Delegating computation: interactive proofs for muggles

In this work we study interactive proofs for tractable languages. The (honest) prover should be efficient and run in polynomial time or, in other words, a “muggle”.1 The verifier should be super-efficient and run in nearly linear time. These proof systems can be used for delegating computation: a server can run a computation for a client and interactively prove the correctness of the result. The client can verify the result’s correctness in nearly linear time (instead of running the entire computation itself). Previously, related questions were considered in the holographic proof setting by Babai et al. [1991b] in the argument setting under computational assumptions by Kilian, and in the random oracle model by Micali [1994]. Our focus, however, is on the original interactive proof model where no assumptions are made on the computational power or adaptiveness of dishonest provers. Our main technical theorem gives a public coin interactive proof for any language computable by a log-space uniform boolean circuit with depth d and input length n. The verifier runs in time n · poly(d, log(n)) and space O(log(n)), the communication complexity is poly(d, log(n)), and the prover runs in time poly(n). In particular, for languages computable by log-space uniform NC (circuits of polylog(n) depth), the prover is efficient, the verifier runs in time n · polylog(n) and space O(log(n)), and the communication complexity is polylog(n). Using this theorem we make progress on several questions. --- We show how to construct 1-round computationally sound arguments with polylog communication for any log-space uniform NC computation. The verifier runs in quasi-linear time. This result uses a recent transformation of Kalai and Raz from public coin interactive proofs to 1-round arguments. The soundness of the argument system is based on the existence of a PIR scheme with polylog communication. --- We construct interactive proofs with public coin, log-space, poly-time verifiers for all of P are given. This settles an open question regarding the expressive power of proof systems with such verifiers. --- We construct zero-knowledge interactive proofs are given with communication complexity quasi-linear in the witness length for any NP language verifiable in NC, based on the existence of 1-way functions. --- We construct probabilistically checkable arguments (a model due to Kalai and Raz) of size polynomial in the witness length (rather than instance length) for any NP language verifiable in NC, under computational assumptions, are provided.

[1]  D. Blackwell,et al.  Proof of Shannon's Transmission Theorem for Finite-State Indecomposable Channels , 1958 .

[2]  A. Paz Definite and quasidefinite sets of stochastic matrices , 1965 .

[3]  John T. Gill,et al.  Computational complexity of probabilistic Turing machines , 1974, STOC '74.

[4]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[5]  John H. Reif,et al.  Multiple-person alternation , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[6]  Rusins Freivalds,et al.  Probabilistic Two-Way Machines , 1981, MFCS.

[7]  Valerie Isham,et al.  Non‐Negative Matrices and Markov Chains , 1983 .

[8]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[9]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[10]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[11]  Richard E. Ladner,et al.  Probabilistic Game Automata , 1986, J. Comput. Syst. Sci..

[12]  Avi Wigderson,et al.  Multi-prover interactive proofs: how to remove intractability assumptions , 2019, STOC '88.

[13]  Joe Kilian,et al.  Zero-knowledge with log-space verifiers , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[14]  M. W. Shields An Introduction to Automata Theory , 1988 .

[15]  Richard E. Ladner,et al.  Probabilistic Game Automata , 1988, J. Comput. Syst. Sci..

[16]  Silvio Micali,et al.  Everything Provable is Provable in Zero-Knowledge , 1990, CRYPTO.

[17]  Moni Naor,et al.  Bit Commitment Using Pseudo-Randomness , 1989, CRYPTO.

[18]  L. Fortnow Complexity-Theoretic Aspects of Interactive Proof Systems , 1989 .

[19]  Richard J. Lipton,et al.  On the complexity of space bounded interactive proofs , 1989, 30th Annual Symposium on Foundations of Computer Science.

[20]  Noam Nisan,et al.  Constant depth circuits, Fourier transform, and learnability , 1989, 30th Annual Symposium on Foundations of Computer Science.

[21]  Anne Condon,et al.  Computational models of games , 1989, ACM distinguished dissertations.

[22]  Manuel Blum,et al.  Designing programs that check their work , 1989, STOC '89.

[23]  Adi Shamir,et al.  Multi-oracle interactive protocols with space bounded verifiers , 1989, [1989] Proceedings. Structure in Complexity Theory Fourth Annual Conference.

[24]  Carsten Lund,et al.  Algebraic methods for interactive proof systems , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[25]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[26]  Carsten Lund,et al.  Interactive Proof Systems and Alternating Time-Space Complexity , 1991, STACS.

[27]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[28]  Anne Condon Space-bounded probabilistic game automata , 1991, JACM.

[29]  Joan Feigenbaum,et al.  Languages that are easier than their proofs , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[30]  Cynthia Dwork,et al.  Finite state verifiers I: the power of interaction , 1992, JACM.

[31]  Carsten Lund,et al.  Proof verification and hardness of approximation problems , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[32]  Adi Shamir,et al.  IP = PSPACE , 1992, JACM.

[33]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[34]  Cynthia Dwork,et al.  Finite state verifiers II: zero knowledge , 1992, JACM.

[35]  Silvio Micali,et al.  CS proofs , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[36]  Daniel A. Spielman,et al.  Nearly-linear size holographic proofs , 1994, STOC '94.

[37]  Lance Fortnow,et al.  On the Power of Multi-Prover Interactive Protocols , 1994, Theor. Comput. Sci..

[38]  Joe Kilian,et al.  Improved Efficient Arguments (Preliminary Version) , 1995, CRYPTO.

[39]  László Lovász,et al.  Interactive proofs and the hardness of approximating cliques , 1996, JACM.

[40]  Ronitt Rubinfeld,et al.  Robust Characterizations of Polynomials with Applications to Program Testing , 1996, SIAM J. Comput..

