doubly efficient interactive proofs
play

Doubly Efficient Interactive Proofs Ron Rothblum Outsourcing - PowerPoint PPT Presentation

Aug 28, 2022 β€’244 likes β€’462 views

Doubly Efficient Interactive Proofs Ron Rothblum Outsourcing Computation Weak client outsources computation to the cloud. = () Outsourcing Computation We do not want to blindly trust the cloud. = () Key

  1. Doubly Efficient Interactive Proofs Ron Rothblum

  2. Outsourcing Computation Weak client outsources computation to the cloud. 𝑦 𝑧 = 𝑔(𝑦)

  3. Outsourcing Computation We do not want to blindly trust the cloud. 𝑦 𝑧 = 𝑔(𝑦) Key security concern: Correctness: why should we trust the server’s answer?

  4. Interactive Proofs to the Rescue? Interactive Proof [GMR85]: prover 𝑄 tries to interactively convince a polynomial-time verifier π‘Š that 𝑔 𝑦 = 𝑧 . 𝑔 𝑦 = 𝑧 β‡’ 𝑄 convinces π‘Š . 𝑔 𝑦 β‰  𝑧 β‡’ no 𝑄 βˆ— can convince π‘Š wp β‰₯ 1/2 . Key Problem: in classical results complexity of proving is actually exponential: IP=PSPACE [LFKN90,Shamir90]: Interactive Proofs for space 𝑇 computations with 2 poly 𝑇 prover, poly(π‘œ, 𝑇) verification, poly(𝑇) rounds.

  5. Doubly Efficient Interactive Proof [GKR08] Interactive proof for 𝑔 𝑦 = 𝑧 where the prover is efficient , and the verifier is super efficient . Proportional to Much faster than complexity of 𝑔 complexity of 𝑔 Soundness holds against any (computationally unbounded) cheating prover.

  6. Why Proof and not Arguments*? 1. Security against unbounded adversary.  Post-quantum secure, post post quantum secure… 2. No reliance on unproven crypto assumptions 3. Do not use any expensive crypto operations – Even if not currently practical, no clear bottleneck (e.g., [GKR08] )… * Disclaimer: arguments are GREAT! (e.g., [KRR14])

  7. Doubly Efficient Interactive Proofs: The State of the Art Logspace uniform 1) [GKR08]: Bounded Depth 𝑂𝐷 β€’ Any bounded-depth circuit. β€’ (Almost) linear time verifier, poly-time prover. β€’ Number of rounds proportional to circuit depth. 2) [RRR16]: Bounded Space β€’ Any bounded-space computation. β€’ (Almost) linear time verifier, poly-time prover. β€’ 𝑷 𝟐 rounds.

  8. Constant-Round Doubly Efficient Interactive Proofs Theorem [RRR16]: βˆƒπœ€ > 0 s.t. every language computable in poly(π‘œ) time and π‘œ πœ€ space has an unconditionally sound interactive proof where: 1. Verifier is (almost) linear time. 2. Prover is polynomial-time. 3. Constant number of rounds.

  9. Tightness Define IP DE as class of languages having doubly efficient interactive proofs. IP DE TISP(poly π‘œ , π‘œ πœ€ )

  10. Roadmap: A Taste of the Proof Iterative construction: 1. Start with interactive proof for short computations. 2. Build interactive proof for slightly longer computations. 3. Repeat.

  11. Iterative Construction Suppose we have interactive proofs for time π‘ˆ/𝑙 and space 𝑇 computations. Consider a time π‘ˆ and space 𝑇 computation. 𝑇 𝑦 𝑧 π‘ˆ

  12. Divide & Conquer Divide: Prover sends Turing machine configuration in 𝑙 β‰ͺ π‘ˆ intermediate steps. 𝑦 𝑧 𝑒 π‘ˆ/𝑙 𝑒 2π‘ˆ/𝑙 … 𝑒 (π‘™βˆ’1)π‘ˆ/𝑙 Conquer? recurse on all subcomputations. Problem: verification blows up, no savings.

