interactive proofs
play

Interactive Proofs Lecture 17 IP = PSPACE 1 So far 2 So far IP - PowerPoint PPT Presentation

Jan 17, 2023 •309 likes •1.45k views

Interactive Proofs Lecture 17 IP = PSPACE 1 So far 2 So far IP 2 So far IP AM, MA 2 So far IP AM, MA GNI IP 2 So far IP AM, MA GNI IP GNI AM 2 So far IP AM, MA GNI IP GNI AM Using AM protocol for set

  1. Arithmetization A Boolean formula as a polynomial Arithmetic over a (finite, exponentially large) field 0 and 1 (identities of addition and multiplication) instead of True and False For formula F , polynomial P such that for boolean vector b and corresponding 0-1 vector x we have F(b) = P(x) NOT: (1-x); AND: x.y OR (as NOT of AND of NOT): 1 - (1-x).(1-y) 9

  2. Arithmetization A Boolean formula as a polynomial Arithmetic over a (finite, exponentially large) field 0 and 1 (identities of addition and multiplication) instead of True and False For formula F , polynomial P such that for boolean vector b and corresponding 0-1 vector x we have F(b) = P(x) NOT: (1-x); AND: x.y OR (as NOT of AND of NOT): 1 - (1-x).(1-y) Exercise: Arithmetize x=y (now!). Degree? Size? 9

  3. Arithmetization A Boolean formula as a polynomial Arithmetic over a (finite, exponentially large) field 0 and 1 (identities of addition and multiplication) instead of True and False For formula F , polynomial P such that for boolean vector b and corresponding 0-1 vector x we have F(b) = P(x) NOT: (1-x); AND: x.y OR (as NOT of AND of NOT): 1 - (1-x).(1-y) Exercise: Arithmetize x=y (now!). Degree? Size? Can always use a polynomial linear in each variable since x n =x for x=0 and x=1 9

  4. Arithmetization 10

  5. Arithmetization A QBF as a polynomial 10

  6. Arithmetization A QBF as a polynomial TRUE will correspond to > 0, and FALSE, = 0 10

  7. Arithmetization A QBF as a polynomial TRUE will correspond to > 0, and FALSE, = 0 Suppose for Boolean formula F , polynomial P 10

  8. Arithmetization A QBF as a polynomial TRUE will correspond to > 0, and FALSE, = 0 Suppose for Boolean formula F , polynomial P ∃ x F(x) → P(0) + P(1) > 0 (i.e., Σ x=0,1 P(x) > 0) 10

  9. Arithmetization A QBF as a polynomial TRUE will correspond to > 0, and FALSE, = 0 Suppose for Boolean formula F , polynomial P ∃ x F(x) → P(0) + P(1) > 0 (i.e., Σ x=0,1 P(x) > 0) ∀ x F(x) → P(0).P(1) > 0 (i.e., Π x=0,1 P(x) > 0) 10

  10. Arithmetization A QBF as a polynomial TRUE will correspond to > 0, and FALSE, = 0 Suppose for Boolean formula F , polynomial P ∃ x F(x) → P(0) + P(1) > 0 (i.e., Σ x=0,1 P(x) > 0) ∀ x F(x) → P(0).P(1) > 0 (i.e., Π x=0,1 P(x) > 0) Extends to more quantifiers: i.e., if F(x) is a QBF above 10

  11. Arithmetization A QBF as a polynomial TRUE will correspond to > 0, and FALSE, = 0 Suppose for Boolean formula F , polynomial P ∃ x F(x) → P(0) + P(1) > 0 (i.e., Σ x=0,1 P(x) > 0) ∀ x F(x) → P(0).P(1) > 0 (i.e., Π x=0,1 P(x) > 0) Extends to more quantifiers: i.e., if F(x) is a QBF above So, how do you arithmetize ∃ x ∀ y G(x,y) and ∀ y ∃ x G(x,y)? 10

