succinct malleable nizks and an application to compact
play

Succinct Malleable NIZKs and an Application to Compact Shuffles - PowerPoint PPT Presentation

Oct 27, 2022 •245 likes •1.47k views

Succinct Malleable NIZKs and an Application to Compact Shuffles Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR Cambridge) Anna Lysyanskaya (Brown University) Sarah Meiklejohn (UC San Diego) 1 Proofs of proofs 2 Proofs of proofs Suppose

  1. Outline Definitions 6

  2. Outline Definitions SNARGs to cm-NIZKs 6

  3. Outline Definitions SNARGs to cm-NIZKs Applying the cm-NIZK 6

  4. Outline Definitions SNARGs to cm-NIZKs Applying the cm-NIZK Conclusions 6

  5. Outline Definitions Malleable proofs Definitions SNARGs to cm-NIZKs SNARGs t-tiered transformations Applying the cm-NIZK Conclusions 6

  6. Malleability for proofs [CKLM12] 7

  7. Malleability for proofs [CKLM12] Generally, a proof is malleable with respect to T if there exists an algorithm Eval that on input (T,{x i , π i }), outputs a proof π for T({x i }) 7

  8. Malleability for proofs [CKLM12] Generally, a proof is malleable with respect to T if there exists an algorithm Eval that on input (T,{x i , π i }), outputs a proof π for T({x i }) • E.g., T = × , x i = “b i is a bit” 7

  9. Malleability for proofs [CKLM12] Generally, a proof is malleable with respect to T if there exists an algorithm Eval that on input (T,{x i , π i }), outputs a proof π for T({x i }) • E.g., T = × , x i = “b i is a bit” Can define zero knowledge in the usual way as long as proofs are malleable only with respect to operations under which the language is closed 7

  10. Malleability for proofs [CKLM12] Generally, a proof is malleable with respect to T if there exists an algorithm Eval that on input (T,{x i , π i }), outputs a proof π for T({x i }) • E.g., T = × , x i = “b i is a bit” Can define zero knowledge in the usual way as long as proofs are malleable only with respect to operations under which the language is closed But how to define a strong notion of soundness like controlled malleability? 7

  11. Malleability for proofs [CKLM12] Generally, a proof is malleable with respect to T if there exists an algorithm Eval that on input (T,{x i , π i }), outputs a proof π for T({x i }) • E.g., T = × , x i = “b i is a bit” Can define zero knowledge in the usual way as long as proofs are malleable only with respect to operations under which the language is closed But how to define a strong notion of soundness like controlled malleability? High-level idea of CM-SSE: extractor can pull out either a witness (fresh proof), or a previous instance and an allowable transformation from that instance to the new one (validly transformed proof) 7

  12. Malleability for proofs [CKLM12] Generally, a proof is malleable with respect to T if there exists an algorithm Eval that on input (T,{x i , π i }), outputs a proof π for T({x i }) • E.g., T = × , x i = “b i is a bit” Can define zero knowledge in the usual way as long as proofs are malleable only with respect to operations under which the language is closed But how to define a strong notion of soundness like controlled malleability? High-level idea of CM-SSE: extractor can pull out either a witness (fresh proof), or a previous instance and an allowable transformation from that instance to the new one (validly transformed proof) (hides fresh vs. transformed) If a proof is zero knowledge, CM-SSE, and strongly derivation private, then we call it a cm-NIZK 7

  13. SNARGs [BSW12,GGPR13] 8

  14. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: 8

  15. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: • (Succinctness.) The size of a proof that (x,w) ∈ R is bounded by φ (k,|x|,|w|) < poly(k)polylog(|x|) + γ |w| for some 0 < γ < 1 8

  16. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: • (Succinctness.) The size of a proof that (x,w) ∈ R is bounded by φ (k,|x|,|w|) < poly(k)polylog(|x|) + γ |w| for some 0 < γ < 1 • We use γ = 1/4 (for unary case) 8

