zero knowledge succinct arguments an introduction
play

Zero Knowledge Succinct Arguments: an Introduction Alessandro - PowerPoint PPT Presentation

Jun 10, 2023 •518 likes •2.47k views

Zero Knowledge Succinct Arguments: an Introduction Alessandro Chiesa UC Berkeley 1 Motivation 2 3 cryptography is a powerful tool for building secure systems 3 cryptography is a powerful tool for building secure systems much of the

  1. Zero Knowledge Proofs [GMR85] “I know x s.t. y = F ( x )” P V rover erifier F function F function y claimed output x private input y claimed output [GMR85]: ZKPs for certain number-theoretic problems (QR,QNR) If one-way functions exist: 7

  2. Zero Knowledge Proofs [GMR85] “I know x s.t. y = F ( x )” P V rover erifier F function F function y claimed output x private input y claimed output [GMR85]: ZKPs for certain number-theoretic problems (QR,QNR) If one-way functions exist: [GMW86]: ZKPs for all poly- time computable functions F 7

  3. Zero Knowledge Proofs [GMR85] “I know x s.t. y = F ( x )” P V rover erifier F function F function y claimed output x private input y claimed output [GMR85]: ZKPs for certain number-theoretic problems (QR,QNR) If one-way functions exist: [GMW86]: ZKPs for all poly- time computable functions F [BGGHKMR88]: ZKPs for all poly- space computable functions F 7

  4. Zero Knowledge Proofs [GMR85] “I know x s.t. y = F ( x )” P V rover erifier F function F function y claimed output x private input y claimed output Powerful cryptographic primitive. 8

  5. Zero Knowledge Proofs [GMR85] “I know x s.t. y = F ( x )” P V rover erifier F function F function y claimed output x private input y claimed output Powerful cryptographic primitive. BUT 8

  6. Zero Knowledge Proofs [GMR85] “I know x s.t. y = F ( x )” P V rover erifier F function F function y claimed output x private input y claimed output Powerful cryptographic primitive. BUT interactive 8

  7. Zero Knowledge Proofs [GMR85] “I know x s.t. y = F ( x )” P V rover erifier F function F function y claimed output x private input y claimed output Powerful cryptographic primitive. BUT interactive not succinct 8

  8. Zero Knowledge Proofs [GMR85] “I know x s.t. y = F ( x )” P V rover erifier F function F function y claimed output x private input y claimed output Powerful cryptographic primitive. BUT interactive not succinct communication complexity & verification complexity are proportional to time( F ) 8

  9. Zero Knowledge Proofs [GMR85] “I know x s.t. y = F ( x )” P V rover erifier F function F function y claimed output x private input y claimed output Powerful cryptographic primitive. BUT interactive not succinct communication complexity & verification complexity for typical F are proportional to time( F ) size( F ) ≪ time( F ) 8

  10. Zero Knowledge Succinct Proofs [Kilian92][Micali94] 9

  11. Zero Knowledge Succinct Proofs [Kilian92][Micali94] “I know x s.t. y = F ( x )” P V 9

  12. Zero Knowledge Succinct Proofs [Kilian92][Micali94] “I know x s.t. y = F ( x )” P V ∃ x : y = F ( x ) → Pr[ P ( F , y , x ) convinces V ( F , y )]=1 completeness ∄ x : y = F ( x ) → ∀ P’ Pr[ P’ convinces V ( F , y )] ≃ 0 soundness zero knowledge ∃ x : y = F ( x ) → ∀ V’ , S ( V' , F , y ) ≃ view of V' with P ( F , y , x ) succinctness V ( F , y ) runs in time proportional to | F |+| y | (not time( F )+| y |) 9

  13. Zero Knowledge Succinct Proofs [Kilian92][Micali94] “I know x s.t. y = F ( x )” P V ∃ x : y = F ( x ) → Pr[ P ( F , y , x ) convinces V ( F , y )]=1 completeness * ∄ x : y = F ( x ) → ∀ P’ Pr[ P’ convinces V ( F , y )] ≃ 0 soundness zero knowledge ∃ x : y = F ( x ) → ∀ V’ , S ( V' , F , y ) ≃ view of V' with P ( F , y , x ) succinctness V ( F , y ) runs in time proportional to | F |+| y | (not time( F )+| y |) 9

