Shafi Goldwasser
Yael Tauman Kalai
Skip Abstract Section
Abstract
In this work we study interactive proofs for tractable languages. The (honest) prover should be efficient and run in polynomial time or, in other words, a “muggle”.1 The verifier should be super-efficient and run in nearly linear time. These proof systems can be used for delegating computation: a server can run a computation for a client and interactively prove the correctness of the result. The client can verify the result’s correctness in nearly linear time (instead of running the entire computation itself).
Previously, related questions were considered in the holographic proof setting by Babai et al. [1991b] in the argument setting under computational assumptions by Kilian, and in the random oracle model by Micali [1994]. Our focus, however, is on the original interactive proof model where no assumptions are made on the computational power or adaptiveness of dishonest provers.
Our main technical theorem gives a public coin interactive proof for any language computable by a log-space uniform boolean circuit with depth d and input length n. The verifier runs in time n · poly(d, log(n)) and space O(log(n)), the communication complexity is poly(d, log(n)), and the prover runs in time poly(n). In particular, for languages computable by log-space uniform NC (circuits of polylog(n) depth), the prover is efficient, the verifier runs in time n · polylog(n) and space O(log(n)), and the communication complexity is polylog(n). Using this theorem we make progress on several questions.
--- We show how to construct 1-round computationally sound arguments with polylog communication for any log-space uniform NC computation. The verifier runs in quasi-linear time. This result uses a recent transformation of Kalai and Raz from public coin interactive proofs to 1-round arguments. The soundness of the argument system is based on the existence of a PIR scheme with polylog communication.
--- We construct interactive proofs with public coin, log-space, poly-time verifiers for all of P are given. This settles an open question regarding the expressive power of proof systems with such verifiers.
--- We construct zero-knowledge interactive proofs are given with communication complexity quasi-linear in the witness length for any NP language verifiable in NC, based on the existence of 1-way functions.
--- We construct probabilistically checkable arguments (a model due to Kalai and Raz) of size polynomial in the witness length (rather than instance length) for any NP language verifiable in NC, under computational assumptions, are provided.
- Manindra Agrawal, Neeraj Kayal, and Nitin Saxena. 2004. PRIMES is in P. Ann. Math. 160, 2, 781--793.Google Scholar
Cross Ref
- David P. Anderson. 2003. Public computing: Reconnecting people to science. In Proceedings of the Conference on Shared Knowledge and the Web.Google Scholar
- David P. Anderson. 2004. BOINC: A system for public-resource computing and storage. In Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing (GRID’04). 4--10. Google ScholarDigital Library
- Benny Applebaum, Yuval Ishai, and Eyal Kushilevitz. 2010. From secrecy to soundness: Efficient verification via secure computation. In Proceedings of the 37th International Colloquium on Automata, Languages and Programming (ICALP’10). 152--163. Google ScholarDigital Library
- Sanjeev Arora, Carsten Lund, Rajeev Motwani, Madhu Sudan, and Mario Szegedy. 1998. Proof verification and the hardness of approximation problems. J. ACM 45, 3, 501--555. Google ScholarDigital Library
- Sanjeev Arora and Shmuel Safra. 1998. Probabilistic checking of proofs: A new characterization of NP. J. ACM 45, 1, 70--122. Google ScholarDigital Library
- Laszlo Babai. 1985. Trading group theory for randomness. In Proceedings of the 17th Annual ACM Symposium on Theory of Computing (STOC’85). 421--429. Google ScholarDigital Library
- Laszlo Babai, Lance Fortnow, and Carsten Lund. 1991a. Non-deterministic exponential time has two-prover interactive protocols. Comput. Complex. 1, 3--40. Google ScholarDigital Library
- Laszlo Babai, Lance Fortnow, Leonid A. Levin, and Mario Szegedy. 1991b. Checking computations in polylogarithmic time. In Proceedings of the 23rd Annual ACM Symposium on Theory of Computing (STOC’91). 21--31. Google ScholarDigital Library