  17. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: • (Succinctness.) The size of a proof that (x,w) ∈ R is bounded by φ (k,|x|,|w|) < poly(k)polylog(|x|) + γ |w| for some 0 < γ < 1 • We use γ = 1/4 (for unary case) • The point is, the proof can be smaller than the witness 8

  18. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: • (Succinctness.) The size of a proof that (x,w) ∈ R is bounded by φ (k,|x|,|w|) < poly(k)polylog(|x|) + γ |w| for some 0 < γ < 1 • We use γ = 1/4 (for unary case) π ′ π π • The point is, the proof can be smaller than the witness 8

  19. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: • (Succinctness.) The size of a proof that (x,w) ∈ R is bounded by φ (k,|x|,|w|) < poly(k)polylog(|x|) + γ |w| for some 0 < γ < 1 • We use γ = 1/4 (for unary case) π ′ π π • The point is, the proof can be smaller than the witness • (Adaptive knowledge extraction.) For every A there exists extractor E A such that, for (x, π ) = A(crs;r), w = E A (crs;r) such that (x,w) ∈ R 8

  20. SNARGs [BSW12,GGPR13] A proof system is a succinct non-interactive argument of knowledge (SNARG) if it is complete and if: • (Succinctness.) The size of a proof that (x,w) ∈ R is bounded by φ (k,|x|,|w|) < poly(k)polylog(|x|) + γ |w| for some 0 < γ < 1 • We use γ = 1/4 (for unary case) π ′ π π • The point is, the proof can be smaller than the witness • (Adaptive knowledge extraction.) For every A there exists extractor E A such that, for (x, π ) = A(crs;r), w = E A (crs;r) such that (x,w) ∈ R Constructions of these do exist [AF07,Groth10,...,BCCT12,GGPR13] 8

  21. t-tiered transformations 9

  22. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers 9

  23. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t 9

  24. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t 9

  25. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  26. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  27. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  28. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  29. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (disallowed) (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  30. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (disallowed) (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  31. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (disallowed) (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ 9

  32. t-tiered transformations To fit the proof-of-a-proof approach, consider transformations as moving between tiers A relation R is t-tiered if there exists an efficient function tier( ⋅ ) such that for all x ∈ L R , 0 ≤ tier(x) ≤ t (disallowed) (allowed) A class of transformations T is t-tiered if for all T ∈ T , (1) tier(x) < t and x ∈ L R then tier(T(x)) > tier(x) and T(x) ∈ L R , and (2) if tier(x) = t then T(x) = ⊥ Also can’t compose more than t transformations 9

  33. Outline SNARGs to cm-NIZKs Malleable SNARGs Cryptographic background Definitions Shuffling and decrypting Boosting to full extractability Boosting to CM-SSE Applying the cm-NIZK Conclusions 10

  34. Malleable SNARGs malleable SNARG 11

  35. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] 11

  36. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! 11

  37. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π 11

  38. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π 11

  39. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π 11

  40. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π ′ π T 11

  41. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π ′ π T 11

  42. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π ′ π T Can continue this process many times (Bob proves knowledge of Alice’s proof π A for x A and an allowable transformation T B to his instance x B , Charlie proves knowledge of Bob’s proof π B for x B and an allowable transformation T C to his instance x C , etc.) 11

  43. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π ′ π T Can continue this process many times (Bob proves knowledge of Alice’s proof π A for x A and an allowable transformation T B to his instance x B , Charlie proves knowledge of Bob’s proof π B for x B and an allowable transformation T C to his instance x C , etc.) 11

  44. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π ′′ π ′ T π T Can continue this process many times (Bob proves knowledge of Alice’s proof π A for x A and an allowable transformation T B to his instance x B , Charlie proves knowledge of Bob’s proof π B for x B and an allowable transformation T C to his instance x C , etc.) 11

