Skip to main content
SpringerLink
Log in
Book cover

Annual International Conference on the Theory and Applications of Cryptographic Techniques

EUROCRYPT 2022: Advances in Cryptology – EUROCRYPT 2022 pp 64–94Cite as

A PCP Theorem for Interactive Proofs and Applications

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13276))

Abstract

The celebrated PCP Theorem states that any language in \(\mathrm {NP}\) can be decided via a verifier that reads O(1) bits from a polynomially long proof. Interactive oracle proofs (IOP), a generalization of PCPs, allow the verifier to interact with the prover for multiple rounds while reading a small number of bits from each prover message. While PCPs are relatively well understood, the power captured by IOPs (beyond \(\mathrm {NP}\)) has yet to be fully explored.

We present a generalization of the PCP theorem for interactive languages. We show that any language decidable by a k(n)-round IP has a k(n)-round public-coin IOP, where the verifier makes its decision by reading only O(1) bits from each (polynomially long) prover message and O(1) bits from each of its own (random) messages to the prover.

Our result and the underlying techniques have several applications. We get a new hardness of approximation result for a stochastic satisfiability problem, we show IOP-to-IOP transformations that previously were known to hold only for IPs, and we formulate a new notion of PCPs (index-decodable PCPs) that enables us to obtain a commit-and-prove SNARK in the random oracle model for nondeterministic computations.

G. Arnon—Supported in part by a grant from the Israel Science Foundation (no. 2686/20) and by the Simons Foundation Collaboration on the Theory of Algorithmic Fairness.

A. Chiesa—Funded by the Ethereum Foundation.

E. Yogev—Part of this project was performed when Eylon Yogev was in Tel Aviv University where he was funded by the ISF grants 484/18, 1789/19, Len Blavatnik and the Blavatnik Foundation, and The Blavatnik Interdisciplinary Cyber Research Center at Tel Aviv University.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    An IP is an IOP where the verifier has large query complexity over the binary alphabet.

  2. 2.

    After the interaction, the verifier uses \(O(\log n)\) random bits to decide which locations to read from all \(\mathsf {k}\) rounds.

  3. 3.

    Round reduction [5] can reduce the number of rounds from any \(\mathsf {k}\) to 1 with a blow-up in communication that is exponential in \(\mathsf {k}\). This does not work when \(\mathsf {k}\) is super constant; see Sect. 2.2 for further discussion.

  4. 4.

    Their result shows that \(\mathrm {PSPACE}\) has what is known as a probabilistically checkable debate system. In their system, one prover plays a uniform random strategy. Thus one can naturally translate the debate system into an IOP.

  5. 5.

    In this model, all parties (honest and malicious) receive query access to the same random function.

  6. 6.

    A PCPP is a PCP system where the verifier has oracle access to its input in addition to the prover’s proof; the soundness guarantee is that if the input is far (in Hamming distance) from any input in the language, then the verifier accepts with small probability.

  7. 7.

    A function \(\mathsf {Ext}:\{0,1\}^{n} \times \{0,1\}^{d} \rightarrow \{0,1\}^{m}\) is a \((k,\varepsilon )\)-extractor if, for every random variable X over \(\{0,1\}^{n}\) with min-entropy at least k, the statistical distance between \(\mathsf {Ext}(X,U_d)\) and \(U_m\) is at most \(\varepsilon \).

  8. 8.

    A PCP verifier is non-adaptive if it can be split into two algorithms: \(\mathbf {V}^{\scriptscriptstyle \mathsf {qry}}_{\mathsf {PCP}}\) chooses which locations to query without accessing its oracles; and \(\mathbf {V}^{\scriptscriptstyle \mathsf {dc}}_{\mathsf {PCP}}\) receives the results of the queries and decides whether to accept or reject.

  9. 9.

    A pair of algorithms \(\mathbf {C}=(\mathsf {Com},\mathsf {Check})\) is a succinct commitment scheme if: (1) it is hard for every query-bounded adversary to find two different messages that pass verification for the same commitment string; and (2) the commitment of a message of length n with security parameter \(\lambda \) has length \(\mathrm {poly}(\lambda ,\log n)\).

