1 Introduction to distributed decision
1.1 Distributed computing and local algorithms
A domain of distributed computing.
Distributed computing is the field of computer science that studies the systems in which several entities communicate in order to complete a task, without central control. These entities can be agents in a networks, animals, robots etc., but we will simply consider machines. There are plenty of models to study such setting, but one can distinguish two main challenges: asynchrony and locality. Asynchrony is a problem of time. Entities may not have the same notion of time, may compute at different speed, and may crash. Locality is a problem of space. The machines may be far apart, and it may take a long time to communicate. Thus in general, a machine would not get any information from another far-away machine, and still it has to compute something meaningful globally. These two challenges are usually decoupled, and this document we focus on the second one, that is, locality.
Modelling networks as graphs.
We consider networks of computing machines, modelled as graphs. The vertices of the graph represent the machines of the network, and the edges represent communication links. This (connected) graph is the communication graph. A concrete example would be to model a set of sensors with radio communication, by assigning a node for each sensor, and adding an edge between two sensors that are close enough to communicate by radio one with other.
The natural model of distributed algorithms on graphs uses messages, that the nodes can send and receive in rounds. We use a more abstract model with the nodes having a partial view of the graph. These are equivalent (see Subsection 1.6). We consider that every node can see the subgraph induced by the nodes at some distance from itself, and has to output a relevant value, only based on this knowledge. That is, every node has a partial view of the graph, and its output is independent of the parts of graph that are outside this view. See Figure 1. An algorithm in this model may be called a local algorithm. The smaller the radius of the view, the more local the algorithm. The constraint of not being able to communicate with nodes that are far away can be called the locality constraint, and the theory that focus on this constraint is usually refered to as the study of locality.
A typical question about locality is: can every node output a colour such that the colouring has some global property, if we impose that every node can only see at a bounded distance? Typical research in the field consists in designing local algorithms for computing such a colouring with the smallest possible views. Remark that the graph is both the input (it is this one graph that we want to colour) and the structure that defines the neighbourhoods of the nodes. The approach we take here is a bit different from this colouring question, in the sense that we do not seek to construct a solution to a problem. Instead we want to check whether the current solution is correct. That is, we consider decision problems and not construction problems.
From construction to decision.
In centralized computing, decision problems are the foundation of the theory of complexity. The current decade has seen efforts to define a theory of complexity for distributed computing, based on a distributed version of decision problems. In a problem of distributed decision, the input is the communication graph, with some additional labels on the nodes and edges, and the machines have to collaborate for deciding whether this input corresponds to a proper configuration with respect to a fixed predicate. For example, in a setting where every node is given a colour, we want to check that no edge has the same colour on both endpoints. The way the nodes take a global decision will be specified later, but it is based on a local process: every node will just have access to a small view of the graph.
Motivations for a new field.
Motivations for the study of distributed decision range from practical to theoretical. On the practical side, deciding whether a configuration of the network is in a proper state is a natural primitive when the network is subject to faults. Focusing on this kind of problems is useful as a building block for more complex systems (concrete examples will come later in this section). On a more theoretical point of view, distributed decision gives insights about distributed construction (we will see an example in the paragraph about probabilistic decision). Nonetheless the links between construction and decision are not as tight as in centralized computing, which is why distributed decision is a field in itself. Another motivation comes from the division we have mentioned earlier, between asynchrony and locality in distributed computing. It is unfortunate that the two aspects are so rarely tackled together. A concrete reason why this happens is that the algorithmic problems studied in these two subfields are of very different nature. For example, locality-oriented research would typically focus on combinatorial optimization problems, while the asynchrony-oriented research will typically focus on reaching some form of consensus between the processes. An expectation of distributed decision is that checking whether some configuration satisfies some predicate is general enough to fit in both frameworks. Here we will only deal with the locality perspective, but we give in Subsection1.6 a few pointers to papers aiming at bridging the gap.
How to decide when there are several machines.
Decision in centralized computing is easy to define: there is one input to consider, and one decision to make, accept or reject. In distributed computing, there are several machines, thus different partial views of the input, and different outputs. Every node will output a local decision and those local decisions will be aggregated to define a global decision. For the aggregation of the decisions, a natural choice is to accept a configuration if and only if, all the nodes locally accept, and this is our choice. Other aggregation mechanisms have been studied, but the literature mostly focuses on this one, because of its simplicity and its practical relevance. Indeed, in a practical scenario, every node is checking regularly its neighbourhood, and if something looks wrong, it raises an alarm or launch a recovery procedure that resets the whole network.
Languages and examples.
So far, we have informally described decision as the task of determining whether the graph is in a correct state with respect to some predicate. In distributed decision, one usually considers languages, just like in centralized computing. A language is a set of configurations, that is a set of graphs whose nodes (and more rarely edges) can be labelled. The labels can be called inputs. The instances in the language may be called yes-instances and the others no-instances. Examples of languages are: the graphs that can be properly coloured with some given number of colours (this language has empty input labels), graphs that are properly coloured (the inputs are colours), graphs that are trees, etc.
We will always assume that the nodes have distinct identifiers (or ID for short), that is, every node is given a number, and these numbers are different. This will be detailed and justified later. An important point is that a language should not refer to the identifiers, for example a set of graphs where the node with identifier 1 has some special property, is not a language.
1.2 Basic decision and its limits
Basic decision mechanism.
The basic decision mechanism for a given language is a deterministic procedure. Every node gathers the knowledge of its neighbourhood at some distance, and then decides to accept or reject based on this view. More precisely, for a given language, a basic scheme consists in a local algorithm, that first gathers the neighbourhood at some fixed constant distance (that is, it gets a snapshot containing the structure of the graph, the identifiers, and the inputs of the nodes within this radius ), and then decides to output accept or reject. This algorithm is the same at every node. See Figure 2 for a concrete example.
Now, one can try to define a local algorithm for checking that the communication graph is a tree, that is, checking the acyclicity of the underlying graph. This is actually impossible, that is, there is no such algorithm. The high-level reason for this is that, with a local view, one cannot distinguish a cycle and a path. See Figure 3 for an illustrated proof of this result. The type of reasoning used in the proof is common in distributed computing, and is called the indistinguishability technique.