  14. Zero Knowledge Succinct Proofs [Kilian92][Micali94] “I know x s.t. y = F ( x )” P V ∃ x : y = F ( x ) → Pr[ P ( F , y , x ) convinces V ( F , y )]=1 completeness * ∄ x : y = F ( x ) → ∀ P’ Pr[ P’ convinces V ( F , y )] ≃ 0 soundness zero knowledge ∃ x : y = F ( x ) → ∀ V’ , S ( V' , F , y ) ≃ view of V' with P ( F , y , x ) succinctness V ( F , y ) runs in time proportional to | F |+| y | (not time( F )+| y |) * must relax to computational soundness: ∀ PPT P’ ... [GH98] 9

  15. Zero Knowledge Succinct Proofs [Kilian92][Micali94] Arguments “I know x s.t. y = F ( x )” P V ∃ x : y = F ( x ) → Pr[ P ( F , y , x ) convinces V ( F , y )]=1 completeness * ∄ x : y = F ( x ) → ∀ P’ Pr[ P’ convinces V ( F , y )] ≃ 0 soundness zero knowledge ∃ x : y = F ( x ) → ∀ V’ , S ( V' , F , y ) ≃ view of V' with P ( F , y , x ) succinctness V ( F , y ) runs in time proportional to | F |+| y | (not time( F )+| y |) * must relax to computational soundness: ∀ PPT P’ ... [GH98] 9

  16. Achieving Succinctness 10

  17. Achieving Succinctness Zero Knowledge Succinct Proof 10

  18. Achieving Succinctness Zero Knowledge Succinct Proof [Kilian92] 10

  19. Achieving Succinctness Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] [Kilian92] 10

  20. Achieving Succinctness Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q P [Kilian92] D 10

  21. Achieving Succinctness Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q P [Kilian92] D 10

  22. Achieving Succinctness Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q P [Kilian92] D 10

  23. Achieving Succinctness Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q P [Kilian92] D 10

  24. Achieving Succinctness Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] D 10

  25. Achieving Succinctness Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] Q D 10

  26. Achieving Succinctness Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D 10

  27. Achieving Succinctness Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D 10

  28. Achieving Succinctness Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D TOFIX interactive not succinct 10

  29. Achieving Succinctness Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D TOFIX interactive not succinct 10

  30. Achieving Succinctness Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D TOFIX interactive not succinct bad concrete efficiency 10

  31. Achieving Non-Interactivity Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D TOFIX interactive not succinct bad concrete efficiency 11

  32. Achieving Non-Interactivity Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D [Micali94] TOFIX interactive not succinct bad concrete efficiency 11

  33. Achieving Non-Interactivity Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D [Micali94] (the first) Zero Knowledge SNARK TOFIX interactive not succinct bad concrete efficiency 11

  34. Achieving Non-Interactivity Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D [Micali94] (the first) Zero Knowledge SNARK Random Oracle (SHA-256) TOFIX interactive not succinct bad concrete efficiency 11

  35. Achieving Non-Interactivity Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D [Micali94] (the first) Zero Knowledge SNARK Random Oracle (SHA-256) TOFIX interactive not succinct bad concrete efficiency 11

  36. Achieving Non-Interactivity Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D [Micali94] (the first) Zero Knowledge SNARK Random Oracle (SHA-256) COM TOFIX P interactive not succinct bad concrete efficiency 11

  37. Achieving Non-Interactivity Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D [Micali94] (the first) Zero Knowledge SNARK Random Oracle (SHA-256) COM TOFIX P interactive not succinct bad concrete efficiency 11

  38. Achieving Non-Interactivity Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D [Micali94] (the first) Zero Knowledge SNARK Random Oracle (SHA-256) COM TOFIX P interactive Q not succinct bad concrete efficiency 11

  39. Achieving Non-Interactivity Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D [Micali94] (the first) Zero Knowledge SNARK Random Oracle (SHA-256) COM TOFIX P interactive DECOM Q not succinct bad concrete efficiency 11

