Rational Sumchecks

Rational proofs, introduced by Azar and Micali (STOC 2012) are a variant of interactive proofs in which the prover is neither honest nor malicious, but rather rational. The advantage of rational proofs over their classical counterparts is that they allow for extremely low communication and verification time. In recent work, Guo et al. (ITCS 2014) demonstrated their relevance to delegation of computation by showing that, if the rational prover is additionally restricted to being computationally bounded, then every language in NC1 admits a single-round delegation scheme that can be verified in sublinear time. We extend the Guo et al. result by constructing a single-round delegation scheme with sublinear verification for all languages in P. Our main contribution is the introduction of rational sumcheck protocols, which are a relaxation of classical sumchecks, a crucial building block for interactive proofs. Unlike their classical counterparts, rational sumchecks retain their (rational) soundness properties, even if the polynomial being verified is of high degree (in particular, they do not rely on the Schwartz-Zippel lemma). This enables us to bypass the main efficiency bottleneck in classical delegation schemes, which is a result of sumcheck protocols being inapplicable to the verification of the computation’s input level. As an additional contribution we study the possibility of using rational proofs as efficient blocks within classical interactive proofs. Specifically, we show a composition theorem for substituting oracle calls in an interactive proof by a rational protocol. ? Part of this work done while authors were visiting IDC Herzliya, supported by the European Research Council under the European Union’s Seventh Framework Programme (FP 2007-2013), ERC Grant Agreement n. 307952. ?? Work partially supported by RGC GRF grants CUHK410112 and CUHK410113. ??? Supported by the I-CORE Program of the Planning and Budgeting Committee and The Israel Science Foundation (grant No. 4/11). † Supported by ISF grant no. 1255/12 and by the ERC under the EU’s Seventh Framework Programme (FP/2007-2013) ERC Grant Agreement n. 307952. Work in part done while the author was visiting the Simons Institute for the Theory of Computing, supported by the Simons Foundation and by the DIMACS/Simons Collaboration in Cryptography through NSF grant #CNS-1523467. ‡ Work supported by the Check Point Institute for Information Security and by ISF grant no. 1255/12.

[1]  Guy N. Rothblum,et al.  Delegating computation reliably: paradigms and constructions , 2009 .

[2]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[3]  Pablo Azar,et al.  Super-efficient rational proofs , 2013, EC '13.

[4]  Ran Canetti,et al.  Universally Composable Security with Local Adversaries , 2012, SCN.

[5]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[6]  Alon Rosen,et al.  Rational arguments: single round delegation with sublinear verification , 2014, ITCS.

[7]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[8]  R. Raz,et al.  How to delegate computations: the power of no-signaling proofs , 2014, Electron. Colloquium Comput. Complex..

[9]  Silvio Micali,et al.  Rational proofs , 2012, STOC '12.

[10]  Yael Tauman Kalai,et al.  Delegation for bounded space , 2013, STOC '13.

[11]  Adi Shamir,et al.  IP = PSPACE , 1992, JACM.

[12]  Carsten Lund,et al.  Algebraic methods for interactive proof systems , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[13]  Rafail Ostrovsky,et al.  Fast Verification of Any Remote Procedure Call: Short Witness-Indistinguishable One-Round Proofs for NP , 2000, ICALP.

[14]  Alptekin Küpçü,et al.  Incentivizing outsourced computation , 2008, NetEcon '08.

[15]  Carlos Cid,et al.  Optimal Contracts for Outsourced Computation , 2014, GameSec.

[16]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[17]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[18]  Andrew J. Blumberg,et al.  Verifying computations without reexecuting them , 2015, Commun. ACM.

[19]  Ivan Damgård,et al.  Secure Two-Party Computation with Low Communication , 2012, IACR Cryptol. ePrint Arch..

[20]  G. Brier VERIFICATION OF FORECASTS EXPRESSED IN TERMS OF PROBABILITY , 1950 .

[21]  D. Boneh,et al.  Interactive proofs of proximity: delegating computation in sublinear time , 2013, STOC '13.

[22]  Yihua Zhang,et al.  Efficient Secure and Verifiable Outsourcing of Matrix Multiplications , 2014, ISC.

[23]  Iddo Bentov,et al.  How to Use Bitcoin to Incentivize Correct Computations , 2014, CCS.

[24]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[25]  Ueli Maurer,et al.  Rational Protocol Design: Cryptography against Incentive-Driven Adversaries , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[26]  Shikha Singh,et al.  Rational Proofs with Multiple Provers , 2015, ITCS.

[27]  Ron Rothblum,et al.  Non-interactive proofs of proximity , 2015, computational complexity.

[28]  Yael Tauman Kalai,et al.  Arguments of Proximity - [Extended Abstract] , 2015, CRYPTO.