The main way to cope with this limitation of the basic schemes is to consider non-determinism, which we will describe soon. But let us do a small detour to take a look at the probabilistic side.
1.3 Probabilistic decision
Allowing some randomness.
In the light of the great power of randomness for distributed graph algorithms, one is tempted to ask whether we can decide more languages if we allow the local algorithm to use random bits. In a similar way as in centralized computing (or, more precisely, as in the complexity class BPP), a scheme will be considered correct if, on yes
-instances, there is a good probability of acceptance, and onno-instances, there is a good probability of rejection. By good probability, we mean larger than some fixed constant. With this definition, randomness does help. In particular, it provides the ability to basically count up to a constant, as the following example shows.
At most one node selected.
In the example we are going to consider, every node has an input bit stating whether it is selected or not. The labelled graphs in the language are the ones that have at most one selected node. The language is called At most one selected, or Amos for short. Having at most one selected node is a global property, in the sense that two far away nodes cannot detect that they are both selected, thus no basic decision scheme can decide this language. Nevertheless, with randomness, it is decidable, and it does not even require the nodes to have any knowledge of the graph, except their own input. The trick is the following. The algorithm consists simply in stating that every unselected node accepts, and every selected node accepts with some probability . If there are no selected node then the probability that every node accepts is 1. If there is just one selected node, then it is . If two or more nodes are selected, the probability that all nodes accept is at most . This scheme is correct if we consider the following decision thresholds. If an instance is in the language, we require that the nodes accept with probability at least . If an instance is not in the language, we require that the nodes reject with probability at least . (Note that this makes sense only for some values of .)
Impact on construction tasks.
The study of probabilistic decision has led to an improvement in the understanding of construction algorithms, which is remarkable, as such new light one of the motivations for the field. It has long been known that randomness does not help for construction tasks if: (1) the solutions form a language that can been checked locally (that is, checked with a basic decision mechanism) (2) we consider only constant-time construction. This result has been extended to more problems, by proving that the first condition can be lifted from languages decided with basic decision, to languages decided with probabilistic decision.
The core topic of distributed certification is a form of non-determinism in distributed decision. Let us first recall what non-determinism is in centralized computing.
Non-determinism in centralized computing.
We will do an analogy between our model and the well-known complexity class NP. The class NP was originally defined with non-deterministic Turing machines, but the modern definition is often more handy. A decision scheme for NP is based on two entities: the machine, called theverifier, and an external oracle, called the prover. It follows the following sequence of steps. First, given the instance, the prover provides a certificate of polynomial size to the verifier. Second, the verifier runs a polynomial-time algorithm that takes as input both the instance and the certificate. Third, the verifier outputs a decision, accept or reject. Such a scheme is correct if the following condition holds for every instance: the instance is in the language, if and only if, there exists a certificate such that the verifier accepts. This can be pictured in a less formal way as: an omniscient prover trying to make the limited verifier accept, regardless of whether or not the instance belongs to the language. The verifier has to distinguish between the cases in which the prover is honest, and the cases where it is dishonest.
The classic form of non-determinism in distributed decision is called a proof-labelling scheme.111In this paragraph, we give a general definition of proof-labelling schemes, see the Historical notes in Subsection 1.5, for the original (more restricted) definition. In such a scheme, there is a prover and every node acts as a verifier. The prover provides a local certificate, also called proof, to each vertex. In general, these certificates are all different. In this new framework, the view that a node gathers, includes the certificates of the nodes within the view; in addition to the structure of the graph, the identifiers and inputs, as in a basic scheme. The local decisions are aggregated as before. The acceptance rule is similar to the one of NP, that is, for every instance: the configuration is in the language if and only if there exists an assignment of certificates that makes every node accept. The usual way to describe a scheme is to describe the way the prover crafts certificates on yes-instances, and then to explain how the nodes can distinguish between certificates of good instances, and certificates designed to mimic those on bad instances.
A concrete example: acyclicity.
Let us go back to the example we used to highlight the limitations of basic deterministic decision in Figure 3: the set of trees. We describe a proof-labelling scheme for this language. The strategy for the prover on a yes-instance (that is on a tree) is to pick an arbitrary node, the leader, and to give to every node, as a certificate, its distance to the leader. The local verifier algorithm used by the nodes is the following. The node considers the distance written on its certificate, and accepts if and only if, either (1) and all the neighbours have distance 1, or (2) it has exactly one neighbour with distance and the other neighbours have distance . It is easy to be convinced that on yes-instances, the verifier algorithm outputs accept on every node. It then requires a proof to be convinced that, if there exists a cycle in the graph, then there is always one node to catch an inconsistency, regardless of the certificate assignment the prover has designed. A sketchy proof of this fact is the following. Consider a cycle in the graph, and consider the certificates assigned by the prover to the nodes of this cycle. Consider the node that is assigned the largest number in the cycle. This node has two neighbours with equal or smaller numbers. This matches none of two cases we have described above. Thus this node rejects, and the configuration is globally rejected. See Figure 4, for a similar scheme designed for a different, but similar, language: acyclicity of a selected subgraph.
Link with self-stabilizing algorithms.
Proof-labelling schemes can be described as local non-determinism inside distributed decision, but this notion was introduced before the field of distributed decision was formally created. Proof-labeling schemes where introduced first as a way to study some specific parts of so-called (silent) self-stabilizing algorithms. Basically, a (construction) algorithm is self-stabilizing if, starting from an arbitrary state of the network, it can reach a proper configuration (with respect to a given language). At any time, such an algorithm has to check that the configuration is correct, and if it is not the case, then it has to fix it. For example, consider an algorithm whose role is to select an acyclic subset of edges (as in Figure 4). Suppose it has done so, but then some register is corrupted, a new edge is selected, and the addition of this edge creates a cycle. The algorithm has to detect that the configuration has changed, and that it is not correct any more, and has to reach a new acyclic configuration quickly. An essential step in this scenario is to detect that something is wrong, and this is of course where decision appears. For acyclic subgraph, for example, we know from Figure 3 that we cannot decide the correctness locally. A strategy to cope with this is to write some information at the nodes during the computation. That is, not only does the algorithm build an acyclic labelling, but it also mark the distances at the nodes. This way, if the graph is modified in a way that does not match the information available at the nodes, then the nodes can detect it, and launch a recovery procedure.
