proof of work certificates for high complexity
play

Proof-of-work Certificates for High Complexity Computations for - PowerPoint PPT Presentation

Mar 04, 2024 •156 likes •543 views

Proof-of-work Certificates for High Complexity Computations for Linear Algebra Erich L. Kaltofen NCSU , DUKE UNIVERSITY google->kaltofen 2 Computations for the Cloud: RSA Challenge RSA220 =

  1. Proof-of-work Certificates for High Complexity Computations for Linear Algebra Erich L. Kaltofen NCSU , DUKE UNIVERSITY google->kaltofen

  2. 2 Computations for the Cloud: RSA Challenge RSA220 = 22601385262034057849416540486101975135080389157197767183211 97768109445641817966676608593121306582577250631562886676970 44807000181114971186300211248792819948748206607013106658664 6083327982803560379205391980139946496955261 = 68636564122675662743823714992884378001308422399791648446212 449933215410614414642667938213644208420192054999687 × 329290743948634981204930154921293529191645519653623395246 2860511692903493094652463337824866390738191765712603 S. Bai, P. Gaudry, A. Kruppa, E. Thom´ e, P. Zimmermann [May 2014–May 2016] Verification on any tablet computer in under one second

  3. 3 Computations for the Cloud: Sparse Matrix GL7d19 Rank From K-Theory Conjectures [Elbaz-Vincent, Gangle, Soul´ e ’05] 1 , 911 , 130 × 1 , 955 , 309 matrix of rank 1 , 033 , 568 Computed by J.-G. Dumas et al. 2007 with LinBox in 1050 CPU days With Monte-Carlo randomized algorithm ... Do you believe the rank?

  4. 3 Computations for the Cloud: Sparse Matrix GL7d19 Rank From K-Theory Conjectures [Elbaz-Vincent, Gangle, Soul´ e ’05] 1 , 911 , 130 × 1 , 955 , 309 matrix of rank 1 , 033 , 568 Computed by J.-G. Dumas et al. 2007 with LinBox in 1050 CPU days With Monte-Carlo randomized algorithm ... Do you believe the rank? [Dumas-Kaltofen ISSAC 2014] construct a linear-time checkable interactive proof-of-work certificate

  5. 4 Theoretical Computer Science Landmark Result In order to verify a proof/computation, one does not need to check every step: exponential speed-up for verifier is possible

  6. 4 Theoretical Computer Science Landmark Result In order to verify a proof/computation, one does not need to check every step: exponential speed-up for verifier is possible Ingredients 1. Randomized identity testing [DeMillo-Lipton’78;Schwartz,Zippel’79] 2. Interactive protocols [Goldwasser-Micali-Rackoff’85] 3. Replacing interaction by cryptography [Fiat-Shamir 1986] 4. Exponential speed-up for verifier [Lund-Fortnow-Karloff-Nisan’92]

  7. 5 Randomization: Rusin Freivalds’s 1979 Check Let A , B , C ∈ K n × n , K a field Certify C = A · B via a random vector y ∈ { 0 , 1 } n , and check Cy = A ( By ) : randomized of O ( n 2 ) complexity Probability ( Cy � = ABy | C � = AB ) ≥ 1 2

  8. 5 Randomization: Rusin Freivalds’s 1979 Check Let A , B , C ∈ K n × n , K a field Certify C = A · B via a random vector y ∈ { 0 , 1 } n , and check Cy = A ( By ) : randomized of O ( n 2 ) complexity Probability ( Cy � = ABy | C � = AB ) ≥ 1 2 Application: O ( n 2 ) verification of determinant Prover: Run fastest determinant algorithm, eg, Storjohann’s For the matrix multiplications, record inputs and outputs Verifier: rerun algorithm and instead of the doing matrix multiplications, verify the AB = C by Freivalds’s algorithm It’s like running the det algorithm with a quadratic-time matrix multiplication procedure

