sublinear zero knowledge arguments for ram programs
play

Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike - PowerPoint PPT Presentation

Jan 09, 2024 •50 likes •1.04k views

Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike Alessandra Mohassel Scafuro Rosulek OSU NCState V I S Oregon State University A Problem C Data S Problem C Data S R 1 Problem C Data S R 1 y 1 Problem C

  1. Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike Alessandra Mohassel Scafuro Rosulek OSU NCState V I S Oregon State University A

  2. Problem C Data S

  3. Problem C Data S R 1

  4. Problem C Data S R 1 y 1

  5. Problem C Data S R 1 y 1 R 2

  6. Problem C Data S R 1 y 1 R 2 y 2

  7. Problem C Data S R 1 y 1 R 2 y 2 . . . .

  8. Problem C Data S R 1 proof 𝜌 1 y 1 correct computation on same data R 2 y 2 𝜌 2 . . . .

  9. Problem C Data S R 1 Zero-Knowledge proof 𝜌 1 y 1 correct computation on same data R 2 y 2 𝜌 2 . . . .

  10. Problem Data S C R 1 Zero-knowledge y 1 𝜌 1 proof Properties

  11. Problem Data S C R 1 Zero-knowledge y 1 𝜌 1 proof Properties Efficiency: work depends only on running time T

  12. Problem Data S C R 1 Zero-knowledge y 1 𝜌 1 proof Properties Efficiency: work depends only on running time T Security: Composability

  13. Problem Data S C R 1 Zero-knowledge y 1 𝜌 1 proof Properties Efficiency: work depends only on running time T Security: Composability [constant-round]

  14. Sub-linear Zero Knowledge

  15. Sub-linear Zero Knowledge [Kil92,Mic94,Gro10a,Lip12, GGPR13,….] P V pcp / Goal: proof as short as possible snarks

  16. Sub-linear Zero Knowledge [Kil92,Mic94,Gro10a,Lip12, GGPR13,….] P V pcp / Goal: proof as short as possible snarks Problem P’s work depends on size of the input

  17. Sub-linear Zero Knowledge [Kil92,Mic94,Gro10a,Lip12, GGPR13,….] P V pcp / Goal: proof as short as possible snarks Problem P’s work depends on size of the input Circuit-based approaches

  18. Sub-linear Zero Knowledge [Kil92,Mic94,Gro10a,Lip12, GGPR13,….] P V pcp / Goal: proof as short as possible snarks Problem P’s work depends on size of the input Circuit-based approaches

  19. Sub-linear Zero Knowledge [Kil92,Mic94,Gro10a,Lip12, GGPR13,….] P V pcp / Goal: proof as short as possible snarks Problem P’s work depends on size of the input ORAM Circuit-based approaches [GO96…]

  20. Sub-linear amortized Zero-Knowledge [HMR15] P V Setup phase proof phase

  21. Sub-linear amortized Zero-Knowledge [HMR15] P V Setup phase proof phase

  22. Sub-linear amortized Zero-Knowledge [HMR15] P V Setup phase proof phase GC GC GC GC T garbled circuits

  23. Sub-linear amortized Zero-Knowledge [HMR15] P V Setup phase proof phase GC GC GC GC T garbled circuits Problem Setup Phase : O(N) for both !

  24. Sub-linear amortized Zero-Knowledge [HMR15] P V Setup phase proof phase GC GC GC GC T garbled circuits Problem Setup Phase : O(N) for both !

  25. Sub-linear amortized Zero-Knowledge [HMR15] P V Setup phase proof phase Special cases ZK Sets [MRK03] and generalizations [ORS07,..] GC GC GC GC T garbled circuits Problem Setup Phase : O(N) for both !