Considering proof-labelling schemes is a way to focus on the fault detection phase. The additional information left at the nodes in a self-stabilizing algorithms is then abstracted as an external prover.
Proof sizes and measure of the locality.
An essential aspect of a proof-labelling scheme is the size of the certificates used, that we call the proof size. The first reason for this importance is practical: small certificates are better, because in applications they use less resources. The second reason is more theoretical. If we consider only the (deterministic) basic decision mechanisms, then we can easily define a dichotomy between local and global languages. A local language would be a language for which there exists such a mechanism (as the language of properly coloured graphs in Fig. 2) and a global language would be a language such that no such mechanism exists (such as the set of trees in Fig. 3). The study of proof sizes allows a more fine-grain analysis. Remember that the certificates are assigned by an oracle that has full knowledge of the graph, thus they are, in some sense, pieces of global information given to the nodes. From this perspective, the larger the certificates need to be, the more global information we have to give to the nodes to decide, and thus the more global the language. The optimal size of the proofs for a language is then a measure (or, more rigorously, an inverse measure) of its locality. Note that this definition extends the first rough definition of local/global we had: languages that can be decided with a basic decision mechanism have proof size zero, and languages that cannot be decided this way, need non-zero proof size.
1.5 Historical notes
This subsection is a personal and partial historical view of the field. Reader not interested in history or citations may skip this part. This text is not meant to be exhaustive, see the survey for the citations of all the works of the domain.
Study of locality and locally checkable labellings.
The model of network distributed computing dates back to the 1990s with the papers of Linial , and Naor and Stockmeyer . A fundamental book on the topic, by Peleg, appeared in 2000 . In their paper, Naor and Stockmeyer define a class of (construction) problems called locally checkable labelling, or LCL for short. For these problems, the nodes may have inputs, and they have to compute outputs. A problem is in LCL if there exists an algorithm that, given a view at some constant distance, with the inputs and outputs, can decide whether the solution computed is correct. Also for LCL problems, inputs, outputs and the degrees of the graphs are assumed to be constant. This class includes many classic problems such as computing colourings, independent sets, matchings etc. Note that the definition of LCL implies that the correctly labelled instances form a language that can be decided via a basic decision mechanism.
Proof-labelling schemes were introduced by Korman, Kutten and Peleg, in 2005 (see  for the conference version, and  for the 2010 journal version). The definition of a proof-labelling scheme in this original paper is a bit different from the one we gave in Subsection 1.4. The authors of [33, 34] consider that the nodes are exchanging messages instead of having a view, but more importantly, that the only communication a node can perform is to send its certificates to its neighbours. This is closer to the state model used for self-stabilizing algorithms, than the model we use.
Locally checkable proofs.
To sum up, in the original definition of proof-labelling schemes, a node only knows the following: its degree, input, and identifier, and its certificate and the ones of all its neighbours (meaning the nodes it is adjacent to). In , Göös and Suomela, used the terms Locally checkable proofs, to describe proof-labelling schemes, in the general form we described above. This implies allowing arbitrary constant radius for the view, and accessing all the inputs, IDs and certificates within this view. In later works, the term “proof-labelling schemes” refers to the original model, or to locally checkable proofs. The two cases are pretty different when it comes to lower bounds, indeed with the more general definition, the nodes have more information about the graph, which implies that it is harder for the prover to fool them.
Distributed decision as a subfield of distributed computing.
In 2012-2013, Fraigniaud, Korman and Peleg argue in favour of a complexity theory for distributed decision . In this framework, the non-determinism is naturally represente by local certification. This was followed by a handful of papers defining classes, studying the impact of randomization, or the changes implied by different assumptions on the identifiers. We will present some recent papers in Section 3.
In this subsection we answer (or give pointers that answer) some natural questions, that the previous sections may have raised. In particular this subsection provides some indications about topics that are at the boundary of the current work. These complements are not essential for the rest of the text, therefore they may also be skipped.
On representing networks by graphs.
We have modelled networks as graphs, and this will be the setting for all this text. Readers may consider that this modelling is too rough. A more realistic model for wireless communication for example, is the SINR model, that takes into account interference. It appears that such models are reasonably well approximated by simple graphs , thus it is reasonable to begin with graphs. Nevertheless distributed decision in more realistic models is an interesting avenue of research.
From messages to views.
In the Locality paragraph of Subsection 1.1, we have mentioned the fact that our quite high-level model with views (let us call it the view model) is equivalent to the more realistic message-passing model. Let us first specify which message-passing model we consider, and then sketch the equivalence. In the message-passing model, computation proceeds in rounds. In the context of distributed decision, the number of rounds is usually constant. At each round every node can receive messages from its neighbours in the graph, compute new messages, and send them to its neighbours. The size of the messages is not bounded. We now sketch the proof of the equivalence between the two models, without mentioning the possible inputs, for simplicity. Let us first show that the message-passing model is at least as strong as the view model. At each round, every node can send, to all its neighbours, all the information about the graph it has. At the very beginning of the process, a node knows only its degree and its ID. It can send them to its neighbours. Then it receives the analogue messages from its neighbours, and is able to reconstruct the view at distance 1. The next step is to send this view at distance 1 to all its neighbours, and to receive their views at distance 1.222Note that at this step, if there is no bound on the degree, the messages used can be polynomially large in . Thus this transformation does not work in the so-called congest model, where the messages must have logarithmic size. By merging these views, every node can reconstruct its own view at distance 2, etc. Thus, with basically rounds every node can reconstruct its view at distance . Now in the other direction, suppose a node has a view at some distance . It can compute the first messages sent by the nodes in its -neighbourhood, because it knows their IDs and degrees. Then, the node can compute which messages are received by the nodes in its -neighbourhood. And so on and so forth, until it simulates (only) its own behaviour for the -th round.
Relation between decision and construction.