References

  1. Arora, S., Lund, C., Motwani, R., Sudan, M., Szegedy, M.: Proof verification and the hardness of approximation problems. J. ACM 45(3), 501–555 (1998)

    Article  MathSciNet  Google Scholar 

  2. Arora, S., Safra, S.: Probabilistic checking of proofs: a new characterization of NP. J. ACM 45(1), 70–122 (1998). Preliminary version in FOCS 1992

    Google Scholar 

  3. Babai, L.: Trading group theory for randomness. In: Proceedings of the 17th Annual ACM Symposium on Theory of Computing, STOC 1985, pp. 421–429 (1985)

    Google Scholar 

  4. Babai, L., Fortnow, L., Levin, L.A., Szegedy, M.: Checking computations in polylogarithmic time. In: Proceedings of the 23rd Annual ACM Symposium on Theory of Computing, STOC 1991, pp. 21–32 (1991)

    Google Scholar 

  5. Babai, L., Moran, S.: Arthur-merlin games: a randomized proof system, and a hierarchy of complexity classes. J. Comput. Syst. Sci. 36(2), 254–276 (1988)

    Article  MathSciNet  Google Scholar 

  6. Bellare, M., Goldreich, O., Goldwasser, S.: Randomness in interactive proofs. In: Proceedings of the 31st Annual Symposium on Foundations of Computer Science, FOCS 1990, pp. 563–572 (1990)

    Google Scholar 

  7. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Fast Reed-Solomon interactive oracle proofs of proximity. In: Proceedings of the 45th International Colloquium on Automata, Languages and Programming, ICALP 2018, pp. 14:1–14:17 (2018)

    Google Scholar 

  8. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable zero knowledge with no trusted setup. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 701–732. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_23

    Chapter  Google Scholar 

  9. Ben-Sasson, E., Chiesa, A., Gabizon, A., Riabzev, M., Spooner, N.: Interactive oracle proofs with constant rate and query complexity. In: Proceedings of the 44th International Colloquium on Automata, Languages and Programming, ICALP 2017, pp. 40:1–40:15 (2017)

    Google Scholar 

  10. Ben-Sasson, E., Chiesa, A., Goldberg, L., Gur, T., Riabzev, M., Spooner, N.: Linear-size constant-query IOPs for delegating computation. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019. LNCS, vol. 11892, pp. 494–521. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36033-7_19

    Chapter  Google Scholar 

  11. Ben-Sasson, E., Chiesa, A., Riabzev, M., Spooner, N., Virza, M., Ward, N.P.: Aurora: transparent succinct arguments for R1CS. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 103–128. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_4

    Chapter  Google Scholar 

  12. Ben-Sasson, E., Chiesa, A., Spooner, N.: Interactive oracle proofs. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 31–60. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_2

    Chapter  Google Scholar 

  13. Ben-Sasson, E., Goldberg, L., Kopparty, S., Saraf, S.: DEEP-FRI: sampling outside the box improves soundness. In: Proceedings of the 11th Innovations in Theoretical Computer Science Conference, ITCS 2020, pp. 5:1–5:32 (2020)

    Google Scholar 

  14. Ben-Sasson, E., Goldreich, O., Harsha, P., Sudan, M., Vadhan, S.: Short PCPs verifiable in polylogarithmic time. In: Proceedings of the 20th Annual IEEE Conference on Computational Complexity, CCC 2005, pp. 120–134 (2005)

    Google Scholar 

  15. Ben-Sasson, E., Goldreich, O., Harsha, P., Sudan, M., Vadhan, S.P.: Robust PCPs of proximity, shorter PCPs, and applications to coding. SIAM J. Comput. 36(4), 889–974 (2006)

    Article  MathSciNet  Google Scholar 

  16. Ben-Sasson, E., Sudan, M.: Short PCPs with polylog query complexity. SIAM J. Comput. 38(2), 551–607 (2008)

    Article  MathSciNet  Google Scholar 

  17. Benarroch, D., et al.: Proposal: commit-and-prove zero-knowledge proof systems and extensions (2021). https://docs.zkproof.org/pages/standards/accepted-workshop4/proposal-commit.pdf

  18. Bootle, J., Cerulli, A., Ghadafi, E., Groth, J., Hajiabadi, M., Jakobsen, S.K.: Linear-time zero-knowledge proofs for arithmetic circuit satisfiability. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10626, pp. 336–365. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70700-6_12

    Chapter  Google Scholar 

  19. Bootle, J., Chiesa, A., Groth, J.: Linear-time arguments with sublinear verification from tensor codes. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12551, pp. 19–46. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64378-2_2

