Succinct Non-Interactive Arguments via Linear Interactive Proofs

Succinct non-interactive arguments (SNARGs) enable verifying NP statements with lower complexity than required for classical NP verification. Traditionally, the focus has been on minimizing the length of such arguments; nowadays researches have focused also on minimizing verification time, by drawing motivation from the problem of delegating computation. A common relaxation is a preprocessing SNARG, which allows the verifier to conduct an expensive offline phase that is independent of the statement to be proven later. Recent constructions of preprocessing SNARGs have achieved attractive features: they are publicly-verifiable, proofs consist of only O(1) encrypted (or encoded) field elements, and verification is via arithmetic circuits of size linear in the NP statement. Additionally, these constructions seem to have 'escaped the hegemony' of probabilistically-checkable proofs (PCPs) as a basic building block of succinct arguments.

[1]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[2]  Eli Ben-Sasson,et al.  Robust pcps of proximity, shorter pcps and applications to coding , 2004, STOC '04.

[3]  C. Dwork,et al.  Succinct Proofs for NP and Spooky Interactions , 2004 .

[4]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[5]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[6]  Irit Dinur,et al.  The PCP theorem by gap amplification , 2006, STOC.

[7]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[8]  D. Cantor,et al.  A new algorithm for factoring polynomials over finite fields , 1981 .

[9]  Dan Suciu,et al.  Journal of the ACM , 2006 .

[10]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[11]  R. Cramer,et al.  Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments , 1996 .

[12]  Avi Wigderson,et al.  Extractors And Rank Extractors For Polynomial Sources , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[13]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[14]  Rafail Ostrovsky,et al.  Fast Verification of Any Remote Procedure Call: Short Witness-Indistinguishable One-Round Proofs for NP , 2000, ICALP.

[15]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[16]  Yuval Ishai,et al.  From Secrecy to Soundness: Efficient Verification via Secure Computation , 2010, ICALP.

[17]  Subhash Khot,et al.  Query Efficient PCPs with Perfect Completeness , 2005, Theory Comput..

[18]  Josh Benaloh,et al.  Dense Probabilistic Encryption , 1999 .

[19]  Eli Ben-Sasson,et al.  Short PCPs verifiable in polylogarithmic time , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[20]  Graham Cormode,et al.  Practical verified computation with streaming interactive proofs , 2011, ITCS '12.

[21]  Eli Ben-Sasson,et al.  Short PCPs with Polylog Query Complexity , 2008, SIAM J. Comput..

[22]  Serge Fehr,et al.  Perfect NIZK with Adaptive Soundness , 2007, TCC.

[23]  Ivan Damgård,et al.  Linear zero-knowledge—a note on efficient zero-knowledge proofs and arguments , 1997, STOC '97.

[24]  Mihir Bellare,et al.  The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols , 2004, CRYPTO.

[25]  Rosario Gennaro,et al.  Publicly verifiable delegation of large polynomials and matrix computations, with applications , 2012, IACR Cryptol. ePrint Arch..

[26]  Jean-Jacques Quisquater,et al.  On Polynomial Systems Arising from a Weil Descent , 2012, ASIACRYPT.

[27]  Ivan Damgård,et al.  Secure Two-Party Computation with Low Communication , 2012, IACR Cryptol. ePrint Arch..

[28]  Yael Tauman Kalai,et al.  Interactive PCP , 2007 .

[29]  Hoeteck Wee,et al.  On Round-Efficient Argument Systems , 2005, ICALP.

[30]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[31]  Ivan Damgård,et al.  Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II , 2008 .

[32]  Thilo Mie,et al.  Polylogarithmic two-round argument systems , 2008, J. Math. Cryptol..

[33]  Eli Ben-Sasson,et al.  On the concrete efficiency of probabilistically-checkable proofs , 2013, STOC '13.

[34]  Ran Raz,et al.  Two Query PCP with Sub-Constant Error , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[35]  Eli Ben-Sasson,et al.  Randomness-efficient low degree tests and short PCPs via epsilon-biased sets , 2003, STOC '03.

[36]  Andrew J. Blumberg Toward Practical and Unconditional Verification of Remote Computations , 2011, HotOS.

[37]  Michael Ben-Or,et al.  Probabilistic algorithms in finite fields , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[38]  Ron Rothblum,et al.  Homomorphic Encryption: from Private-Key to Public-Key , 2011, Electron. Colloquium Comput. Complex..

[39]  Benjamin Braun,et al.  Resolving the conflict between generality and plausibility in verified computation , 2013, EuroSys '13.

[40]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[41]  Yael Tauman Kalai,et al.  Probabilistically Checkable Arguments , 2009, CRYPTO.

[42]  Ran Raz,et al.  A sub-constant error-probability low-degree test, and a sub-constant error-probability PCP characterization of NP , 1997, STOC '97.

[43]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[44]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[45]  Helger Lipmaa,et al.  Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments , 2012, TCC.

[46]  Mihir Bellare,et al.  Towards Plaintext-Aware Public-Key Encryption Without Random Oracles , 2004, ASIACRYPT.