[41]  Ivan Damgård,et al.  Linear zero-knowledge—a note on efficient zero-knowledge proofs and arguments , 1997, STOC '97.

[42]  Uriel Feige,et al.  Making games short (extended abstract) , 1997, STOC '97.

[43]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[44]  Sanjeev Arora,et al.  Probabilistic checking of proofs: a new characterization of NP , 1998, JACM.

[45]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[46]  Gage Js,et al.  The great Internet Mersenne prime search. , 1998 .

[47]  J. S. Gage The great Internet Mersenne prime search. , 1998, M.D. computing : computers in medical practice.

[48]  Carsten Lund,et al.  Proof verification and the hardness of approximation problems , 1998, JACM.

[49]  Oded Goldreich,et al.  Modern Cryptography, Probabilistic Proofs and Pseudorandomness , 1998, Algorithms and Combinatorics.

[50]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[51]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[52]  Moni Naor,et al.  Magic functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[53]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[54]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[55]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[56]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[57]  Cynthia Dwork,et al.  2-round zero knowledge and proof auditors , 2002, STOC '02.

[58]  Mariëlle Stoelinga,et al.  An Introduction to Probabilistic Automata , 2002, Bull. EATCS.

[59]  Oded Goldreich,et al.  Universal arguments and their applications , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[60]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[61]  Moni Naor,et al.  Magic Functions: In Memoriam: Bernard M. Dwork 1923--1998 , 2003, JACM.

[62]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[63]  David P. Anderson,et al.  Public Computing: Reconnecting People to Science , 2003 .

[64]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[65]  Manindra Agrawal,et al.  PRIMES is in P , 2004 .

[66]  Omer Reingold,et al.  Assignment testers: towards a combinatorial proof of the PCP-theorem , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[67]  David P. Anderson,et al.  BOINC: a system for public-resource computing and storage , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[68]  Eli Ben-Sasson,et al.  Short PCPs verifiable in polylogarithmic time , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[69]  Carsten Lund,et al.  Non-deterministic exponential time has two-prover interactive protocols , 2005, computational complexity.

[70]  Helger Lipmaa,et al.  An Oblivious Transfer Protocol with Log-Squared Communication , 2005, ISC.

[71]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[72]  Eli Ben-Sasson,et al.  Robust PCPs of Proximity, Shorter PCPs, and Applications to Coding , 2004, SIAM J. Comput..

[73]  Irit Dinur,et al.  The PCP theorem by gap amplification , 2006, STOC.

[74]  Dan Suciu,et al.  Journal of the ACM , 2006 .

[75]  Yael Tauman Kalai,et al.  Succinct Non-Interactive Zero-Knowledge Proofs with Preprocessing for LOGSNP , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[76]  Guy N. Rothblum,et al.  Verifying and decoding in constant depth , 2007, STOC '07.

[77]  Anat Paskin-Cherniavsky,et al.  Evaluating Branching Programs on Encrypted Data , 2007, TCC.

[78]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[79]  Yael Tauman Kalai,et al.  Interactive PCP , 2007 .

[80]  Ran Raz,et al.  Sub-Constant Error Low Degree Test of Almost-Linear Size , 2008, SIAM J. Comput..

[81]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[82]  Guy N. Rothblum,et al.  Are PCPs Inherent in Efficient Arguments? , 2009, Computational Complexity Conference.

[83]  Yael Tauman Kalai,et al.  Probabilistically Checkable Arguments , 2009, CRYPTO.

[84]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[85]  Yuval Ishai,et al.  From Secrecy to Soundness: Efficient Verification via Secure Computation , 2010, ICALP.

[86]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[87]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[88]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[89]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, IACR Cryptol. ePrint Arch..

[90]  Yael Tauman Kalai,et al.  Memory Delegation , 2011, CRYPTO.

[91]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[92]  Vinod Vaikuntanathan,et al.  How to Delegate and Verify in Public: Verifiable Computation from Attribute-based Encryption , 2012, IACR Cryptol. ePrint Arch..

[93]  Shafi Goldwasser,et al.  Delegation of Computation without Rejection Problem from Designated Verifier CS-Proofs , 2011, IACR Cryptol. ePrint Arch..

[94]  Ivan Damgård,et al.  Secure Two-Party Computation with Low Communication , 2012, IACR Cryptol. ePrint Arch..

[95]  Helger Lipmaa,et al.  Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments , 2012, TCC.

[96]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[97]  Graham Cormode,et al.  Practical verified computation with streaming interactive proofs , 2011, ITCS '12.

[98]  Hanspeter Pfister,et al.  Verifiable Computation with Massively Parallel Interactive Proofs , 2012, HotCloud.

[99]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[100]  Guy N. Rothblum,et al.  Interactive proofs of proximity: delegating computation in sublinear time , 2013, STOC '13.

[101]  Andrew J. Blumberg,et al.  Verifying computations without reexecuting them: from theoretical possibility to near-practicality , 2013, Electron. Colloquium Comput. Complex..

[102]  R. Raz,et al.  How to delegate computations: the power of no-signaling proofs , 2014, Electron. Colloquium Comput. Complex..

[103]  Justin Thaler,et al.  Time-Optimal Interactive Proofs for Circuit Evaluation , 2013, CRYPTO.

[104]  Srinath T. V. Setty,et al.  A Hybrid Architecture for Interactive Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[105]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[106]  Yael Tauman Kalai,et al.  Delegation for bounded space , 2013, STOC '13.

[107]  D. Boneh,et al.  Interactive proofs of proximity: delegating computation in sublinear time , 2013, STOC '13.

[108]  S. Rajsbaum Foundations of Cryptography , 2014 .

[109]  Ron Rothblum,et al.  Non-interactive proofs of proximity , 2015, computational complexity.