noninteractive zero knowledge for np from learning with
play

Noninteractive Zero Knowledge for NP from Learning With Errors - PowerPoint PPT Presentation

Apr 22, 2023 •45 likes •995 views

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert University of Michigan (Based on work with Sina Shiehian) 2nd Crypto Innovation School Shanghai, China 15 December 2019 1 / 16 Zero Knowledge

  1. Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert University of Michigan (Based on work with Sina Shiehian) 2nd Crypto Innovation School Shanghai, China 15 December 2019 1 / 16

  2. Zero Knowledge [GoldwasserMicaliRackoff’85] ◮ Zero-knowledge (interactive) proof for language L : allows a prover P to convince a verifier V that some x ∈ L , while revealing nothing else. 2 / 16

  3. Zero Knowledge [GoldwasserMicaliRackoff’85] ◮ Zero-knowledge (interactive) proof for language L : allows a prover P to convince a verifier V that some x ∈ L , while revealing nothing else. ◮ Example: ‘cut-and-choose’ protocol for Graph Isomorphism P ( G 0 , G 1 , π ) V ( G 0 , G 1 ) [ G 0 = π ( G 1 )] 2 / 16

  4. Zero Knowledge [GoldwasserMicaliRackoff’85] ◮ Zero-knowledge (interactive) proof for language L : allows a prover P to convince a verifier V that some x ∈ L , while revealing nothing else. ◮ Example: ‘cut-and-choose’ protocol for Graph Isomorphism P ( G 0 , G 1 , π ) V ( G 0 , G 1 ) [ G 0 = π ( G 1 )] H H = ρ ( G 0 ) 2 / 16

  5. Zero Knowledge [GoldwasserMicaliRackoff’85] ◮ Zero-knowledge (interactive) proof for language L : allows a prover P to convince a verifier V that some x ∈ L , while revealing nothing else. ◮ Example: ‘cut-and-choose’ protocol for Graph Isomorphism P ( G 0 , G 1 , π ) V ( G 0 , G 1 ) [ G 0 = π ( G 1 )] H H = ρ ( G 0 ) b ← { 0 , 1 } (“Prove H ≡ G b ”) 2 / 16

  6. Zero Knowledge [GoldwasserMicaliRackoff’85] ◮ Zero-knowledge (interactive) proof for language L : allows a prover P to convince a verifier V that some x ∈ L , while revealing nothing else. ◮ Example: ‘cut-and-choose’ protocol for Graph Isomorphism P ( G 0 , G 1 , π ) V ( G 0 , G 1 ) [ G 0 = π ( G 1 )] H H = ρ ( G 0 ) b ← { 0 , 1 } (“Prove H ≡ G b ”) σ = ρ ◦ π b check H ? = σ ( G b ) 2 / 16

  7. Zero Knowledge [GoldwasserMicaliRackoff’85] ◮ Zero-knowledge (interactive) proof for language L : allows a prover P to convince a verifier V that some x ∈ L , while revealing nothing else. ◮ Example: ‘cut-and-choose’ protocol for Graph Isomorphism P ( G 0 , G 1 , π ) V ( G 0 , G 1 ) [ G 0 = π ( G 1 )] H H = ρ ( G 0 ) b ← { 0 , 1 } (“Prove H ≡ G b ”) σ = ρ ◦ π b check H ? = σ ( G b ) 1 Complete: if G 0 ≡ G 1 , then P convinces V . 2 / 16

  8. Zero Knowledge [GoldwasserMicaliRackoff’85] ◮ Zero-knowledge (interactive) proof for language L : allows a prover P to convince a verifier V that some x ∈ L , while revealing nothing else. ◮ Example: ‘cut-and-choose’ protocol for Graph Isomorphism P ( G 0 , G 1 , π ) V ( G 0 , G 1 ) [ G 0 = π ( G 1 )] H H = ρ ( G 0 ) b ← { 0 , 1 } (“Prove H ≡ G b ”) σ = ρ ◦ π b check H ? = σ ( G b ) 1 Complete: if G 0 ≡ G 1 , then P convinces V . 2 Sound: if G 0 �≡ G 1 , cheating P ∗ convinces V with prob ≤ 1 / 2 . 2 / 16

