work or knowledge
play

Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas - PowerPoint PPT Presentation

Feb 08, 2023 โ€ข182 likes โ€ข984 views

Indistinguishable Proofs of Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang ASIACRYPT 2016 8th December, Hanoi, Vietnam Motivation (ZK) Proofs of Knowledge - PoK Statement: Prover

  1. Indistinguishable Proofs of Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang ASIACRYPT 2016 8th December, Hanoi, Vietnam

  2. Motivation

  3. (ZK) Proofs of Knowledge - PoK Statement: ๐‘ฆ โˆˆ ๐‘€ โ‹ฎ Prover Verifier Witness: ๐’™ Accept/Reject Accept/Reject 1) Completeness: the verifier always accepts a valid proof 2) PoK: for any convincing verifier, we can extract ๐’™ 3) Prover privacy is preserved via some ZK variant

  4. Schnorr Identification โ€“ PoK of DLog Parameters: ๐‘•, ๐‘Ÿ Statement: โˆƒ๐‘ก๐‘™: ๐‘ž๐‘™ = ๐‘• ๐‘ก๐‘™ Prover Verifier Witness: ๐‘ก๐‘™ ๐‘ pick ๐‘ข โˆˆ ๐‘Ž ๐‘Ÿ pick ๐‘‘ โˆˆ ๐‘Ž๐‘Ÿ ๐‘‘ ๐‘ = ๐‘•๐‘ข ๐‘  ๐‘  = ๐‘ข + ๐‘‘ โˆ™ ๐‘ก๐‘™ Check if ๐‘• ๐‘  = ๐‘ โˆ™ (๐‘ž๐‘™) ๐‘‘

  5. Schnorr Identification โ€“ PoK of DLog Parameters: ๐‘•, ๐‘Ÿ Statement: โˆƒ๐‘ก๐‘™: ๐‘ž๐‘™ = ๐‘• ๐‘ก๐‘™ Prover Verifier Witness: ๐‘ก๐‘™ Schnorr identification is a Sigma protocol that achieves special soundness and honest-verifier ZK

  6. Some motivating thoughts โ€ฆ โ€ข PoK of DLog convinces us that the prover actually has the witness.

  7. Some motivating thoughts โ€ฆ โ€ข PoK of DLog convinces us that the prover actually has the witness. โ€ข But how did the prover manage to convince us? ๏‚ง Did it run efficiently because it had knowledge of the witness OR ๏‚ง Did it work for a (superpolynomial) amount of a time to solve the given DLog problem?

  8. Reducing Spam โ€œ If I don โ€™ t know you and you want to send me a message, then you must prove that you spent, say, ten seconds of CPU time, just for me and just for this message โ€ [DN92]

  9. Reducing Spam โ€œIf I donโ€™t know you and you want to send me a message, then you must prove that you spent, say, ten seconds of CPU time, just for me and just for this messageโ€ [DN92] email Server I am an approved contact Alice Verifier Bob Approved contacts: - Alice - ...

  10. Reducing Spam โ€œIf I donโ€™t know you and you want to send me a message, then you must prove that you spent, say, ten seconds of CPU time, just for me and just for this messageโ€ [DN92] email Server I am an approved contact Alice Verifier Bob Not approved! Approved contacts: - Alice Eve - ...

  11. Reducing Spam โ€œ If I don โ€™ t know you and you want to send me a message, then you must prove that you spent, say, ten seconds of CPU time, just for me and just for this message โ€ [DN92] email Server Mail server distinguishes between I am an approved contact Alice approved and non-approved contacts!! Verifier Bob Not approved! Approved contacts: - Alice Eve - ...

  12. Reducing Spam Where Email approval is done in a privacy-preserving manner! email Server I am an approved contact Alice Verifier Bob Not approved! Approved contacts: - Alice Eve - ...

  13. Reducing spam in a privacy-preserving way 1. For senders to have access, they must prove that either โ—‹ know some secret that implies their relation with the receiver OR โ—‹ has spent a certain amount of work in terms of computational resources.

