Proof Complexity Generators

• Proof Complexity Generators are polynomial-time functions designed to produce propositional tautologies that are hard to prove in strong proof systems.
• They leverage cryptographic assumptions and bounded arithmetic to construct formulas whose proof complexity elucidates fundamental separations like NP versus coNP.
• The associated Disjoint Disjunction search problem illustrates the breakdown of efficient proof decomposition, offering a pathway to demonstrate proof lower bounds.

A proof complexity generator is a polynomial-time computable function whose structure is specifically designed to create hard propositional tautologies for propositional proof systems, with the ultimate goal of establishing lower bounds on proof size and clarifying separations between NP and coNP. Recent research has connected the construction and analysis of such generators to cryptographic primitives (e.g., one-way permutations), bounded arithmetic model theory, and the complexity of related search problems, especially those lying in NP ∩ coNP.

1. Formal Definition and Motivation

A proof complexity generator (PCG) is formally a (possibly non-uniform p/poly) function

$g : \{0,1\}^n \to \{0,1\}^m$

with $m > n$, where $g$ is efficiently computable. The key property is that, for inputs $b \notin \operatorname{Rng}(g)$, the statement “$b$ is not in the range of $g$” can be encoded as a propositional tautology, denoted $\tau(g)_b$. The interest is in the complexity of proofs for these tautologies in a given proof system $P$.

The philosophical and technical goal is to generate “hard” tautologies: formulas that require large proofs in strong proof systems. PCGs often arise from the hardness of inverting certain NP ∩ coNP functions, especially when based on cryptographic assumptions such as one-way permutations.

2. The Disjoint Disjunction Search Problem (DD_P)

A central concept is the “Disjoint Disjunction” search problem $\mathrm{DD}_P$, defined for a proof system $P$:

• Instance: a triple $(\pi, m, \{\alpha_i\}_{i < m})$, where $\pi$ is a $P$-proof of the disjunction $\bigvee_{i < m} \alpha_i$, and the formulas $\alpha_i$ are pairwise disjoint (no shared atomic variables).
• Task: Find $i < m$ such that $\alpha_i$ is a tautology (i.e., $\alpha_i \in \mathrm{TAUT}$).

The problem $\mathrm{DD}_P$ is a total $\Sigma^p_2$ search problem: for each valid instance, such a witness exists by virtue of a complete (sound) proof system.

This search problem highlights whether, given a proof of a disjoint disjunction, one can efficiently extract a proof (or simply identify) a specific true disjunct. This property is related to the so-called “feasible disjunction property” of a proof system: the ability to decompose a proof of a disjunction into proofs of individual disjuncts in polynomial time.

3. Hypothesis (ST) and Its Consequences for NP vs coNP

The hypothesis (labelled (ST) for “Student-Teacher”) is formulated as follows:

There exists a strong proof system $P$ for which the problem $\mathrm{DD}_P$ cannot be solved by a student (an algorithm in $\mathsf{P}/\mathsf{poly}$) in a constant number of rounds in the “student-teacher” model.

Explicitly, $$\mathrm{DD}_P \notin \mathrm{ST}[\mathsf{P}/\mathsf{poly}, O(1)]$$, where the S-T model considers interaction between a computationally bounded “student” and an all-powerful “teacher.”

A crucial result is that if Hypothesis (ST) holds—together with a certain model-theoretic assumption about extensions of models in bounded arithmetic—then it follows that $NP \neq coNP$. The underlying intuition is that, if extracting tautological disjuncts from disjoint disjunctions is computationally intractable, then not all tautologies can have short proofs in the underlying proof system; this precludes $NP=coNP$.

Additionally, the hypothesis (ST) is shown to follow from the cryptographic assumption that strong one-way permutations exist, as established via the Nisan-Wigderson generator analysis.

4. Model-Theoretic Framework and Its Role

A significant part of the theoretical underpinnings comes from model theory of bounded arithmetic. The relevant model-theoretic assumption concerns the existence of extensions of nonstandard models of $T_{PV}$ (the universal theory of polynomial-time computations) with the property that certain computational “lengths” or domains are preserved, and a given propositional formula $\varphi$ becomes (un)satisfiable in the extension.