  40. Achieving Non-Interactivity Probabilistically Checkable Proof Zero Knowledge Succinct Proof [BFLS91][FGLSS96][AS92][ALMSS92] Q COM P P [Kilian92] DECOM Q D D [Micali94] (the first) Zero Knowledge SNARK Random Oracle (SHA-256) COM TOFIX P interactive DECOM Q not succinct D bad concrete efficiency 11

  41. Modern Era 12

  42. The Quest for ZK-SNARKs without Random Oracles 13

  43. The Quest for ZK-SNARKs without Random Oracles Negative result: constructing them "requires strong assumptions" [GW11] 13

  44. The Quest for ZK-SNARKs without Random Oracles Negative result: constructing them "requires strong assumptions" [GW11] Positive results (under strong assumptions): 13

  45. The Quest for ZK-SNARKs without Random Oracles Negative result: constructing them "requires strong assumptions" [GW11] Positive results (under strong assumptions): Knowledge of Exponent [D 92 ] 13

  46. The Quest for ZK-SNARKs without Random Oracles Negative result: constructing them "requires strong assumptions" [GW11] Positive results (under strong assumptions): Knowledge of Exponent [D 92 ] 13

  47. The Quest for ZK-SNARKs without Random Oracles Negative result: constructing them "requires strong assumptions" [GW11] Positive results (under strong assumptions): Knowledge of Exponent [D 92 ] Extractable Hash Functions 13

  48. The Quest for ZK-SNARKs without Random Oracles Negative result: constructing them "requires strong assumptions" [GW11] Positive results (under strong assumptions): Knowledge of Exponent [D 92 ] Extractable Hash Functions [BC C T 12 ] [DFH 12 ] [GLR 12 ] [B C 12 ] [BC C T 13 ] [BC C GLRT 16 ] 13

  49. The Quest for ZK-SNARKs without Random Oracles Negative result: constructing them "requires strong assumptions" [GW11] Positive results (under strong assumptions): Knowledge of Exponent [D 92 ] Extractable Hash Functions [BC C T 12 ] [DFH 12 ] [GLR 12 ] [B C 12 ] [BC C T 13 ] [BC C GLRT 16 ] based on PCPs 13

  50. The Quest for ZK-SNARKs without Random Oracles Negative result: constructing them "requires strong assumptions" [GW11] Positive results (under strong assumptions): Knowledge of Exponent [D 92 ] Extractable Hash Functions Linear-Only Encryption/Encoding [BC C T 12 ] [DFH 12 ] [GLR 12 ] [B C 12 ] [BC C T 13 ] [BC C GLRT 16 ] based on PCPs 13

  51. The Quest for ZK-SNARKs without Random Oracles Negative result: constructing them "requires strong assumptions" [GW11] Positive results (under strong assumptions): Knowledge of Exponent [D 92 ] Extractable Hash Functions Linear-Only Encryption/Encoding [G 10 ] [WSRBW 15 ] [BC C T 12 ] [L 12 ] [BBFR 15 ] [DFH 12 ] [B C IOP 13 ] [B C TV 14b ] [GLR 12 ] [GGPR 13 ] [ C TV 15 ] [B C 12 ] [PGHR 13 ] [CFHKKNPZ 15 ] [BC C T 13 ] [B C GTV 13 ] [BISW 17 ] [BC C GLRT 16 ] ⁞ [B C TV 14a ] [DFGK 14 ] based on PCPs 13

  52. The Quest for ZK-SNARKs without Random Oracles Negative result: constructing them "requires strong assumptions" [GW11] Positive results (under strong assumptions): Generic Group Model [G 16 ] Knowledge of Exponent [D 92 ] Extractable Hash Functions Linear-Only Encryption/Encoding [G 10 ] [WSRBW 15 ] [BC C T 12 ] [L 12 ] [BBFR 15 ] [DFH 12 ] [B C IOP 13 ] [B C TV 14b ] [GLR 12 ] [GGPR 13 ] [ C TV 15 ] [B C 12 ] [PGHR 13 ] [CFHKKNPZ 15 ] [BC C T 13 ] [B C GTV 13 ] [BISW 17 ] [BC C GLRT 16 ] ⁞ [B C TV 14a ] [DFGK 14 ] based on PCPs 13