  14. Reducing spam in a privacy-preserving way 1. For senders to have access, they must prove that either โ—‹ know some secret that implies their relation with the receiver OR โ—‹ has spent a certain amount of work in terms of computational resources. 2. The proverโ€™s mode that provided access to the sender, remains unknown to the mail server.

  15. Proofs of Work - PoW Task/Puzzle Prover Verifier solution Accept/Reject

  16. Proofs of Work - PoW Task/Puzzle Prover Verifier solution Accept The verifier ascertains that the prover performed some certain amount of work, given the difficulty of the puzzle parameters

  17. Proofs of Work or Knowledge (PoWorKs) Statement: ๐‘ฆ โˆˆ ๐‘€ PoK: Prover Verifier Prover either knows a witness to the statement PoW: or performed work to solve a puzzle Prover

  18. Indistinguishable Proofs of Work or Knowledge (PoWorKs) Statement: ๐‘ฆ โˆˆ ๐‘€ PoK: Prover Verifier Prover either knows a witness to the statement PoW: or performed work to solve a puzzle Prover

  19. Our contributions

  20. Our contributions ๏ถ We define cryptographic puzzle systems .

  21. Our contributions ๏ถ We define cryptographic puzzle systems. ๏ถ We define PoWorKs w.r.t. some language in NP and a fixed puzzle system.

  22. Our contributions ๏ถ We define cryptographic puzzle systems. ๏ถ We define PoWorKs w.r.t. some language in NP and a fixed puzzle system. ๏ถ We provide an efficient 3-move PoWorK construction .

  23. Our contributions ๏ถ We define cryptographic puzzle systems. ๏ถ We define PoWorKs w.r.t. some language in NP and a fixed puzzle system. ๏ถ We provide an efficient 3-move PoWorK construction. ๏ถ We provide two puzzle system instantiations (one in the RO model and one under complexity assumptions).

  24. Our contributions ๏ถ We define cryptographic puzzle systems. ๏ถ We define PoWorKs w.r.t. some language in NP and a fixed puzzle system. ๏ถ We provide an efficient 3-move PoWorK construction. ๏ถ We provide two puzzle system instantiations (one in the RO model and one under complexity assumptions). ๏ถ We present applications of PoWorKs in 1. Privacy-preserving reduce spam . 2. Robustness in cryptocurrencies . 3. 3-round concurrently simulatable arguments of knowledge.

  25. Cryptographic puzzles

  26. Cryptographic Puzzles Basic properties: 1) Easy to generate and efficiently sampleable 2) Hard to solve 3) Easy to verify 4) Amortization resistant

  27. Cryptographic Puzzles Basic properties: 1) Easy to generate and efficiently sampleable 2) Hard to solve 3) Easy to verify 4) Amortization resistant 5) Dense (can be sampled by just generating random strings )

  28. Cryptographic Puzzles We do not restrict parallelizability of our puzzles!

  29. Dense Cryptographic Puzzles Puzzle Space ๐‘ธ๐‘ป , Solution Space ๐‘ป๐‘ป , Hardness space ๐‘ฐ๐‘ป PuzSys = {Sample, Solve , SampleSol, Verify} hardness parameter โ— Sample (๐’Š) โˆ’> ๐’’๐’—๐’œ โˆˆ ๐‘ธ๐‘ป โ— Solve (๐’Š, ๐’’๐’—๐’œ) โˆ’> ๐’•๐’‘๐’Ž๐’ โˆˆ ๐‘ป๐‘ธ โ— SampleSol (๐’Š) โˆ’> (๐’’๐’—๐’œ, ๐’•๐’‘๐’Ž๐’) โ— Verify (๐’Š, ๐’’๐’—๐’œ, ๐’•๐’‘๐’Ž๐’) โˆ’> ๐‘ข๐‘ ๐‘ฃ๐‘“/๐‘”๐‘๐‘š๐‘ก๐‘“