We have evoked the fact that decision and construction are not as closely related in distributed computing as in centralized computing. Let us consider colouring to exemplify this claim. In centralized computing, if one has access to an oracle deciding if some partial 3-colouring can be completed to a correct 3-colouring, then it is easy to build a construction algorithm of similar complexity. Indeed one can follow the following trial-and-error strategy. First ask whether the graph can be 3-coloured, if not, stop. Otherwise, select a node arbitrarily, give it an arbitrary colour, and ask whether this colouring can be completed. If the answer is positive, one can continue with a second vertex, otherwise one can try another colour, and ask again for approval etc. If it does not stop after the first step, this procedure produces a proper 3-colouring, and the running time is only multiplied by a linear factor. In distributed computing, it is not that simple. The main reason is that the process described above is inherently sequential, and does not correspond to the distributed setting. For example, for colouring, all the nodes have to choose their colours at the same time. Thus the fact that verifying a colouring is easy in distributed manner, does not give much information on the difficulty of computing a colouring.
Dealing with asynchrony.
As said, distributed decision was partly justified as a path to gather together asynchrony and locality in distributed computing. We refer to results in that direction, or more precisely results about wait-free distributed decision, in the survey .
Other decision mechanisms.
The decision mechanism studied in this document (accept globally, if and only if, every node accepts locally), is justified by practical scenarios, but from a theoretical perspective it is relevant to investigate other mechanisms. For example, one can allow more bits of output, or different ways to gather the outputs into one decision. This has been investigated in  and . See the survey .
A practical motivation for our decision mechanism is the scenario where the nodes can raise an alarm. A reference about such decentralized monitoring is .
A proof technique that is essential in distributed computing is the indistinguishability technique. In a distributed environment, the machines often have a partial knowledge of the current state of the system. Thus there may exist several global configurations that, from the point of view of a specific machine, are exactly the same; then the behaviour of this machine must be the same in all these configurations. The indistinguishability technique consists in using this simple fact to show lower bounds. A usual reasoning is: if some quantity is not large enough, then there exists two instances that cannot be distinguished, although the task to solve requires the algorithm to have two different output, thus this quantity must be large. A reference on this technique (among others) is .
Randomness and difficulty of boosting.
We have described probabilistic decision in Subsection 1.3. The paper that introduced the concept is . In this paper, the thresholds that define whether the algorithm is correct or not, for example the minimum acceptance probability on correct instances, are precise values, that depend on the problem. This is intriguing because in centralized computing these numbers are usually unimportant, as they can be boosted, and one can design an algorithm for any (meaningful) threshold. The question of whether boosting is possible in the distributed setting was answered negatively in .
The result about derandomization mentioned in Subsection 1.3 is the main theorem of , and is an improvement over a result of . Not only can randomness enable to decide more languages, but also it helps to decrease the message size, when considering the message-passing model. In  the authors show that one can gain an exponential factor in the size of the messages, by using some hashing techniques.
Role of the identifiers.
So far, we have not mentioned the identifiers a lot, but those are important. In the first place, identifiers are essential for the transformation from the message-passing model to the view model, as described earlier. Indeed without identifiers, it is impossible to reconstruct the view of a node, as we do not know if two nodes that appear in two different messages are different or not. Later in the text, identifiers will also be very useful to design schemes for some languages. For example, the prover may give the ID of a leader to all the nodes. Actually, there exists a parallel line of research that considers proofs that do not use IDs, that is, proofs that are correct whatever the ID-assignment is. In both our framework and this other framework, the languages studied do not depend on the identifiers, only the certificate may use IDs.
A polynomial bound on the identifiers, that is having identifiers in for some , is a classic assumption in network distributed computing. On the one hand, it is small enough to allow to encode the identifiers on a logarithmic number of bits. On the other hand it is large enough to ensure that the numbers are distinct, and assuming identities between 1 and would be too strong in some applications, and would allow the algorithm to abuse the power these identifiers.
In the papers that consider message-passing models (which is not our focus here), the size of the messages is a key parameter. One can for example study the interplay between message and proof sizes. See the survey , for the basic and probabilistic decision in presence of congestion, and for the non-deterministic analogue.
Weaker computational power.
We have not mentioned any restriction on the computational power of the nodes of the network, and we actually do not bound it in general. This is because our focus is on the proof sizes, and on the locality of the verification. Much more restricted models have been studied, where the nodes basically compute with finite automata. In this framework, a fruitful approach to use modal logic to characterize the languages that can be recognized. See for example the thesis , and the references therein.
Advice versus certificate.
A concept close to local certificates is the notion of advice. An advice also comes as an assignment of labels to the nodes, given by an oracle, but this oracle can be trusted. That is, the information just helps for the computation, and does not need to be verified. This concept has been introduced to measure how much global information is needed to complete some task. See for example .
Differences with the self-stabilizing approach
We have mentioned that proof-labelling schemes have been defined in the first place to study the fault detection phase of self-stabilizing algorithms, and that these two concepts share the same flavour. Yet, there are some aspects on which these models differ. On the one hand, in a self-stabilizing algorithm, the certificates must be efficiently computable. This is not the case in proof-labelling schemes where the certificates are given by an external prover. On the other hand, a proof-labelling scheme is required to work for every configuration of the language, which may not be necessary for self-stabilizing algorithms. Let us illustrate this statement on the language of acyclic subgraphs. In a proof-labelling scheme, any acyclic subgraph must be properly decided. Whereas a self-stabilizing algorithm may always choose to output some constrained form of acyclic subgraph.
Use in (centralized) parameterized complexity.
The concept of local proofs is natural enough to ask whether it can be of any use in a centralized setting. It is actually useful in parameterized complexity. More precisely, a simple argument allows to transform automatically the existence of local proofs (of some type) into algorithms that are polynomial in the size of the graph, and single exponential in the treewidth. This mechanism works for example in the case of maximum independent set and vertex cover. The lower bounds established on local proofs can rule out the possibility of using this tool, which can in turn justify the use of other techniques .
Complexity theory for construction tasks.
One of the original motivations for distributed decision was to have a complexity theory similar to the one of centralized computing. Indeed until 2010, network distributed computing was mainly about pushing further and further the bounds on particular problems (maximal matching, colouring, spanning tree constructions etc.), and not on putting these problems into neat classes. While distributed decision was growing, research has also been done to classify the problems of constructing LCL languages (as described in Subsection1.5). For example, it has long been known that a whole body of problems (such as -colouring and maximal independent set), can be solved in time , whereas for some other problems the best known algorithms had complexities in . It was unknown whether there exist problems in between. In , it is proved that there is a gap between the two types of problems. This implies that one can define meaningful complexity classes for LCL problems. See  for a recent paper on this line of research.