  26. Our Result

  27. Sulinear Zero-Knowledge for RAM programs Setup Phase V P Proof Phase T = running time work depends only on running time T UC-Secure [based on efficient primitives (GC, Zkboo[GMO16])]

  28. Sulinear Zero-Knowledge for RAM programs Setup Phase V P Proof Phase T = running time work depends only on running time T UC-Secure [based on efficient primitives (GC, Zkboo[GMO16])]

  29. UC-Secure Ideal functionality F zkRAM F zkRAM V P

  30. UC-Secure Ideal functionality F zkRAM F zkRAM Init: M V P

  31. UC-Secure Ideal functionality F zkRAM M F zkRAM Init: M V P

  32. UC-Secure Ideal functionality F zkRAM M F zkRAM Init: M V P Prove: R i , w i

  33. UC-Secure Ideal functionality F zkRAM M’,y ← R i ( M , w i ) M F zkRAM Init: M V P Prove: R i , w i

  34. UC-Secure Ideal functionality F zkRAM M’,y ← R i ( M , w i ) M ’ M F zkRAM Init: M V P Prove: R i , w i

  35. UC-Secure Ideal functionality F zkRAM M’,y ← R i ( M , w i ) M ’ M F zkRAM Init: M R i , y V P Prove: R i , w i

  36. UC-Secure Ideal functionality F zkRAM Challenge: extract M from M’,y ← R i ( M , w i ) M ’ M transcript F zkRAM Init: M R i , y V P Prove: R i , w i

  37. Our technique

  38. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data

  39. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values

  40. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - Garbling

  41. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - Garbling R i

  42. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - Garbling access pattern (i 1, i 2, i 3,.. ) R i

  43. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - Garbling access pattern (i 1, i 2, i 3,.. ) R i prepares T garbled circuits

  44. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - Garbling access pattern (i 1, i 2, i 3,.. ) R i prepares T garbled circuits GC GC GC [JOK13]

  45. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i GC GC GC

  46. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i i 1 GC GC GC

  47. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i i 2 i 1 GC GC GC

  48. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i i 2 i 1 i 3 GC GC GC

  49. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i 0/1 i 2 i 1 i 3 GC GC GC

  50. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i 0/1 i 2 i 1 i 3 GC GC GC y

  51. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i 0/1 i 2 i 1 i 3 GC GC GC y replace used encoding

  52. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i 0/1 i 2 i 1 i 3 GC GC GC y replace used encoding soundness: V fully controls encoding of the dataset

  53. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data V should do nothing. Garbling values - ORAM - “Garbling” Soundness….? access pattern (i 1, i 2, i 3,.. ) R i 0/1 i 2 i 1 i 3 GC GC GC y replace used encoding soundness: V fully controls encoding of the dataset

  54. P V Setup phase access pattern (i 1, i 2, i 3,.. ) GC GC GC

  55. P V Setup phase access pattern (i 1, i 2, i 3,.. ) initial data GC GC GC

  56. P V Setup phase access pattern (i 1, i 2, i 3,.. ) ORAM initial data GC GC GC

  57. P V Setup phase encode access pattern (i 1, i 2, i 3,.. ) ORAM initial data GC GC GC

  58. P V Merkle Tree Setup phase encode access pattern (i 1, i 2, i 3,.. ) ORAM initial data GC GC GC

  59. P V Merkle Tree Setup phase encode access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC

  60. P V Merkle Tree Setup phase encode access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC

  61. P V Merkle Tree Setup phase encode access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC

  62. P V Merkle Tree Setup phase encode access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC

  63. P V Merkle Tree Setup phase encode ? access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC 1. Consistency with committed input? (black-box)

  64. P V Merkle Tree Setup phase encode ? access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC 1. Consistency with committed input? (black-box) 2. Extraction committed input?

  65. P V Merkle Tree Setup phase encode ? access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC 1. Consistency with committed input? (black-box) 2. Extraction committed input? 3. “Malicious" ORAM?

  66. P V Merkle Tree Setup phase encode ? access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC 1. Consistency with committed input? (black-box) 2. Extraction committed input? 3. “Malicious" ORAM?