    Chapter  Google Scholar 

  20. Bootle, J., Chiesa, A., Liu, S.: Zero-knowledge IOPs with linear-time prover and polylogarithmic-time verifier. Cryptology ePrint Archive, Report 2020/1527 (2020)

    Google Scholar 

  21. Bordage, S., Nardi, J.: Interactive oracle proofs of proximity to algebraic geometry codes. arXiv cs/2011.04295 (2021)

    Google Scholar 

  22. Campanelli, M., Fiore, D., Querol, A.: LegoSNARK: modular design and composition of succinct zero-knowledge proofs. In: Proceedings of the 26th Conference on Computer and Communications Security, CCS 2019, pp. 2075–2092 (2019)

    Google Scholar 

  23. Canetti, R., Chen, Y., Holmgren, J., Lombardi, A., Rothblum, G.N., Rothblum, R.D.: Fiat-Shamir from simpler assumptions. Cryptology ePrint Archive, Report 2018/1004 (2018)

    Google Scholar 

  24. Chiesa, A., Hu, Y., Maller, M., Mishra, P., Vesely, N., Ward, N.: Marlin: preprocessing zkSNARKs with universal and updatable SRS. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 738–768. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_26

    Chapter  Google Scholar 

  25. Chiesa, A., Manohar, P., Spooner, N.: Succinct arguments in the quantum random oracle model. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019. LNCS, vol. 11892, pp. 1–29. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36033-7_1

    Chapter  Google Scholar 

  26. Chiesa, A., Ojha, D., Spooner, N.: Fractal: post-quantum and transparent recursive proofs from holography. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 769–793. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_27

    Chapter  Google Scholar 

  27. Condon, A., Feigenbaum, J., Lund, C., Shor, P.W.: Probabilistically checkable debate systems and nonapproximability of PSPACE-hard functions. Chicago J. Theor. Comput. Sci. 1995 (1995)

    Google Scholar 

  28. Condon, A., Feigenbaum, J., Lund, C., Shor, P.W.: Random debaters and the hardness of approximating stochastic functions. SIAM J. Comput. 26(2), 369–400 (1997)

    Article  MathSciNet  Google Scholar 

  29. Costello, C., et al.: Geppetto: versatile verifiable computation. In: Proceedings of the 36th IEEE Symposium on Security and Privacy, S &P 2015, pp. 250–273 (2015)

    Google Scholar 

  30. Dinur, I.: The PCP theorem by gap amplification. J. ACM 54(3), 12 (2007)

    Article  MathSciNet  Google Scholar 

  31. Dinur, I., Reingold, O.: Assignment testers: towards a combinatorial proof of the PCP theorem. In: Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2004, pp. 155–164 (2004)

    Google Scholar 

  32. Drucker, A.: Efficient probabilistically checkable debates. In: Goldberg, L.A., Jansen, K., Ravi, R., Rolim, J.D.P. (eds.) APPROX/RANDOM-2011. LNCS, vol. 6845, pp. 519–529. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22935-0_44

    Chapter  Google Scholar 

  33. Drucker, A.: A PCP characterization of AM. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6755, pp. 581–592. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22006-7_49

    Chapter  Google Scholar 

  34. Drucker, A.: An improved exponential-time approximation algorithm for fully-alternating games against nature. In: Proceedings of the 61st Annual IEEE Symposium on Foundations of Computer Science, FOCS 2020, pp. 1081–1090 (2020)

    Google Scholar 

  35. Escala, A., Groth, J.: Fine-tuning Groth-Sahai proofs. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 630–649. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54631-0_36

    Chapter  Google Scholar 

  36. Feige, U., Goldwasser, S., Lovász, L., Safra, S., Szegedy, M.: Interactive proofs and the hardness of approximating cliques. J. ACM 43(2), 268–292 (1996). Preliminary version in FOCS 1991

    Google Scholar 

  37. Fürer, M., Goldreich, O., Mansour, Y., Sipser, M., Zachos, S.: On completeness and soundness in interactive proof systems. Adv. Comput. Res. 5, 429–442 (1989)

    Google Scholar 

  38. Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. J. ACM 38(3), 691–729 (1991). Preliminary version appeared in FOCS 1986

    Google Scholar 

  39. Goldreich, O., Vadhan, S., Wigderson, A.: On interactive proofs with a laconic prover. Comput. Complex. 11(1/2), 1–53 (2002)

    Article  MathSciNet  Google Scholar 

  40. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989). Preliminary version appeared in STOC 1985