- Boaz Barak. 2001. How to go beyond the black-box simulation barrier. In Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science (FOCS’01). 106--115. Google ScholarDigital Library
- Boaz Barak and Oded Goldreich. 2002. Universal arguments and their applications. In Proceedings of the 17th Annual IEEE Conference on Computational Complexity (CCC’02). 194--203. Google ScholarDigital Library
- Richard Beigel, Mihir Bellare, Joan Feigenbaum, and Shafi Goldwasser. 1991. Languages that are easier than their proofs. In Proceedings of the 32nd Annual IEEE Symposium on Foundations of Computer Science (FOCS’91). 19--28. Google ScholarDigital Library
- Michael Ben-Or, Oded Goldreich, Shafi Goldwasser, Johan Hastad, Joe Kilian, Silvio Micali, and Phillip Rogaway. 1988a. Everything provable is provable in zero-knowledge. In Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’88). 37--56. Google ScholarDigital Library
- Michael Ben-Or, Shafi Goldwasser, Joe Kilian, and Avi Wigderson. 1988b. Multi-prover interactive proofs: How to remove intractability assumptions. In Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC’88). 113--131. Google ScholarDigital Library
- Eli Ben-Sasson, Oded Goldreich, Prahladh Harsha, Madhu Sudan, and Salil P. Vadhan. 2006. Robust PCPs of proximity, shorter PCPs, and applications to coding. SIAM J. Comput. 36, 4, 889--974. Google ScholarDigital Library
- Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer. 2012. From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In Proceedings of the 3rd Conference on Innovations in Theoretical Computer Science (ITCS’12). 326--349. Google ScholarDigital Library
- Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer. 2013. Recursive composition and bootstrapping for SNARKS and proof-carrying data. In Proceedings of the 45th Annual ACM Symposium on Theory of Computing (STOC’13). 111--120. Google ScholarDigital Library
- Manuel Blum. 1987. How to prove a theorem so no-one else can claim it. In Proceedings of the International Congress of Mathematicians (ICM’87). 1444--1451.Google Scholar
- Manuel Blum and Sampath Kannan. 1995. Designing programs that check their work. J. ACM 42, 1, 269--291. Google ScholarDigital Library
- Zvika Brakerski and Vinod Vaikuntanathan. 2011. Efficient fully homomorphic encryption from (standard) LWE. In Proceedings of the 52nd IEEE Annual Symposium on Foundations of Computer Science (FOCS’11). 97--106. Google ScholarDigital Library
- Christian Cachin, Silvio Micali, and Markus Stadler. 1999. Computationally private information retrieval with polylogarithmic communication. In Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques (EUROCRYPT’99). 402--414. Google ScholarDigital Library
- Ran Canetti, Oded Goldreich, and Shai Halevi. 2004. The random oracle methodology, revisited. J. ACM 51, 4, 557--594. Google ScholarDigital Library
- Benny Chor, Eyal Kushilevitz, Oded Goldreich, and Madhu Sudan. 1998. Private information retrieval. J. ACM 45, 6, 965--981. Google ScholarDigital Library
- Kai-Min Chung, Yael Tauman Kalai, Feng-Hao Liu, and Ran Raz. 2011. Memory delegation. In Proceedings of the 31st Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’11). 151--168. Google ScholarDigital Library
- Kai-Min Chung, Yael Tauman Kalai, and Salil P. Vadhan. 2010. Improved delegation of computation using fully homomorphic encryption. In Proceedings of the 30th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’10). 483--501. Google ScholarDigital Library
- Anne Condon. 1991. Space-bounded probabilistic game automata. J. ACM 38, 2, 472--494. Google ScholarDigital Library
- Anne Condon and Richard E. Ladner. 1988. Probabilistic game automata. J. Comput. Syst. Sci. 36, 3, 452--489. Google ScholarDigital Library
- Anne Condon and Richard J. Lipton. 1989. On the complexity of space bounded interactive proofs (extended abstract). In Proceedings of the 30th Annual IEEE Symposium on Foundations of Computer Science (FOCS’89). 462--467. Google ScholarDigital Library
- Graham Cormode, Michael Mitzenmacher, and Justin Thaler. 2012. Practical verified computation with streaming interactive proofs. In Proceedings of the 3rd Innovations in Theoretical Computer Science Conference (ITCS’12). 90--112. Google ScholarDigital Library