  45. Malleable SNARGs malleable SNARG Our goal: build malleability into SNARGs [BSW12] If we use succinct non-interactive arguments of knowledge (SNARGs), a proof of knowledge of π could in fact be the same size! π ′′ π ′ T π T Can continue this process many times (Bob proves knowledge of Alice’s proof π A for x A and an allowable transformation T B to his instance x B , Charlie proves knowledge of Bob’s proof π B for x B and an allowable transformation T C to his instance x C , etc.) 11

  46. Malleable SNARGs malleable SNARG 12

  47. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x 12

  48. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x π A (x A ): w A 12

  49. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x π B (x B ): ( π A ,x A, T B ) π A (x A ): w A 12

  50. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x π B (x B ): ( π A ,x A, T B ) tier(x B ) = tier(x A ) + 1 π A (x A ): w A 12

  51. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x ( π B ,x B, T C ) π B (x B ): ( π A ,x A, T B ) tier(x B ) = tier(x A ) + 1 π A (x A ): w A 12

  52. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x ( π B ,x B, T C ) tier(x C ) = tier(x B ) + 1 π B (x B ): ( π A ,x A, T B ) tier(x B ) = tier(x A ) + 1 π A (x A ): w A 12

  53. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x ( π B ,x B, T C ) tier(x C ) = tier(x B ) + 1 π B (x B ): ( π A ,x A, T B ) tier(x B ) = tier(x A ) + 1 π A (x A ): w A Zero knowledge and adaptive knowledge extraction are both preserved*, gain malleability with respect to t-tiered transformations* 12

  54. Malleable SNARGs malleable SNARG Intuitively, to form a proof for an instance x, prove you know a fresh witness w such that (x,w) ∈ R, or a proof π , instance x ′ at the next tier down, and an allowable T such that T(x ′ ) = x ( π B ,x B, T C ) tier(x C ) = tier(x B ) + 1 π B (x B ): ( π A ,x A, T B ) tier(x B ) = tier(x A ) + 1 π A (x A ): w A Zero knowledge and adaptive knowledge extraction are both preserved*, gain malleability with respect to t-tiered transformations* *Since extractor might have to “tunnel down” t must be a constant [BSW12,BCCT13] and we use a stronger notion of extraction (consider non- uniform adversaries) 12

  55. Boosting to full extractability malleable SNARG 13

  56. Boosting to full extractability malleable malleable SNARG NIWIPoK Our goal: get from adaptive knowledge extraction to stronger soundness 13

  57. Boosting to full extractability malleable malleable SNARG NIWIPoK Our goal: get from adaptive knowledge extraction to stronger soundness Rather than even try to reconcile adaptive knowledge extraction with something much stronger like extractability or CM-SSE, just use regular soundness of SNARG 13

  58. Boosting to full extractability malleable malleable SNARG NIWIPoK Our goal: get from adaptive knowledge extraction to stronger soundness Rather than even try to reconcile adaptive knowledge extraction with something much stronger like extractability or CM-SSE, just use regular soundness of SNARG SNARG now just proves knowledge of plaintext such that (x,w) ∈ R 13

  59. Boosting to full extractability malleable malleable SNARG NIWIPoK Our goal: get from adaptive knowledge extraction to stronger soundness Rather than even try to reconcile adaptive knowledge extraction with something much stronger like extractability or CM-SSE, just use regular soundness of SNARG SNARG now just proves knowledge of plaintext such that (x,w) ∈ R malleable SNARG 13

  60. Boosting to full extractability malleable malleable SNARG NIWIPoK Our goal: get from adaptive knowledge extraction to stronger soundness Rather than even try to reconcile adaptive knowledge extraction with something much stronger like extractability or CM-SSE, just use regular soundness of SNARG SNARG now just proves knowledge of plaintext such that (x,w) ∈ R + malleable Enc(w) SNARG 13

  61. Boosting to full extractability malleable malleable SNARG NIWIPoK + malleable Enc(w) SNARG 14

  62. Boosting to full extractability malleable malleable SNARG NIWIPoK Extraction is quite simple: τ e is decryption key, and extractor decrypts, so we never need to use non-black-box SNARG extractor! + malleable Enc(w) SNARG 14