  12. Arithmetization A QBF as a polynomial TRUE will correspond to > 0, and FALSE, = 0 Suppose for Boolean formula F , polynomial P ∃ x F(x) → P(0) + P(1) > 0 (i.e., Σ x=0,1 P(x) > 0) ∀ x F(x) → P(0).P(1) > 0 (i.e., Π x=0,1 P(x) > 0) Extends to more quantifiers: i.e., if F(x) is a QBF above So, how do you arithmetize ∃ x ∀ y G(x,y) and ∀ y ∃ x G(x,y)? Σ x=0,1 Π y=0,1 P(x,y) > 0 and Π y=0,1 Σ x=0,1 P(x,y) > 0 10

  13. Arithmetization 11

  14. Arithmetization For a protocol for TQBF: Give a protocol for proving that Q 1(x1=0,1) Q 2(x2=0,1) ... Q n(xn=0,1) P(x 1 ,...,x n ) > 0, where Q i are Σ or Π , and P is a (multi-linear) polynomial 11

  15. Arithmetization For a protocol for TQBF: Give a protocol for proving that Q 1(x1=0,1) Q 2(x2=0,1) ... Q n(xn=0,1) P(x 1 ,...,x n ) > 0, where Q i are Σ or Π , and P is a (multi-linear) polynomial Instead suppose all Q i are Σ 11

  16. Arithmetization For a protocol for TQBF: Give a protocol for proving that Q 1(x1=0,1) Q 2(x2=0,1) ... Q n(xn=0,1) P(x 1 ,...,x n ) > 0, where Q i are Σ or Π , and P is a (multi-linear) polynomial Instead suppose all Q i are Σ Counts number of satisfying assignments to an (unquantified) boolean formula F 11

  17. Arithmetization For a protocol for TQBF: Give a protocol for proving that Q 1(x1=0,1) Q 2(x2=0,1) ... Q n(xn=0,1) P(x 1 ,...,x n ) > 0, where Q i are Σ or Π , and P is a (multi-linear) polynomial Instead suppose all Q i are Σ Counts number of satisfying assignments to an (unquantified) boolean formula F Proving > 0 is trivial 11

  18. Arithmetization For a protocol for TQBF: Give a protocol for proving that Q 1(x1=0,1) Q 2(x2=0,1) ... Q n(xn=0,1) P(x 1 ,...,x n ) > 0, where Q i are Σ or Π , and P is a (multi-linear) polynomial Instead suppose all Q i are Σ Counts number of satisfying assignments to an (unquantified) boolean formula F Proving > 0 is trivial Consider proving = K (will be useful in the general case) 11

  19. Sum-check protocol 12

  20. Sum-check protocol To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P 12

  21. Verifier has Sum-check protocol only oracle access to P To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P 12

  22. Verifier has Sum-check protocol only oracle access to P To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Note: to evaluate need to add up 2 n values 12

  23. Verifier has Sum-check protocol only oracle access to P To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Note: to evaluate need to add up 2 n values Base case: n=0. Verifier will simply use oracle access to P. 12

  24. Verifier has Sum-check protocol only oracle access to P To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Note: to evaluate need to add up 2 n values Base case: n=0. Verifier will simply use oracle access to P. For n>0: Let R(X) := Σ x2 ... Σ xn P(X,x 2 ,...,x n ) 12

  25. Verifier has Sum-check protocol only oracle access to P To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Note: to evaluate need to add up 2 n values Base case: n=0. Verifier will simply use oracle access to P. For n>0: Let R(X) := Σ x2 ... Σ xn P(X,x 2 ,...,x n ) Σ x1 ... Σ xn P(x 1 ,...,x n ) = R(0) + R(1) 12

  26. Verifier has Sum-check protocol only oracle access to P To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Note: to evaluate need to add up 2 n values Base case: n=0. Verifier will simply use oracle access to P. For n>0: Let R(X) := Σ x2 ... Σ xn P(X,x 2 ,...,x n ) Σ x1 ... Σ xn P(x 1 ,...,x n ) = R(0) + R(1) R has only one variable and degree at most d 12

  27. Verifier has Sum-check protocol only oracle access to P To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Note: to evaluate need to add up 2 n values Base case: n=0. Verifier will simply use oracle access to P. For n>0: Let R(X) := Σ x2 ... Σ xn P(X,x 2 ,...,x n ) Only Σ , no Π Σ x1 ... Σ xn P(x 1 ,...,x n ) = R(0) + R(1) R has only one variable and degree at most d 12