  9. 5 Randomization: Rusin Freivalds’s 1979 Check Let A , B , C ∈ K n × n , K a field Certify C = A · B via a random vector y ∈ { 0 , 1 } n , and check Cy = A ( By ) : randomized of O ( n 2 ) complexity Probability ( Cy � = ABy | C � = AB ) ≥ 1 2 Application: O ( n 2 ) verification of determinant Prover: Run fastest determinant algorithm, eg, Storjohann’s For the matrix multiplications, record inputs and outputs Verifier: rerun algorithm and instead of the doing matrix multiplications, verify the AB = C by Freivalds’s algorithm Problem: proof-of-work certificate has O ( n 2 ) size

  10. 6 Interactive Proof Protocol: Dumas’s & Kaltofen’s 2014 CharPoly Certificate Prover “Peggy” must convince Verifier “Victor” that χ A ( λ ) = det ( λ I − A ) , A ∈ Z n × n Prover Commun. Verifier χ A ( λ ) χ A ( λ ) = det ( λ I − A ) − − − − − − − − → “commits” p a smallish random prime p , r ← − − − − − − − − r a smallish random integer Non-interactive certificate for ∆ = det ( rI − A ) mod p Checks ∆ ≡ χ A ( r ) ( mod p )

  11. 6 Interactive Proof Protocol: Dumas’s & Kaltofen’s 2014 CharPoly Certificate Prover “Peggy” must convince Verifier “Victor” that χ A ( λ ) = det ( λ I − A ) , A ∈ Z n × n Prover Commun. Verifier χ A ( λ ) χ A ( λ ) = det ( λ I − A ) − − − − − − − − → “commits” p a smallish random prime p , r ← − − − − − − − − r a smallish random integer Non-interactive certificate for ∆ = det ( rI − A ) mod p Checks ∆ ≡ χ A ( r ) ( mod p ) Verification bit complexity: essentially linear in input bit size

  12. 7 Replace Interaction by Crypto: Dumas’s & Kaltofen’s 2014 CharPoly Certificate Prover “Peggy” must convince Verifier “Victor” that χ A ( λ ) = det ( λ I − A ) , A ∈ Z n × n Prover Commun. Verifier χ A ( λ ) χ A ( λ ) = det ( λ I − A ) − − − − − − − − → p , r p , r = hash ( A , χ A ) − − − − − − − − → Non-interactive certificate for ∆ = det ( rI − A ) mod p Checks p , r = hash ( A , χ A ) Checks ∆ ≡ χ A ( r ) ( mod p )

  13. 7 Replace Interaction by Crypto: Dumas’s & Kaltofen’s 2014 CharPoly Certificate Prover “Peggy” must convince Verifier “Victor” that χ A ( λ ) = det ( λ I − A ) , A ∈ Z n × n Prover Commun. Verifier χ A ( λ ) χ A ( λ ) = det ( λ I − A ) − − − − − − − − → p , r p , r = hash ( A , χ A ) − − − − − − − − → Non-interactive certificate for ∆ = det ( rI − A ) mod p Checks p , r = hash ( A , χ A ) Checks ∆ ≡ χ A ( r ) ( mod p ) Yields sum-of-squares proofs in non-linear optimization with fastest verification [Kaltofen, Li, Yang, Zhi 2008]

  14. 8 Sparse Determinant Proof-of-Work Based on Cramer’s Rule [Dumas and Kaltofen 2015] � w 1 � � 0 � . . . . = = ⇒ A . . w n − 1 0 w n 1   a 1 , 1 ... a 1 , n − 1 0 . . .   . . .   . . . det     ... M a n − 1 , 1 a n − 1 , n − 1 0 � �� � ... a n , 1 a n , n − 1 1 = det ( A 1 ... n − 1 , 1 ... n − 1 ) w n =   det ( A ) a 1 , 1 ... a 1 , n − 1 a 1 , n  . . .  . . .   . . . det     ... a n − 1 , 1 a n − 1 , n − 1 a n − 1 , n ... a n , 1 a n , n − 1 a n , n