  63. Boosting to full extractability malleable malleable SNARG NIWIPoK Extraction is quite simple: τ e is decryption key, and extractor decrypts, so we never need to use non-black-box SNARG extractor! If we use a fully-homomorphic encryption scheme, can preserve malleability for t-tiered transformations (but we do lose succinctness) + malleable Enc(w) SNARG 14

  64. Boosting to CM-SSE malleable malleable cm-NIZK SNARG NIWIPoK Our goal: preserve malleability with respect to t-tiered transformations Essentially amplify [CKLM12] construction; don’t assume certain transformations (e.g., the identity) are allowable 15

  65. Boosting to CM-SSE malleable malleable cm-NIZK SNARG NIWIPoK Our goal: preserve malleability with respect to t-tiered transformations Essentially amplify [CKLM12] construction; don’t assume certain transformations (e.g., the identity) are allowable + malleable malleable signature SNARG NIWIPoK 15

Recommend

New Constructions of Statistical NIZKs: Dual-Mode DV-NIZKs and More Benot Libert, Alain

New Constructions of Statistical NIZKs: Dual-Mode DV-NIZKs and More Benot Libert, Alain

New Constructions of Statistical NIZKs: Dual-Mode DV-NIZKs and More Benot Libert, Alain Passelgue, Hoeteck Wee, and David J. Wu May 2020 Non-Interactive Zero-Knowledge (NIZK) [BFM88] accept if NP language 0,1 0,1

678 views • 37 slides
In-memory processing of big data via succinct data structures Rajeev Raman University of

In-memory processing of big data via succinct data structures Rajeev Raman University of

In-memory processing of big data via succinct data structures Rajeev Raman University of Leicester SDP Workshop, University of Cambridge Introduction Succinct Data Structuring Succinct Tries Applications &amp; Libraries End Overview

321 views • 18 slides
CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

CASTER ASSEMBLY SCALE 1 : 1 DRAWN 1/26/2010 swaters A A CHECKED TITLE QA CASTER ASSEMBLY

4 3 2 1 PARTS LIST ITEM QTY PART NUMBER MATERIAL 1 1 TOP PLATE MALLEABLE IRON 2 2 AXLE SUPPORT MALLEABLE IRON 3 1 AXLE SAE 1020 4 2 BUSHING BRONZE 5 1 WHEEL MALLEABLE IRON B B CASTER ASSEMBLY SCALE 1 : 1 DRAWN

434 views • 7 slides
Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR

Malleable Proof Systems and Applications Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR Cambridge) Anna Lysyanskaya (Brown University) Sarah Meiklejohn (UC San Diego) 1 Non-malleable cryptography Twenty years ago, saw a strong emphasis on

1.6k views • 145 slides
Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao

Non-Malleable Codes for Partial Functions with Manipulation Detection Aggelos Kiayias Feng-Hao Liu Yiannis Tselekounis Edin. &amp; FAU CRYPTO 2018 Outline Introduction to non-malleable codes Adversarial model, motivation Results,

772 views • 55 slides
NIZKs with an untrusted CRS: Security in the face of parameter subversion Mihir Bellare

NIZKs with an untrusted CRS: Security in the face of parameter subversion Mihir Bellare

NIZKs with an untrusted CRS: Security in the face of parameter subversion Mihir Bellare Alessandra Scafuro Georg Fuchsbauer Asiacrypt 2016 Motivation 2013 compromised security not covered by standard model here: parameter

576 views • 43 slides
Computational Approaches for Stochastic Shortest Path on Succinct MDPs Krishnendu Chatterjee 1

Computational Approaches for Stochastic Shortest Path on Succinct MDPs Krishnendu Chatterjee 1