  53. The Quest for ZK-SNARKs without Random Oracles Negative result: constructing them "requires strong assumptions" [GW11] Positive results (under strong assumptions): Generic Group Model [G 16 ] Knowledge of Exponent [D 92 ] Extractable Hash Functions Linear-Only Encryption/Encoding [G 10 ] [WSRBW 15 ] [BC C T 12 ] [L 12 ] [BBFR 15 ] [DFH 12 ] [B C IOP 13 ] [B C TV 14b ] [GLR 12 ] [GGPR 13 ] [ C TV 15 ] [B C 12 ] [PGHR 13 ] [CFHKKNPZ 15 ] [BC C T 13 ] [B C GTV 13 ] [BISW 17 ] [BC C GLRT 16 ] ⁞ [B C TV 14a ] [DFGK 14 ] based on PCPs based on linear PCPs 13

  54. The Quest for ZK-SNARKs without Random Oracles Negative result: constructing them "requires strong assumptions" [GW11] Positive results (under strong assumptions): Generic Group Model [G 16 ] Knowledge of Exponent [D 92 ] Extractable Hash Functions Linear-Only Encryption/Encoding [G 10 ] [WSRBW 15 ] [BC C T 12 ] [L 12 ] [BBFR 15 ] [DFH 12 ] [B C IOP 13 ] [B C TV 14b ] [GLR 12 ] [GGPR 13 ] [ C TV 15 ] [B C 12 ] [PGHR 13 ] [CFHKKNPZ 15 ] [BC C T 13 ] [B C GTV 13 ] [BISW 17 ] [BC C GLRT 16 ] ⁞ [B C TV 14a ] [DFGK 14 ] based on PCPs based on linear PCPs strike a different tradeoff… 13

  55. ZK-SNARKs from Linear PCPs 14

  56. ZK-SNARKs from Linear PCPs Linear PCP [IKO07][B C IOP13] Q P h ~ ↵ , · i D 14

  57. ZK-SNARKs from Linear PCPs Linear PCP [IKO07][B C IOP13] Q P h ~ ↵ , · i [B C IOP13] D 14

  58. ZK-SNARKs from Linear PCPs Linear PCP Zero Knowledge SNARK [IKO07][B C IOP13] Q P h ~ ↵ , · i [B C IOP13] D 14

  59. ZK-SNARKs from Linear PCPs Linear PCP Zero Knowledge SNARK [IKO07][B C IOP13] Setup pk Q vk P h ~ ↵ , · i [B C IOP13] P V D 14

  60. ZK-SNARKs from Linear PCPs linear-only Linear PCP Zero Knowledge SNARK encodings [IKO07][B C IOP13] Setup pk Q vk P h ~ ↵ , · i [B C IOP13] P V D 14

  61. ZK-SNARKs from Linear PCPs linear-only Linear PCP Zero Knowledge SNARK encodings [IKO07][B C IOP13] Setup pk Q vk P h ~ ↵ , · i [B C IOP13] P V D 14

  62. ZK-SNARKs from Linear PCPs linear-only Linear PCP Zero Knowledge SNARK encodings [IKO07][B C IOP13] Setup pk Q vk P h ~ ↵ , · i [B C IOP13] P V D pk vk 14

  63. ZK-SNARKs from Linear PCPs linear-only Linear PCP Zero Knowledge SNARK encodings [IKO07][B C IOP13] Setup pk Q vk P h ~ ↵ , · i [B C IOP13] P V D Q pk vk 14

  64. ZK-SNARKs from Linear PCPs linear-only Linear PCP Zero Knowledge SNARK encodings [IKO07][B C IOP13] Setup pk Q vk P h ~ ↵ , · i [B C IOP13] P V D Q pk Enc vk 14

Recommend

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay October 15, 2019 1 / 24 zkSNARKs Arguments ZK proofs