  15. 9 Prover Communication Verifier χ A 1. χ A ( λ ) = det ( λ I n − A ) − − → 2. M = [ a i , j ] 1 ≤ i , j ≤ n − 1 , χ M ( λ ) = det ( λ I n − 1 − M ) χ M → Checks GCD ( χ A , χ M ) = 1; − − r 1 − r 1 ∈ S ⊆ K random with χ A ( r 1 ) � = 0 ← − 3. 4. Computes w such that � 0 � . . w ( r 1 I n − A ) w = e n = . − − → Checks ( r 1 I n − A ) w = e n and 0 w n = χ A ( r 1 ) / χ M ( r 1 ) ; 1 Returns det ( A ) = ( − 1 ) n χ A ( 0 ) 5. Note: GCD ( χ A , χ M ) = 1 is achieved by preconditioning

  16. 9 Prover Communication Verifier χ A 1. χ A ( λ ) = det ( λ I n − A ) − − → 2. M = [ a i , j ] 1 ≤ i , j ≤ n − 1 , χ M ( λ ) = det ( λ I n − 1 − M ) χ M → Checks GCD ( χ A , χ M ) = 1; − − r 1 − r 1 ∈ S ⊆ K random with χ A ( r 1 ) � = 0 ← − 3. 4. Computes w such that � 0 � . . w ( r 1 I n − A ) w = e n = . − − → Checks ( r 1 I n − A ) w = e n and 0 w n = χ A ( r 1 ) / χ M ( r 1 ) ; 1 Returns det ( A ) = ( − 1 ) n χ A ( 0 ) 5. Note: GCD ( χ A , χ M ) = 1 is achieved by preconditioning Prover cheats by sending monic h , H with GCD ( h , H )= 1 , h / H � = χ M / χ A Then with high probab.: w n = χ A ( r 1 ) / χ M ( r 1 ) � = h ( r 1 ) / H ( r 1 )

  17. 9 Prover Communication Verifier χ A 1. χ A ( λ ) = det ( λ I n − A ) − − → 2. M = [ a i , j ] 1 ≤ i , j ≤ n − 1 , χ M ( λ ) = det ( λ I n − 1 − M ) χ M → Checks GCD ( χ A , χ M ) = 1; − − r 1 − r 1 ∈ S ⊆ K random with χ A ( r 1 ) � = 0 ← − 3. 4. Computes w such that � 0 � . . w ( r 1 I n − A ) w = e n = . − − → Checks ( r 1 I n − A ) w = e n and 0 w n = χ A ( r 1 ) / χ M ( r 1 ) ; 1 Returns det ( A ) = ( − 1 ) n χ A ( 0 ) 5. Note: GCD ( χ A , χ M ) = 1 is achieved by preconditioning Protocol communication: O ( n ) scalars Prover complexity: fast by Block Wiedemann Algorithm

  18. 10 Our 2015 Preconditioner   τ − 1 0 ... 0   . ...   . − 1 . 0 τ     . ... ... A ) = det ( A ) ( τ n + σ ) �   det ( � . A = A , .  0 0    ...    τ − 1  0 σ 0 ... 0 τ ⇒ χ � A ( λ ) is irreducible for variables σ , τ det ( A ) � = 0 = ⇒ GCD ( χ � A , χ � M ) = 1 with high probability = for random scalars σ , τ