Computational Approaches for Stochastic Shortest Path on Succinct MDPs Krishnendu Chatterjee 1 Hongfei Fu 2 Amir Goharshady 1 Nastaran Okati 3 1 IST Austria 2 Shanghai Jiao Tong University 3 Ferdowsi University of Mashhad IJCAI 2018 Succinct MDPs

350 views • 32 slides
FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious Algorithms Succinct Data Structures RAM MODEL Almost everything you do in Haskell assumes this model Good for ADTs, but not a realistic

673 views • 49 slides
Tiramisu : Black-Box Simulation Extractable NIZKs in the Updatable CRS Model Karim Baghery 1,2 and

Tiramisu : Black-Box Simulation Extractable NIZKs in the Updatable CRS Model Karim Baghery 1,2 and

Tiramisu : Black-Box Simulation Extractable NIZKs in the Updatable CRS Model Karim Baghery 1,2 and Mahdi Sedaghat 1 1 imec-COSIC, KU Leuven, Leuven, Belgium 2 University of Tartu, Tartu, Estonia. karim.baghery@kuleuven.be

247 views • 7 slides
PI is not at least as succinct as MODS Nikolay Kaleyski July 7, 2017 Nikolay Kaleyski PI is not

PI is not at least as succinct as MODS Nikolay Kaleyski July 7, 2017 Nikolay Kaleyski PI is not

PI is not at least as succinct as MODS Nikolay Kaleyski July 7, 2017 Nikolay Kaleyski PI is not at least as succinct as MODS Known results in knowledge compilation A Knowledge Compilation Map, Adnan Darwiche &amp; Pierre Marquis (2002)

814 views • 53 slides
Statistical Encoding of Succinct Data Structures alez 1 Gonzalo Navarro 1 Rodrigo Gonz 1

Statistical Encoding of Succinct Data Structures alez 1 Gonzalo Navarro 1 Rodrigo Gonz 1

Outline Statistical Encoding of Succinct Data Structures alez 1 Gonzalo Navarro 1 Rodrigo Gonz 1 Department of Computer Science Universidad de Chile Combinatorial Pattern Matching, 2006 Gonz alez, Navarro Statistical Encoding of Succinct

1.17k views • 80 slides
Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the

Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the

From word munching to number crunching In 1978 Harvard grad student Dan Bricklin Spreadsheets: an Introduction to utilized the notion of a malleable matrix to develop the first computer spreadsheet program Excel Vastly expanded

185 views • 7 slides
Interstate Medical Licensure Compact Overview Define Need for compact Compacts in

Interstate Medical Licensure Compact Overview Define Need for compact Compacts in

Interstate Medical Licensure Compact Overview Define Need for compact Compacts in Idaho Key Principles of the Compact Eligibility for compact licensure Compact Commission Benefits for Idaho Next Steps What is an

718 views • 24 slides
Application of A Zero-latency Whitening Filter to Compact Binary Coalescence GW Searches Leo

Application of A Zero-latency Whitening Filter to Compact Binary Coalescence GW Searches Leo

Application of A Zero-latency Whitening Filter to Compact Binary Coalescence GW Searches Leo Tsukada RESCEU, Univ. of Tokyo The Third KAGRA International Workshop May 21, 2017 1 /24 THE 3RD KAGRA INTERNATIONAL WORKSHOP This talk is based

462 views • 28 slides
Community Compact Cabinet &amp; Becoming a Compact Community 495/MetroWest Partnership

Community Compact Cabinet &amp; Becoming a Compact Community 495/MetroWest Partnership

Commonwealth of Massachusetts Community Compact Cabinet &amp; Becoming a Compact Community 495/MetroWest Partnership June 8, 2016 1 What is the CCC Created by the Governors first Executive Order (#554), the Community Compact

155 views • 14 slides
A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial

A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial

A Case for Malleable Thread-Level Linear Algebra Libraries: The LU Factorization with Partial Pivoting Sandra Cataln, Jose R. Herrero, Enrique S. Quintana-Ort, Rafael Rodrguez-Snchez, Robert van de Geijn BLIS Retreat, 19-20th September

