according to Lemma 34. Argue in . Let be given. Choose such that for all . Choose witnessing for . Choose a circuit such that for all . We shall choose large enough such that and choose to witness the first existential quantifier in for . To verify this choice, let be given.
If , then there are no accepting computations of on . By Lemma 34.a and -comprehension, there are no accepting computations of on . If , then there is a circuit such that is an accepting computation of on . By Lemma 34.b, is an accepting computation of on . By Lemma 14 there is a circuit such that for all where is a polynomial such that witnesses . Choose large enough such that . ∎
Finally, we are in the position to verify that the formulas considered formalize the intended circuit lower bound.
Proposition 40.
The following are equivalent.
-
(a)
.
-
(b)
is true.
-
(c)
is true for some explicit -machine .
-
(d)
is true for some explicit -machine .
-
(e)
is true.
Proof.
To see that (a) implies (b), assume (b) fails, so is true for some . Then the problem accepted by is in . By Lemma 34 this problem is -hard under polynomial time reductions. Since is downward-closed under polynomial-time reductions, (a) fails. The claim that (b) implies (c) is trivial since is an explicit -machine. That (c) implies (d) follows from Lemma 38. That (d) implies (e) follows from Lemma 39. That (e) implies (a) follows from Lemma 35: by (r1) there is a function such that for every ; then where the time-bound on the left is written as a function of the input and on the right as a function of its length ; further, is time-constructible by (r0) and (r1), increasing by (r2) and superpolynomial by (r4). ∎
5.3 Consistency
For a theory that extends , the new A,B-statements are the following:
| Ar: | is consistent for some explicit -machine , | |
| Br: | is consistent for some explicit -machine , | |
| A0r: | is consistent. | |
| B0r: | is consistent. |
To define the corresponding C-statement, we say that the bounding term of a -formula is polynomial in if proves for some polynomial . Then:
| Cr: | is consistent for some -formula whose | |
| bounding term is polynomial in . |
Before we prove the analogue of Theorem 32 we state the proof complexity lower bound on which it is based. Recall the Pigeonhole Principle formula from the proof of Theorem 2. The first strong lower bounds on the provability of were due to Ajtai [1]; here we need the later quantitative improvements from [4]. This can be called the gem of proof complexity. We use it in the following form. Recall that a function is called length-superpolynomial when it satisfies (r4).
Theorem 41 (Gem Theorem).
For every length-superpolynomial -function , the theory does not prove .
Proof.
Consider the Paris-Wilkie propositional translations for ; see [22, Definition 9.1.1] in the form used in [22, Corollary 9.1.4]. Assume for contradiction that is provable in . Then, there exist constants such that for every sufficiently large , the propositional formulas have Frege proofs of depth and size : apply [22, Corollary 9.1.4] with the function and note that is conservative over the theory considered there: from a model of that theory, get a model of by just adding all bounded sets that are definable by bounded formulas.
Now, let be large enough to ensure this upper bound and at the same time such that , which exists because is length-superpolynomial. Setting , this means that the propositional formula has Frege proofs of depth and size bounded by an exponential in . It is well-known that if is sufficiently large, then this is false; see [22, Theorem 12.5.3]. ∎
Theorem 42.
For , all statements Cr, Ar, A0r, Br, B0r are true.
Proof.
The analogue of Proposition 31 for the Ar,Br,Cr-statements has the same proof using Lemmas 38, 39 in place of Lemmas 30, 29. Note that the claim that Ar implies Cr follows from the remark after Equation (9). As in the proof of Theorem 32, that Cr implies Ar for follows from Lemma 26.a and 26.b. We also need 26.c along with by (r1) and (r2) to guarantee that the explicit -machine is an explicit -machine.
We are left to show that Cr holds for . This is proved by tightening the choice of parameters in the argument that proved Theorem 2.
Consider the formula
| (13) |
and write this as , where ; i.e., and with and as -functions. The formula is logically equivalent to a -formula whose bounding term is polynomial in by (r1) and (r2). We claim that is consistent, which will give Cr.
For the sake of contradiction, assume otherwise. By compactness, there exists such that proves . As in the proof of Theorem 2, we show that this implies that proves , which contradicts the Gem Theorem by (r4).
Argue in and set , where . Then on gives a circuit such that, for all and with , we have
Noting that for all , fix to in the circuit and get a circuit such that
Recall that proves that is inductive. Hence, plugging for gives by quantifier-free -induction. ∎
6 Magnification
For this section, a -formula is a -formula as in (5) in which its maximal -subformula is a -formula.
Lemma 43.
For every and every -formula without free set variables, the theory proves
| (14) |
Proof.
Argue in . For simplicity assume is empty. For choose according to Lemma 26. Note that since does not have free set variables, is without oracles. By Lemma 26.5, the formula is equivalent to
By Lemmas 30 and 29 we have for some . Let be given and choose with . Let witness for . This witnesses (14). ∎
It follows that over the circuit upper bound statement implies comprehension for -formulas without free set variables. For later reference, we note that allowing free set variables entails full -comprehension:
Lemma 44.
