ABSTRACT
We construct a delegation scheme for verifying non-deterministic computations, with complexity proportional only to the non-deterministic space of the computation. Specifically, letting n denote the input length, we construct a delegation scheme for any language verifiable in non-deterministic time and space (T(n), S(n)) with communication complexity poly(S(n)), verifier runtime n.polylog(T(n))+poly(S(n)), and prover runtime poly(T(n)).
Our scheme consists of only two messages and has adaptive soundness, assuming the existence of a sub-exponentially secure private information retrieval (PIR) scheme, which can be instantiated under standard (albeit, sub-exponential) cryptographic assumptions, such as the sub-exponential LWE assumption. Specifically, the verifier publishes a (short) public key ahead of time, and this key can be used by any prover to non-interactively prove the correctness of any adaptively chosen non-deterministic computation. Such a scheme is referred to as a non-interactive delegation scheme. Our scheme is privately verifiable, where the verifier needs the corresponding secret key in order to verify proofs.
Prior to our work, such results were known only in the Random Oracle Model, or under knowledge assumptions. Our results yield succinct non-interactive arguments based on sub-exponential LWE, for many natural languages believed to be outside of P.
Supplemental Material
- Eric Allender, Shiteng Chen, Tiancheng Lou, Periklis A. Papakonstantinou, and Bangsheng Tang. 2014. Width-Parametrized SAT: Time–Space Tradeoffs. Theory of Computing 10 (2014), 297–339.Google Scholar
- Prabhanjan Ananth, Yu-Chi Chen, Kai-Min Chung, Huijia Lin, and Wei-Kai Lin. 2015.Google Scholar
- Delegating RAM Computations with Adaptive Soundness and Privacy. IACR Cryptology ePrint Archive 2015 (2015), 1082.Google Scholar
- László Babai, Lance Fortnow, and Carsten Lund. 1991. Non-Deterministic Exponential Time has Two-Prover Interactive Protocols. Computational Complexity 1 (1991), 3–40. Google ScholarDigital Library
- Michael Ben-Or, Shafi Goldwasser, Joe Kilian, and Avi Wigderson. 1988. Multi-Prover Interactive Proofs: How to Remove Intractability Assumptions. 113–131. Google ScholarDigital Library
- Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. 2014.Google Scholar
- Zerocash: Decentralized Anonymous Payments from Bitcoin. In 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014. 459–474. Google ScholarDigital Library
- Ingrid Biehl, Bernd Meyer, and Susanne Wetzel. 1998. Ensuring the Integrity of Agent-Based Computations by Short Proofs. In Mobile Agents, Second International Workshop, MA’98, Stuttgart, Germany, September 1998, Proceedings. 183–194. Google ScholarDigital Library
- Nir Bitansky, Ran Canetti, Alessandro Chiesa, Shafi Goldwasser, Huijia Lin, Aviad Rubinstein, and Eran Tromer. 2014. The Hunting of the SNARK. IACR Cryptology ePrint Archive 2014 (2014), 580. http://eprint.iacr.org/2014/580Google Scholar
- Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer. 2013. Recursive composition and bootstrapping for SNARKS and proof-carrying data. In STOC. ACM, 111–120. Google ScholarDigital Library
- Nir Bitansky, Alessandro Chiesa, Yuval Ishai, Rafail Ostrovsky, and Omer Paneth. 2013. Succinct Non-interactive Arguments via Linear Interactive Proofs. In TCC. 315–333. 3- 642- 36594- 2_18 Google ScholarDigital Library
- Nir Bitansky, Sanjam Garg, Huijia Lin, Rafael Pass, and Sidharth Telang. 2015.Google Scholar
- Succinct Randomized Encodings and their Applications. IACR Cryptology ePrint Archive 2015 (2015), 356.Google Scholar
- Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu. 2017. Lattice-Based SNARGs and Their Application to More Efficient Obfuscation. In Advances in Cryptology - EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30 - May 4, 2017, Proceedings, Part III. 247–277. 3- 319- 56617- 7_9Google Scholar
- Zvika Brakerski, Justin Holmgren, and Yael Tauman Kalai. 2017. Non-interactive delegation and batch NP verification from standard computational assumptions. In Proceedings of the 49th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2017, Montreal, QC, Canada, June 19-23, 2017. 474–482. Google ScholarDigital Library
- Zvika Brakerski and Yael Tauman Kalai. 2018. A Toolbox for Succinct and Private Delegation with Applications to Access Control.Google Scholar
- Ran Canetti, Yilei Chen, Justin Holmgren, and Mariana Raykova. 2015. Succinct Adaptive Garbled RAM. IACR Cryptology ePrint Archive 2015 (2015), 1074.Google Scholar
- Ran Canetti and Justin Holmgren. 2016. Fully Succinct Garbled RAM. In ITCS. ACM, 169–178. Google ScholarDigital Library
- Ran Canetti, Justin Holmgren, Abhishek Jain, and Vinod Vaikuntanathan. 2015.Google Scholar
- Succinct Garbling and Indistinguishability Obfuscation for RAM Programs. In STOC. ACM, 429–437.Google Scholar
- Yu-Chi Chen, Sherman S. M. Chow, Kai-Min Chung, Russell W. F. Lai, Wei-Kai Lin, and Hong-Sheng Zhou. 2016.Google Scholar
- Cryptography for Parallel RAM from Indistinguishability Obfuscation. In ITCS. ACM, 179–190. Google ScholarDigital Library
- Ivan Damgård. 1992.Google Scholar
- Towards Practical Public Key Systems Secure Against Chosen Ciphertext attacks. Springer Berlin Heidelberg, Berlin, Heidelberg, 445–456. 540- 46766- 1_36Google Scholar
- Ivan Damgård, Sebastian Faust, and Carmit Hazay. 2012.Google Scholar
- Secure Two-Party Computation with Low Communication. In Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Taormina, Sicily, Italy, March 19-21, 2012. Proceedings. 54–74. 3- 642- 28914- 9_4 Google ScholarDigital Library
- Yevgeniy Dodis, Shai Halevi, Ron D. Rothblum, and Daniel Wichs. 2016. Spooky Encryption and its Applications. Cryptology ePrint Archive, Report 2016/272. http://eprint.iacr.org/.Google Scholar
- Cynthia Dwork, Michael Langberg, Moni Naor, Kobbi Nissim, and Omer Reingold. 2001. Succinct Proofs for NP and Spooky Interactions. Unpublished manuscript.Google Scholar
- Cynthia Dwork, Moni Naor, and Guy N. Rothblum. 2016. Spooky Interaction and its Discontents: Compilers for Succinct Two-Message Argument Systems. Cryptology ePrint Archive, Report 2016/291. http://eprint.iacr.org/.Google Scholar
- Rosario Gennaro, Craig Gentry, Bryan Parno, and Mariana Raykova. 2013. Quadratic Span Programs and Succinct NIZKs without PCPs. In Advances in Cryptology - EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26-30, 2013. Proceedings. 626–645. 3- 642- 38348- 9_37Google Scholar
- Craig Gentry and Daniel Wichs. 2011.Google Scholar
- Separating Succinct Non-interactive Arguments from All Falsifiable Assumptions. In Proceedings of the Forty-third Annual ACM Symposium on Theory of Computing (STOC ’11). ACM, New York, NY, USA, 99–108. Google ScholarDigital Library
- Shafi Goldwasser, Yael Tauman Kalai, and Guy N. Rothblum. 2008. Delegating computation: interactive proofs for muggles. In Proceedings of the 40th Annual ACM Symposium on Theory of Computing, Victoria, British Columbia, Canada, May 17-20, 2008, Cynthia Dwork (Ed.). ACM, 113–122. 1374376.1374396 Full version in { ? }. Google ScholarDigital Library
