interactive proofs
play

Interactive Proofs Lecture 19 And Beyond 1 So far 2 So far IP - PowerPoint PPT Presentation

Oct 18, 2022 •163 likes •1.33k views

Interactive Proofs Lecture 19 And Beyond 1 So far 2 So far IP = PSPACE = AM[poly] 2 So far IP = PSPACE = AM[poly] PSPACE enough to calculate max Pr[yes] 2 So far IP = PSPACE = AM[poly] PSPACE enough to calculate max Pr[yes] AM[poly]

  1. Program Checking and IP PC for L from IP protocols (for L and L c ) L PC must be efficient. Provers may not be Prover Verifier If provers (for L and L c ) are efficient given L-oracle, can construct PC! x P User f(x) or P ! f 8

  2. Program Checking and IP PC for L from IP protocols (for L and L c ) L PC must be efficient. Provers may not be Prover Verifier If provers (for L and L c ) are efficient given L-oracle, can construct PC! x P User f(x) or P ! f 8

  3. Program Checking and IP PC for L from IP protocols (for L and L c ) L PC must be efficient. Provers may not be Prover Verifier If provers (for L and L c ) are efficient given L-oracle, can construct PC! x P User f(x) or P ! f 8

  4. Program Checking and IP PC for L from IP protocols (for L and L c ) L PC must be efficient. Provers may not be Prover Verifier If provers (for L and L c ) are efficient given L-oracle, can construct PC! x Retains completeness and P soundness User f(x) or P ! f 8

  5. Program Checking and IP PC for L from IP protocols (for L and L c ) L PC must be efficient. Provers may not be Prover Verifier If provers (for L and L c ) are efficient given L-oracle, can construct PC! x Retains completeness and P soundness User f(x) or P ! f e.g. For PSPACE-complete L (why?) 8

  6. Program Checking and IP PC for L from IP protocols (for L and L c ) L PC must be efficient. Provers may not be Prover Verifier If provers (for L and L c ) are efficient given L-oracle, can construct PC! x Retains completeness and P soundness User f(x) or P ! f e.g. For PSPACE-complete L (why?) How about Graph Isomorphism? 8

  7. Program Checking for GI 9

  8. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≡ G 1 , try to extract the isomorphism 9

  9. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≡ G 1 , try to extract the isomorphism Pick node v 1 in G 0 . For each node u in G 1 attach a marker (say a large clique) to u and v 1 and ask if the new graphs G 0 ’ and G 1 ’ are isomorphic. 9

  10. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≡ G 1 , try to extract the isomorphism Pick node v 1 in G 0 . For each node u in G 1 attach a marker (say a large clique) to u and v 1 and ask if the new graphs G 0 ’ and G 1 ’ are isomorphic. If P says no for all u in G 1 , report “P bad” 9

  11. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≡ G 1 , try to extract the isomorphism Pick node v 1 in G 0 . For each node u in G 1 attach a marker (say a large clique) to u and v 1 and ask if the new graphs G 0 ’ and G 1 ’ are isomorphic. If P says no for all u in G 1 , report “P bad” Else remember v 1 � u, and continue with v 2 ; keep old markers and use new larger markers to get G 0 ’’ and G 1 ’’ 9

  12. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≡ G 1 , try to extract the isomorphism Pick node v 1 in G 0 . For each node u in G 1 attach a marker (say a large clique) to u and v 1 and ask if the new graphs G 0 ’ and G 1 ’ are isomorphic. If P says no for all u in G 1 , report “P bad” Else remember v 1 � u, and continue with v 2 ; keep old markers and use new larger markers to get G 0 ’’ and G 1 ’’ On finding isomorphism, verify and output G 0 ≡ G 1 9

  13. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≡ G 1 , try to extract the isomorphism Pick node v 1 in G 0 . For each node u in G 1 attach a marker (say a large clique) to u and v 1 and ask if the new graphs G 0 ’ and G 1 ’ are isomorphic. If P says no for all u in G 1 , report “P bad” Else remember v 1 � u, and continue with v 2 ; keep old markers and use new larger markers to get G 0 ’’ and G 1 ’’ On finding isomorphism, verify and output G 0 ≡ G 1 Note: An IP protocol (i.e., NP proof) for GI, where prover is in P GI 9