  30. Dense Cryptographic Puzzles Puzzle Space ๐‘ธ๐‘ป , Solution Space ๐‘ป๐‘ป , Hardness space ๐‘ฐ๐‘ป PuzSys = {Sample, Solve , SampleSol, Verify} hardness parameter โ— Sample (๐’Š) โˆ’> ๐’’๐’—๐’œ โˆˆ ๐‘ธ๐‘ป โ— Solve (๐’Š, ๐’’๐’—๐’œ) โˆ’> ๐’•๐’‘๐’Ž๐’ โˆˆ ๐‘ป๐‘ธ โ— SampleSol (๐’Š) โˆ’> (๐’’๐’—๐’œ, ๐’•๐’‘๐’Ž๐’) โ— Verify (๐’Š, ๐’’๐’—๐’œ, ๐’•๐’‘๐’Ž๐’) โˆ’> ๐‘ข๐‘ ๐‘ฃ๐‘“/๐‘”๐‘๐‘š๐‘ก๐‘“

  31. Cryptographic Puzzles Security PuzSys = {Sample, Solve, SampleSol, Verify} 1) Completeness/Correctness and Efficient Sampleability of Sample and SampleSol

  32. Cryptographic Puzzles Security PuzSys = {Sample, Solve , SampleSol, Verify} 1) Completeness and Efficient sampleability of Sample and SampleSol 2) ๐’‰ -Hardness:

  33. Cryptographic Puzzles Security PuzSys = {Sample, Solve , SampleSol, Verify} 1) Completeness and Efficient Sampleability of Sample and SampleSol 2) ๐’‰ -Hardness: PuzSys is ๐’‰ -hard , if for every adversary: ๐’Š, ๐’’๐’—๐’œ ๐’’๐’—๐’œ < โˆ’ Sample (๐’Š) ๐’•๐’‘๐’Ž๐’ Verify (๐’Š, ๐’’๐’—๐’œ, ๐’•๐’‘๐’Ž๐’) โˆ’> ๐‘ข๐‘ ๐‘ฃ๐‘“ ๐‘ผ๐’‹๐’๐’‡ ๐‘ฉ๐’†๐’˜๐’‡๐’”๐’•๐’ƒ๐’”๐’› (๐’Š, ๐’’๐’—๐’œ) < ๐’‰ (๐‘ผ๐’‹๐’๐’‡ ๐“๐ฉ๐ฆ๐ฐ๐Ÿ (๐’Š, ๐’’๐’—๐’œ)) With negligible probability

  34. Cryptographic Puzzles Security PuzSys = {Sample, Solve , SampleSol, Verify} 1) Completeness and Efficient sampleability of Sample and SampleSol 2) ๐’‰ -Hardness 3) Statistical indistinguishability of Sample and SampleSol

  35. Cryptographic Puzzles Security PuzSys = {Sample, Solve , SampleSol, Verify} 1) Completeness and Efficient sampleability of Sample and SampleSol 2) ๐’‰ -Hardness 3) Statistical indistinguishability of Sample and SampleSol 4) (๐’–, ๐’) โˆ’ amortization resistance ๐’Š, ๐’’๐’—๐’œ ๐Ÿ , โ€ฆ , ๐’’๐’—๐’œ๐’ ๐’’๐’—๐’œ ๐Ÿ , โ€ฆ , ๐’’๐’—๐’œ๐’ < โˆ’ Sample (๐’Š) ๐’•๐’‘๐’Ž๐’ ๐Ÿ , โ€ฆ , ๐’•๐’‘๐’Ž๐’๐’ for all 1 < ๐‘— < ๐‘™ Verify (๐’Š, ๐’’๐’—๐’œ๐’‹, ๐’•๐’‘๐’Ž๐’๐’‹) โˆ’> ๐‘ข๐‘ ๐‘ฃ๐‘“ ๐’ ๐‘ผ๐’‹๐’๐’‡ ๐‘ฉ๐’†๐’˜๐’‡๐’”๐’•๐’ƒ๐’”๐’› (๐’Š, ๐’’๐’—๐’œ) < ๐’–(เท ๐’‰ (๐‘ผ๐’‹๐’๐’‡๐‘ป๐’‘ ๐’Ž๐’˜๐’‡ (๐’Š, ๐’’๐’—๐’œ๐’‹)) ๐’‹=๐Ÿ With negligible probability

