Shared Versus Private Randomness in Distributed Interactive Proofs

In distributed interactive proofs, the nodes of a graph G interact with a powerful but untrustable prover who tries to convince them, in a small number of rounds and through short messages, that G satisfies some property. This series of rounds is followed by a phase of distributed verification, which may be either deterministic or randomized, where nodes exchange messages with their neighbors. The nature of this last verification round defines the two types of interactive protocols. We say that the protocol is of Arthur–Merlin type if the verification round is deterministic. We say that the protocol is of Merlin–Arthur type if, in the verification round, the nodes are allowed to use a fresh set of random bits. In the original model introduced by Kol, Oshman, and Saxena [PODC 2018], the randomness was private in the sense that each node had only access to an individual source of random coins. Crescenzi, Fraigniaud, and Paz [DISC 2019] initiated the study of the impact of shared randomness (the situation where the coin tosses are visible to all nodes) in the distributed interactive model. In this work, we continue that research line by showing that the impact of the two forms of randomness is very different depending on whether we are considering Arthur–Merlin protocols or Merlin–Arthur protocols. While private randomness gives more power to the first type of protocols, shared randomness provides more power to the second. We also show that there exists at most an exponential gap between the certificate size in distributed interactive proofs with respect to distributed verification protocols without any randomness.