  28. Verifier has Sum-check protocol only oracle access to P To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Note: to evaluate need to add up 2 n values Base case: n=0. Verifier will simply use oracle access to P. For n>0: Let R(X) := Σ x2 ... Σ xn P(X,x 2 ,...,x n ) Only Σ , no Π Σ x1 ... Σ xn P(x 1 ,...,x n ) = R(0) + R(1) R has only one variable and degree at most d Prover sends T=R (as d+1 coefficients) to verifier 12

  29. Verifier has Sum-check protocol only oracle access to P To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Note: to evaluate need to add up 2 n values Base case: n=0. Verifier will simply use oracle access to P. For n>0: Let R(X) := Σ x2 ... Σ xn P(X,x 2 ,...,x n ) Only Σ , no Π Σ x1 ... Σ xn P(x 1 ,...,x n ) = R(0) + R(1) R has only one variable and degree at most d Needs degree to be small Prover sends T=R (as d+1 coefficients) to verifier 12

  30. Verifier has Sum-check protocol only oracle access to P To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Note: to evaluate need to add up 2 n values Base case: n=0. Verifier will simply use oracle access to P. For n>0: Let R(X) := Σ x2 ... Σ xn P(X,x 2 ,...,x n ) Only Σ , no Π Σ x1 ... Σ xn P(x 1 ,...,x n ) = R(0) + R(1) R has only one variable and degree at most d Needs degree to be small Prover sends T=R (as d+1 coefficients) to verifier Verifier checks K = T(0) + T(1). Still needs to check T=R 12

  31. Sum-check protocol 13

  32. Sum-check protocol To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P 13

  33. Sum-check protocol To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Verifier wants to check T(X) = R(X) := Σ x2 ... Σ xn P(X,x 2 ,...,x n ) 13

  34. Sum-check protocol To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Verifier wants to check T(X) = R(X) := Σ x2 ... Σ xn P(X,x 2 ,...,x n ) Picks random field element a (large enough field) 13

  35. Sum-check protocol To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Verifier wants to check T(X) = R(X) := Σ x2 ... Σ xn P(X,x 2 ,...,x n ) Picks random field element a (large enough field) Asks prover to prove that T(a) = R(a) = Σ x2 ... Σ xn P(a,x 2 ,...,x n ) 13

  36. Sum-check protocol To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Verifier wants to check T(X) = R(X) := Σ x2 ... Σ xn P(X,x 2 ,...,x n ) Picks random field element a (large enough field) Asks prover to prove that T(a) = R(a) = Σ x2 ... Σ xn P(a,x 2 ,...,x n ) Recurse on P 1 (x 2 ,...,x n ) = P(a,x 2 ,...,x n ) of one variable less 13

  37. Sum-check protocol To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Verifier wants to check T(X) = R(X) := Σ x2 ... Σ xn P(X,x 2 ,...,x n ) Picks random field element a (large enough field) Asks prover to prove that T(a) = R(a) = Σ x2 ... Σ xn P(a,x 2 ,...,x n ) Recurse on P 1 (x 2 ,...,x n ) = P(a,x 2 ,...,x n ) of one variable less i.e., Recurse to prove Σ x2 ... Σ xn P 1 (x 2 ,...,x n ) = T(a) 13

  38. Sum-check protocol To prove: Σ x1 ... Σ xn P(x 1 ,...,x n ) = K for some degree d polynomial P Verifier wants to check T(X) = R(X) := Σ x2 ... Σ xn P(X,x 2 ,...,x n ) Picks random field element a (large enough field) Asks prover to prove that T(a) = R(a) = Σ x2 ... Σ xn P(a,x 2 ,...,x n ) Recurse on P 1 (x 2 ,...,x n ) = P(a,x 2 ,...,x n ) of one variable less i.e., Recurse to prove Σ x2 ... Σ xn P 1 (x 2 ,...,x n ) = T(a) Note: P 1 has degree at most d; verifier has oracle access to P 1 (as it knows a, and has oracle access to P) 13