2 Proof-labelling schemes toolbox
This section is a toolbox of techniques and results used in the investigation of local certification. It takes the form of questions and answers, with proof sketches.
What are the languages that admit a proof-labelling scheme?
All distributed languages do. The technique to prove this statement is now classic, and was first evoked in . Basically, there exists a universal scheme that works for every language. On yes-instances the prover provides the whole adjacency matrix of the graph, with the correspondence between the raws and the identifiers of the nodes, and also the input assignment. The nodes first check that they are given the same certificate. Then they check that this description of the graph is consistent with their local views. It is easy to show that if this step succeeds, then the configuration described in the certificates is indeed the actual configuration. Finally all the nodes check in parallel and without communication, that the configuration is in the language. This scheme uses certificates of size (plus a possible term for the inputs).
Can we do better?
Yes, for many languages we can have smaller proofs. For example the scheme for acyclicity sketched in Subsection 1.4 uses certificates of size . One of challenges of distributed decision is to show upper and lower bounds on the proof sizes for diverse languages.
What about spanning trees?
The language of trees, we have studied first is not very common in distributed computing, as it deals with the communication graph itself, and not with a labelling. We have then used the example of acyclic subgraphs, like in Figure 4. An even more important language is the language of spanning trees. We want to decide whether a subset of selected edges form a spanning tree of the communication graph. The classic scheme for this language tackles acyclicity with distances, as in the scheme of Figure 4, but, to ensure the connectivity, every node is also given the ID of the root, called root-ID. In addition to the verification of the distances, the verifier checks that it is given the same root-ID as its neighbours. Also if a node has distance zero, then it checks that its ID is equal the root-ID. To prove the correctness of this scheme, we just have to prove the connectivity of the subgraph of selected edges, as the acyclicity is guaranteed by the distances. Consider an instance with several trees. Then, in case the prover does not give the same root-ID to every nodes, two adjacent nodes are given different root-ID, and reject. Otherwise, every node is given the same root-ID, but then, there is one node that is given distance 0, but whose ID is not the root-ID, and this node rejects. Thus the scheme is correct. Note that as the identifiers are supposed to be bounded by a polynomial in , the size of the certificate is in , like for acyclic subgraphs.
Is optimal for spanning trees?
Yes it is. This has first been proved for the original definition of proof-labelling scheme in , with a technique called edge-crossing. Then it has been proved for the more general definition in , with a technique called gluing. The crossing technique basically consists in proving that it is possible to take two edges and cross them without the nodes noticing. We give more details in Figure 5. This technique does not apply to our framework, but it is an opportunity to provide a simple application of the indistinguishability technique, in a non-deterministic setting.
The reason why this technique does not work for the general definition of certification used in this text, is that if the nodes do have the knowledge of the IDs of their neighbours, then any change in the topology, such as crossing some edges, is detected. To deal with the more general framework, a more involved technique based on gluing different instances has been developed. We describe it now. For simplicity, we consider languages that are dealing with inputs, and not with the communication graph itself. We sketch the proof without any specific problem in mind, but one can think about spanning trees for example.
The high-level idea is to consider a large family of yes-instances, and their accepting certificates, and to show that if the certificates are not large enough, there exists a no-instance for which we can craft an accepting certificate assignment. More precisely, each yes-instance we consider is formed of two long paths, linked together by the endpoints to create a cycle. As this is a yes-instance, there exists a certificate assignment that makes the nodes of the cycle accept. Now consider a new instance formed by taking two paths from two different yes-instances and connecting them into a cycle. This may be no-instance. If the prover provides to the nodes of each path, the same certificates as in the original yes-instance it comes from, then only the nodes at the border (that is the nodes close to the endpoints of the paths) can detect the difference. Then in such instances, the main challenge for the prover is to convince the border nodes that the connection is legal. One can prove that if the certificate size is not at least , then paths from several yes-instances, equipped with the certificates inherited from these yes-instances, can be connected such that: (1) the resulting graph is a no-instance; (2) every connection is accepted by the nodes. This results in a no-instance being accepted by all nodes. This is a contradiction, and the lower bound follows. See  for the details and illustrations.
Are there languages that require the quadratic proof size?
Yes, there are. The classic examples are the ones based on isomorphism-flavoured questions. The language of symmetric graphs consists in the set of graphs that have a non-trivial automorphism. That is, a graph is in the language if there exists a permutation of the identifiers, different from the identity permutation, that preserves the adjacency relation. For this language, we are basically required to describe the whole graph in the certificates of all nodes. The proof of this statement is in . We sketch it in Figure 6.
|(a) Symmetric dumbbell graph||(b) Non-symmetric dumbbell graph|
Another example of language that requires (almost) quadratic certificates is the set of graphs that cannot be properly coloured with three colours. The proof is more involved, and explicitly uses communication complexity and intricate colouring gadgets (see ).
Any language with proofs?
Yes, the main examples are colourings. After quadratic size, we look at the other end of the spectrum of proof sizes. There are languages with empty proofs: the ones that are decidable with the basic decision mechanism. Just above basic decision, there are problems that have optimal proofs of size . An example is the set of bipartite graphs: the prover just has to provide a 2-colouring, and the nodes can check that their neighbours have a colour that is different from their own. More generally deciding if a graph can be coloured with some number of colours falls into this category.
What about minimum spanning trees?
Minimum spanning trees are fundamental objects in networks and in distributed computing. We consider the minimum spanning tree language, that is the set of graphs whose edges are weighted, and some of them selected, such that the selected edges form a minimum spanning tree of the communication graph, with respect to the input weights. The optimal proof size for this language . This result, especially the lower bound, requires advanced proof techniques . We sketch the upper bound. For simplicity, we assume that all the weights are distinct, which implies that there is a unique minimum spanning tree.