  19. 11 The Rank Profile Matrix [Dumas, Pernet, Sultan 2015] Definition: Let A ∈ K m × n ; the rank profile matrix R A = [ r A i , j ] ∈ { 0 , 1 } m × n satisfies: 1. all rows and columns have at most one 1 2. the ranks of all upper-left submatrices are the same: ∀ i , j : rank ([ a µ , ν ] 1 ≤ µ ≤ i , 1 ≤ ν ≤ j ) = rank ([ r A µ , ν ] 1 ≤ µ ≤ i , 1 ≤ ν ≤ j )     2 0 3 0 1 0 0 0     1 0 0 0 0 0 1 0 ⇒ R A =     Example: A =  =    0 0 4 0 0 0 0 0 0 2 0 1 0 1 0 0

Recommend

Proof Systems and Proof Complexity Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/

Proof Systems and Proof Complexity Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/

Proof Systems and Proof Complexity Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/ Automated Reasoning and Satisfiability, September 24, 2019 Certificates What makes a problem hard? Certificate angle: can one efficiently check an

1.11k views • 107 slides
Foundational Proof Certificates Making proof universal and permanent Dale Miller INRIA-Saclay

Foundational Proof Certificates Making proof universal and permanent Dale Miller INRIA-Saclay

Foundational Proof Certificates Making proof universal and permanent Dale Miller INRIA-Saclay & LIX, Ecole Polytechnique 23 September 2013 Can we standardize, communicate, and trust formal proofs? Joint work with Zakaria Chihani and

864 views • 37 slides
Foundational Proof Certificates Dale Miller INRIA-Saclay & LIX, Ecole Polytechnique

Foundational Proof Certificates Dale Miller INRIA-Saclay & LIX, Ecole Polytechnique

Foundational Proof Certificates Dale Miller INRIA-Saclay & LIX, Ecole Polytechnique Palaiseau, France Joint work with Zakaria Chihani and Fabien Renaud, INRIA. See: CADE 2013, CPP 2011. APPA 2014, Vienna, 18 July 2014 The network is

514 views • 25 slides
Hardness Escalation in Proof Complexity via Composition Marc Vinyals KTH Royal Institute of

Hardness Escalation in Proof Complexity via Composition Marc Vinyals KTH Royal Institute of

Hardness Escalation in Proof Complexity via Composition Marc Vinyals KTH Royal Institute of Technology Stockholm, Sweden China Theory Week July 18 2017, Shanghai, China Proof Complexity Composition Examples Applications Proof Complexity

1.1k views • 81 slides
Long-term Storage of Forgery-Proof Certificates Patrick Roth, Omar Benkacem, Anne Ronchi, Pierre

Long-term Storage of Forgery-Proof Certificates Patrick Roth, Omar Benkacem, Anne Ronchi, Pierre

Long-term Storage of Forgery-Proof Certificates Patrick Roth, Omar Benkacem, Anne Ronchi, Pierre L'hostis, Rolf Brugger, Cline Restrepo Zea Long-term Storage of Forgery-Proof Certificates (WP 1.4) NTICE An exploratory study and reflections

536 views • 9 slides
Nonmonotonic Extensions of Low Complexity DLs: Complexity Results and Proof Methods Laura

Nonmonotonic Extensions of Low Complexity DLs: Complexity Results and Proof Methods Laura

Nonmonotonic Extensions of Low Complexity DLs: Complexity Results and Proof Methods Laura Giordano 1 , Valentina Gliozzi 2 , Nicola Olivetti 3 , and Gian Luca Pozzato 2 1 Dipartimento di Informatica - Universit` a del Piemonte Orientale A.

1.46k views • 103 slides
I-Complexity and Discrete Towards Precise . . . Derivative of Logarithms: Our Result Proof A

I-Complexity and Discrete Towards Precise . . . Derivative of Logarithms: Our Result Proof A

Kolmogorov Complexity Need for Approximate . . . I-Complexity Good Properties of I- . . . I-Complexity and Discrete Towards Precise . . . Derivative of Logarithms: Our Result Proof A Group-Theoretic Acknowledgments References Explanation

481 views • 12 slides
On the computational complexity of enumerating certificates of NP problems Marco Rospocher PhD

On the computational complexity of enumerating certificates of NP problems Marco Rospocher PhD