  39. Sum-check protocol 14

  40. Sum-check protocol Why does sum-check protocol work? 14

  41. Sum-check protocol Why does sum-check protocol work? Instead of checking T(X) = R(X), simply checks (recursively) if T(a)=R(a) for a single random a in the field 14

  42. Sum-check protocol Can’t afford more than one check Why does sum-check protocol work? Instead of checking T(X) = R(X), simply checks (recursively) if T(a)=R(a) for a single random a in the field 14

  43. Sum-check protocol Can’t afford more than one check Why does sum-check protocol work? Instead of checking T(X) = R(X), simply checks (recursively) if T(a)=R(a) for a single random a in the field Completeness is obvious 14

  44. Sum-check protocol Can’t afford more than one check Why does sum-check protocol work? Instead of checking T(X) = R(X), simply checks (recursively) if T(a)=R(a) for a single random a in the field Completeness is obvious Soundness: Since T(X) and R(X) are of degree d, if T ≠ R, at most d points where they agree 14

  45. Sum-check protocol Can’t afford more than one check Why does sum-check protocol work? Instead of checking T(X) = R(X), simply checks (recursively) if T(a)=R(a) for a single random a in the field Completeness is obvious Soundness: Since T(X) and R(X) are of degree d, if T ≠ R, at most d points where they agree Error (picking a bad a), with probability ≤ d/p, where field is of size p 14

  46. Sum-check protocol Can’t afford more than one check Why does sum-check protocol work? Instead of checking T(X) = R(X), simply checks (recursively) if T(a)=R(a) for a single random a in the field Completeness is obvious Soundness: Since T(X) and R(X) are of degree d, if T ≠ R, at most d points where they agree Error (picking a bad a), with probability ≤ d/p, where field is of size p Also possible error in recursive step (despite good a) 14

  47. Sum-check protocol Can’t afford more than one check Why does sum-check protocol work? Instead of checking T(X) = R(X), simply checks (recursively) if T(a)=R(a) for a single random a in the field Completeness is obvious Soundness: Since T(X) and R(X) are of degree d, if T ≠ R, at most d points where they agree Error (picking a bad a), with probability ≤ d/p, where field is of size p Also possible error in recursive step (despite good a) At most nd/p if n variables. Can take p exponential. 14

  48. IP Protocol for TQBF 15

Recommend

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2 Interactive Proofs IP[k] IP[poly] = PSPACE 2 Interactive Proofs IP[k] IP[poly] = PSPACE IP protocol for TQBF using arithmetization 2 Interactive

1.75k views • 136 slides
Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge Iftach Haitner, Tel Aviv University December 4, 2011 IP for GNI Part I Interactive Proofs IP for GNI Interactive Vs. Interactive Proofs Definition 1 (

1.51k views • 110 slides
Interactive Proof System We have seen interactive proofs, in various disguised forms, in the

Interactive Proof System We have seen interactive proofs, in various disguised forms, in the

Interactive Proof System We have seen interactive proofs, in various disguised forms, in the definitions of NP , OTM, Cook reduction and PH . We will see that interactive proofs have fundamental connections to cryptography and approximation

1.46k views • 107 slides
Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs Prover wants to convince verifier that x has some property Interactive Proofs Prover wants to convince verifier that x has some property i.e. x is in

3.29k views • 145 slides
Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive Proofs 2 Interactive Proofs Prover wants to convince verifier that x has some property 2 Interactive Proofs Prover wants to convince verifier

1.9k views • 174 slides
(Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit.

(Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit.

15-251: Great Theoretical Ideas in Computer Science Lecture 24 (Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit. Then there was Russell Principia Mathematica Volume 2 Russell and others worked

949 views • 50 slides
Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at,

Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at,

Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at, Cottbus-Senftenberg, Germany Colloquium Logicum Hamburg, September 2016 joint work with M. Baartse Klaus Meer Real Interactive Proofs for VPSPACE 1.