- Ronald Cramer and Ivan Damgård. 1997. Linear zero-knowledge -- A note on efficient zero-knowledge proofs and arguments. In Proceedings of the 29th Annual ACM Symposium on Theory of Computing (STOC’97). 436--445. Google ScholarDigital Library
- Ivan Damgård, Sebastian Faust, and Carmit Hazay. 2012. Secure two-party computation with low communication. In Proceedings of the 9th International Conference on Theory of Cryptography (TCC’12). 54--74. Google ScholarDigital Library
- Irit Dinur. 2007. The PCP theorem by gap amplification. J. ACM 54, 3. Google ScholarDigital Library
- Irit Dinur and Omer Reingold. 2006. Assignment testers: Towards a combinatorial proof of the PCP theorem. SIAM J. Comput. 36, 4, 975--1024. Google ScholarDigital Library
- Cynthia Dwork, Moni Naor, Omer Reingold, and Larry J. Stockmeyer. 2003. Magic functions. J. ACM 50, 6, 852--921. Google ScholarDigital Library
- Cynthia Dwork and Larry J. Stockmeyer. 1992a. Finite state verifiers I: The power of interaction. J. ACM 39, 4, 800--828. Google ScholarDigital Library
- Cynthia Dwork and Larry J. Stockmeyer. 1992b. Finite state verifiers II: Zero knowledge. J. ACM 39, 4, 829--858. Google ScholarDigital Library
- Cynthia Dwork and Larry J. Stockmeyer. 2002. 2-round zero knowledge and proof auditors. In Proceedings of the 34th Annual ACM Symposium on Theory of Computing (STOC’02). 322--331. Google ScholarDigital Library
- Uriel Feige, Shafi Goldwasser, Laszlo Lovasz, Shmuel Safra, and Mario Szegedy. 1996. Interactive proofs and the hardness of approximating cliques. J. ACM 43, 2, 268--292. Google ScholarDigital Library
- Uriel Feige and Joe Kilian. 1997. Making games short (extended abstract). In Proceedings of the 29th Annual ACM Symposium on Theory of Computing (STOC’97). 506--516. Google ScholarDigital Library
- Amos Fiat and Adi Shamir. 1986. How to prove yourself: Practical solutions to identification and signature problems. In Proceedings of the Conference on Advances in Cryptology (CRYPTO’86). 186--194. Google ScholarDigital Library
- Lance Fortnow. 1989. Complexity-theoretic aspects of interactive proof systems. Tech. rep. MIT/LCS/TR-447, Massachusetts Institute of Technology. http://people.cs.uchicago.edu/~fortnow/papers/thesis.pdf.Google Scholar
- Lance Fortnow and Carsten Lund. 1993. Interactive proof systems and alternating time-space complexity. Theoret. Comput. Sci. 113, 1, 55--73. Google ScholarDigital Library
- Rosario Gennaro, Craig Gentry, and Bryan Parno. 2010. Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In Proceedings of the 30th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’10). 465--482. Google ScholarDigital Library
- Rosario Gennaro, Craig Gentry, Bryan Parno, and Mariana Raykova. 2013. Quadratic span programs and succinct NIZKs without PCPs. In Proceedings of the 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’13). 626--645.Google ScholarCross Ref
- Craig Gentry. 2009. Fully homomorphic encryption using ideal lattices. In Proceedings of the 41st Annual ACM Symposium on Theory of Computing (STOC’09). 169--178. Google ScholarDigital Library
- Craig Gentry and Daniel Wichs. 2011. Separating succinct non-interactive arguments from all falsifiable assumptions. In Proceedings of the 43rd Annual ACM Symposium on Theory of Computing (STOC’11). 99--108. Google ScholarDigital Library
- Oded Goldreich. 1999. Modern cryptography, probabilistic proofs and pseudorandomness. In Algorithms and Combinatorics, Vol. 17, Springer. Google ScholarDigital Library
- Oded Goldreich. 2001. The Foundations of Cryptography, Vol. 1. Cambridge University Press. Google ScholarDigital Library
- Oded Goldreich, Silvio Micali, and Avi Wigderson. 1991. Proofs that yield nothing but their validity, or all languages in NP have zero-knowledge proof systems. J. ACM 38, 1, 691--729. Google ScholarDigital Library
- Shafi Goldwasser, Dan Gutfreund, Alexander Healy, Tali Kaufman, and Guy N. Rothblum. 2007. Verifying and decoding in constant depth. In Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC’07). 440--449. Google ScholarDigital Library
- Shafi Goldwasser and Yael Tauman Kalai. 2003. On the (in) security of the Fiat-Shamir paradigm. In Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science (FOCS’03). 102. Google ScholarDigital Library