[47]  Brent Waters,et al.  Targeted malleability: homomorphic encryption for restricted computations , 2012, ITCS '12.

[48]  Moni Naor,et al.  Low Communication 2-Prover Zero-Knowledge Proofs for NP , 1992, CRYPTO.

[49]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[50]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[51]  Avi Wigderson,et al.  On interactive proofs with a laconic prover , 2001, computational complexity.

[52]  Or Meir Combinatorial PCPs with Short Proofs , 2012, Computational Complexity Conference.

[53]  Graham Cormode,et al.  Verifying Computations with Streaming Interactive Proofs , 2011, Proc. VLDB Endow..

[54]  Oded Goldreich,et al.  Locally testable codes and PCPs of almost-linear length , 2006, JACM.

[55]  Leslie G. Valiant,et al.  Fast probabilistic algorithms for hamiltonian circuits and matchings , 1977, STOC '77.

[56]  Nir Bitansky,et al.  Succinct Arguments from Multi-prover Interactive Proofs and Their Efficiency Benefits , 2012, CRYPTO.

[57]  Daniel A. Spielman,et al.  Nearly-linear size holographic proofs , 1994, STOC '94.

[58]  Yael Tauman Kalai,et al.  Succinct Non-Interactive Zero-Knowledge Proofs with Preprocessing for LOGSNP , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[59]  Oded Goldreich,et al.  Universal arguments and their applications , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[60]  Eli Ben-Sasson,et al.  Sound 3-Query PCPPs Are Long , 2008, TOCT.

[61]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[62]  Eli Ben-Sasson,et al.  On the Concrete-Efficiency Threshold of Probabilistically-Checkable Proofs , 2012, Electron. Colloquium Comput. Complex..

[63]  Nir Bitansky,et al.  Erratum: Succinct Non-interactive Arguments via Linear Interactive Proofs , 2013, TCC.

[64]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[65]  Carsten Lund,et al.  Proof verification and the hardness of approximation problems , 1998, JACM.

[66]  Yevgeniy Vahlis,et al.  Verifiable Delegation of Computation over Large Datasets , 2011, IACR Cryptol. ePrint Arch..

[67]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[68]  Madhu Sudan,et al.  Small PCPs with low query complexity , 2000, computational complexity.

[69]  Rafail Ostrovsky,et al.  Efficient Arguments without Short PCPs , 2007, Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07).

[70]  Ran Canetti,et al.  Two 1-Round Protocols for Delegation of Computation , 2011, IACR Cryptol. ePrint Arch..

[71]  Giovanni Di Crescenzo,et al.  Succinct NP Proofs from an Extractability Assumption , 2008, CiE.

[72]  Joachim von zur Gathen,et al.  Factoring Polynomials Over Finite Fields: A Survey , 2001, J. Symb. Comput..

[73]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[74]  Stathis Zachos,et al.  Does co-NP Have Short Interactive Proofs? , 1987, Inf. Process. Lett..

[75]  Benjamin Braun,et al.  Taking Proof-Based Verified Computation a Few Steps Closer to Practicality , 2012, USENIX Security Symposium.

[76]  Oded Goldreich,et al.  On the Complexity of Interactive Proofs with Bounded Communication , 1998, Inf. Process. Lett..

[77]  Ran Raz,et al.  Deterministic extractors for affine sources over large fields , 2008, Comb..

[78]  Sanjeev Arora,et al.  Probabilistic checking of proofs: a new characterization of NP , 1998, JACM.

[79]  Moni Naor,et al.  Small-Bias Probability Spaces: Efficient Constructions and Applications , 1993, SIAM J. Comput..

[80]  Srinath T. V. Setty,et al.  Making argument systems for outsourced computation practical (sometimes) , 2012, NDSS.

[81]  Amit Kumar,et al.  Minimizing Average Flow-time : Upper and Lower Bounds , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[82]  Adi Shamir,et al.  IP = PSPACE , 1992, JACM.

[83]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[84]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[85]  Martin E. Hellman,et al.  Hiding information and signatures in trapdoor knapsacks , 1978, IEEE Trans. Inf. Theory.

[86]  E. Berlekamp Factoring polynomials over large finite fields , 1970 .

[87]  Leslie G. Valiant,et al.  Graph-Theoretic Arguments in Low-Level Complexity , 1977, MFCS.

[88]  Stephen A. Cook,et al.  Time-bounded random access machines , 1972, J. Comput. Syst. Sci..

[89]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[90]  Toshiaki Tanaka,et al.  On the Existence of 3-Round Zero-Knowledge Protocols , 1998, CRYPTO.

[91]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[92]  László Lovász,et al.  Interactive proofs and the hardness of approximating cliques , 1996, JACM.

[93]  Emanuele Viola,et al.  Pseudorandom Bits for Polynomials , 2010, SIAM J. Comput..

[94]  Eli Ben-Sasson,et al.  Fast Reductions from RAMs to Delegatable Succinct Constraint Satisfaction Problems (full version) , 2012 .

[95]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[96]  Shafi Goldwasser,et al.  Delegation of Computation without Rejection Problem from Designated Verifier CS-Proofs , 2011, IACR Cryptol. ePrint Arch..