  14. Program Checking for GI 10

  15. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≢ G 1 , test P similar to in IP protocol for GNI (coke from can/bottle) 10

  16. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≢ G 1 , test P similar to in IP protocol for GNI (coke from can/bottle) Let H = π (G b ) where π is a random permutation and b = 0 or 1 at random 10

  17. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≢ G 1 , test P similar to in IP protocol for GNI (coke from can/bottle) Let H = π (G b ) where π is a random permutation and b = 0 or 1 at random Run P(G 0 ,H) with many such H 10

  18. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≢ G 1 , test P similar to in IP protocol for GNI (coke from can/bottle) Let H = π (G b ) where π is a random permutation and b = 0 or 1 at random Run P(G 0 ,H) with many such H If P says G 0 ≡ H exactly whenever b=0, output G 0 ≢ G 1 10

  19. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≢ G 1 , test P similar to in IP protocol for GNI (coke from can/bottle) Let H = π (G b ) where π is a random permutation and b = 0 or 1 at random Run P(G 0 ,H) with many such H If P says G 0 ≡ H exactly whenever b=0, output G 0 ≢ G 1 Else output “Bad P” 10

  20. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≢ G 1 , test P similar to in IP protocol for GNI (coke from can/bottle) Let H = π (G b ) where π is a random permutation and b = 0 or 1 at random Run P(G 0 ,H) with many such H If P says G 0 ≡ H exactly whenever b=0, output G 0 ≢ G 1 Else output “Bad P” Note: Prover in the IP protocol for GNI is in P GI 10

  21. Multi-Prover Interactive Proofs 11

  22. Multi-Prover Interactive Proofs Interrogate multiple provers separately 11

  23. Multi-Prover Interactive Proofs Interrogate multiple provers separately Provers can’ t talk to each other during the interrogation (but can agree on a strategy a priori) 11

  24. Multi-Prover Interactive Proofs Interrogate multiple provers separately Provers can’ t talk to each other during the interrogation (but can agree on a strategy a priori) Verifier cross-checks answers from the provers 11

  25. Multi-Prover Interactive Proofs Interrogate multiple provers separately Provers can’ t talk to each other during the interrogation (but can agree on a strategy a priori) Verifier cross-checks answers from the provers 2 provers as good as k provers 11

  26. Multi-Prover Interactive Proofs Interrogate multiple provers separately Provers can’ t talk to each other during the interrogation (but can agree on a strategy a priori) Verifier cross-checks answers from the provers 2 provers as good as k provers MIP = NEXP 11

  27. Multi-Prover Interactive Proofs Interrogate multiple provers separately Provers can’ t talk to each other during the interrogation (but can agree on a strategy a priori) Verifier cross-checks answers from the provers 2 provers as good as k provers MIP = NEXP Parallel repetition theorem highly non-trivial! 11

  28. Probabilistically Checkable Proofs (PCPs) 12

  29. Probabilistically Checkable Proofs (PCPs) Prover submits a (very long) written proof 12

  30. Probabilistically Checkable Proofs (PCPs) Prover submits a (very long) written proof Verifier reads some positions (probabilistically chosen) from the proof and decides to accept or reject 12

  31. Probabilistically Checkable Proofs (PCPs) Prover submits a (very long) written proof Verifier reads some positions (probabilistically chosen) from the proof and decides to accept or reject PCP[r,q]: length of proof 2 r , number of queries q 12

  32. Probabilistically Checkable Proofs (PCPs) Prover submits a (very long) written proof Verifier reads some positions (probabilistically chosen) from the proof and decides to accept or reject PCP[r,q]: length of proof 2 r , number of queries q Intuitively, in MIP, the provers cannot change their strategy (because one does not know what the other sees), so must stick to a prior agreed up on strategy 12

  33. Probabilistically Checkable Proofs (PCPs) Prover submits a (very long) written proof Verifier reads some positions (probabilistically chosen) from the proof and decides to accept or reject PCP[r,q]: length of proof 2 r , number of queries q Intuitively, in MIP, the provers cannot change their strategy (because one does not know what the other sees), so must stick to a prior agreed up on strategy Which will be the written proof 12