  9. Zero Knowledge [GoldwasserMicaliRackoff’85] ◮ Zero-knowledge (interactive) proof for language L : allows a prover P to convince a verifier V that some x ∈ L , while revealing nothing else. ◮ Example: ‘cut-and-choose’ protocol for Graph Isomorphism P ( G 0 , G 1 , π ) V ( G 0 , G 1 ) [ G 0 = π ( G 1 )] H H = ρ ( G 0 ) b ← { 0 , 1 } (“Prove H ≡ G b ”) σ = ρ ◦ π b check H ? = σ ( G b ) 1 Complete: if G 0 ≡ G 1 , then P convinces V . 2 Sound: if G 0 �≡ G 1 , cheating P ∗ convinces V with prob ≤ 1 / 2 . Soundness error can be reduced exponentially by (parallel) repetition. 2 / 16

  10. Zero Knowledge [GoldwasserMicaliRackoff’85] ◮ Zero-knowledge (interactive) proof for language L : allows a prover P to convince a verifier V that some x ∈ L , while revealing nothing else. ◮ Example: ‘cut-and-choose’ protocol for Graph Isomorphism P ( G 0 , G 1 , π ) V ( G 0 , G 1 ) [ G 0 = π ( G 1 )] H H = ρ ( G 0 ) b ← { 0 , 1 } (“Prove H ≡ G b ”) σ = ρ ◦ π b check H ? = σ ( G b ) 1 Complete: if G 0 ≡ G 1 , then P convinces V . 2 Sound: if G 0 �≡ G 1 , cheating P ∗ convinces V with prob ≤ 1 / 2 . Soundness error can be reduced exponentially by (parallel) repetition. 3 Zero Knowledge: can simulate (honest) V ’s view when G 0 ≡ G 1 . 2 / 16

  11. Zero Knowledge for NP Theorem [GoldreichMicaliWigderson’86,NguyenOngVadhan’06] ◮ Assuming OWFs, every NP language has a ZK proof/argument. 3 / 16

  12. Zero Knowledge for NP Theorem [GoldreichMicaliWigderson’86,NguyenOngVadhan’06] ◮ Assuming OWFs, every NP language has a ZK proof/argument. ◮ Applications: identification, secure multiparty computation, . . . 3 / 16

  13. Zero Knowledge for NP Theorem [GoldreichMicaliWigderson’86,NguyenOngVadhan’06] ◮ Assuming OWFs, every NP language has a ZK proof/argument. ◮ Applications: identification, secure multiparty computation, . . . Cut-and-choose protocol for Hamiltonian Cycle [FeigeLapidotShamir’90] : P ( G, cycle C ) V ( G ) 3 / 16

  14. Zero Knowledge for NP Theorem [GoldreichMicaliWigderson’86,NguyenOngVadhan’06] ◮ Assuming OWFs, every NP language has a ZK proof/argument. ◮ Applications: identification, secure multiparty computation, . . . Cut-and-choose protocol for Hamiltonian Cycle [FeigeLapidotShamir’90] : P ( G, cycle C ) V ( G ) { c i,j ← Com ( h i,j ) } , Com ( ρ ) H = ρ ( G ) 3 / 16

  15. Zero Knowledge for NP Theorem [GoldreichMicaliWigderson’86,NguyenOngVadhan’06] ◮ Assuming OWFs, every NP language has a ZK proof/argument. ◮ Applications: identification, secure multiparty computation, . . . Cut-and-choose protocol for Hamiltonian Cycle [FeigeLapidotShamir’90] : P ( G, cycle C ) V ( G ) { c i,j ← Com ( h i,j ) } , Com ( ρ ) H = ρ ( G ) b ← { 0 , 1 } 3 / 16