- Shafi Goldwasser, Huijia Lin, and Aviad Rubinstein. 2011. Delegation of computation without rejection problem from designated verifier CS-proofs. https://eprint.iacr.org/2011/456.pdf.Google Scholar
- Shafi Goldwasser, Silvio Micali, and Charles Rackoff. 1989. The knowledge complexity of interactive proof-systems. SIAM J. Comput. 18, 1, 186--208. Google ScholarDigital Library
- Jens Groth. 2010. Short pairing-based non-interactive zero-knowledge arguments. In Proceedings of the 16th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT’10). 321--340.Google ScholarCross Ref
- Tom Gur and Ron Rothblum. 2013. Non-interactive proofs of proximity. http://eccc.hpi-web.de/report/2013/078/.Google Scholar
- Johan Hastad, Russell Impagliazzo, Leonid A. Levin, and Michael Luby. 1999. A pseudorandom generator from any one-way function. SIAM J. Comput. 28, 4, 1364--1396. Google ScholarDigital Library
- Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai. 2007. Zero-knowledge from secure multiparty computation. In Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC’07). 21--30. Google ScholarDigital Library
- Yuval Ishai and Anat Paskin. 2007. Evaluating branching programs on encrypted data. In Proceedings of the 4th Conference on Theory of Cryptography (TCC’07). 575--594. Google ScholarDigital Library
- Yael Tauman Kalai and Ran Raz. 2006. Succinct non-interactive zero-knowledge proofs with preprocessing for LOGSNP. In Proceedings of the 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS’06). 355--366. Google ScholarDigital Library
- Yael Tauman Kalai and Ran Raz. 2008. Interactive PCP. In Proceedings of the 35th International Colloquium on Automata, Languages and Programming (ICALP’08). 536--547. Google ScholarDigital Library
- Yael Tauman Kalai and Ran Raz. 2009. Probabilistically checkable arguments. In Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’09). 143--159. Google ScholarDigital Library
- Yael Tauman Kalai, Ran Raz, and Ron D. Rothblum. 2013. Delegation for bounded space. In Proceedings of the 45th Annual ACM Symposium on Theory of Computing (STOC’13). 565--574. Google ScholarDigital Library
- Yael Tauman Kalai, Ran Raz, and Ron D. Rothblum. 2014. How to delegate computations: The power of no-signaling proofs. In Proceedings of the 46th Annual ACM Symposium on Theory of Computing (STOC’14). 485--494. Google ScholarDigital Library
- Joe Kilian. 1988. Zero-knowledge with log-space verifiers. In Proceedings of the 29th Annual Symposium on Foundations of Computer Science (FOCS’88). 25--35. Google ScholarDigital Library
- Joe Kilian. 1992. A note on efficient zero-knowledge proofs and arguments (extended abstract). In Proceedings of the 24th Annual ACM Symposium on Theory of Computing (STOC’92). 723--732. Google ScholarDigital Library
- Joe Kilian. 1995. Improved efficient arguments (preliminary version). In Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’95). 311--324. Google ScholarDigital Library
- Eyal Kushilevitz and Rafail Ostrovsky. 1997. Replication is not needed: Single database, computationally-private information retrieval. In Proceedings of the 38th Annual Symposium on Foundations of Computer Science (FOCS’97). 364--373. Google ScholarDigital Library
- Nathan Linial, Yishay Mansour, and Noam Nisan. 1993. Constant depth circuits, Fourier transform, and learnability. J. ACM 40, 3, 607--620. Google ScholarDigital Library
- Helger Lipmaa. 2005. An oblivious transfer protocol with log-squared communication. In Proceedings of the 8th International Conference on Information Security (ISC’05). 314--328. Google ScholarDigital Library
- Helger Lipmaa. 2012. Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments. In Proceedings of the 9th International Conference on Theory of Cryptography (TCC’12). 169--189. Google ScholarDigital Library
- Carsten Lund, Lance Fortnow, Howard J. Karloff, and Noam Nisan. 1992. Algebraic methods for interactive proof systems. J. ACM 39, 4, 859--868. Google ScholarDigital Library
- Mersenne. 2007. The great Internet Mersenne prime search. http://www.mersenne.org/.Google Scholar
- Silvio Micali. 1994. CS proofs (extended abstract). In Proceedings of the 35th Annual IEEE Symposium on Foundations of Computer Science (FOCS’94). 436--453. Google ScholarDigital Library