- Jens Groth. 2010. Short Pairing-Based Non-interactive Zero-Knowledge Arguments. In ASIACRYPT (Lecture Notes in Computer Science), Vol. 6477. Springer, 321–340.Google Scholar
- Pavel Hubacek and Daniel Wichs. 2015.Google Scholar
- On the Communication Complexity of Secure Function Evaluation with Long Output. In Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science (ITCS ’15). ACM, New York, NY, USA, 163–172. Google ScholarDigital Library
- Yael Tauman Kalai and Omer Paneth. 2015. Delegating RAM Computations. IACR Cryptology ePrint Archive 2015 (2015), 957.Google Scholar
- Yael Tauman Kalai and Ran Raz. 2009. Probabilistically Checkable Arguments. In Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings. 143–159. 3- 642- 03356- 8_9 Google ScholarDigital Library
- Yael Tauman Kalai, Ran Raz, and Ron D. Rothblum. 2013. Delegation for bounded space. In Symposium on Theory of Computing Conference, STOC’13, Palo Alto, CA, USA, June 1-4, 2013, Dan Boneh, Tim Roughgarden, and Joan Feigenbaum (Eds.). ACM, 565–574. Google ScholarDigital Library
- Yael Tauman Kalai, Ran Raz, and Ron D. Rothblum. 2014.Google Scholar
- How to delegate computations: the power of no-signaling proofs. In STOC. ACM, 485–494.Google Scholar
- Joe Kilian. 1992.Google Scholar
- A Note on Efficient Zero-Knowledge Proofs and Arguments (Extended Abstract). In STOC. ACM, 723–732.Google Scholar
- Venkata Koppula, Allison Bishop Lewko, and Brent Waters. 2015. Indistinguishability Obfuscation for Turing Machines with Unbounded Memory. In STOC. ACM, 419–428. Google ScholarDigital Library
- Helger Lipmaa. 2012. Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments. In TCC. 169–189. Google ScholarDigital Library
- Silvio Micali. 1994. CS Proofs (Extended Abstracts). In 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20-22 November 1994. IEEE Computer Society, 436–453. Full version in { ? }. Google ScholarDigital Library
- Omer Paneth and Guy N. Rothblum. 2017.Google Scholar
- On Zero-Testable Homomorphic Encryption and Publicly Verifiable Non-Interactive Arguments. Cryptology ePrint Archive, Report 2017/903. http://eprint.iacr.org/2017/903.Google Scholar
- Omer Reingold, Guy N. Rothblum, and Ron D. Rothblum. 2016. Constant-round interactive proofs for delegating computation. In Proceedings of the 48th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2016, Cambridge, MA, USA, June 18-21, 2016. 49–62. Google ScholarDigital Library
Index Terms
- Succinct delegation for low-space non-deterministic computation
Recommendations
Gentry-Wichs is Tight: a Falsifiable Non-adaptively Sound SNARG
Advances in Cryptology – ASIACRYPT 2021AbstractBy the impossibility result of Gentry and Wichs, non-falsifiable assumptions are needed to construct (even non-zero-knowledge) adaptively sound succinct non-interactive arguments (SNARGs) for hard languages. It is important to understand whether ...
Provably secure delegation-by-certification proxy signature schemes
InfoSecu '04: Proceedings of the 3rd international conference on Information securityIn this paper, we first show that a previous proxy signature scheme by delegation with certificate is not provably secure under adaptive-chosen message attacks and adaptive-chosen warrant attacks. The scheme does not provide the strong undeniability. ...
Fully secure anonymous spatial encryption under affine space delegation functionality revisited
Recently, in Information Sciences, Zhang et al. (2014) claimed that they proposed the first anonymous spatial encryption under affine space delegation functionality with full security, which solves the open problems of full security proposed in Boneh ...
Comments