  36. PoWorKs

  37. PoWorK Definition (๐‘„, ๐‘Š) is an f -sound PoWorK for ๐‘€ โˆˆ ๐‘ถ๐‘ธ w.r.t. witness relation ๐‘† ๐‘€ and PuzSys , if it achieves the following properties:

  38. PoWorK Definition (๐‘„, ๐‘Š) is an f -sound PoWorK for ๐‘€ โˆˆ ๐‘ถ๐‘ธ w.r.t. witness relation ๐‘† ๐‘€ and PuzSys , if it achieves the following properties: โˆ— , ๐’Š โˆˆ ๐ผ๐‘‡ 1) Completeness: for all ๐’š โˆˆ ๐‘€, ๐’™ โˆˆ ๐‘†๐‘€ ๐‘ฆ , ๐’œ โˆˆ 0,1 Pr[< ๐‘„(๐’™) โ†” ๐‘Š > (๐’š, ๐’œ, ๐’Š); ๐‘Š โ†’ โ€œ accept โ€] = 1 โˆ’ negl(๐œ‡) & Pr[< ๐‘„ Solve ( h ) โ†” ๐‘Š > ๐’š, ๐’œ, ๐’Š ; ๐‘Š โ†’ โ€œ accept โ€] = 1 โˆ’ negl(๐œ‡)

Recommend

AUTOMATING KNOWLEDGE WORK WITH LARGE-SCALE KNOWLEDGE GRAPHS 2018 Strata Data Conference, New

AUTOMATING KNOWLEDGE WORK WITH LARGE-SCALE KNOWLEDGE GRAPHS 2018 Strata Data Conference, New

AUTOMATING KNOWLEDGE WORK WITH LARGE-SCALE KNOWLEDGE GRAPHS 2018 Strata Data Conference, New York Mike Tung, Founder &amp; CEO What youll learn in this talk An architecture for future knowledge work What is a Knowledge Graph? A

478 views โ€ข 36 slides
SLA at 100: From Putting Knowledge to Work to Building the Knowledge Culture Guy St. Clair

SLA at 100: From Putting Knowledge to Work to Building the Knowledge Culture Guy St. Clair

SLA at 100: From Putting Knowledge to Work to Building the Knowledge Culture Guy St. Clair It all began with an idea, the idea that specialist librarians were different. The people we today call information professionals and

582 views โ€ข 11 slides
Towards Analytical Data and Knowledge . . . Knowledge . . . Techniques for Optimizing Resulting

Towards Analytical Data and Knowledge . . . Knowledge . . . Techniques for Optimizing Resulting

Introduction Outline Sensor Placement: . . . Towards Analytical Data and Knowledge . . . Knowledge . . . Techniques for Optimizing Resulting Geometric . . . How to Use the . . . Knowledge Acquisition, Future Work Processing, Propagation,

778 views โ€ข 60 slides
Semant ic Knowledge f or Semant ic Knowledge f or Text ual Ent ailment Text ual Ent ailment

Semant ic Knowledge f or Semant ic Knowledge f or Text ual Ent ailment Text ual Ent ailment

Semant ic Knowledge f or Semant ic Knowledge f or Text ual Ent ailment Text ual Ent ailment Bernardo Magnini J oint work wit h: Elena Cabrio, Milen Kouylekov, Mat t eo Negri FBK-I rst Trent o, I t aly NSF Symposium on Semant ic Knowledge

467 views โ€ข 11 slides
Selfish Load Balancing under Partial Knowledge Panagiota N. Panagopoulou Research Academic

