Advancements in Interactive Proofs for Efficient Computation

Slide Note
Embed
Share

Recent developments in interactive proofs focus on enhancing the efficiency of computations outsourced to untrusted servers, addressing concerns related to correctness and privacy. Solutions like doubly efficient interactive proofs offer a secure way to delegate computations while minimizing reliance on cloud services.

nier630
nier630 Follow

Uploaded on Sep 26, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Doubly Efficient Interactive Proofs Ron Rothblum

  2. Outsourcing Computation Weak client outsources computation to the cloud. ? ? = ?(?)

  3. Outsourcing Computation We do not want to blindly trust the cloud. ? ? = ?(?) Key security concerns: Correctness: why should we trust the server s answer? Privacy: keep client s sensitive data secret (closely related to homomorphic encryption)

  4. Interactive Proofs to the Rescue? Interactive Proof [GMR85]: prover ? tries to interactively convince a polynomial-time verifier ? that ? ? = ?. ? ? = ? ? convinces ?. ? ? ? no ? can convince ? wp 1/2. Key Problem: in classical results complexity of proving is actually exponential: IP=PSPACE [LFKN90,Shamir90]: Interactive Proofs for space ? computations with 2poly ?prover, poly(?,?) verification, poly(?) rounds.

  5. Doubly Efficient Interactive Proof [GKR08] Interactive proof for ? ? = ? where the prover is efficient, and the verifier is super efficient. Proportional to complexity of ? Much faster than complexity of ? Soundness holds against any (computationally unbounded) cheating prover.

  6. Doubly Efficient Interactive Proofs: The State of the Art Logspace uniform ?? 1) [GKR08]: Bounded Depth Any bounded-depth circuit. (Almost) linear time verifier, poly-time prover. Number of rounds proportional to circuit depth. 2) [RRR16]: Bounded Space Any bounded-space computation. (Almost) linear time verifier, poly-time prover. ? ? rounds.

  7. Constant-Round Doubly Efficient Interactive Proofs Theorem [RRR16]: ? > 0 s.t. every language computable in poly(?) time and ??space has an unconditionally sound interactive proof where: 1. Verifier is (almost) linear time. 2. Prover is polynomial-time. 3. Constant number of rounds. No cryptographic assumptions or operations Inherent (under reasonable conjectures)

  8. Roadmap: A Taste of the Proof Iterative construction: 1. Start with interactive proof for short computations. 2. Build interactive proof for slightly longer computations. 3. Repeat.

  9. Iterative Construction Suppose we have interactive proofs for time ?/? and space ? computations. Consider a time ? and space ? computation. ? ? ? ?

  10. Divide & Conquer Divide: Prover sends Turing machine configuration in ? ? intermediate steps. ? ? ?(? 1)?/? ??/? ?2?/? Conquer? recurse on all subcomputations. Problem: verification blows up, no savings.

  11. Divide & Conquer Divide: Prover sends Turing machine configuration in ? ? intermediate steps. ? ? ?(? 1)?/? ??/? ?2?/? Conquer? Choose a few at random and recurse. Problem: huge soundness error.

  12. Best of Both Worlds? Can we batch verify ? instances much more efficiently than ? independent executions. Goal: Suppose ? ? can be verified in time ?. Want to verify ?1, ,?? ? in ? ? time.

  13. Warmup: Batch Verification for ?? ?? ?? are all relations with unique accepting witnesses. Theorem [RRR16]: Every ? ??, has an interactive proof for verifying that ?1, ,?? ? with ? ???????(?) + ?(?) communication. ? = witness length

  14. Tool: Probabilistically Checkable Proofs PCP Theorem [ ,ALMSS92, ]: Every NP witness ? has a PCP encoding ? = ???(?,?) that can be verified with a constant number of queries. ? = ??? ?,? ?(?) Furthermore, query locations don t depend on input.

  15. PCPs Batch Verification? ?(??, ,??) ?(??,?? ,??,??) 1. Generate PCP queries ? ?1= ??? ?1,?1 ? ?2= ??? ?2,?2 ?? ? = 2. Accept if PCP verifier accepts all ? statements. ??= ??? ??,?? Extremely efficient just ?(? + ??? ?) communication! Totally insecure soundness of PCP is only guaranteed if PCP proof is written in advance.

  16. Batch Verification via Checksums ?(??, ,??) ?(??,?? ,??,??) ? ?1= ??? ?1,?1 ?2= ??? ?2,?2 ? 1. Generate PCP queries ? ? = ?? 2. Check that PCP verifier accepts all ? statements. ??= ??? ??,?? 3. Check ??consistent with ?. ? = ? ???

  17. Single Deviation Provers In general: not sound. Intuitively the hardest case Relaxed soundness: make two assumptions only one ?? ?. single-deviation ? : in answering queries ?, ? must answer honestly on all rows ? ? . Unjustifiable assumption!

  18. Soundness vs. Single-Deviation Provers ?(??, ,?? , ,??) ? (??,??, ,?? , .??,??) ?

  19. Soundness vs. Single-Deviation Provers ?(??, ,?? , ,??) ? (??,??, ,?? , .??,??) ? ?1= ??? ?1,?1 ?? = ? + ? ? ?? ? = ??= ??? ??,?? ? = ? ??? ? ???