    Google Scholar 

  41. Goldwasser, S., Sipser, M.: Private coins versus public coins in interactive proof systems. In: Proceedings of the 18th Annual ACM Symposium on Theory of Computing, STOC 1986, pp. 59–68 (1986)

    Google Scholar 

  42. Guruswami, V., Umans, C., Vadhan, S.P.: Unbalanced expanders and randomness extractors from Parvaresh-Vardy codes. J. ACM 56(4), 20:1–20:34 (2009)

    Google Scholar 

  43. Haviv, I., Regev, O., Ta-Shma, A.: On the hardness of satisfiability with bounded occurrences in the polynomial-time hierarchy. Theory Comput. 3(1), 45–60 (2007)

    Article  MathSciNet  Google Scholar 

  44. Ishai, Y., Weiss, M.: Probabilistically checkable proofs of proximity with zero-knowledge. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 121–145. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_6

    Chapter  MATH  Google Scholar 

  45. Lee, N., Wang, Y., Jiang, J.R.: Solving stochastic Boolean satisfiability under random-exist quantification. In: Proceedings of the 26th International Joint Conference on Artificial Intelligence, IJCAI 2017, pp. 688–694 (2017)

    Google Scholar 

  46. Lipmaa, H.: Prover-efficient commit-and-prove zero-knowledge SNARKs. Int. J. Appl. Cryptogr. 3(4), 344–362 (2017)

    Article  MathSciNet  Google Scholar 

  47. Littman, M.L., Majercik, S.M., Pitassi, T.: Stochastic Boolean satisfiability. J. Autom. Reason. 27(3), 251–296 (2001)

    Article  MathSciNet  Google Scholar 

  48. Lund, C., Fortnow, L., Karloff, H.J., Nisan, N.: Algebraic methods for interactive proof systems. J. ACM 39(4), 859–868 (1992)

    Article  MathSciNet  Google Scholar 

  49. Majercik, S.M.: APPSSAT: approximate probabilistic planning using stochastic satisfiability. Int. J. Approximate Reasoning 45(2), 402–419 (2007)

    Article  Google Scholar 

  50. Micali, S.: Computationally sound proofs. SIAM J. Comput. 30(4), 1253–1298 (2000). Preliminary version appeared in FOCS 1994

    Google Scholar 

  51. Papadimitriou, C.H.: Games against nature (extended abstract). In: 24th Annual ACM Symposium on Theory of Computing, STOC 1983, pp. 446–450 (1983)

    Google Scholar 

  52. Reingold, O., Rothblum, R., Rothblum, G.: Constant-round interactive proofs for delegating computation. In: Proceedings of the 48th ACM Symposium on the Theory of Computing, STOC 2016, pp. 49–62 (2016)

    Google Scholar 

  53. Ron-Zewi, N., Rothblum, R.: Local proofs approaching the witness length. In: Proceedings of the 61st Annual IEEE Symposium on Foundations of Computer Science, FOCS 2020, pp. 846–857 (2020)

    Google Scholar 

  54. Shamir, A.: IP = PSPACE. J. ACM 39(4), 869–877 (1992)

    Article  MathSciNet  Google Scholar 

  55. Valiant, P.: Incrementally verifiable computation or proofs of knowledge imply time/space efficiency. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 1–18. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_1

    Chapter  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Weizmann Institute, Rehovot, Israel

    Gal Arnon

  2. EPFL, Lausanne, Switzerland

    Alessandro Chiesa

  3. Bar-Ilan University, Ramat Gan, Israel

    Eylon Yogev

Authors
  1. Gal Arnon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alessandro Chiesa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eylon Yogev
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gal Arnon .

Editor information

Editors and Affiliations

  1. University of Haifa, Haifa, Haifa, Israel

    Orr Dunkelman

  2. University of Warsaw, Warsaw, Poland

    Stefan Dziembowski

Rights and permissions

Reprints and permissions

Copyright information

© 2022 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Arnon, G., Chiesa, A., Yogev, E. (2022). A PCP Theorem for Interactive Proofs and Applications. In: Dunkelman, O., Dziembowski, S. (eds) Advances in Cryptology – EUROCRYPT 2022. EUROCRYPT 2022. Lecture Notes in Computer Science, vol 13276. Springer, Cham. https://doi.org/10.1007/978-3-031-07085-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-07085-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-07084-6

  • Online ISBN: 978-3-031-07085-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation