How to delegate computations publicly

We construct a delegation scheme for all polynomial time computations. Our scheme is publicly verifiable and completely non-interactive in the common reference string (CRS) model. Our scheme is based on an efficiently falsifiable decisional assumption on groups with bilinear maps. Prior to this work, publicly verifiable non-interactive delegation schemes were only known under knowledge assumptions (or in the Random Oracle model) or under non-standard assumptions related to obfuscation or multilinear maps. We obtain our result in two steps. First, we construct a scheme with a long CRS (polynomial in the running time of the computation) by following the blueprint of Paneth and Rothblum (TCC 2017). Then we bootstrap this scheme to obtain a short CRS. Our bootstrapping theorem exploits the fact that our scheme can securely delegate certain non-deterministic computations.

[1]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[2]  Bernd Meyer,et al.  Ensuring the Integrity of Agent-Based Computations by Short Proofs , 1998, Mobile Agents.

[3]  R. Raz,et al.  How to delegate computations: the power of no-signaling proofs , 2014, Electron. Colloquium Comput. Complex..

[4]  Oded Goldreich,et al.  On the Complexity of Interactive Proofs with Bounded Communication , 1998, Inf. Process. Lett..

[5]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[6]  Moni Naor,et al.  Low Communication 2-Prover Zero-Knowledge Proofs for NP , 1992, CRYPTO.

[7]  Yael Tauman Kalai,et al.  Succinct delegation for low-space non-deterministic computation , 2018, STOC.

[8]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[9]  Yael Tauman Kalai,et al.  Non-interactive delegation and batch NP verification from standard computational assumptions , 2017, STOC.

[10]  Ran Canetti,et al.  Succinct Garbling and Indistinguishability Obfuscation for RAM Programs , 2015, STOC.

[11]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[12]  Peter Rastall,et al.  Locality, Bell's theorem, and quantum mechanics , 1985 .

[13]  Carsten Lund,et al.  Proof verification and hardness of approximation problems , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[14]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[15]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[16]  Ran Canetti,et al.  Fully Succinct Garbled RAM , 2016, ITCS.

[17]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[18]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[19]  Yael Tauman Kalai,et al.  Delegation for bounded space , 2013, STOC '13.

[20]  Adi Shamir,et al.  IP = PSPACE , 1992, JACM.

[21]  László Lovász,et al.  Approximating clique is almost NP-complete , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[22]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[23]  Helger Lipmaa,et al.  Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments , 2012, TCC.

[24]  Ron Rothblum,et al.  Fiat-Shamir From Simpler Assumptions , 2018, IACR Cryptol. ePrint Arch..

[25]  Nir Bitansky,et al.  Succinct Randomized Encodings and their Applications , 2015, IACR Cryptol. ePrint Arch..

[26]  Kai-Min Chung,et al.  Cryptography for Parallel RAM from Indistinguishability Obfuscation , 2016, ITCS.

[27]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[28]  Ivan Damgård,et al.  Secure Two-Party Computation with Low Communication , 2012, IACR Cryptol. ePrint Arch..

[29]  F. Guilak,et al.  Individual and Organizational Influences to the Use of Fire and Fuels Research by Federal Agency Managers , 2008 .

[30]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[31]  C. Dwork,et al.  Succinct Proofs for NP and Spooky Interactions , 2004 .

[32]  Vinod Vaikuntanathan,et al.  How to Delegate and Verify in Public: Verifiable Computation from Attribute-based Encryption , 2012, IACR Cryptol. ePrint Arch..

[33]  Richard M. Karp,et al.  Reducibility Among Combinatorial Problems , 1972, 50 Years of Integer Programming.

[34]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[35]  Sanjeev Arora,et al.  Probabilistic checking of proofs: a new characterization of NP , 1998, JACM.

[36]  Omer Paneth,et al.  On Publicly Verifiable Delegation From Standard Assumptions , 2018, IACR Cryptol. ePrint Arch..

[37]  Omer Paneth,et al.  On Zero-Testable Homomorphic Encryption and Publicly Verifiable Non-interactive Arguments , 2017, TCC.

[38]  Guy N. Rothblum,et al.  Constant-Round Interactive Proofs for Delegating Computation , 2016, Electron. Colloquium Comput. Complex..

[39]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[40]  Paul Valiant,et al.  Incrementally Verifiable Computation or Proofs of Knowledge Imply Time/Space Efficiency , 2008, TCC.

[41]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[42]  Silvio Micali,et al.  CS Proofs (Extended Abstracts) , 1994, FOCS 1994.

[43]  Kai-Min Chung,et al.  Delegating RAM Computations with Adaptive Soundness and Privacy , 2016, TCC.

[44]  Yael Tauman Kalai,et al.  Monotone Batch NP-Delegation with Applications to Access Control , 2018, IACR Cryptol. ePrint Arch..

[45]  Yael Tauman Kalai,et al.  Delegating RAM Computations , 2016, TCC.

[46]  Avi Wigderson,et al.  Multi-prover interactive proofs: how to remove intractability assumptions , 2019, STOC '88.

[47]  Manuel Blum,et al.  Checking the correctness of memories , 2005, Algorithmica.

[48]  Allison Bishop,et al.  Indistinguishability Obfuscation for Turing Machines with Unbounded Memory , 2015, IACR Cryptol. ePrint Arch..

[49]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[50]  Nir Bitansky,et al.  The Hunting of the SNARK , 2016, Journal of Cryptology.