  20. Soundness vs. Single-Deviation Provers ?(??, ,?? , ,??) ? (??,??, ,?? , .??,??) ? ?1= ??? ?1,?1 ?? = ? + ? ? ?? ? 1. Generate PCP queries ? ? = ??= ??? ??,?? ? = ? ??? ? ???

  21. Soundness vs. Single-Deviation Provers ?(??, ,?? , ,??) ? (??,??, ,?? , .??,??) ? ?1= ??? ?1,?1 ?? = ? + ? ? ?? ? 1. Generate PCP queries ? ? = ?? ??= ??? ??,?? 2. Check that PCP verifier accepts all ? statements. ? = 3. Check ??consistent with ?. ? ??? ? ??? Single-deviation ? must answers row ? by ?? ?? defined before queries ? were specified PCP soundness ? can t cheat

  22. Handling General Cheating Provers For ? deviation prover: use fancy checksum of size ? ?. Consider ? = ?. Cheating prover has two options: 1. deviate on ? rows ? deviation, we re fine. 2. deviate on > PCPs of more than ? of rows. ? rows answers disagree with unique Since there is a unique PCP verifier will notice deviation and reject ? selects 100 ? rows at random and asks prover to send the entire PCP for these rows.

  23. Batch Verification for ?? This gives ? multiplicative overhead. Can be improved to polylog ? by recursion. For batch verification of interactive proofs we introduce interactive analogs of ?? and ???.

  24. Constant-Round Doubly Efficient Interactive Proofs Theorem [RRR16]: ? > 0 s.t. every language computable in poly(?) time and ??space has an unconditionally sound interactive proof where: 1. Verifier is (almost) linear time. 2. Prover is polynomial-time. 3. Constant number of rounds.

  25. Open Problems Research directions: Bridge theory and practice. Sublinear time verification. Concrete questions: IP=PSPACE with efficient prover. Batch verification for all of NP. [GR17]: Simpler and more efficient protocols (even for smaller classes).

Related


Evolution of Proofs in Computer Science: Zero-Knowledge Proofs Overview

Evolution of Proofs in Computer Science: Zero-Knowledge Proofs Overview

cvesc
Interactive Proofs in Complexity Theory

Interactive Proofs in Complexity Theory

kiri
Evolution of Proofs in Computer Science

Evolution of Proofs in Computer Science

larsen_a
Exploring FAEST: Post-Quantum Signatures and Zero-Knowledge Proofs

Exploring FAEST: Post-Quantum Signatures and Zero-Knowledge Proofs

borys
Constant Round Interactive Proofs for Delegating Computations

Constant Round Interactive Proofs for Delegating Computations

dnils
Evolution of Proofs in Cryptography

Evolution of Proofs in Cryptography

ahmari
Quantum NIZK Proofs Explained with Dominique Unruh

Quantum NIZK Proofs Explained with Dominique Unruh

samanv
Mathematical Proof Techniques and Examples

Mathematical Proof Techniques and Examples

harmone
Understanding Exhaustive Proofs and Proof by Cases in Discrete Math

Understanding Exhaustive Proofs and Proof by Cases in Discrete Math

oluwase
Fides: A System for Verifiable Computation Using Smart Contracts

Fides: A System for Verifiable Computation Using Smart Contracts

isen_17
Secure Computation Techniques in RAM Models with Efficient Automation

Secure Computation Techniques in RAM Models with Efficient Automation

terence
Undecidability Proofs and Reductions in Theory of Computation

Undecidability Proofs and Reductions in Theory of Computation

rcle
Practical Statistically-Sound Proofs of Exponentiation in Any Group

Practical Statistically-Sound Proofs of Exponentiation in Any Group

edupu
Zero-Knowledge Proofs in Cryptography

Zero-Knowledge Proofs in Cryptography

jevo_89
Advancements in Active Secure Multiparty Computation (MPC)

Advancements in Active Secure Multiparty Computation (MPC)

dulcie
Covert Computation: Ensuring Undetectable Engagement

Covert Computation: Ensuring Undetectable Engagement

zazueta_n
Understanding Indirect Proofs: Contradiction and Contraposition Examples

Understanding Indirect Proofs: Contradiction and Contraposition Examples

zaccai
Algebra and Geometry Reasoning: Concepts and Proofs

Algebra and Geometry Reasoning: Concepts and Proofs

dom_spa
Challenges in Constant-Round Public-Coin Zero-Knowledge Proofs

Challenges in Constant-Round Public-Coin Zero-Knowledge Proofs

nstai
Understanding Predicate Logic and Quantifiers for Symbolic Proofs

Understanding Predicate Logic and Quantifiers for Symbolic Proofs

mara_r
Linear Communication in Secure Multiparty Computation for Efficient and Fast Processing

Linear Communication in Secure Multiparty Computation for Efficient and Fast Processing

emer_2
Non-Interactive Anonymous Router with Quasi-Linear Computation

Non-Interactive Anonymous Router with Quasi-Linear Computation

alista
Enhancing Multi-Party Computation Efficiency Through ORAM Techniques

Enhancing Multi-Party Computation Efficiency Through ORAM Techniques

jeronimo_a
Blackbox Verifiable Computation Scheme Overview

Blackbox Verifiable Computation Scheme Overview

graylynsa

More Related Content