  67. 1. Black box proof of consistency V P y GC GC [GO S V14, IW14]

  68. 1. Black box proof of consistency V P y GC GC encode Reed- Solomon [GO S V14, IW14]

  69. 1. Black box proof of consistency V P commit y GC GC encode Reed- Solomon [GO S V14, IW14]

  70. 1. Black box proof of consistency V P Merkle Tree commit y GC GC encode Reed- Solomon [GO S V14, IW14]

  71. 1. Black box proof of consistency V P Merkle Tree commit codeword y GC GC encode Reed- Solomon i 1 [GO S V14, IW14]

Recommend

Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Short Pairing-based Non-interactive Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In a zero knowledge protocol a prover can convince a verifier that some statement is true without leaking any side

628 views • 14 slides
Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay October 15, 2019 1 / 24 zkSNARKs Arguments ZK proofs

435 views • 24 slides
Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 3: Sublinear in Time 2-1 Sublinear in

Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 3: Sublinear in Time 2-1 Sublinear in

Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 3: Sublinear in Time 2-1 Sublinear in time Given a social network graph, if we have no time to ask everyone, can we still compute something non-trivial? For example, the average # of

557 views • 26 slides
Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 2: Sublinear in Communication 2-1

Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 2: Sublinear in Communication 2-1

Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 2: Sublinear in Communication 2-1 Sublinear in communication x 2 = 111011 x 1 = 010011 The model x 3 = 111111 x k = 100011 They want to jointly compute f ( x 1 , x 2 , . . . , x k ) Goal:

819 views • 70 slides
Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli,

Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli,

Sub-Linear Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli, Rafael del Pino, Jens Groth and Vadim Lyubashevsky Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits 2

712 views • 33 slides
Lattice-Based Zero-Knowledge Arguments for Integer Relations t Libert 1 San Ling 2 Khoa Nguyen 2

Lattice-Based Zero-Knowledge Arguments for Integer Relations t Libert 1 San Ling 2 Khoa Nguyen 2

Lattice-Based Zero-Knowledge Arguments for Integer Relations t Libert 1 San Ling 2 Khoa Nguyen 2 Huaxiong Wang 2 Beno 1 CNRS and ENS Lyon, France 2 Nanyang Technological University, Singapore CRYPTO 2018, 20 August 2018 Zero-Knowledge

422 views • 30 slides
On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger Pedase Theory Day, 04.10.2003 On Diophantine Complexity and SZK Arguments, Helger Lipmaa 1

501 views • 24 slides
Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science,

Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science,

Our result Features A peak under the hood Summary Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science, Technion DIMACS Workshop on Outsourcing Computation Securely Joint work with Eli Ben-Sasson, Iddo

599 views • 32 slides
Transferring knowledge from discourse to arguments: A case study with scientific abstracts Pablo

Transferring knowledge from discourse to arguments: A case study with scientific abstracts Pablo

Transferring knowledge from discourse to arguments: A case study with scientific abstracts Pablo Accuosto Horacio Saggion Large-Scale Text Understanding Systems Lab, NLP Group (LaSTUS/TALN) Universitat Pompeu Fabra ArgMining 2019 ACL

639 views • 33 slides
B669 Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 1: Sublinear in Space 2-1 The model

B669 Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 1: Sublinear in Space 2-1 The model

B669 Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 1: Sublinear in Space 2-1 The model and challenge The data stream model (Alon, Matias and Szegedy 1996) RAM a n a 2 a 1 CPU Why hard? Cannot store everything. Applications : Internet

702 views • 34 slides
B669 Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 1: Sublinear in Space 2-1 The model

B669 Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 1: Sublinear in Space 2-1 The model

B669 Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 1: Sublinear in Space 2-1 The model and challenge The data stream model (Alon, Matias and Szegedy 1996) RAM a n a 2 a 1 CPU Why hard? Cannot store everything. Applications : Internet

718 views • 69 slides
Classical arguments that for us is a PP complement of easy The following arguments are the

Classical arguments that for us is a PP complement of easy The following arguments are the

Classical arguments that for us is a PP complement of easy The following arguments are the principle bases for the claim that tough predicates select the control complement structure, along with a brief indication of why these arguments fail to

330 views • 8 slides
Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and

Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and

Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures without Trapdoors t Libert 1 San Ling 2 Khoa Nguyen 2 Huaxiong Wang 2 Beno 1 Ecole Normale Sup erieure de Lyon (France) 2

681 views • 33 slides
Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption t Libert

Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption t Libert

Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption t Libert 1 San Ling 2 Fabrice Mouhartem 1 Beno Khoa Nguyen 2 Huaxiong Wang 2 1 Ecole Normale Sup erieure de Lyon (France) 2 Nanyang Technological