The scheme for this language is based on the GHS algorithm , which is itself based on Borůvka’s algorithm. Let us recall the principles of Borůvka’s algorithm, and see Figure 7 for a run of this algorithm on a small instance. It proceeds in rounds, adding edges to a set of selected edges, until this set is a minimum spanning tree. At the beginning no edge is selected. Then, in parallel, every node chooses the lightest edge it is adjacent to, and all the chosen edges are added to the set. These form a subgraph of the network, and the connected components of this subgraph are called fragments. At the next round, every fragment chooses an outgoing edge (that is an edge with exactly one endpoint in the fragment) of minimum weight. These newly chosen edges are added to the set, and consequently some fragments are merged. New rounds are played until there is only one fragment. This fragment is the minimum spanning tree. There are at most rounds.
|Round 0||Round 1||Round 2|
We now sketch the scheme based on this algorithm. The certificates describe locally the run of the algorithm. There is a field of bits for each of the rounds. Each field, basically contains: (1) the identifier of a so-called leader of the fragment (to identify the fragment), (2) a tree of selected edges pointing to this leader (to ensure its connectivity, and the existence of the leader) (3) the weight of the lightest outgoing edge chosen for the next round, with the identifiers of its endpoints (to allow the verification of the minimality), along with (4) a spanning tree pointing to the edge (to ensure its existence). These four elements can be encoded with bits locally. This is because by assumption the identifiers are on bits, and the trees, as said above can be verified with bits too. As there are rounds, these local proofs have size .
Is there any natural problem with proof size between and ?
Until recently, only artificial languages were known with proof size within this range. In particular, the known techniques were not able to prove such intermediate lower bounds. This is not the case any more, with the introduction in distributed decision of tools from communication complexity, and in particular gadgets developed for lower bounds for construction tasks. Specifically, verifying that the diameter of the communication graph is bounded by some integer is proved to be in and in .
Do a language and its complement have the same proof size?
As a language is a set (of labelled graphs), one can ask whether deciding the complement of this set is as hard as deciding the original language. In terms of proof-labelling scheme, this means establishing whether they have the same optimal proof size. In the centralized setting, for deterministic computation, complement languages have the same complexity. However for non-deterministic (centralized) computation it is (a priori) not the same.333See for example the NP vs co-NP question. In distributed decision, the deterministic setting is already non trivial. For example, consider the language where the nodes of the graph are given colours, and we want to decide whether this colouring is a proper colouring. This can be done with a basic decision scheme. But what about accepting only bad colourings? We cannot just make every node flip its decision. Indeed, consider a colouring with a single monochromatic edge. In the scheme for proper colourings, every node accepts, except the ones close to the monochromatic edge. After flipping, every node rejects except the two endpoints of the monochromatic edge, which means rejecting the instance. The question is then: how to reverse decision? In general, this comes at a cost, for example for bad colourings, one can reverse decision with proofs (by pointing to the monochromatic edge with a spanning tree).
This difference between a language and its complement also appears when none of them is locally decidable. For example, the language of the graphs that can be 3-coloured has constant size proofs, but that its complement requires almost quadratic proofs .
3 Research directions
In this third section, we identify five research directions currently explored, for which we list recent papers and open problems.
3.1 More bounds on the proof size
An evident research objective is to establish what is the space needed to certify any given property. For classic problems of distributed computing, such as tree or connectivity questions, tight bounds have been known for a decade or more now, but we are far from a complete understanding of this type of question.
Two recent works provide new bounds.
Approximate proof-labeling schemes, by Censor-Hillel, Paz, Perry. 
The authors show linear-in- lower bounds on the property "The graph has diameter D", using reduction with communication complexity. They also introduce the study of approximation in certification.
Local verification of global proofs, by Feuilloley and Hirvonen. 
A byproduct of this paper is that certifying that at least one node has some special label requires proofs of size .
Open problem: bounds for new properties.
Any new bound on any property would be good news. One that is conjectured but not proved, is a bound for -colorable graphs. Another interesting property in this category is planarity.
Open problem: bounds with new parameters.
The bounds we have are almost all expressed only as function of the number of nodes , but but we could use other parameters, such as the diameter, the maximum degree, the arboricity, the number of edges, etc. There are several reasons to think that this is interesting. First, such parametrized results are common in the local model, and have led to fruitful research. Second, many lower bounds work only in a ring, which tells us little about denser topologies. Third, the only result we have with other parameters is the bound for minimum spanning tree , where is the maximum edge weight; and this parametrization led to improvements of self-stabilizing algorithms .
Open problem: simpler proofs.
As said above their exists a tight bound for minimum spanning tree. But, the lower bound holds only for large weights and its proof is complex. A simple self-contained lower bound proof, working for all weight range, would then be very nice.
3.2 Building a complexity theory
As noted in Subsection 1.5, there has been efforts to build a complexity theory for certification, in particular defining analogues of the complexity classes of centralized computing.
What can be verified locally?  and A hierarchy of local decision .
In these two papers, the authors define analogues of the polynomial hierarchy in distributed computing. The difference between the two papers is basically that the provers do not have same power, with respect to identifiers, and size of certificates.
Interactive Distributed Proofs , Trade-Offs in Distributed Interactive Proofs  and The Power of Distributed Verifiers in Interactive Proofs .
The paper  introduced distributed interactive proofs where a prover and the nodes of the network, exchange messages during several rounds, to decide a property. This is an analogue of Arthur-Merlin protocoles and interactive proofs in the centralized setting. The two other papers developed this approach.
An open problem is showing that the analogue of the polynomial hierarchy from  is infinite. There are evidences that this might be a very hard problem . Also  has a list of open questions related to interactive proofs (zero-knowledge, the type of randomness etc.).
A question that is not related to these recent papers is to characterize exactly what is the set of languages that can be characterized by probabilistic decision. The intuition is that this class is basically the same as the the one of deterministic decision, with the possiblity to count a constant number of local patterns, but it has never been formalized properly.
3.3 Challenging the model
The original motivation for local certification is to separate the checking part of the self-stabilizing algorithms. The model was then generalized and variants have been studied. This approach of challenging the model, and measuring how much it changes the landscape of certification, has been fruitful.
Proof-Labeling Schemes: broadcast, unicast and in between 
This papers focuses on the communication between the nodes. Depending on whether the nodes are allowed to send different messages to different neighbours or not, the verification complexity can be very different.