This technical assumption, if true, enables the transfer of independence results—in particular, the inability to resolve certain search problems or proof lower bounds in propositional proof systems—from arithmetic to propositional frameworks. In the context of proof complexity generators, this helps bridge the gap between arithmetically established limitations and proof-theoretic hardness, and is pivotal in showing that (ST) implies $NP\neq coNP$.

5. Cryptographic and Structural Connections: NP ∩ coNP Hardness

Proof complexity generators, especially those constructed in the Nisan-Wigderson style, derive their hardness from functions $f \in NP \cap coNP$ that are “one-way” or hard to invert (i.e., not computable by small circuits or algorithms). Assuming strong one-way permutations, it can be shown that for some explicit generator $g$, the associated tautologies $\tau(g)_b$ are not efficiently provable in strong proof systems.

This establishes a deep link between proof complexity and foundational cryptography: cryptographic hardness assumptions underwrite the difficulty of generating short tautological proofs, and thus, the separation between NP and coNP may in part hinge on the intractability of witness search for $\Sigma^p_2$ problems built from such generators.

6. Open Questions and Future Directions

The paper identifies several notable open questions and directions for further work:

• Model-theoretic extension property: Whether the required extension property for bounded arithmetic models holds in full generality remains open. A negative answer would itself separate $NP$ from $coNP$ unconditionally.
• Universality of (ST): Does the non-solvability of $\mathrm{DD}_P$ in the S-T model hold for all strong proof systems, or only some? This impacts the generality of the feasible disjunction limitation.
• Further development of PCGs: Refinements in the construction of proof complexity generators may inform better methods for proving proof lower bounds, and help realize explicit hard tautology families.
• Interplay with disjunction property: Understanding failure modes of the feasible disjunction property and its implications for proof size, proof search, and the architecture of proof systems is a central problem for future paper.
• Use of advanced model-theoretic tools: Expanding the interaction between Boolean-valued models, finite model theory, and bounded arithmetic models could yield further breakthroughs.

Summary Table of Key Concepts

Concept	Definition / Statement	Consequence / Usage
Proof Complexity Generator $g$	$g: \{0,1\}^n \to \{0,1\}^m$, p-time computable	Generates tautologies $\tau(g)_b$ likely hard to prove
$\tau(g)_b$ (Tau-Tautology)	Propositional statement that $b \notin \operatorname{Rng}(g)$	Candidate for large proof size in proof systems
$\mathrm{DD}_P$ Search Problem	Given $P$-proof $\pi$ of disjoint $\bigvee_{i} \alpha_i$, find $i$ with $\alpha_i \in \mathrm{TAUT}$	Probes feasible disjunction property
Hypothesis (ST)	$\exists$ strong $P$: $$\mathrm{DD}_P \notin \mathrm{ST}[\mathsf{P/poly}, O(1)]$$	If true, implies $NP \neq coNP$ (model-theoretic support)
Model-Theoretic Assumption	Extensions of models $$\mathbf{M} \subseteq \mathbf{M}^* \subseteq \mathbf{M}'$$ with preserved sizes	Enables transfer of S-T intractability to proof lower bounds
Strong Feasible Disjunction Property	Ability to decompose disjunction proofs into proofs of disjuncts efficiently	Shown to fail for strong systems via above frameworks

Technical Formulations

• Tau-Tautology:

$$\forall x\, (|x| = n)\, \exists i < m\, \forall y_i\, A_b(x, i, y_i)$$

• Disjoint Disjunction:

$$\bigvee_{i < m} \alpha_i \qquad \text{with disjoint atom sets}$$

• Student-Teacher Model: Total $\Sigma^p_2$ search solvable in $t(n)$ rounds with a $\mathsf{P/poly}$ “student.”

Conclusion

The theory of proof complexity generators provides a bridge from cryptographic assumptions and model-theoretic techniques in bounded arithmetic to concrete lower bounds in propositional proof complexity. Central search problems such as $\mathrm{DD}_P$, grounded in the structural properties of PCGs, offer a pathway to separating NP from coNP by exposing fundamental limitations in the decomposability and tractability of proofs in strong propositional systems. The open technical and conceptual challenges, particularly those involving model-theoretic extension properties and the universality of feasible disjunction failure, represent key strategic frontiers for continued research in the field.