Non-interactive delegation and batch NP verification from standard computational assumptions

We present an adaptive and non-interactive protocol for verifying arbitrary efficient computations in fixed polynomial time. Our protocol is computationally sound and can be based on any computational PIR scheme, which in turn can be based on standard polynomial-time cryptographic assumptions (e.g. the worst case hardness of polynomial-factor approximation of short-vector lattice problems). In our protocol, the verifier sets up a public key ahead of time, and this key can be used by any prover to prove arbitrary statements by simpling sending a proof to the verifier. Verification is done using a secret verification key, and soundness relies on this key not being known to the prover. Our protocol further allows to prove statements about computations of arbitrary RAM machines. Previous works either relied on knowledge assumptions, or could only offer non-adaptive two-message protocols (where the first message could not be re-used), and required either obfuscation-based assumptions or super-polynomial hardness assumptions. We show that our techniques can also be applied to construct a new type of (non-adaptive) 2-message argument for batch NP-statements. Specifically, we can simultaneously prove (with computational soundness) the membership of multiple instances in a given NP language, with communication complexity proportional to the length of a single witness.

[1]  Allison Bishop,et al.  Indistinguishability Obfuscation for Turing Machines with Unbounded Memory , 2015, IACR Cryptol. ePrint Arch..

[2]  Nir Bitansky,et al.  Succinct Randomized Encodings and their Applications , 2015, IACR Cryptol. ePrint Arch..

[3]  Ivan Damgård,et al.  Secure Two-Party Computation with Low Communication , 2012, IACR Cryptol. ePrint Arch..

[4]  Omer Paneth,et al.  Publicly Verifiable Non-Interactive Arguments for Delegating Computation , 2014, IACR Cryptol. ePrint Arch..

[5]  C. Dwork,et al.  Succinct Proofs for NP and Spooky Interactions , 2004 .

[6]  Nir Bitansky,et al.  The Hunting of the SNARK , 2016, Journal of Cryptology.

[7]  Moni Naor,et al.  Spooky Interaction and Its Discontents: Compilers for Succinct Two-Message Argument Systems , 2016, CRYPTO.

[8]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[9]  Kai-Min Chung,et al.  Cryptography for Parallel RAM from Indistinguishability Obfuscation , 2016, ITCS.

[10]  Silvio Micali,et al.  CS proofs , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[11]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[12]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[13]  Ran Canetti,et al.  Fully Succinct Garbled RAM , 2016, ITCS.

[14]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[15]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[16]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[17]  Kai-Min Chung,et al.  Delegating RAM Computations with Adaptive Soundness and Privacy , 2016, TCC.

[18]  Silvio Micali,et al.  CS Proofs (Extended Abstracts) , 1994, FOCS 1994.

[19]  Yael Tauman Kalai,et al.  3-Message Zero Knowledge Against Human Ignorance , 2016, TCC.

[20]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[21]  Ron Rothblum,et al.  Spooky Encryption and Its Applications , 2016, CRYPTO.

[22]  Ran Canetti,et al.  Succinct Adaptive Garbled RAM , 2015, IACR Cryptol. ePrint Arch..

[23]  Rafail Ostrovsky,et al.  Fast Verification of Any Remote Procedure Call: Short Witness-Indistinguishable One-Round Proofs for NP , 2000, ICALP.

[24]  Yuval Ishai,et al.  From Secrecy to Soundness: Efficient Verification via Secure Computation , 2010, ICALP.

[25]  Yael Tauman Kalai,et al.  Delegating RAM Computations , 2016, TCC.

[26]  Oded Goldreich,et al.  Universal Arguments and their Applications , 2008, SIAM J. Comput..

[27]  Yael Tauman Kalai,et al.  Delegation for bounded space , 2013, STOC '13.

[28]  Yael Tauman Kalai,et al.  Cryptographic Assumptions: A Position Paper , 2016, TCC.

[29]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[30]  Guy N. Rothblum,et al.  Constant-Round Interactive Proofs for Delegating Computation , 2016, Electron. Colloquium Comput. Complex..

[31]  Ran Canetti,et al.  Succinct Garbling and Indistinguishability Obfuscation for RAM Programs , 2015, STOC.

[32]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[33]  Carsten Lund,et al.  Proof verification and the hardness of approximation problems , 1998, JACM.

[34]  Yael Tauman Kalai,et al.  Probabilistically Checkable Arguments , 2009, CRYPTO.

[35]  Sanjeev Arora,et al.  Probabilistic checking of proofs: a new characterization of NP , 1998, JACM.

[36]  F. Guilak,et al.  Individual and Organizational Influences to the Use of Fire and Fuels Research by Federal Agency Managers , 2008 .

[37]  Yael Tauman Kalai,et al.  Memory Delegation , 2011, CRYPTO.

[38]  R. Raz,et al.  How to delegate computations: the power of no-signaling proofs , 2014, Electron. Colloquium Comput. Complex..