618 views • 46 slides
Random Local Exploration Techniques for Sublinear-Time Algorithms Krzysztof Onak IBM Research

Random Local Exploration Techniques for Sublinear-Time Algorithms Krzysztof Onak IBM Research

Random Local Exploration Techniques for Sublinear-Time Algorithms Krzysztof Onak IBM Research Sublinear-Time Algorithms BIG DATA Sublinear-Time Algorithms Sublinear-time algorithms: Fast answer based on inspecting a tiny fraction of the

2.05k views • 152 slides
L ECTURE 2 Last time Introduction Basic models for sublinear-time computation Simple

L ECTURE 2 Last time Introduction Basic models for sublinear-time computation Simple

Sublinear Algorithms L ECTURE 2 Last time Introduction Basic models for sublinear-time computation Simple examples of sublinear algorithms Today Properties of lists and functions. Testing if a list is sorted/Lipschitz and if a

266 views • 24 slides
On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger Asiacrypt 2003, 03.12.2003 On Diophantine Complexity and SZK Arguments, Helger Lipmaa 1

433 views • 25 slides
Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft

Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft

Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft Research) Ivan Visconti (University of Salerno) Size hiding protocols Traditional secure computation: All existing definitions and Parties

631 views • 22 slides
Focused search for arguments from propositional knowledge Vasiliki Efstathiou and Anthony Hunter

Focused search for arguments from propositional knowledge Vasiliki Efstathiou and Anthony Hunter

Introduction Connection Graphs Results Conclusions Focused search for arguments from propositional knowledge Vasiliki Efstathiou and Anthony Hunter Department of Computer Science University College London Vasiliki Efstathiou and Anthony

415 views • 38 slides
Adding Plural Arguments to Curry Programs Michael Hanus Christian-Albrechts-University of Kiel

Adding Plural Arguments to Curry Programs Michael Hanus Christian-Albrechts-University of Kiel

Adding Plural Arguments to Curry Programs Michael Hanus Christian-Albrechts-University of Kiel Programming Languages and Compiler Construction ICLP 2013 Michael Hanus (CAU Kiel) Adding Plural Arguments to Curry Programs ICLP 2013 1

338 views • 12 slides
Sublinear Algorithms for ( + 1) Vertex Coloring Sepehr Assadi University of Pennsylvania

Sublinear Algorithms for ( + 1) Vertex Coloring Sepehr Assadi University of Pennsylvania

Sublinear Algorithms for ( + 1) Vertex Coloring Sepehr Assadi University of Pennsylvania Joint work with Yu Chen (Penn) and Sanjeev Khanna (Penn) Sepehr Assadi (Penn) Sublinear ( + 1) Coloring Simons Workshop on Sublinear Algorithms

1.73k views • 128 slides
Sublinear Algorithms Lecture 1 Sofya Raskhodnikova Boston University 1 Organizational Course

Sublinear Algorithms Lecture 1 Sofya Raskhodnikova Boston University 1 Organizational Course

Sublinear Algorithms Lecture 1 Sofya Raskhodnikova Boston University 1 Organizational Course webpage: https://cs-people.bu.edu/sofya/sublinear-course/ Use Piazza to ask questions Office hours (on zoom): Wednesdays, 1:00PM-2:30PM

726 views • 36 slides
3.5 Executing programs n Functional programs are traditionally interpreted, i.e. reductions are

3.5 Executing programs n Functional programs are traditionally interpreted, i.e. reductions are

3.5 Executing programs n Functional programs are traditionally interpreted, i.e. reductions are performed whenever a function is called with real arguments n But the usage of "syntactical sugar" also makes a compilation a good idea,

452 views • 21 slides
Sublinear Algorithms Lectures 1 and 2 Sofya Raskhodnikova Penn State University 1 Tentative

Sublinear Algorithms Lectures 1 and 2 Sofya Raskhodnikova Penn State University 1 Tentative

Sublinear Algorithms Lectures 1 and 2 Sofya Raskhodnikova Penn State University 1 Tentative Topics Introduction, examples and general techniques. Sublinear-time algorithms for graphs strings basic properties of functions

1.04k views • 64 slides

More recommend