  34. Probabilistically Checkable Proofs (PCPs) Prover submits a (very long) written proof Verifier reads some positions (probabilistically chosen) from the proof and decides to accept or reject PCP[r,q]: length of proof 2 r , number of queries q Intuitively, in MIP, the provers cannot change their strategy (because one does not know what the other sees), so must stick to a prior agreed up on strategy Which will be the written proof PCP[poly,poly] = MIP = NEXP 12

  35. PCP Theorem 13

  36. PCP Theorem NP = PCP[log,const] 13

  37. PCP Theorem NP = PCP[log,const] PCP is only poly long (just like usual NP certificate) 13

  38. PCP Theorem NP = PCP[log,const] PCP is only poly long (just like usual NP certificate) But verifier reads only constantly many bits! 13

  39. PCP Theorem NP = PCP[log,const] PCP is only poly long (just like usual NP certificate) But verifier reads only constantly many bits! Extensively useful in proving “hardness of approximation” results for optimization problems 13

  40. PCP Theorem NP = PCP[log,const] PCP is only poly long (just like usual NP certificate) But verifier reads only constantly many bits! Extensively useful in proving “hardness of approximation” results for optimization problems Also useful in certain cryptographic protocols 13

  41. Zero-Knowledge Proofs 14

  42. Zero-Knowledge Proofs Interactive Proof for membership in L 14

  43. Zero-Knowledge Proofs Interactive Proof for membership in L Complete and Sound 14

  44. Zero-Knowledge Proofs Interactive Proof for membership in L Complete and Sound ZK Property: Verifier “learns nothing” except that x is in L 14

  45. Zero-Knowledge Proofs Interactive Proof for membership in L Complete and Sound ZK Property: Verifier “learns nothing” except that x is in L 14

  46. Zero-Knowledge Proofs Interactive Proof for membership in L Complete and Sound ZK Property: Verifier “learns nothing” except that x is in L 14

  47. Zero-Knowledge Proofs Interactive Proof for membership in L Complete and Sound ZK Property: Verifier “learns nothing” except that x is in L 14

Recommend

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2 Interactive Proofs IP[k] IP[poly] = PSPACE 2 Interactive Proofs IP[k] IP[poly] = PSPACE IP protocol for TQBF using arithmetization 2 Interactive

1.75k views • 136 slides
Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge Iftach Haitner, Tel Aviv University December 4, 2011 IP for GNI Part I Interactive Proofs IP for GNI Interactive Vs. Interactive Proofs Definition 1 (

1.51k views • 110 slides
Interactive Proof System We have seen interactive proofs, in various disguised forms, in the

Interactive Proof System We have seen interactive proofs, in various disguised forms, in the

Interactive Proof System We have seen interactive proofs, in various disguised forms, in the definitions of NP , OTM, Cook reduction and PH . We will see that interactive proofs have fundamental connections to cryptography and approximation

1.46k views • 107 slides
Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs Prover wants to convince verifier that x has some property Interactive Proofs Prover wants to convince verifier that x has some property i.e. x is in

3.29k views • 145 slides
Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive Proofs 2 Interactive Proofs Prover wants to convince verifier that x has some property 2 Interactive Proofs Prover wants to convince verifier

1.9k views • 174 slides
(Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit.

(Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit.

15-251: Great Theoretical Ideas in Computer Science Lecture 24 (Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit. Then there was Russell Principia Mathematica Volume 2 Russell and others worked

949 views • 50 slides
Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at,

Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at,

Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at, Cottbus-Senftenberg, Germany Colloquium Logicum Hamburg, September 2016 joint work with M. Baartse Klaus Meer Real Interactive Proofs for VPSPACE 1.