435 views • 24 slides
Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Short Pairing-based Non-interactive Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In a zero knowledge protocol a prover can convince a verifier that some statement is true without leaking any side

628 views • 14 slides
PI is not at least as succinct as MODS Nikolay Kaleyski July 7, 2017 Nikolay Kaleyski PI is not

PI is not at least as succinct as MODS Nikolay Kaleyski July 7, 2017 Nikolay Kaleyski PI is not

PI is not at least as succinct as MODS Nikolay Kaleyski July 7, 2017 Nikolay Kaleyski PI is not at least as succinct as MODS Known results in knowledge compilation A Knowledge Compilation Map, Adnan Darwiche & Pierre Marquis (2002)

814 views • 53 slides
LegoSNARK Modular Design and Composition of Succinct Zero-Knowledge Proofs Matteo Campanelli,

LegoSNARK Modular Design and Composition of Succinct Zero-Knowledge Proofs Matteo Campanelli,

LegoSNARK Modular Design and Composition of Succinct Zero-Knowledge Proofs Matteo Campanelli, Dario Fiore , Anas Querol IMDEA Software Institute, Spain 2nd ZKProof Workshop April 10, 2019 zkSNARKs focus of this work from theoretical

535 views • 26 slides
In-memory processing of big data via succinct data structures Rajeev Raman University of

In-memory processing of big data via succinct data structures Rajeev Raman University of

In-memory processing of big data via succinct data structures Rajeev Raman University of Leicester SDP Workshop, University of Cambridge Introduction Succinct Data Structuring Succinct Tries Applications & Libraries End Overview

321 views • 18 slides
Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli,

Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli,

Sub-Linear Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli, Rafael del Pino, Jens Groth and Vadim Lyubashevsky Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits 2

712 views • 33 slides
Focused search for arguments from propositional knowledge Vasiliki Efstathiou and Anthony Hunter

Focused search for arguments from propositional knowledge Vasiliki Efstathiou and Anthony Hunter

Introduction Connection Graphs Results Conclusions Focused search for arguments from propositional knowledge Vasiliki Efstathiou and Anthony Hunter Department of Computer Science University College London Vasiliki Efstathiou and Anthony

415 views • 38 slides
Lattice-Based Zero-Knowledge Arguments for Integer Relations t Libert 1 San Ling 2 Khoa Nguyen 2

Lattice-Based Zero-Knowledge Arguments for Integer Relations t Libert 1 San Ling 2 Khoa Nguyen 2

Lattice-Based Zero-Knowledge Arguments for Integer Relations t Libert 1 San Ling 2 Khoa Nguyen 2 Huaxiong Wang 2 Beno 1 CNRS and ENS Lyon, France 2 Nanyang Technological University, Singapore CRYPTO 2018, 20 August 2018 Zero-Knowledge

422 views • 30 slides
On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger Pedase Theory Day, 04.10.2003 On Diophantine Complexity and SZK Arguments, Helger Lipmaa 1

501 views • 24 slides
On the (In)security of SNARK s in the Presence of Oracles Anca Nitulescu, Dario Fiore cole

On the (In)security of SNARK s in the Presence of Oracles Anca Nitulescu, Dario Fiore cole

On the (In)security of SNARK s in the Presence of Oracles Anca Nitulescu, Dario Fiore cole Normale Suprieure, CNRS and INRIA, Paris, France Delegate NP computation m Delegate NP computation m Proof ? Arguments of knowledge Succinct

686 views • 58 slides
Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science,

Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science,

Our result Features A peak under the hood Summary Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science, Technion DIMACS Workshop on Outsourcing Computation Securely Joint work with Eli Ben-Sasson, Iddo

599 views • 32 slides
Transferring knowledge from discourse to arguments: A case study with scientific abstracts Pablo

Transferring knowledge from discourse to arguments: A case study with scientific abstracts Pablo

Transferring knowledge from discourse to arguments: A case study with scientific abstracts Pablo Accuosto Horacio Saggion Large-Scale Text Understanding Systems Lab, NLP Group (LaSTUS/TALN) Universitat Pompeu Fabra ArgMining 2019 ACL

639 views • 33 slides
Classical arguments that for us is a PP complement of easy The following arguments are the