On the computational complexity of enumerating certificates of NP problems Marco Rospocher PhD Student International Doctorate School in ICT Department of Information and Communication Technology marco.rospocher@unitn.it Advisor: PhD Thesis

925 views • 43 slides
Proof Complexity and Computational Complexity Stephen Cook Eastern Great Lakes Theory Workshop

Proof Complexity and Computational Complexity Stephen Cook Eastern Great Lakes Theory Workshop

Proof Complexity and Computational Complexity Stephen Cook Eastern Great Lakes Theory Workshop September 6, 2008 1 advertisement advertisement advertisement Logical Foundations of Proof Complexity Stephen Cook Phuong Nguyen To be

491 views • 32 slides
Lifting Applied to Proof Complexity Marc Vinyals Technion Haifa, Israel FSTTCS Workshop on

Lifting Applied to Proof Complexity Marc Vinyals Technion Haifa, Israel FSTTCS Workshop on

Lifting Applied to Proof Complexity Marc Vinyals Technion Haifa, Israel FSTTCS Workshop on Extension Complexity and Lifting Theorems Supported by ERC project HARMONIC Proof Complexity Lifting Examples Wishlist SAT Is this formula

1.26k views • 82 slides
Proof Complexity of Quantified Boolean Formulas Olaf Beyersdorff School of Computing, University

Proof Complexity of Quantified Boolean Formulas Olaf Beyersdorff School of Computing, University

Proof Complexity of Quantified Boolean Formulas Olaf Beyersdorff School of Computing, University of Leeds Olaf Beyersdorff Proof Complexity of Quantified Boolean Formulas 1 / 39 Proof complexity (in one slide) Main question What is the size

575 views • 39 slides
A Logic of Proofs for Differential Dynamic Logic Toward Independently Checkable Proof Certificates

A Logic of Proofs for Differential Dynamic Logic Toward Independently Checkable Proof Certificates

A Logic of Proofs for Differential Dynamic Logic Toward Independently Checkable Proof Certificates for Differential Dynamic Logic Nathan Fulton Andr` e Platzer Carnegie Mellon University CPP16 January 19, 2016 1 Motivation Strong

383 views • 37 slides
A Proof Complexity View of Pseudo-Boolean Solving Marc Vinyals Tata Institute of Fundamental

A Proof Complexity View of Pseudo-Boolean Solving Marc Vinyals Tata Institute of Fundamental

A Proof Complexity View of Pseudo-Boolean Solving Marc Vinyals Tata Institute of Fundamental Research Mumbai, India Joint work with Jan Elffers, Jess Girldez-Cru, Stephan Gocht, and Jakob Nordstrm Theory and Practice of Satisfiability

1.01k views • 56 slides
Proof Complexity Olaf Beyersdorff School of Computing University of Leeds, UK 1 Outline of

Proof Complexity Olaf Beyersdorff School of Computing University of Leeds, UK 1 Outline of

Proof Complexity Olaf Beyersdorff School of Computing University of Leeds, UK 1 Outline of this tutorial Tour of proof systems Resolution Frege and beyond Cutting Planes . . . Relations to other areas Separation of

1.13k views • 90 slides
Proof Certificates for SMT-based Model Checkers Alain Mebsout and Cesare Tinelli SMT 2016 July 2

Proof Certificates for SMT-based Model Checkers Alain Mebsout and Cesare Tinelli SMT 2016 July 2

Proof Certificates for SMT-based Model Checkers Alain Mebsout and Cesare Tinelli SMT 2016 July 2 nd , 2016 Motivation Model checkers return error traces but no evidence when they say yes Complex tools Goal: improve trustworthiness

809 views • 47 slides
Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

SOFSEM 2008 Filtering unwanted Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of- communication Location generation Preparing proofs Verifying proof Marek Klonowski Tomasz Strumi nski Open

