optimality verification

how zheng proves that a tropical computation produced an optimal result.

the verification principle

tropical execution produces a primal solution (the optimal value and witness). the proof of optimality requires a dual certificate — a witness that no better solution exists.

this follows from LP duality: for every minimization problem, there exists a dual maximization problem. strong duality says their optima are equal. the dual solution IS the optimality certificate.

dual certificate structure

for any tropical optimization with LP dual, the certificate has three parts:

primal feasibility — the claimed solution satisfies constraints (structural check)
dual feasibility — the dual variables satisfy all dual constraints (range proofs over F_p)
strong duality — primal objective = dual objective (single equality check)

complementary slackness follows from (2) and (3) but may be checked explicitly for tighter proofs.

general verification protocol

prover (tropical):
  1. solve the optimization problem (using any algorithm)
  2. extract primal solution x
  3. extract dual certificate y

verifier (F_p via zheng):
  1. check primal feasibility: x satisfies structural constraints
  2. check dual feasibility: y_i + y_j ≤ c_{ij} for all relevant (i,j)
  3. check strong duality: primal_cost(x) = dual_cost(y)

the prover does the hard work (tropical computation, any algorithm). the verifier does cheap checks (F_p arithmetic). verification cost is typically O(n²) or O(|E|) — polynomial in problem size, independent of solution algorithm.

F_p verification cost

each dual feasibility check requires a comparison over F_p, which decomposes into:

1 subtraction (1 constraint)
1 range proof for non-negativity (~8 constraints)

total per constraint: ~10 F_p constraints.

for a problem with m dual constraints:

dual feasibility: ~10m constraints
complementary slackness: m equality checks (m constraints)
strong duality: 1 sum constraint

total: O(m) F_p constraints.

why this is arithmetic

the dual certificate is not an algorithm — it is an algebraic object. given the certificate, verification is pure arithmetic: field additions, subtractions, and range checks. no control flow, no iteration, no graph traversal.

this is why verification belongs in trop (the arithmetic library) rather than in nox (the algorithm executor). trop defines what a valid certificate looks like. nox programs produce certificates. zheng verifies them using trop's arithmetic.

composability

certificates compose: if problem P decomposes into subproblems P₁, ..., Pₖ, the certificate for P is the collection of certificates for P₁, ..., Pₖ plus a proof that the decomposition is valid. this enables incremental verification of large tropical computations.

Dimensions

verification

process of computing that statement is true example: verification of signature given neuron, signal and signature validators of vimputer can verify that signal is indeed authenticated by signing neuron

genies/specs/verification

verification how genies arithmetic folds into zheng proofs. the folding challenge genies operates over F_q (512-bit CSIDH prime). zheng operates over F_p (Goldilocks, 64-bit). to prove correctness of an isogeny computation, F_q arithmetic must be emulated as F_p constraints. F_q element…

genies/docs/explanation/verification

verification: folding F_q into F_p genies computes over a 512-bit CSIDH prime. zheng proves over a 64-bit Goldilocks prime. the verification problem is: how do you prove that 512-bit arithmetic was performed correctly using a proof system that only understands 64-bit arithmetic? the answer is…

trop/docs/explanation/verification

verifying optimality: LP duality for proofs computing a shortest path is easy. proving it is optimal is the hard part. LP duality provides the mathematical machinery: every optimization result comes with a dual certificate that can be checked in polynomial time using field arithmetic. the tropical…

trop/specs/verification.md