  16. Zero Knowledge for NP Theorem [GoldreichMicaliWigderson’86,NguyenOngVadhan’06] ◮ Assuming OWFs, every NP language has a ZK proof/argument. ◮ Applications: identification, secure multiparty computation, . . . Cut-and-choose protocol for Hamiltonian Cycle [FeigeLapidotShamir’90] : P ( G, cycle C ) V ( G ) { c i,j ← Com ( h i,j ) } , Com ( ρ ) H = ρ ( G ) b ← { 0 , 1 } b = 0 : open all h i,j , ρ check H = ρ ( G ) 3 / 16

  17. Zero Knowledge for NP Theorem [GoldreichMicaliWigderson’86,NguyenOngVadhan’06] ◮ Assuming OWFs, every NP language has a ZK proof/argument. ◮ Applications: identification, secure multiparty computation, . . . Cut-and-choose protocol for Hamiltonian Cycle [FeigeLapidotShamir’90] : P ( G, cycle C ) V ( G ) { c i,j ← Com ( h i,j ) } , Com ( ρ ) H = ρ ( G ) b ← { 0 , 1 } b = 0 : open all h i,j , ρ check H = ρ ( G ) b = 1 : open h i,j check cycle for ( i, j ) ∈ ρ ( C ) 3 / 16

  18. Noninteractive Zero Knowledge [BlumDeSantisMicaliPersiano’88] ◮ Interaction is not always possible. What if. . . ? P ( x, w ) V ( x ) π acc/rej 4 / 16

  19. Noninteractive Zero Knowledge [BlumDeSantisMicaliPersiano’88] ◮ Interaction is not always possible. What if. . . ? P ( x, w ) V ( x ) π acc/rej ◮ In ‘plain’ model, NIZK = BPP (trivial). 4 / 16

  20. Noninteractive Zero Knowledge [BlumDeSantisMicaliPersiano’88] ◮ Interaction is not always possible. What if. . . ? P ( x, w ) crs V ( x ) π acc/rej ◮ With common random/reference string, NP ⊆ NIZK assuming: 4 / 16

  21. Noninteractive Zero Knowledge [BlumDeSantisMicaliPersiano’88] ◮ Interaction is not always possible. What if. . . ? P ( x, w ) crs V ( x ) π acc/rej ◮ With common random/reference string, NP ⊆ NIZK assuming: ⋆ quadratic residuosity/trapdoor permutations [BDMP’88,FLS’90] ⋆ hard pairing-friendly groups [GrothOstrovskySahai’06] ⋆ indistinguishability obfuscation [SahaiWaters’14] 4 / 16

  22. Noninteractive Zero Knowledge [BlumDeSantisMicaliPersiano’88] ◮ Interaction is not always possible. What if. . . ? P ( x, w ) crs V ( x ) π acc/rej ◮ With common random/reference string, NP ⊆ NIZK assuming: ⋆ quadratic residuosity/trapdoor permutations [BDMP’88,FLS’90] ⋆ hard pairing-friendly groups [GrothOstrovskySahai’06] ⋆ indistinguishability obfuscation [SahaiWaters’14] Apps: signatures, CCA-secure encryption, cryptocurrencies, . . . 4 / 16

  23. Noninteractive Zero Knowledge [BlumDeSantisMicaliPersiano’88] ◮ Interaction is not always possible. What if. . . ? P ( x, w ) crs V ( x ) π acc/rej ◮ With common random/reference string, NP ⊆ NIZK assuming: ⋆ quadratic residuosity/trapdoor permutations [BDMP’88,FLS’90] ⋆ hard pairing-friendly groups [GrothOstrovskySahai’06] ⋆ indistinguishability obfuscation [SahaiWaters’14] Apps: signatures, CCA-secure encryption, cryptocurrencies, . . . ◮ Open [PW’08,PV’08] : ‘post-quantum’ foundation like lattices/LWE 4 / 16