  13. Divide & Conquer Divide: Prover sends Turing machine configuration in 𝑙 β‰ͺ π‘ˆ intermediate steps. 𝑦 𝑧 𝑒 π‘ˆ/𝑙 𝑒 2π‘ˆ/𝑙 … 𝑒 (π‘™βˆ’1)π‘ˆ/𝑙 Conquer? Choose a few at random and recurse. Problem: huge soundness error.

  14. Best of Both Worlds? Can we batch verify 𝑙 instances much more efficiently than 𝑙 independent executions. Goal: β€’ Suppose 𝑦 ∈ 𝑀 can be verified in time 𝑒. β€’ Want to verify 𝑦 1 , … , 𝑦 𝑙 ∈ 𝑀 in β‰ͺ 𝑙 β‹… 𝑒 time.

  15. Concrete Example: Batch Verification of 𝑆𝑇𝐡 moduli Def: integer 𝑂 is an RSA modulos if it is the product of two 𝑛 -bit primes 𝑂 = π‘ž β‹… π‘Ÿ . The proof that 𝑂 is an RSA modulos is its factorization. Can we verify 𝑙 RSA moduli more efficiently? 𝑾(𝑢 𝟐 , … , 𝑢 𝒍 ) 𝑸(𝒒 𝟐 , 𝒓 𝟐 … , 𝒒 𝒍 , 𝒓 𝒍 ) β‰ͺ 𝑙 β‹… 𝑛 communication

  16. Warmup: Batch Verification for 𝐕𝐐 𝐕𝐐 βŠ† 𝐎𝐐 are all relations with unique accepting witnesses. 𝑛 = witness length Theorem [RRR16]: Every 𝑀 ∈ 𝐕𝐐, has an interactive proof for verifying that 𝑦 1 , … , 𝑦 𝑙 ∈ 𝑀 with 𝒏 β‹… πͺ𝐩𝐦𝐳𝐦𝐩𝐑(𝒍) + 𝑷(𝒍) communication. For batch verification of interactive proofs we introduce interactive analogs of 𝐕𝐐 and 𝐐𝐃𝐐 .

  17. Constant-Round Doubly Efficient Interactive Proofs Theorem [RRR16]: βˆƒπœ€ > 0 s.t. every language computable in poly(π‘œ) time and π‘œ πœ€ space has an unconditionally sound interactive proof where: 1. Verifier is (almost) linear time. 2. Prover is polynomial-time. 3. Constant number of rounds.

  18. Sublinear Time Verification Motivation: statistical analysis of vast amounts of data. Huge Database Huge Database

  19. Sublinear Time Verification Can we verify without even reading the input? Yes! If we allow for approximation. Following Property Testing [GGR98] : only required to reject inputs that are far from the language.

  20. Sublinear Time Verification Revisiting classical notions of proof-systems: Gur-R13, NP Fischer-Goldhirsh-Lachish13, Goldreich-Gur-R15 Rothblum-Vadhan-Wigderson13, Kalai-R15, Goldreich-Gur-R15, Interactive Proof Goldreich-Gur16, Reingold-Rothblum-R16, Gur-R17 Zero-Knowledge Berman-R-Vaikuntanathan17 Ergun-Kumar-Rubinfeld04, Dinur-Reingold06, PCP/MIP BenSasson-Goldreich-Harsha-Sudan-Vadhan06, Gur-Ramnarayan-R17

  21. Open Problems β€’ Research directions: – Bridge theory and practice. – Sublinear time verification. β€’ Concrete questions: – IP=PSPACE with β€œefficient” prover. – Batch verification for all of NP. – [GR17]: Simpler and more efficient protocols (even for smaller classes). – Improve [RRR16] round complexity: even exponentially.