Classical arguments that for us is a PP complement of easy The following arguments are the

Classical arguments that for us is a PP complement of easy The following arguments are the principle bases for the claim that tough predicates select the control complement structure, along with a brief indication of why these arguments fail to

330 views • 8 slides
Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and

Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and

Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures without Trapdoors t Libert 1 San Ling 2 Khoa Nguyen 2 Huaxiong Wang 2 Beno 1 Ecole Normale Sup erieure de Lyon (France) 2

681 views • 33 slides
Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption t Libert

Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption t Libert

Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption t Libert 1 San Ling 2 Fabrice Mouhartem 1 Beno Khoa Nguyen 2 Huaxiong Wang 2 1 Ecole Normale Sup erieure de Lyon (France) 2 Nanyang Technological

618 views • 46 slides
On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger Asiacrypt 2003, 03.12.2003 On Diophantine Complexity and SZK Arguments, Helger Lipmaa 1

433 views • 25 slides
Sorting, Functions as Arguments Genome 559: Introduction to Statistical and Computational

Sorting, Functions as Arguments Genome 559: Introduction to Statistical and Computational

Sorting, Functions as Arguments Genome 559: Introduction to Statistical and Computational Genomics Elhanan Borenstein A quick review Functions : Reusable pieces of code (write once, use many) T ake arguments, do stuff, and

664 views • 21 slides
Functions as Arguments Genome 559: Introduction to Statistical and Computational Genomics

Functions as Arguments Genome 559: Introduction to Statistical and Computational Genomics

Modules, Sorting, Functions as Arguments Genome 559: Introduction to Statistical and Computational Genomics Elhanan Borenstein A quick review Functions : Reusable pieces of code (write once, use many) T ake arguments, do

854 views • 33 slides
Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft

Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft

Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft Research) Ivan Visconti (University of Salerno) Size hiding protocols Traditional secure computation: All existing definitions and Parties

631 views • 22 slides
Computational Approaches for Stochastic Shortest Path on Succinct MDPs Krishnendu Chatterjee 1

Computational Approaches for Stochastic Shortest Path on Succinct MDPs Krishnendu Chatterjee 1

Computational Approaches for Stochastic Shortest Path on Succinct MDPs Krishnendu Chatterjee 1 Hongfei Fu 2 Amir Goharshady 1 Nastaran Okati 3 1 IST Austria 2 Shanghai Jiao Tong University 3 Ferdowsi University of Mashhad IJCAI 2018 Succinct MDPs

350 views • 32 slides
FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious Algorithms Succinct Data Structures RAM MODEL Almost everything you do in Haskell assumes this model Good for ADTs, but not a realistic

673 views • 49 slides
Space-efficient construction of succinct de Bruijn graphs Felipe A. Louza University of S ao

Space-efficient construction of succinct de Bruijn graphs Felipe A. Louza University of S ao

Space-efficient construction of succinct de Bruijn graphs Felipe A. Louza University of S ao Paulo, Brazil Joint work with Lavinia Egidi and Giovanni Manzini. LSD/LAW London, 6-7 Feb. 2019 Outline 1. Introduction 2. BOSS construction 3.

992 views • 77 slides
Statistical Encoding of Succinct Data Structures alez 1 Gonzalo Navarro 1 Rodrigo Gonz 1

Statistical Encoding of Succinct Data Structures alez 1 Gonzalo Navarro 1 Rodrigo Gonz 1

Outline Statistical Encoding of Succinct Data Structures alez 1 Gonzalo Navarro 1 Rodrigo Gonz 1 Department of Computer Science Universidad de Chile Combinatorial Pattern Matching, 2006 Gonz alez, Navarro Statistical Encoding of Succinct

1.17k views • 80 slides
Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike Alessandra Mohassel Scafuro

Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike Alessandra Mohassel Scafuro

Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike Alessandra Mohassel Scafuro Rosulek OSU NCState V I S Oregon State University A Problem C Data S Problem C Data S R 1 Problem C Data S R 1 y 1 Problem C

1.04k views • 99 slides

More recommend