  24. Noninteractive Zero Knowledge [BlumDeSantisMicaliPersiano’88] ◮ Interaction is not always possible. What if. . . ? P ( x, w ) crs V ( x ) π acc/rej ◮ With common random/reference string, NP ⊆ NIZK assuming: ⋆ quadratic residuosity/trapdoor permutations [BDMP’88,FLS’90] ⋆ hard pairing-friendly groups [GrothOstrovskySahai’06] ⋆ indistinguishability obfuscation [SahaiWaters’14] Apps: signatures, CCA-secure encryption, cryptocurrencies, . . . ◮ Open [PW’08,PV’08] : ‘post-quantum’ foundation like lattices/LWE Our Main Theorem ◮ NP ⊆ NIZK assuming LWE/worst-case lattice problems are hard. 4 / 16

  25. Fiat-Shamir Heuristic [FiatShamir’86] ◮ A way to remove interaction from a public-coin protocol, via hashing: 5 / 16

  26. Fiat-Shamir Heuristic [FiatShamir’86] ◮ A way to remove interaction from a public-coin protocol, via hashing: P V α β ← { 0 , 1 } m γ 5 / 16

Recommend

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert Sina Shiehian TCS+

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert Sina Shiehian TCS+

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert Sina Shiehian TCS+ 1 May 2019 1 / 15 Zero Knowledge [GoldwasserMicaliRackoff85] Zero-knowledge (interactive) proof for language L : allows a prover P to

1.21k views • 89 slides
Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay October 15, 2019 1 / 24 zkSNARKs Arguments ZK proofs

435 views • 24 slides
Academia: no learning without knowledge, no knowledge without learning TRPC6, NEP Van den Berg,

Academia: no learning without knowledge, no knowledge without learning TRPC6, NEP Van den Berg,

Academia: no learning without knowledge, no knowledge without learning TRPC6, NEP Van den Berg, Weening et al., 2004 Pathology of Idiopathic Membranous Glomerulopathy Subepithelial electron dense deposits Injury of epithelial cells

303 views • 11 slides
Active Learning Passive Learning Active Learning 1. Think 1. Acquisition of knowledge Ability

Active Learning Passive Learning Active Learning 1. Think 1. Acquisition of knowledge Ability

Active Learning Passive Learning Active Learning 1. Think 1. Acquisition of knowledge Ability 2. Decision making 2. Application of knowledge 3. Explain/communicate 1. Deep learning Approach to Uni-directional 2. Interactive Learning

282 views • 5 slides
Discovering, Visualizing and Sharing Knowledge through Personalized Learning Knowledge Maps The

Discovering, Visualizing and Sharing Knowledge through Personalized Learning Knowledge Maps The

Discovering, Visualizing and Sharing Knowledge through Personalized Learning Knowledge Maps The AWAKE Project personal knowledge structure (user A) A m E ?? y map grid semantische ? C d achsen o netz awarenes cs kuns s multi-

234 views • 21 slides
Global Knowledge Management Process Integration of Business, Learning, and Knowledge Processes

Global Knowledge Management Process Integration of Business, Learning, and Knowledge Processes

Global Knowledge Management Process Integration of Business, Learning, and Knowledge Processes Jan M. Pawlowski Autumn 2013 The Challenge Going one step further: Re-Design of Knowledge, Learning and Business Processes -> fostering

855 views • 43 slides
ence The Expeditionary Learning Public Knowledge Public Knowledge E X 1+1= P 1+1=2 E R

ence The Expeditionary Learning Public Knowledge Public Knowledge E X 1+1= P 1+1=2 E R

Expeditionary Learning Exper h c of r i A ence The Expeditionary Learning Public Knowledge Public Knowledge E X 1+1= P 1+1=2 E R I E N C E Personal Knowledge Personal Knowledge Expedition as Educational Experience