-comprehension proves .
Proof.
Let denote -comprehension. Since -comprehension proves , it suffices to show that the set of formulas that are -provably equivalent to an -formula is closed under , , , and . We verify the latter: the formula
with a -formula is -provably equivalent to
where abbreviates the atomic formula . Indeed, assuming the former formula, the latter is proved by induction on . As the latter is an -formula, induction for it follows from comprehension. ∎
The following lemma makes precise the idea sketched in Section 1.3.
Lemma 45.
For every and every model of , there exists such that is a model of .
Proof.
By -comprehension, for every that is a circuit in the sense of there is a set such that
By extensionality such a set is uniquely determined by and we write for it. For these two claims we used the fact that holds in every model of .
Let
Since , the model satisfies all -sentences which are true in , so in particular extensionality, set boundedness, -induction, and .
The point of the model is that it eliminates set parameters. More precisely, let be a -formula with parameters from , and define as follows: replace every subformula of the form where is a term (possibly with number parameters from ) and is a set parameter from by (i.e., by ). Note every set parameter in becomes a number parameter in , and
| (15) |
Claim: .
Proof of the Claim. It suffices to show that models -comprehension. So let be a -formula with parameters from and . Then is a number-sort formula, namely a -formula with (number) parameters from . Since , Buss’ witnessing theorem implies that is equivalent in to a quantifier-free -formula with the same parameters. Lemma 14 applied to gives a circuit in the sense of such that
Then and satisfies by (15).
Proof of Theorem 10.
Assume that is inconsistent with “”. By compactness, proves for some . Let be a number sort consequence of and a model of . We have to show that . But by Lemma 45 there exists such that , so , and . ∎
Proof of Theorem 11.
Assume does not prove “”, say, it does not prove . Then there is a model of . By Lemma 45 there exists such that . Since is a -formula, we have . Thus, does not prove “”. ∎
Remark 46.
The introduction mentioned that Theorem 11 might raise hopes to complete Razborov’s program by construcing a model of satisfying some . There are good general methods to construct models even of certain extensions of based on forcing (see [35] and [25] for an extension). However, these methods are tailored for -statements, not like . By the method of feasible interpolation and assuming the existence of suitable pseudorandom generators, Razborov [33] proved that for every -definable and every -formula there exists a model of that for some contains a set coding a size- circuit that computes ; i.e., for every there is coding a computation of on of the truth value of . Getting a circuit (and computations) coded by a number seems to require new ideas.
The best currently known unprovability result is due to Pich [29, Corollary 6.2] and is conditional: a theory formalizing -reasoning does not prove almost everywhere superpolynomial lower bounds for SAT unless subexponential-size formulas can approximate polynomial-size circuits. Reaching seems to require new ideas.
References
- [1] M. Ajtai, The complexity of the pigeonhole principle, in Proceedings of the 29th Annual IEEE Symposium on Foundations of Computer Science, 1988, pp. 346–355.
- [2] A. Atserias, S. Buss, and M. Müller, On the consistency of circuit lower bounds for non-deterministic time, in Proc. 55th ACM Symposium on the Theory of Computing (STOC), 2023, pp. 1257–1270.
- [3] A. Atserias and M. Müller, Partially definable forcing and bounded arithmetic, Archive for Mathematical Logic, 54 (2015), pp. 1–33.
- [4] P. Beame, R. Impagliazzo, J. Krajíček, T. Pitassi, P. Pudlák, and A. Woods, Exponential lower bounds for the pigeonhole principle, in Proceedings of the 24th Annual ACM Symposium on Theory of Computing, 1992, pp. 200–220.
- [5] A. Beckmann and S. R. Buss, Improved witnessing and local improvement principles for second-order bounded arithmetic, ACM Transactions on Computational Logic, 15 (2014). Article 2, 35 pages.
- [6] S. R. Buss, Bounded Arithmetic, Bibliopolis, Naples, Italy, 1986. Revision of 1985 Princeton University Ph.D. thesis.
- [7] S. R. Buss, L. A. Kołodziejczyk, and K. Zdanowski, Collapsing modular counting in bounded arithmetic and constant depth propositional proofs, Transactions of the AMS, 367 (2015), pp. 7517–7563.
- [8] J. Bydžovský, J. Krajíček, and I. C. Oliveira, Consistency of circuit lower bounds with bounded theories, Logical Methods in Computer Science, 16 (2020), pp. 12:1–12:16.
- [9] J. Bydžovský and M. Müller, Polynomial time ultrapowers and the consistency of circuit lower bounds, Archive for Mathematical Logic, 59 (2020), pp. 127–147.
- [10] M. Carmosino, V. Kabanets, A. Kolokolova, and I. C. Oliveira, LEARN-uniform circuit lower bounds and provability in bounded arithmetic, in Proc. 62nd IEEE Symposium on Foundations of Computer Science (FOCS), 2021, pp. 770–780.