Selfish Load Balancing under Partial Knowledge Panagiota N. Panagopoulou Research Academic

The Model Zero Knowledge Arbitrary Knowledge Full Knowledge Selfish Load Balancing under Partial Knowledge Panagiota N. Panagopoulou Research Academic Computer Technology Institute University of Patras, Greece panagopp@cti.gr joint work

961 views โ€ข 31 slides
KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the

KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the

KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the process of extracting knowledge from whatever source including document, manuals, case studies, etc. Knowledge elicitation is a type of the

373 views โ€ข 26 slides
Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Short Pairing-based Non-interactive Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In a zero knowledge protocol a prover can convince a verifier that some statement is true without leaking any side

628 views โ€ข 14 slides
Digital Me Leveraging your digital footprint to track your time Mats Sj oberg March 28, 2017

Digital Me Leveraging your digital footprint to track your time Mats Sj oberg March 28, 2017

Digital Me Leveraging your digital footprint to track your time Mats Sj oberg March 28, 2017 Quantified Employee 2017 Seminar Knowledge work is changing Tuukka Lehtiniemi et al, Trends of Knowledge Work and Needs for Knowledge Work

422 views โ€ข 15 slides
Global Knowledge Management Knowledge Representation Jan M. Pawlowski Autumn 2013 Licensing:

Global Knowledge Management Knowledge Representation Jan M. Pawlowski Autumn 2013 Licensing:

Global Knowledge Management Knowledge Representation Jan M. Pawlowski Autumn 2013 Licensing: Creative Commons You are free: to Share to copy, distribute and transmit Collaborative Course Development! the work Thanks to my colleagues Prof.

510 views โ€ข 30 slides
Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge

Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge

CPE/CSC 580-S06 Artificial Intelligence Intelligent Agents Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge wumpus world example of knowledge-based agents knowledge representation language

325 views โ€ข 31 slides
What does it mean to know a work of architecture, or anything? Knowledge is tied to what

What does it mean to know a work of architecture, or anything? Knowledge is tied to what

What does it mean to know a work of architecture, or anything? Knowledge is tied to what a thing does. Example: Ear What makes an ear an ear? It allows something to hear. If it does not do this, its not an ear. We do not

846 views โ€ข 47 slides
OUTLINE CAPITALIZATION OF COLLECTIVE KNOWLEDGE: Knowledge management and Knowledge

OUTLINE CAPITALIZATION OF COLLECTIVE KNOWLEDGE: Knowledge management and Knowledge

OUTLINE CAPITALIZATION OF COLLECTIVE KNOWLEDGE: Knowledge management and Knowledge Engineering FROM KNOWLEDGE Definitions ENGINEERING, MULTI- Process AGENTS TO CSCW AND SOCIO Knowledge Capitalization approaches Cooperative

976 views โ€ข 51 slides
Common Knowledge AND Global Games 1 This talk combines common knowledge with global games

Common Knowledge AND Global Games 1 This talk combines common knowledge with global games

Common Knowledge AND Global Games 1 This talk combines common knowledge with global games another advanced branch of game theory See Stephen Morriss work 2 Today well go back to a puzzle that arose during the Hawk-Dove lecture:

503 views โ€ข 35 slides
Plan for today Knowledge-based systems 1 Explicit knowledge Knowledge Representation Inferred

Plan for today Knowledge-based systems 1 Explicit knowledge Knowledge Representation Inferred

Knowledge Representation Knowledge Representation Plan for today Knowledge-based systems 1 Explicit knowledge Knowledge Representation Inferred knowledge Domain-specific stuff A very brief intro Changing premises Uncertainty Jacek Malec

179 views โ€ข 13 slides
Plan for today Knowledge-based systems 1 Tacit knowledge Knowledge Representation Inferred

Plan for today Knowledge-based systems 1 Tacit knowledge Knowledge Representation Inferred