318 views • 18 slides
The logic of learning: The logic of learning: logic and knowledge representation logic and

The logic of learning: The logic of learning: logic and knowledge representation logic and

The logic of learning: The logic of learning: logic and knowledge representation logic and knowledge representation in machine learning in machine learning Peter A. Flach Department of Computer Science University of Bristol

771 views • 59 slides
The standard for personalized learning We focus on the how in learning We want to help

The standard for personalized learning We focus on the how in learning We want to help

The standard for personalized learning We focus on the how in learning We want to help learners study more efficiently so they can reap measureable knowledge gains.* We provide insights into learner diligence, knowledge and agility that

451 views • 16 slides
26:198:722 Expert Systems I Knowledge representation I Knowledge acquisition I Machine learning I

26:198:722 Expert Systems I Knowledge representation I Knowledge acquisition I Machine learning I

26:198:722 Expert Systems I Knowledge representation I Knowledge acquisition I Machine learning I ID3 & C4.5 Knowledge Representation Recall: I Knowledge engineering F Knowledge acquisition N Knowledge elicitation F Knowledge representation N

668 views • 62 slides
Accelerating Innovation through Knowledge & Learning Transferring a Knowledge Management

Accelerating Innovation through Knowledge & Learning Transferring a Knowledge Management

Accelerating Innovation through Knowledge & Learning Transferring a Knowledge Management proof of concept model from the for-Profit sector to the not-for-Profit sector and driving multi- stakeholder cross- sector knowledge sharing

253 views • 23 slides
Where are we? Knowledge Engineering Semester 2, 2004-05 Last time . . . Michael Rovatsos

Where are we? Knowledge Engineering Semester 2, 2004-05 Last time . . . Michael Rovatsos

Knowledge Representation & Learning Knowledge Representation & Learning Current Best Hypothesis Search Current Best Hypothesis Search Version Space Learning Version Space Learning Summary Summary Where are we? Knowledge Engineering

673 views • 5 slides
10d Machine Learning: Symbol-based 10.0 Introduction 10.5 Knowledge and Learning 10.1 A

10d Machine Learning: Symbol-based 10.0 Introduction 10.5 Knowledge and Learning 10.1 A

10d Machine Learning: Symbol-based 10.0 Introduction 10.5 Knowledge and Learning 10.1 A Framework for 10.6 Unsupervised Learning Symbol-based Learning 10.7 Reinforcement Learning 10.2 Version Space Search 10.8 Epilogue and 10.3 The

1.05k views • 29 slides
10b Machine Learning: Symbol-based 10.0 Introduction 10.5 Knowledge and Learning 10.1 A

10b Machine Learning: Symbol-based 10.0 Introduction 10.5 Knowledge and Learning 10.1 A

10b Machine Learning: Symbol-based 10.0 Introduction 10.5 Knowledge and Learning 10.1 A Framework for 10.6 Unsupervised Learning Symbol-based Learning 10.7 Reinforcement Learning 10.2 Version Space Search 10.8 Epilogue and 10.3 The

866 views • 50 slides
10a Machine Learning: Symbol-based 10.0 Introduction 10.5 Knowledge and Learning 10.1 A

10a Machine Learning: Symbol-based 10.0 Introduction 10.5 Knowledge and Learning 10.1 A

10a Machine Learning: Symbol-based 10.0 Introduction 10.5 Knowledge and Learning 10.1 A Framework for 10.6 Unsupervised Learning Symbol-based Learning 10.7 Reinforcement Learning 10.2 Version Space Search 10.8 Epilogue and 10.3 The

935 views • 54 slides
10c Machine Learning: Symbol-based 10.0 Introduction 10.5 Knowledge and Learning 10.1 A

10c Machine Learning: Symbol-based 10.0 Introduction 10.5 Knowledge and Learning 10.1 A