800 views • 36 slides
Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in

Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in

Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in Austria and Stefan Katzenbeisser Technische Universitt Mnchen Institut fr Informatik Towards Human Interactive Proofs in the Text-Domain

572 views • 29 slides
Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of

Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of

Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of Pennsylvania Probabilistic Programming Semantics 2016 Interactive Proofs 2/47 Interactive Proofs 2/47 Interactive Proofs 2/47 Interactive

1.17k views • 86 slides
Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne Broadbent (U. of Ottawa) arxiv:1911.07782 Quantum found. QZK Crypto TCS 2 / 19 Interactive proofs 3 / 19 Interactive proofs L NP P V 0

1.06k views • 89 slides
On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs

On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs

On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs Robert Rothenberg 1 2 1 School of Computer Science University of St Andrews 2 Interactive Information, Ltd Edinburgh Workshop in Honour of Roy

393 views • 26 slides
Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable

Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable

S C I E N C E P A S S I O N T E C H N O L O G Y Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability Olivier Blazy 1 , David Derler 2 , Daniel Slamanig 2 , Raphael

345 views • 21 slides
Lin inear Multi-Prover In Interactive Proofs Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu

Lin inear Multi-Prover In Interactive Proofs Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu

Quasi-Optimal SNARGs via ia Lin inear Multi-Prover In Interactive Proofs Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Non-Interactive Arguments for NP = , = 1 for some (, )

629 views • 36 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Jacques-Henri Jourdan 2 Ralf Jung 3 Joseph Tassarotti 4 Jan-Oliver Kaiser 3 Amin Timany 5 eraud 6 Derek Dreyer 3 Arthur Chargu 1 Delft

1.55k views • 141 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Jacques-Henri Jourdan 2 Ralf Jung 3 Joseph Tassarotti 4 Jan-Oliver Kaiser 3 Amin Timany 5 eraud 6 Derek Dreyer 3 Arthur Chargu 1 Delft

710 views • 49 slides
Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L.

Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L.

Introduction Parallelism Primitives Parallelizing ACL2 Evaluate Approach Conclusion Talking Points Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L. Rager ragerdl@gmail.com June 17, 2013 1 /

751 views • 57 slides
Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive

Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive

Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive Proofs Proofs Graham Cormode G.Cormode@warwick.ac.uk Amit Chakrabarti (Dartmouth) Andrew McGregor (U Mass Amherst) Justin Thaler (Harvard/Yahoo!)

257 views • 14 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Delft University of Technology, The Netherlands October 9, 2018 @ Types Meeting, Aarhus, Denmark 1 MoSeL is joint work with Jacques-Henri

1.14k views • 98 slides
Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Euclid (300 BC) Proofs, Continued Today Proofs : A style guide Proofs should be easy to verify. All the cleverness goes into finding/writing the proof, not reading/verifying it! P vs. NP (informally) : P =

682 views • 21 slides
for Linear Algebra Christopher Hickey Graham Cormode University of Warwick Our Model

for Linear Algebra Christopher Hickey Graham Cormode University of Warwick Our Model

Efficient Interactive Proofs for Linear Algebra Christopher Hickey Graham Cormode University of Warwick Our Model Streaming Interactive Proofs Data, S, in the Cloud F(S) = ? F(S) Conversation Helper Verifier Completeness An

490 views • 20 slides
Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth workshop Introduction to the workshop PROOFS: Security Proofs for Embedded Systems UCSB August 20, 2016 5th edition of PROOFS PROOFS 2012:

311 views • 7 slides
Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2

Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2

Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2 Lars Birkedal 3 1 Delft University of Technology, The Netherlands 2 imec-Distrinet, KU Leuven, Belgium 3 Aarhus University, Denmark January 18, 2017 @

953 views • 71 slides
Lecture 2 : Interactive Proofs in EasyCrypt July 16th, 2013 The Ambient Logic EasyCrypt ambient

Lecture 2 : Interactive Proofs in EasyCrypt July 16th, 2013 The Ambient Logic EasyCrypt ambient

Lecture 2 : Interactive Proofs in EasyCrypt July 16th, 2013 The Ambient Logic EasyCrypt ambient logic is a general higher-order logic. In this talk How define facts about user defined operators How to prove them when automatic techniques

1.08k views • 71 slides
Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1

Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1

Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Delft University of Technology, The Netherlands June 12, 2017 @ MFPS, Ljubljana, Slovenia 1 Iris is joint work with: Ralf Jung, Jacques-Henri

1.16k views • 87 slides

More recommend