Knowledge Representation Knowledge Representation Plan for today Knowledge-based systems 1 Tacit knowledge Knowledge Representation Inferred knowledge Domain-specific stuff A very brief intro Changing premises Uncertainty Jacek Malec

265 views โ€ข 13 slides
Texts as Knowledge Bases Christopher Manning Joint work with Gabor Angeli and Danqi Chen

Texts as Knowledge Bases Christopher Manning Joint work with Gabor Angeli and Danqi Chen

Texts as Knowledge Bases Christopher Manning Joint work with Gabor Angeli and Danqi Chen Stanford NLP Group @chrmanning @stanfordnlp AKBC 2016 Machine Comprehension = Machine has an Augmented Knowledge Base A machine comprehends a

567 views โ€ข 37 slides
Managing Knowledge Transfer John Flynt Compliance Knowledge Management Specialist April 4, 2018

Managing Knowledge Transfer John Flynt Compliance Knowledge Management Specialist April 4, 2018

Managing Knowledge Transfer John Flynt Compliance Knowledge Management Specialist April 4, 2018 KM_MD_A_0015_ST Introduction This presentation provides an overview of how a knowledge transfer specialist can work with a department or team to

580 views โ€ข 8 slides
Knowledge-based Agents Can represent knowledge And reason with this knowledge CS 331:

Knowledge-based Agents Can represent knowledge And reason with this knowledge CS 331:

Knowledge-based Agents Can represent knowledge And reason with this knowledge CS 331: Artificial Intelligence How is this different from the knowledge Propositional Logic I used by problem-specific agents? More general More

221 views โ€ข 9 slides
CORRECT? Introduction Working hypothesis Observations: Hypothesis: Human intelligence

CORRECT? Introduction Working hypothesis Observations: Hypothesis: Human intelligence

The Knowledge Representation Hypothesis (Brian Smith, 1982): IT3706 Knowledge Representation An intelligent systems competence is Rodney Brooks: determined by its knowledge. Knowledge without The knowledge is contained within

405 views โ€ข 5 slides
Knowledge and seeing Franois Schwarzentruber (joint work with Philippe Balbiani, Olivier

Knowledge and seeing Franois Schwarzentruber (joint work with Philippe Balbiani, Olivier

Motivation Modeling Variant with cameras Discussion and conclusion Knowledge and seeing Franois Schwarzentruber (joint work with Philippe Balbiani, Olivier Gasquet and Valentin Goranko) cole Normale Suprieure Rennes May 13, 2019 1 /

920 views โ€ข 62 slides
The knowledge synthesis How can a review and synthesis be systematic? Fredrik Fernqvist Work

The knowledge synthesis How can a review and synthesis be systematic? Fredrik Fernqvist Work

The knowledge synthesis How can a review and synthesis be systematic? Fredrik Fernqvist Work Science, Business Economics and Environmental Psychology Background The National Food Strategy for Sweden Formas Special call (2017): Syntheses

771 views โ€ข 20 slides
Knowledge Model Basics Challenges in knowledge modeling Basic knowledge-modeling constructs

Knowledge Model Basics Challenges in knowledge modeling Basic knowledge-modeling constructs

Knowledge Model Basics Challenges in knowledge modeling Basic knowledge-modeling constructs Comparison to general software analysis Knowledge model specialized tool for specification of knowledge- intensive tasks abstracts from

758 views โ€ข 44 slides
The importance of core work skills Laura Brewer February 2015 the skills, knowledge and

The importance of core work skills Laura Brewer February 2015 the skills, knowledge and

The importance of core work skills Laura Brewer February 2015 the skills, knowledge and competencies that enhance a workers ability to secure and retain a job, progress at work and cope with change, secure another job if he/she so wishes

316 views โ€ข 9 slides
Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert University of

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert University of

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert University of Michigan (Based on work with Sina Shiehian) 2nd Crypto Innovation School Shanghai, China 15 December 2019 1 / 16 Zero Knowledge

995 views โ€ข 95 slides

More recommend