361 views • 25 slides
The Case for Malleable Stream Architectures Christopher Batten 1 , 3 , Hidetaka Aoki 2 , Krste

The Case for Malleable Stream Architectures Christopher Batten 1 , 3 , Hidetaka Aoki 2 , Krste

The Case for Malleable Stream Architectures Christopher Batten 1 , 3 , Hidetaka Aoki 2 , Krste Asanovi c 3 1 Department of Electrical Engineering and Computer Science Massachusetts Institute of Technology, Cambridge, MA 2 Central Research

535 views • 10 slides
Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay October 15, 2019 1 / 24 zkSNARKs Arguments ZK proofs

435 views • 24 slides
Compact Dry LS Fe Featu ture Compact Dry L LS Com ompact Dry LS S is s a si simplified m

Compact Dry LS Fe Featu ture Compact Dry L LS Com ompact Dry LS S is s a si simplified m

Detection of Listeria spp. Compact Dry LS Fe Featu ture Compact Dry L LS Com ompact Dry LS S is s a si simplified m medium t to o identify List steria sp spp. by the c com ombination on of of se selective age gents s and chrom

587 views • 9 slides
Su SuRF: : PRACTICAL RANGE FILTERING WITH FA FAST ST SU SUCCINCT TRIES Huanchen Zhang Hu

Su SuRF: : PRACTICAL RANGE FILTERING WITH FA FAST ST SU SUCCINCT TRIES Huanchen Zhang Hu

Su SuRF: : PRACTICAL RANGE FILTERING WITH FA FAST ST SU SUCCINCT TRIES Huanchen Zhang Hu Hy Hyeontaek Lim, Viktor r Leis, David G. Anders rsen Michael Kaminsky, Kimberl rly Keeton, Andre rew Pa Pavlo Fi Filters answer approximate

525 views • 50 slides
in Succinct Games Hesam Nikpey Pooya Shati Social and Economical Networks Dr. Fazli Spring

in Succinct Games Hesam Nikpey Pooya Shati Social and Economical Networks Dr. Fazli Spring

Inverse Game Theory: Learning Utilities in Succinct Games Hesam Nikpey Pooya Shati Social and Economical Networks Dr. Fazli Spring 96-97 Inverse Game Theory: Learning Utilities in Succinct Games PAPER Volodymyr Kuleshov and Okke

295 views • 25 slides
Energy-saving Operation in Foundry Kenji SHI OTANI Ishikawa Malleable CO., LTD Company Profile

Energy-saving Operation in Foundry Kenji SHI OTANI Ishikawa Malleable CO., LTD Company Profile

Energy-saving Operation in Foundry Kenji SHI OTANI Ishikawa Malleable CO., LTD Company Profile Establishment May, 1953 Capital 48 Millions JPY President Tetsuo SHIOTANI Number of employees 134 Business Casting Sec.

310 views • 12 slides
WHAT IS AN INTERSTATE COMPACT? 2 WHAT IS AN INTERSTATE COMPACT? Simple, versatile and proven

WHAT IS AN INTERSTATE COMPACT? 2 WHAT IS AN INTERSTATE COMPACT? Simple, versatile and proven

WHAT IS AN INTERSTATE COMPACT? 2 WHAT IS AN INTERSTATE COMPACT? Simple, versatile and proven tool Effective means of cooperatively addressing common problems Allows states to respond to national priorities with one voice Retains

448 views • 32 slides
Non-Malleable Primitives Why and How The case of Commitments Rafail Ostrovsky (UCLA, USA)

Non-Malleable Primitives Why and How The case of Commitments Rafail Ostrovsky (UCLA, USA)

Non-Malleable Primitives Why and How The case of Commitments Rafail Ostrovsky (UCLA, USA) Giuseppe Persiano (Univ. Salerno ITALY) Ivan Visconti (Univ. Salerno ITALY) Commitment Schemes Com m m, Open m Ver Properties:

532 views • 20 slides

More recommend