- [11] L. Chen, S. Hirahara, I. C. Oliveira, J. Pich, N. Rajgopal, and R. Santhanam, Beyond natural proofs: Hardness magnification and locality, Journal of the ACM, 69 (2022), pp. 25:1–25:49.
- [12] S. A. Cook and J. Krajív cek, Consequences of the provability of , Journal of Symbolic Logic, 72 (2010), pp. 1353–1371.
- [13] M. Furst, J. B. Saxe, and M. Sipser, Parity, circuits and the polynomial-time hierarchy, Math. Systems Theory, 17 (1984), pp. 13–27.
- [14] R. Impagliazzo, V. Kabanets, and A. Wigderson, In search of an easy witness: Exponential time vs. probabilistic polynomial time, Journal of Computer and Systems Sciences, 65 (2002), pp. 672–694.
- [15] E. Jeřábek, Dual weak pigeonhole principle, Boolean complexity, and derandomization, Annals of Pure and Applied Logic, 124 (2004), pp. 1–37.
- [16] , Weak Pigeonhole Principle, and Randomized Computation, PhD thesis, Charles University, Prague, 2005.
- [17] , Approximate counting in bounded arithmetic, Journal of Symbolic Logic, 72 (2007), pp. 959–993.
- [18] R. Kannan, Circuit-size lower bounds and non-reducibility to sparse sets, Information and Control, 55 (1982), pp. 40–56.
- [19] R. M. Karp and R. J. Lipton, Turing machines that take advice, L’Enseignement Mathematique, 28 (1982), pp. 191–209. Earlier version appeared in STOC’80.
- [20] J. Krajíček, Exponentiation and second-order bounded arithmetic, Annals of Pure and Applied Logic, 48 (1990), pp. 261–276.
- [21] , No counter-example interpretation and interactive computation, in Logic From Computer Science: Proceedings of a Workshop held November 13-17, 1989, Mathematical Sciences Research Institute Publication #21, Springer-Verlag, 1992, pp. 287–293.
- [22] , Bounded Arithmetic, Propositional Calculus and Complexity Theory, Cambridge University Press, Heidelberg, 1995.
- [23] , Forcing with Random Variables and Proof Complexity, Cambridge University Press, 2011.
- [24] J. Krajíček and I. C. Oliveira, Unprovability of circuit lower bounds in Cook’s theory PV, Logical Methods in Computer Science, 13 (2017).
- [25] M. Müller, Typical forcings, NP search problems and an extension of a theorem of Riis, Annals of Pure and Applied Logic, 172 (2021), p. 102930.
- [26] M. Müller and J. Pich, Feasibly constructive proofs of succinct weak circuit lower bounds, Annals of Pure and Applied Logic, 172 (2020), p. 102735.
- [27] C. D. Murray and R. R. Williams, Circuit lower bounds for nondeterministic quasi-polytime from a new easy witness lemma, SIAM Journal on Computing, 49 (2020), pp. STOC18–300–STOC18–322.
- [28] I. C. Oliveira and R. Santhanam, Hardness magnification for natural problems, in Proc. 59th IEEE Symposium on Foundations of Computer Science (FOCS), 2018, pp. 65–76.
- [29] J. Pich, Circuit lower bounds in bounded arithmetic, Annals of Pure and Applied Logic, 166 (2015), pp. 29–45.
- [30] , Logical strength of complexity theory and a formalization of the PCP theorem in bounded arithmetic, Logical Methods in Computer Science, 11 (2015), pp. 1–38.
- [31] J. Pich and R. Santhanam, Strong co-nondeterministic lower bounds for NP cannot be proved feasibly, in Proc. 53rd ACM Symposium on Theory of Computing (STOC), 2021, pp. 223–233.
- [32] A. A. Razborov, Bounded arithmetic and lower bounds in Boolean complexity, in Feasible Mathematics II, P. Clote and J. Remmel, eds., Boston, 1995, Birkhäuser, pp. 344–386.
- [33] , Unprovability of lower bounds on the circuit size in certain fragments of bounded arithmetic, Izvestiya of the RAN, 59 (1995), pp. 201–224.
- [34] , Pseudorandom generators hard for -DNF resolution and polynomial calculus resolution, Annals of Mathematics, 181 (2015), pp. 415–472. Preprint online in 2003.
- [35] S. Riis, Finitization in bounded arithmetic, Tech. Rep. RS-94-23, Basic Research in Computer Science, 1994. 34 pages.
- [36] R. Santhanam and R. Williams, On uniformity and circuit lower bounds, Computational Complexity, 23 (2014), pp. 177–205.
- [37] G. Takeuti, Bounded arithmetic and truth definition, Annals of Pure and Applied Logic, (1988), pp. 75–104.
- [38] R. Williams, Improving exhaustive search implies superpolynomial lower bounds, SIAM Journal on Computing, 42 (2013), pp. 1218–1244.
- [39] , Natural proofs versus derandomization, SIAM Journal on Computing, 45 (2016), pp. 497–529.
