Non-Interactive RAM and Batch NP Delegation from any PIR

We present an adaptive and non-interactive protocol for verifying arbitrary efficient computations in fixed polynomial time. Our protocol is computationally sound and can be based on any computational PIR scheme, which in turn can be based on standard polynomial-time cryptographic assumptions (e.g. the worst case hardness of polynomialfactor approximation of short-vector lattice problems). In our protocol, the prover and the verifier do not need to interact at all: The verifier sets up a public key ahead of time, and this key can be used by any prover to prove arbitrary statements in a completely adaptive manner. Verification is done using a secret verification key, and soundness relies on this key not being known to the prover. Our protocol further allows to prove statements about computations of arbitrary RAM machines. Previous works either relied on knowledge assumptions, or could only offer non-adaptive two-message protocols (where the first message could not be re-used), and required either obfuscation-based assumptions or superpolynomial hardness assumptions. We show that our techniques can also be applied to construct a new type of (non-adaptive) 2-message delegation protocols for batch NP-statements. Specifically, we can simultaneously prove the membership of multiple instances in a given NP language, with communication complexity proportional to the length of a single witness. ∗Weizmann Institute of Science, zvika.brakerski@weizmann.ac.il. Supported by the Israel Science Foundation (Grant No. 468/14), the Alon Young Faculty Fellowship, Binational Science Foundation (Grant No. 712307) and Google Faculty Research Award. †MIT, holmgren@mit.edu. Supported by the NSF MACS project CNS-1413920 ‡Microsoft Research, yael@microsoft.com.

[1]  Guy N. Rothblum,et al.  Constant-Round Interactive Proofs for Delegating Computation , 2016, Electron. Colloquium Comput. Complex..

[2]  Sanjeev Arora,et al.  Probabilistic checking of proofs: a new characterization of NP , 1998, JACM.

[3]  Yael Tauman Kalai,et al.  Delegating RAM Computations , 2016, TCC.

[4]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[5]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[6]  Yael Tauman Kalai,et al.  Memory Delegation , 2011, CRYPTO.

[7]  Vinod Vaikuntanathan,et al.  Lattice-based FHE as secure as PKE , 2014, IACR Cryptol. ePrint Arch..

[8]  Guy N. Rothblum,et al.  Are PCPs Inherent in Efficient Arguments? , 2009, Computational Complexity Conference.

[9]  Ran Canetti,et al.  Succinct Garbling and Indistinguishability Obfuscation for RAM Programs , 2015, STOC.

[10]  C. Dwork,et al.  Succinct Proofs for NP and Spooky Interactions , 2004 .

[11]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[12]  R. Raz,et al.  How to delegate computations: the power of no-signaling proofs , 2014, Electron. Colloquium Comput. Complex..

[13]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[14]  Nir Bitansky,et al.  Succinct Randomized Encodings and their Applications , 2015, IACR Cryptol. ePrint Arch..

[15]  Carsten Lund,et al.  Proof verification and hardness of approximation problems , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[16]  Ivan Damgård,et al.  Secure Two-Party Computation with Low Communication , 2012, IACR Cryptol. ePrint Arch..

[17]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, IACR Cryptol. ePrint Arch..

[18]  Allison Bishop,et al.  Indistinguishability Obfuscation for Turing Machines with Unbounded Memory , 2015, IACR Cryptol. ePrint Arch..

[19]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[20]  Omer Paneth,et al.  Publicly Verifiable Non-Interactive Arguments for Delegating Computation , 2014, IACR Cryptol. ePrint Arch..

[21]  Nir Bitansky,et al.  The Hunting of the SNARK , 2016, Journal of Cryptology.

[22]  Kai-Min Chung,et al.  Cryptography for Parallel RAM from Indistinguishability Obfuscation , 2016, ITCS.

[23]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[24]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[25]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[26]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[27]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[28]  Ron Rothblum,et al.  Spooky Encryption and Its Applications , 2016, CRYPTO.

[29]  Rafail Ostrovsky,et al.  Fast Verification of Any Remote Procedure Call: Short Witness-Indistinguishable One-Round Proofs for NP , 2000, ICALP.

[30]  Yuval Ishai,et al.  From Secrecy to Soundness: Efficient Verification via Secure Computation , 2010, ICALP.

[31]  Moni Naor,et al.  Spooky Interaction and Its Discontents: Compilers for Succinct Two-Message Argument Systems , 2016, CRYPTO.

[32]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[33]  Yael Tauman Kalai,et al.  Delegation for bounded space , 2013, STOC '13.

[34]  Yael Tauman Kalai,et al.  Cryptographic Assumptions: A Position Paper , 2016, TCC.

[35]  C. Moler,et al.  Advances in Cryptology , 2000, Lecture Notes in Computer Science.

[36]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[37]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[38]  Ran Canetti,et al.  Fully Succinct Garbled RAM , 2016, ITCS.

[39]  Kai-Min Chung,et al.  Delegating RAM Computations with Adaptive Soundness and Privacy , 2016, TCC.

[40]  Yael Tauman Kalai,et al.  Probabilistically Checkable Arguments , 2009, CRYPTO.

[41]  Yuval Ishai,et al.  Sufficient Conditions for Collision-Resistant Hashing , 2005, TCC.

[42]  Ran Canetti,et al.  Succinct Adaptive Garbled RAM , 2015, IACR Cryptol. ePrint Arch..

[43]  Hovav Shacham,et al.  Advances in Cryptology – CRYPTO 2018 , 2002, Lecture Notes in Computer Science.

[44]  Silvio Micali,et al.  CS Proofs (Extended Abstracts) , 1994, FOCS 1994.