Space-time tradeoffs for distributed verification , Redundancy in distributed proofs , and Local verification of global proofs 
These papers relax the locality of the verification and of the proofs. Precisely, the two first ones allow the nodes to communicate at non-constant distance, and the last one consider a global proof, that all nodes can access.
Error-sensitive proof labeling scheme.  In this paper, the requirement for a decision to be correct is stronger than in the usual setting (see the next section).
An open question only partially answered in  is to establish whether one can always achieve a trade-off between the certificate size and the verification radius. Another neat open problem, from , is to prove that a global proof certifying bipartiteness requires bits (weaker bounds are proved in ).
3.4 Interacting with other models
There are many models that are related with locality and/or labelings. It is natural to explore the links between distributed certification and these other models.
Error-sensitive proof-labeling schemes .
An important aspect of the property testing model is to not only consider whether an instance is correct or not, but also to consider how far it is from being correct. In , following this point of view, the idea is to require that on instances that are very far from being in the language, many nodes should reject.
3.5 Going back to self-stabilization
Originally, certification has been studied as a component of (silent) self-stabilizing algorithms. Now that certification has been studied for quite some time, it is interesting to see what we can use in self-stabilization.
Silent MST approximation for tiny memory .
In this paper, the optimal minimum spanning tree certification from , is used to define an optimal silent self-stabilizing algorithms. It then leads to a trade-off between certificate size and quality of the approximation of the minimum spanning tree.
A general open problem is to determine which results from distributed decision can be used for self-stabilization. A more concrete one is the following: in  the self-stabilizing algorithm for MST first computes the solution, and then computes the certificates, and this is unusual: algorithms usually compute the solution and its certification at the same time. The paper  provides some elements showing that this form might be necessary, but no complete proof is known.
Thanks to the community of distributed decision, for all the works in this domain. Thanks to Tatiana Starikovskaya for inviting to give a seminar at ENS, which was the first step for Section 3.
- Arfaoui et al.  Heger Arfaoui, Pierre Fraigniaud, and Andrzej Pelc. Local decision and verification with bounded-size outputs. In 15th International Symposium on Stabilization, Safety, and Security of Distributed Systems, SSS 2013, pages 133–147, 2013. doi:10.1007/978-3-319-03089-0_10.
- Arfaoui et al.  Heger Arfaoui, Pierre Fraigniaud, David Ilcinkas, and Fabien Mathieu. Distributedly testing cycle-freeness. In 40th International Workshop on Graph-Theoretic Concepts in Computer Science, WG 2014, pages 15–28, 2014. doi:10.1007/978-3-319-12340-0_2.
- Balliu and Fraigniaud  Alkida Balliu and Pierre Fraigniaud. Certification of compact low-stretch routing schemes. In 31st International Symposium on Distributed Computing, DISC 2017, pages 6:1–6:16, 2017. doi:10.4230/LIPIcs.DISC.2017.6.
- Balliu et al. [2018a] Alkida Balliu, Gianlorenzo D’Angelo, Pierre Fraigniaud, and Dennis Olivetti. What can be verified locally? Journal of Computer and System Sciences, 97:106–120, 2018a. doi:10.1016/j.jcss.2018.05.004.
Balliu et al. [2018b]
Alkida Balliu, Juho Hirvonen, Janne H. Korhonen, Tuomo Lempiäinen, Dennis
Olivetti, and Jukka Suomela.
New classes of distributed time complexity.
Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2018, pages 1307–1318, 2018b. doi:10.1145/3188745.3188860.
- Baruch et al.  Mor Baruch, Pierre Fraigniaud, and Boaz Patt-Shamir. Randomized proof-labeling schemes. In ACM Symposium on Principles of Distributed Computing, PODC 2015, pages 315–324, 2015. doi:10.1145/2767386.2767421.
- Bienkowski et al.  Marcin Bienkowski, Leszek Gasieniec, Marek Klonowski, Miroslaw Korzeniowski, Bernard Mans, Stefan Schmid, and Roger Wattenhofer. Distributed alarming in the on-duty and off-duty models. IEEE/ACM Transactions on Networking, 24(1):218–230, 2016. doi:10.1109/TNET.2014.2359684.
- Blin et al.  Lélia Blin, Swan Dubois, and Laurent Feuilloley. Silent MST approximation for tiny memory, 2019. arXiv: 1905.08565.
- Bodlaender et al.  Hans L. Bodlaender, Marek Cygan, Stefan Kratsch, and Jesper Nederlof. Deterministic single exponential time algorithms for connectivity problems parameterized by treewidth. Information and Computation, 243:86–111, 2015. doi:10.1016/j.ic.2014.12.008.
- Censor-Hillel et al.  Keren Censor-Hillel, Ami Paz, and Mor Perry. Approximate proof-labeling schemes. In Structural Information and Communication Complexity - 24th International Colloquium, SIROCCO 2017, pages 71–89, 2017. doi:10.1007/978-3-319-72050-0_5.
- Censor-Hillel et al.  Keren Censor-Hillel, Ami Paz, and Mor Perry. Approximate proof-labeling schemes. Theoretical Computer Science, 2018. doi:10.1016/j.tcs.2018.08.020. In press.
- Chang et al.  Yi-Jun Chang, Tsvi Kopelowitz, and Seth Pettie. An exponential separation between randomized and deterministic complexity in the LOCAL model. SIAM Journal on Computing, 48(1):122–143, 2019. doi:10.1137/17M1117537.
- Crescenzi et al.  Pierluigi Crescenzi, Pierre Fraigniaud, and Ami Paz. Trade-offs in distributed interactive proofs. In 33rd International Symposium on Distributed Computing, DISC 2019, pages 13:1–13:17, 2019. doi:10.4230/LIPIcs.DISC.2019.13.
- Feuilloley  Laurent Feuilloley. Local certification in distributed computing: error-sensitivity, uniformity, redundancy, and interactivity. PhD thesis, Paris Diderot University, France, 2018. HAL: tel-01962784 .
- Feuilloley  Laurent Feuilloley. Note on distributed certification of minimum spanning trees, 2019. arXiv: 1909.07251.
