Introduction Setting Vector Spaces Modules Outlook Interactive Certificates for Polynomial Matrices with Sub-Linear Communication Daniel S. Roche Computer Science Department United States Naval Academy Annapolis, Maryland, U.S.A. 6 March 2019 CUNY/Courant Seminar in Symbolic-Numeric Computing Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 1 / 30
Introduction Setting Vector Spaces Modules Outlook Collaborators David Lucas Vincent Neiger U. Grenoble Alpes U. Limoges Cl´ ement Pernet Johan Rosenkilde U. Grenoble Alpes TU Denmark Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 2 / 30
Introduction Setting Vector Spaces Modules Outlook Traditional Computation Input : Problem description (e.g., a matrix) Output : Solution (e.g., its determinant) Generally assumes: One problem at a time One user One computer Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 3 / 30
Introduction Setting Vector Spaces Modules Outlook Verified Computation Input : Problem description and a “claimed” solution Output : Accept or reject Goals: Be much faster than traditional computation Assume nothing about the possible solution Always accept a correct solution Almost always reject an incorrect solution, even if someone tried very hard to trick you Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 4 / 30
Introduction Setting Vector Spaces Modules Outlook Applications for verified computing High-performance distributed computing : Running large computations on many nodes, failures will occur. Cloud computing : “Client” doesn’t know how the result was computed, but wants to check it. Monte carlo or heuristic algorithms : Run fast but possibly-erroneous algorithm, then verify the result. Many theoretical runtime bounds are very pessimistic! Smart contracts ? Perhaps to ensure some payment for correct results Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 5 / 30
Introduction Setting Vector Spaces Modules Outlook Outline 1 Introduction and Motivation 2 Setting and background 3 Vector space problems (“easy”) 4 Lattice/Module problems (harder) 5 Outlook Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 6 / 30
Introduction Setting Vector Spaces Modules Outlook Two approaches to verification 1 Generic verification Work for any problem in some computational model Prover and Verifier must follow the same algorithm Often based on computational hardness assumptions (crypto) Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 7 / 30
Introduction Setting Vector Spaces Modules Outlook Two approaches to verification 1 Generic verification Work for any problem in some computational model Prover and Verifier must follow the same algorithm Often based on computational hardness assumptions (crypto) 2 Problem-specific verification Verify the solution to one class of problems Can achieve (much) greater efficiency Usually provide information-theoretic security Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 7 / 30
Introduction Setting Vector Spaces Modules Outlook Generic verification algorithms x 1 x 2 x 3 General idea : View computation as an arithmetic circuit, − + then cryptographically verify circuit execution × Some results : Goldwasser, Kalai, & Rothblum. “Delegating computation: Interactive proofs for muggles”. STOC 2008. Parno, Howell, Gentry, & Raykova. “Pinocchio: Nearly Practical Verifiable Computation”. IEEE Security & Privacy 2013. Thaler, Roberts, Mitzenmacher, & Pfister. “Verifiable Computation with Massively Parallel Interactive Proofs”. USENIX HotCloud 2013. Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 8 / 30
Introduction Setting Vector Spaces Modules Outlook Linear Algebra Verification Problem-specific methods : Freivalds (1977). Non-interactive, randomized certificate for matrix multiplication Kaltofen, Nehring, Saunders (ISSAC 2011). Generic interactive linear-algebra certificates � n 2 � in � O time and communication. Dumas, Kaltofen, Thom´ e, & Villard (ISSAC 2016). Matrix minpoly and determinant, at the cost of matrix-vector product. Dumas, Lucas, Pernet (ISSAC 2017). Rank (profile), LU decomposition, and more, with O ( n ) communication and O ( n 2 ) verification time. Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 9 / 30
Introduction Setting Vector Spaces Modules Outlook Example verification protocol Claim: Company had X dollars of revenue last year. Prover Verifier 1. Commitment Y 1 , . . . , Y 12 − − − − − − − − − − − − − − → 2. Challenge i ∈ { 1 , . . . , 12 } ← − − − − − − − − − − − − − − 3. Response Receipts from month i − − − − − − − − − − − − − − − − − − − − − − → 4. Check ? Y 1 + · · · + Y 12 = X Receipts match for month i Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 10 / 30
Introduction Setting Vector Spaces Modules Outlook Our Setting We will develop interactive verification protocols between a Prover and a Verifier, to verify a claim. Public information : The input and output are known to everyone, and do not need to be communicated. Completeness : If the claim is true, the protocol always accepts. Soundness : If the claim is false, the protocol does not accept with probability at least 1 − ǫ . Fast Prover : The time for the Prover should at most the cost to perform the original computation. Faster Verifier : The time for the Verifier should be linear in the size of the public information. Low communication : The amount of data transferred should be as little as possible, less than the size of the public information. Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 11 / 30
Introduction Setting Vector Spaces Modules Outlook Caution: Lies Our results apply only to polynomial matrices. In this talk I will mostly show integer matrices. THIS IS A LIE — I will try to point out when. x 2 2 x + 7 x + 6 27 100 16 3 x 2 + 5 8 4 x 8 305 40 x 2 + x 3 x 2 + 1 0 110 0 301 Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 12 / 30
Introduction Setting Vector Spaces Modules Outlook A useful tool The entries of input matrix A ∈ Z n × n may have large bit-length. Write d = log 2 � A � ∞ . Lemma For a random prime p with O (log d ) bits, with high probability, A = B if and only if ( A mod p ) = ( B mod p ) . Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 13 / 30
Introduction Setting Vector Spaces Modules Outlook A useful tool The entries of input matrix A ∈ Z n × n may have large bit-length. Write d = log 2 � A � ∞ . Lemma For a random prime p with O (log d ) bits, with high probability, A = B if and only if ( A mod p ) = ( B mod p ) . Lemma For most primes p with more than O (log d + log n ) bits, rank( A mod p ) = rank A . Proof : Hadamard’s bound on the determinant, plus bounds on the prime counting function. For this talk, we assume needed primes p are word-size. Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 13 / 30
Introduction Setting Vector Spaces Modules Outlook MatrixMul Public: Matrices A , B , C ∈ Z n × n Claim: AB = C Prover Verifier p ← random prime c ∈ F n × 1 random p ? ( A mod p )(( B mod p ) c ) = ( C mod p ) c Notice: No communication! Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 14 / 30
Introduction Setting Vector Spaces Modules Outlook MatrixMul analysis Assume p is word-size and write d = max(log 2 � A � ∞ , log 2 � B � ∞ , log 2 � C � ∞ ) Completeness : If AB = C , it always succeeds. Soundness : Follows from previous lemma and Frievalds in F p Communication : none! Verifier : O ( n 2 d ) Prover : no cost! Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 15 / 30
Introduction Setting Vector Spaces Modules Outlook Nonsingularity Public: Matrix A ∈ Z n × n Claim: A is nonsingular Prover Verifier prime p − − − − − − − − − − − − − − → random c ∈ F n × 1 p ← − − − − − − − − − − − − − − − − w ∈ F n × 1 p − − − − − − − − − − − − − − → ? ( A mod p ) w = c Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 16 / 30
Introduction Setting Vector Spaces Modules Outlook Nonsingularity example Public Data 722 203 77 438 667 3 861 543 A = 670 568 424 373 432 172 356 168 Protocol Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 17 / 30
Introduction Setting Vector Spaces Modules Outlook Nonsingularity example Public Data 722 203 77 438 667 3 861 543 A = 670 568 424 373 432 172 356 168 Protocol mod 17 p Prover (1) Dan Roche (USNA) Polynomial Matrix Certificates 6 March 2019 17 / 30
Recommend
More recommend