348 views • 23 slides
15-16/08/2009 Nicola Galesi 1 Organization Informal introduction and Overview Informal

15-16/08/2009 Nicola Galesi 1 Organization Informal introduction and Overview Informal

15-16/08/2009 Nicola Galesi 1 Organization Informal introduction and Overview Informal introductions to P,NP,co-NP and themes from and relationships with Proof complexity First Steps in Proof Complexity Complexity theory and motivating

842 views • 45 slides
PoM @ Breaking Bitcoin Kevin Loaec @kloaec kevin@chainsmiths.com The Proof of Work Mechanism A

PoM @ Breaking Bitcoin Kevin Loaec @kloaec kevin@chainsmiths.com The Proof of Work Mechanism A

PoM @ Breaking Bitcoin Kevin Loaec @kloaec kevin@chainsmiths.com The Proof of Work Mechanism A proof: no doubt possible Work: defined in physics, S.I. unit is the Joule. Gaspard-Gustave Coriolis The Proof of Work Mechanism Electrical work

705 views • 16 slides
Completeness (G odel 1929) Duality proof countermodels : either there exists a proof P

Completeness (G odel 1929) Duality proof countermodels : either there exists a proof P

L UDICS AND LOGICAL COMPLETENESS Geometry of Interaction, Traced Monoidal Categories and Implicit Complexity Workshop, Kyoto, Japan. 28 August 2009 Completeness (G odel 1929) Duality proof countermodels : either there exists a proof

1.52k views • 107 slides
Proofs for Satisfiability Problems Marijn J.H. Heule Joint work with Armin Biere X . X ,

Proofs for Satisfiability Problems Marijn J.H. Heule Joint work with Armin Biere X . X ,

Proofs for Satisfiability Problems Marijn J.H. Heule Joint work with Armin Biere X . X , July 18, 2014 1/32 Outline Introduction Proof Systems Proof Search Proof Formats Proof Production Proof Consumption Applications Conclusions

574 views • 36 slides
Equihash: Asymmetric Proof-of-Work based on the Generalized Birthday Problem Alex Biryukov

Equihash: Asymmetric Proof-of-Work based on the Generalized Birthday Problem Alex Biryukov

Equihash: Asymmetric Proof-of-Work based on the Generalized Birthday Problem Alex Biryukov Dmitry Khovratovich University of Luxembourg February 22nd, 2016 Proof (Prover) Verifiers Proof of Work in cryptocurrencies PoW certificate of

550 views • 27 slides
A (Biased) Proof Complexity Survey for SAT Practitioners Jakob Nordstr om KTH Royal Institute

A (Biased) Proof Complexity Survey for SAT Practitioners Jakob Nordstr om KTH Royal Institute

A (Biased) Proof Complexity Survey for SAT Practitioners Jakob Nordstr om KTH Royal Institute of Technology Stockholm, Sweden 17th International Conference on Theory and Applications of Satisfiability Testing Vienna, Austria July 1417,

1.73k views • 109 slides
Relating Proof Complexity Measures and Practical Hardness of SAT Jakob Nordstr om KTH Royal

Relating Proof Complexity Measures and Practical Hardness of SAT Jakob Nordstr om KTH Royal

Relating Proof Complexity Measures and Practical Hardness of SAT Jakob Nordstr om KTH Royal Institute of Technology Stockholm, Sweden 18th International Conference on Principles and Practice of Constraint Programming Qu ebec City,

735 views • 60 slides
Navigating Complexity High-performance discovery teams 1 Tale of Two Teams >8 2 Key

Navigating Complexity High-performance discovery teams 1 Tale of Two Teams >8 2 Key

Navigating Complexity High-performance discovery teams 1 Tale of Two Teams >8 2 Key Learnings Two different types of work ; two different ways of thinking Accelerate discovery Maximize Learning MVPs Idea flow Better Ideas Collective

761 views • 55 slides

More recommend