800 views • 36 slides
Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in

Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in

Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in Austria and Stefan Katzenbeisser Technische Universitt Mnchen Institut fr Informatik Towards Human Interactive Proofs in the Text-Domain

572 views • 29 slides
Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of

Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of

Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of Pennsylvania Probabilistic Programming Semantics 2016 Interactive Proofs 2/47 Interactive Proofs 2/47 Interactive Proofs 2/47 Interactive

1.17k views • 86 slides
Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne Broadbent (U. of Ottawa) arxiv:1911.07782 Quantum found. QZK Crypto TCS 2 / 19 Interactive proofs 3 / 19 Interactive proofs L NP P V 0

1.06k views • 89 slides
On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs

On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs

On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs Robert Rothenberg 1 2 1 School of Computer Science University of St Andrews 2 Interactive Information, Ltd Edinburgh Workshop in Honour of Roy

393 views • 26 slides
Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable

Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable

S C I E N C E P A S S I O N T E C H N O L O G Y Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability Olivier Blazy 1 , David Derler 2 , Daniel Slamanig 2 , Raphael

345 views • 21 slides
Lin inear Multi-Prover In Interactive Proofs Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu

Lin inear Multi-Prover In Interactive Proofs Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu

Quasi-Optimal SNARGs via ia Lin inear Multi-Prover In Interactive Proofs Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Non-Interactive Arguments for NP = , = 1 for some (, )

629 views • 36 slides
Interactive Proofs Lecture 17 IP = PSPACE 1 So far 2 So far IP 2 So far IP AM, MA 2 So

Interactive Proofs Lecture 17 IP = PSPACE 1 So far 2 So far IP 2 So far IP AM, MA 2 So

Interactive Proofs Lecture 17 IP = PSPACE 1 So far 2 So far IP 2 So far IP AM, MA 2 So far IP AM, MA GNI IP 2 So far IP AM, MA GNI IP GNI AM 2 So far IP AM, MA GNI IP GNI AM Using AM protocol for set

1.45k views • 113 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Jacques-Henri Jourdan 2 Ralf Jung 3 Joseph Tassarotti 4 Jan-Oliver Kaiser 3 Amin Timany 5 eraud 6 Derek Dreyer 3 Arthur Chargu 1 Delft

1.55k views • 141 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Jacques-Henri Jourdan 2 Ralf Jung 3 Joseph Tassarotti 4 Jan-Oliver Kaiser 3 Amin Timany 5 eraud 6 Derek Dreyer 3 Arthur Chargu 1 Delft

710 views • 49 slides
Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L.

Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L.

Introduction Parallelism Primitives Parallelizing ACL2 Evaluate Approach Conclusion Talking Points Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L. Rager ragerdl@gmail.com June 17, 2013 1 /

751 views • 57 slides
Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive

Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive

Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive Proofs Proofs Graham Cormode G.Cormode@warwick.ac.uk Amit Chakrabarti (Dartmouth) Andrew McGregor (U Mass Amherst) Justin Thaler (Harvard/Yahoo!)

257 views • 14 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Delft University of Technology, The Netherlands October 9, 2018 @ Types Meeting, Aarhus, Denmark 1 MoSeL is joint work with Jacques-Henri

1.14k views • 98 slides
Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Euclid (300 BC) Proofs, Continued Today Proofs : A style guide Proofs should be easy to verify. All the cleverness goes into finding/writing the proof, not reading/verifying it! P vs. NP (informally) : P =

682 views • 21 slides
for Linear Algebra Christopher Hickey Graham Cormode University of Warwick Our Model

for Linear Algebra Christopher Hickey Graham Cormode University of Warwick Our Model

Efficient Interactive Proofs for Linear Algebra Christopher Hickey Graham Cormode University of Warwick Our Model Streaming Interactive Proofs Data, S, in the Cloud F(S) = ? F(S) Conversation Helper Verifier Completeness An

490 views • 20 slides
Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth workshop Introduction to the workshop PROOFS: Security Proofs for Embedded Systems UCSB August 20, 2016 5th edition of PROOFS PROOFS 2012:

311 views • 7 slides
Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2

Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2

Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2 Lars Birkedal 3 1 Delft University of Technology, The Netherlands 2 imec-Distrinet, KU Leuven, Belgium 3 Aarhus University, Denmark January 18, 2017 @

953 views • 71 slides
Lecture 2 : Interactive Proofs in EasyCrypt July 16th, 2013 The Ambient Logic EasyCrypt ambient

Lecture 2 : Interactive Proofs in EasyCrypt July 16th, 2013 The Ambient Logic EasyCrypt ambient

Lecture 2 : Interactive Proofs in EasyCrypt July 16th, 2013 The Ambient Logic EasyCrypt ambient logic is a general higher-order logic. In this talk How define facts about user defined operators How to prove them when automatic techniques

1.08k views • 71 slides

More recommend