Recommend

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2 Interactive Proofs IP[k] IP[poly] = PSPACE 2 Interactive Proofs IP[k] IP[poly] = PSPACE IP protocol for TQBF using arithmetization 2 Interactive

1.75k views β€’ 136 slides
Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge Iftach Haitner, Tel Aviv University December 4, 2011 IP for GNI Part I Interactive Proofs IP for GNI Interactive Vs. Interactive Proofs Definition 1 (

1.51k views β€’ 110 slides
Interactive Proof System We have seen interactive proofs, in various disguised forms, in the

Interactive Proof System We have seen interactive proofs, in various disguised forms, in the

Interactive Proof System We have seen interactive proofs, in various disguised forms, in the definitions of NP , OTM, Cook reduction and PH . We will see that interactive proofs have fundamental connections to cryptography and approximation

1.46k views β€’ 107 slides
Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos,

Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos,

Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos, Geoffroy Couteau 1 /11 Zero-Knowledge Proof prover verifier Complete: if P knows a solution, V accepts Sound: if there is no solution, P

1.25k views β€’ 27 slides
Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs Prover wants to convince verifier that x has some property Interactive Proofs Prover wants to convince verifier that x has some property i.e. x is in

3.29k views β€’ 145 slides
Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive Proofs 2 Interactive Proofs Prover wants to convince verifier that x has some property 2 Interactive Proofs Prover wants to convince verifier

1.9k views β€’ 174 slides
(Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit.

(Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit.

15-251: Great Theoretical Ideas in Computer Science Lecture 24 (Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit. Then there was Russell Principia Mathematica Volume 2 Russell and others worked

949 views β€’ 50 slides
for Linear Algebra Christopher Hickey Graham Cormode University of Warwick Our Model

for Linear Algebra Christopher Hickey Graham Cormode University of Warwick Our Model

Efficient Interactive Proofs for Linear Algebra Christopher Hickey Graham Cormode University of Warwick Our Model Streaming Interactive Proofs Data, S, in the Cloud F(S) = ? F(S) Conversation Helper Verifier Completeness An

490 views β€’ 20 slides
Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at,

Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at,

Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at, Cottbus-Senftenberg, Germany Colloquium Logicum Hamburg, September 2016 joint work with M. Baartse Klaus Meer Real Interactive Proofs for VPSPACE 1.

800 views β€’ 36 slides
Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in

Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in

Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in Austria and Stefan Katzenbeisser Technische Universitt Mnchen Institut fr Informatik Towards Human Interactive Proofs in the Text-Domain

572 views β€’ 29 slides
Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of

Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of

Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of Pennsylvania Probabilistic Programming Semantics 2016 Interactive Proofs 2/47 Interactive Proofs 2/47 Interactive Proofs 2/47 Interactive

1.17k views β€’ 86 slides
Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne Broadbent (U. of Ottawa) arxiv:1911.07782 Quantum found. QZK Crypto TCS 2 / 19 Interactive proofs 3 / 19 Interactive proofs L NP P V 0

1.06k views β€’ 89 slides
Easy Generation and Efficient Validation of Proofs for SAT and QBF Marijn J.H. Heule 1/37

Easy Generation and Efficient Validation of Proofs for SAT and QBF Marijn J.H. Heule 1/37

Easy Generation and Efficient Validation of Proofs for SAT and QBF Marijn J.H. Heule 1/37 Introduction to SAT and QBF Clausal Proof Systems for SAT and QBF Abstract Proof System for SAT Inprocessing Clausal Proofs for QBF Preprocessing

919 views β€’ 48 slides
Efficient Extraction of Skolem Functions from QRAT Proofs Marijn J.H. Heule Joint work with

Efficient Extraction of Skolem Functions from QRAT Proofs Marijn J.H. Heule Joint work with

Efficient Extraction of Skolem Functions from QRAT Proofs Marijn J.H. Heule Joint work with Martina Seidl and Armin Biere FMCAD, October 23, 2014 1/22 Introduction and Challenges From Clausal Proofs to Skolem Functions Running Example

322 views β€’ 28 slides
On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs

On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs

On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs Robert Rothenberg 1 2 1 School of Computer Science University of St Andrews 2 Interactive Information, Ltd Edinburgh Workshop in Honour of Roy

393 views β€’ 26 slides
Development of a Verified, Efficient Checker for SAT Proofs Matt Kaufmann (In collaboration with