- Feuilloley and Fraigniaud  Laurent Feuilloley and Pierre Fraigniaud. Randomized local network computing. In 27th ACM on Symposium on Parallelism in Algorithms and Architectures, SPAA 2015, pages 340–349, 2015. doi:10.1145/2755573.2755596.
- Feuilloley and Fraigniaud  Laurent Feuilloley and Pierre Fraigniaud. Survey of distributed decision. Bulletin of the EATCS, 119, 2016. url: bulletin.eatcs.org link, arXiv: 1606.04434.
- Feuilloley and Fraigniaud  Laurent Feuilloley and Pierre Fraigniaud. Error-sensitive proof-labeling schemes. In 31st International Symposium on Distributed Computing, DISC 2017, pages 16:1–16:15, 2017. doi:LIPIcs.DISC.2017.16.
- Feuilloley and Habib  Laurent Feuilloley and Michel Habib. Graph classes and forbidden patterns on three vertices, 2018. arXiv: 1812.05913.
- Feuilloley and Hirvonen  Laurent Feuilloley and Juho Hirvonen. Local verification of global proofs. In 32nd International Symposium on Distributed Computing, DISC 2018, pages 25:1–25:17, 2018. doi:10.4230/LIPIcs.DISC.2018.25.
- Feuilloley et al.  Laurent Feuilloley, Pierre Fraigniaud, and Juho Hirvonen. A hierarchy of local decision. In 43rd International Colloquium on Automata, Languages, and Programming, ICALP 2016, pages 118:1–118:15, 2016. doi:10.4230/LIPIcs.ICALP.2016.118.
- Feuilloley et al.  Laurent Feuilloley, Pierre Fraigniaud, Juho Hirvonen, Ami Paz, and Mor Perry. Redundancy in distributed proofs. In 32nd International Symposium on Distributed Computing, DISC 2018, pages 24:1–24:18, 2018. doi:10.4230/LIPIcs.DISC.2018.24.
- Fich and Ruppert  Faith E. Fich and Eric Ruppert. Hundreds of impossibility results for distributed computing. Distributed Computing, 16(2-3):121–163, 2003. doi:10.1007/s00446-003-0091-y.
- Fraigniaud et al.  Pierre Fraigniaud, Cyril Gavoille, David Ilcinkas, and Andrzej Pelc. Distributed computing with advice: information sensitivity of graph coloring. Distributed Computing, 21(6):395–403, 2009. doi:10.1007/s00446-008-0076-y.
- Fraigniaud et al.  Pierre Fraigniaud, Amos Korman, and David Peleg. Towards a complexity theory for local distributed computing. Journal of the ACM, 60(5):35, 2013. doi:10.1145/2499228.
- Fraigniaud et al.  Pierre Fraigniaud, Mika Göös, Amos Korman, Merav Parter, and David Peleg. Randomized distributed decision. Distributed Computing, 27(6):419–434, 2014. doi:10.1007/s00446-014-0211-x.
- Fraigniaud et al.  Pierre Fraigniaud, Juho Hirvonen, and Jukka Suomela. Node labels in local decision. Theortical Computer Science, 751:61–73, 2018. doi:10.1016/j.tcs.2017.01.011.
- Gallager et al.  Robert G. Gallager, Pierre A. Humblet, and Philip M. Spira. A distributed algorithm for minimum-weight spanning trees. ACM Transactions on Programming Languages and Systems, 5(1):66–77, 1983. doi:10.1145/357195.357200.
- Göös and Suomela  Mika Göös and Jukka Suomela. Locally checkable proofs in distributed computing. Theory of Computing, 12(19):1–33, 2016. doi:10.4086/toc.2016.v012a019.
- Halldórsson and Tonoyan  Magnús M. Halldórsson and Tigran Tonoyan. How well can graphs represent wireless interference? In 47th Annual ACM on Symposium on Theory of Computing, STOC 2015, pages 635–644, 2015. doi:10.1145/2746539.2746585.
- Kol et al.  Gillat Kol, Rotem Oshman, and Raghuvansh R. Saxena. Interactive distributed proofs. In Proceedings of the 2018 ACM Symposium on Principles of Distributed Computing, PODC 2018, pages 255–264, 2018.
- Korman and Kutten  Amos Korman and Shay Kutten. Distributed verification of minimum spanning trees. Distributed Computing, 20(4):253–266, 2007. doi:10.1007/s00446-007-0025-1.
- Korman et al.  Amos Korman, Shay Kutten, and David Peleg. Proof labeling schemes. In Proceedings of the Twenty-Fourth Annual ACM Symposium on Principles of Distributed Computing, PODC 2005, pages 9–18, 2005. doi:10.1145/1073814.1073817.
- Korman et al.  Amos Korman, Shay Kutten, and David Peleg. Proof labeling schemes. Distributed Computing, 22(4):215–233, 2010. doi:10.1007/s00446-010-0095-3.
- Linial  Nathan Linial. Locality in distributed graph algorithms. SIAM Journal on Computing, 21(1):193–201, 1992. doi:10.1137/0221015.
- Naor and Stockmeyer  Moni Naor and Larry J. Stockmeyer. What can be computed locally? SIAM Journal on Computing, 24(6):1259–1277, 1995. doi:10.1137/S0097539793254571.
- Naor et al.  Moni Naor, Merav Parter, and Eylon Yogev. The power of distributed verifiers in interactive proofs. In Proceedings of the Thirty-first Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2020, page To appear, 2020.
- Ostrovsky et al.  Rafail Ostrovsky, Mor Perry, and Will Rosenbaum. Space-time tradeoffs for distributed verification. In Structural Information and Communication Complexity - 24th International Colloquium, SIROCCO 2017, pages 53–70, 2017. doi:10.1007/978-3-319-72050-0_4.
- Patt-Shamir and Perry  Boaz Patt-Shamir and Mor Perry. Proof-labeling schemes: Broadcast, unicast and in between. In Stabilization, Safety, and Security of Distributed Systems - 19th International Symposium, SSS 2017, pages 1–17, 2017. doi:10.1007/978-3-319-69084-1_1.
- Peleg  David Peleg. Distributed Computing: A Locality-Sensitive Approach. SIAM, 2000.
- Reiter  Fabian Reiter. Distributed automata and logic. PhD thesis, University Paris Diderot, 2017. arXiv: 1805.06238.