10c Machine Learning: Symbol-based 10.0 Introduction 10.5 Knowledge and Learning 10.1 A Framework for 10.6 Unsupervised Learning Symbol-based Learning 10.7 Reinforcement Learning 10.2 Version Space Search 10.8 Epilogue and 10.3 The

605 views • 35 slides
Building Knowledge & Networking Capacities How to Succeed and Fail at Knowledge Sharing

Building Knowledge & Networking Capacities How to Succeed and Fail at Knowledge Sharing

Building Knowledge & Networking Capacities How to Succeed and Fail at Knowledge Sharing Cheryl Cooper, Applied Wisdom International Knowledge & Learning Consultant CherylAppliedWisdom@gmail.com Since 2002... Strategic Knowledge

490 views • 23 slides
Knowledge Acquisition Mackie Blackburn Learning Situated Knowledge Bases through Dialog,

Knowledge Acquisition Mackie Blackburn Learning Situated Knowledge Bases through Dialog,

Knowledge Acquisition Mackie Blackburn Learning Situated Knowledge Bases through Dialog, Pappu et al. Objective Event recommendation system Recommends university lectures based on research interests of user The system attempts

628 views • 59 slides
Building Knowledge Management Systems in Drupal Knowledge

Building Knowledge Management Systems in Drupal Knowledge

Building Knowledge Management Systems in Drupal Knowledge Management E-learning Projects Goal: Provide tools that foster learning The first

245 views • 20 slides
The Hunting of the SNARK Nir Bitansky Ran Canetti Alessandro Chiesa Eran Tromer Succint

The Hunting of the SNARK Nir Bitansky Ran Canetti Alessandro Chiesa Eran Tromer Succint

The Hunting of the SNARK Nir Bitansky Ran Canetti Alessandro Chiesa Eran Tromer Succint Noninteractive Argument of Knowledge Kilian '92 Micali '00 Aiello Bhatt Ostrovsky Rajagopalan '00 Dwork Langberg Naor Nissim Reingold '04 Di Crescenzo

567 views • 14 slides
ONG LEARNING Prepared by Prof. Dr. Roselina Ahmad Saufi Knowledge Transfer Programme Committee

ONG LEARNING Prepared by Prof. Dr. Roselina Ahmad Saufi Knowledge Transfer Programme Committee

ONG LEARNING Prepared by Prof. Dr. Roselina Ahmad Saufi Knowledge Transfer Programme Committee 8 September 2016 THE CONCEPT OF LEARNING THE CONCEPT (c (cont.) Learning can no longer be divided into a place and time to acquire knowledge

437 views • 18 slides
Learning Learning Retrieval Knowledge Retrieval Knowledge from Data from Data Helge Langseth

Learning Learning Retrieval Knowledge Retrieval Knowledge from Data from Data Helge Langseth

Learning Learning Retrieval Knowledge Retrieval Knowledge from Data from Data Helge Langseth Norwegian University of Science and Technology, Dept. of Mathematical Sciences Agnar Aamodt Norwegian University of Science and Technology,

602 views • 30 slides
Week 4 Video 2 Knowledge Inference: Bayesian Knowledge Tracing Bayesian Knowledge Tracing (BKT)

Week 4 Video 2 Knowledge Inference: Bayesian Knowledge Tracing Bayesian Knowledge Tracing (BKT)

Week 4 Video 2 Knowledge Inference: Bayesian Knowledge Tracing Bayesian Knowledge Tracing (BKT) The classic approach for measuring tightly defined skill in online learning First proposed by Richard Atkinson Most thoroughly

902 views • 45 slides
Universal Representation Learning of Knowledge Bases by Jointly Embedding Instances and

Universal Representation Learning of Knowledge Bases by Jointly Embedding Instances and

Universal Representation Learning of Knowledge Bases by Jointly Embedding Instances and Ontological Concepts Junheng Hao , Muhao Chen, Wenchao Yu, Yizhou Sun, Wei Wang University of California, Los Angeles Outline Background: Knowledge

664 views • 31 slides

More recommend