Development of a Verified, Efficient Checker for SAT Proofs Matt Kaufmann (In collaboration with

I NTRODUCTION A S EQUENCE OF C HECKERS C ONCLUSION R EFERENCES Development of a Verified, Efficient Checker for SAT Proofs Matt Kaufmann (In collaboration with Marijn Heule and Warren Hunt, Jr.) ACL2 Seminar The University of Texas at Austin

621 views β€’ 49 slides
Development of a Verified, Efficient Checker for SAT Proofs Matt Kaufmann (With contributions

Development of a Verified, Efficient Checker for SAT Proofs Matt Kaufmann (With contributions

T HE P ROBLEM T OWARDS A S OLUTION A S EQUENCE OF C HECKERS R ELATED W ORK C ONCLUSION R EFERENCES Development of a Verified, Efficient Checker for SAT Proofs Matt Kaufmann (With contributions from Marijn Heule, Warren Hunt, and Nathan Wetzler)

216 views β€’ 21 slides
Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable

Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable

S C I E N C E P A S S I O N T E C H N O L O G Y Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability Olivier Blazy 1 , David Derler 2 , Daniel Slamanig 2 , Raphael

345 views β€’ 21 slides
Efficient Delegation of Zero-Knowledge Proofs of Knowledge in a Pairing-Friendly Setting ebastien

Efficient Delegation of Zero-Knowledge Proofs of Knowledge in a Pairing-Friendly Setting ebastien

Efficient Delegation of Zero-Knowledge Proofs of Knowledge in a Pairing-Friendly Setting ebastien Canard (1) , David Pointcheval (2) and Olivier Sanders (1 , 2) S (1) Orange Labs, Caen, France (2) Ecole Normale Sup erieure, Paris,

556 views β€’ 31 slides
Doubly-Linked Lists 4-02-2013 Doubly-linked list Implementation of List ListIterator

Doubly-Linked Lists 4-02-2013 Doubly-linked list Implementation of List ListIterator

Doubly-Linked Lists 4-02-2013 Doubly-linked list Implementation of List ListIterator Reading: Maciel, Chapter 13 HW#4 due: Wednesday, 4/03 (new ew due e dat ate) e) Quiz on Thursday, 4/04, on nodes & pointers Review Session on

1.04k views β€’ 37 slides
Lin inear Multi-Prover In Interactive Proofs Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu

Lin inear Multi-Prover In Interactive Proofs Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu

Quasi-Optimal SNARGs via ia Lin inear Multi-Prover In Interactive Proofs Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Non-Interactive Arguments for NP = , = 1 for some (, )

629 views β€’ 36 slides
DRAT-trim: Efficient Checking and Trimming Using Expressive Clausal Proofs Nathan Wetzler

DRAT-trim: Efficient Checking and Trimming Using Expressive Clausal Proofs Nathan Wetzler

DRAT-trim: Efficient Checking and Trimming Using Expressive Clausal Proofs Nathan Wetzler Marijn J.H. Heule Warren A. Hunt, Jr. The University of Texas at Austin Theory and Applications of Satisfiability Solving (SAT)

531 views β€’ 33 slides
Interactive Proofs Lecture 17 IP = PSPACE 1 So far 2 So far IP 2 So far IP AM, MA 2 So

Interactive Proofs Lecture 17 IP = PSPACE 1 So far 2 So far IP 2 So far IP AM, MA 2 So

Interactive Proofs Lecture 17 IP = PSPACE 1 So far 2 So far IP 2 So far IP AM, MA 2 So far IP AM, MA GNI IP 2 So far IP AM, MA GNI IP GNI AM 2 So far IP AM, MA GNI IP GNI AM Using AM protocol for set

1.45k views β€’ 113 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Jacques-Henri Jourdan 2 Ralf Jung 3 Joseph Tassarotti 4 Jan-Oliver Kaiser 3 Amin Timany 5 eraud 6 Derek Dreyer 3 Arthur Chargu 1 Delft

1.55k views β€’ 141 slides

More recommend