- Dana Moshkovitz and Ran Raz. 2008. Sub-constant error low degree test of almost-linear size. SIAM J. Comput. 38, 1, 140--180. Google ScholarDigital Library
- Moni Naor. 1989. Bit commitment using pseudo-randomness. In Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’89). 128--136. Google ScholarDigital Library
- Moni Naor. 2003. On cryptographic assumptions and challenges. In Proceedings of the 23rd Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’03). 96--109.Google ScholarCross Ref
- Bryan Parno, Mariana Raykova, and Vinod Vaikuntanathan. 2012. How to delegate and verify in public: Verifiable computation from attribute-based encryption. In Proceedings of the 9th International Conference on Theory of Cryptography (TCC’12). 422--439. Google ScholarDigital Library
- Alexander Polishchuk and Daniel A. Spielman. 1994. Nearly-linear size holographic proofs. In Proceedings of the 26th Annual ACM Symposium on Theory of Computing (STOC’94). 194--203. Google ScholarDigital Library
- Ron Rivest, Leonard Adleman, and Michael Dertouzos. 1978. On data banks and privacy homomorphisms. Foundat. Secure Comput. 4, 11, 169--179.Google Scholar
- Guy Rothblum and Salil Vadhan. 2009. Are PCPs inherent in efficient arguments? In Proceedings of the 24th Annual IEEE Conference on Computational Complexity (CCC’09). 81--92. Google ScholarDigital Library
- Guy N. Rothblum, Salil P. Vadhan, and Avi Wigderson. 2013. Interactive proofs of proximity: Delegating computation in sublinear time. In Proceedings of the 45th Annual ACM Symposium on Symposium on Theory of Computing (STOC’13). 793--802. Google ScholarDigital Library
- Ronitt Rubinfeld and Madhu Sudan. 1996. Robust characterizations of polynomials with applications to program testing. SIAM J. Comput. 25, 2, 252--271. Google ScholarDigital Library
- SETI. 1999. ET, phone SETI@home!. Science@NASA headlines. http://science.nasa.gov/science-news/science-at-nasa/1999/ast23may99_ 1/.Google Scholar
- SETI. 2007. SETI@home project website. http://setiathome.berkeley.edu/.Google Scholar
- Adi Shamir. 1992. IP = PSPACE. J. ACM 39, 4, 869--877. Google ScholarDigital Library
- Justin Thaler. 2013. Time-optimal interactive proofs for circuit evaluation. In Proceedings of the 33rd Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’13). 71--89.Google ScholarCross Ref
- Justin Thaler, Mike Roberts, Michael Mitzenmacher, and Hanspeter Pfister. 2012. Verifiable computation with massively parallel interactive proofs. http://arxiv.org/abs/1202.1350.Google Scholar
- Victor Vu, Srinath T. V. Setty, Andrew J. Blumberg, and Michael Walfish. 2013. A hybrid architecture for interactive verifiable computation. In Proceedings of the IEEE Symposium on Security and Privacy (SP’13). 223--237. Google ScholarDigital Library
- Michael Walfish and Andrew J. Blumberg. 2013. Verifying computations without reexecuting them: From theoretical possibility to near-practicality. http://eccc.hpi-web.de/report/2013/165/.Google Scholar
Index Terms
- Delegating Computation: Interactive Proofs for Muggles
Recommendations
Delegating computation: interactive proofs for muggles
STOC '08: Proceedings of the fortieth annual ACM symposium on Theory of computingIn this work we study interactive proofs for tractable languages. The (honest) prover should be efficient and run in polynomial time, or in other words a "muggle". The verifier should be super-efficient and run in nearly-linear time. These proof systems ...
Competing provers protocols for circuit evaluation
ITCS '13: Proceedings of the 4th conference on Innovations in Theoretical Computer ScienceLet C be a (fan-in 2) Boolean circuit of size s and depth d, and let x be an input for C. Assume that a verifier that knows C but doesn't know x can access the low degree extension of x at one random point. Two competing provers try to convince the ...
Constant-round interactive proofs for delegating computation
STOC '16: Proceedings of the forty-eighth annual ACM symposium on Theory of ComputingThe celebrated IP=PSPACE Theorem of Lund et-al. (J.ACM 1992) and Shamir (J.ACM 1992), allows an all-powerful but untrusted prover to convince a polynomial-time verifier of the validity of extremely complicated statements (as long as they can be ...
Comments