Quadratic Span Programs and Succinct NIZKs without PCPs

We introduce a new characterization of the NP complexity class, called Quadratic Span Programs (QSPs), which is a natural extension of span programs defined by Karchmer and Wigderson. Our main motivation is the quick construction of succinct, easily verified arguments for NP statements.

[1]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[2]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[3]  Manuel Blum,et al.  Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract) , 1988, STOC 1988.

[4]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[5]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[6]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[7]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[8]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[9]  Adi Shamir,et al.  IP = PSPACE , 1992, JACM.

[10]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[11]  Sanjeev Arora,et al.  Probabilistic checking of proofs; a new characterization of NP , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[12]  Carsten Lund,et al.  Algebraic methods for interactive proof systems , 1992, JACM.

[13]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[14]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[15]  László Lovász,et al.  Interactive proofs and the hardness of approximating cliques , 1996, JACM.

[16]  Carsten Lund,et al.  Proof verification and the hardness of approximation problems , 1998, JACM.

[17]  Toshiaki Tanaka,et al.  On the Existence of 3-Round Zero-Knowledge Protocols , 1998, CRYPTO.

[18]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[19]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[20]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[21]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[22]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[23]  Mihir Bellare,et al.  The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols , 2004, CRYPTO.

[24]  K. Gjøsteen,et al.  Subgroup membership problems and public key cryptosystems , 2004 .

[25]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[26]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[27]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[28]  Kristian Gjøsteen Symmetric Subgroup Membership Problems , 2005, Public Key Cryptography.

[29]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[30]  Moni Naor,et al.  Zaps and Their Applications , 2007, SIAM J. Comput..

[31]  Serge Fehr,et al.  Perfect NIZK with Adaptive Soundness , 2007, TCC.

[32]  Rafail Ostrovsky,et al.  Efficient Arguments without Short PCPs , 2007, Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07).

[33]  Jiang Wu,et al.  An Efficient Identification Protocol and the Knowledge-of-Exponent Assumption , 2007, IACR Cryptol. ePrint Arch..

[34]  Paul Valiant,et al.  Incrementally Verifiable Computation or Proofs of Knowledge Imply Time/Space Efficiency , 2008, TCC.

[35]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[36]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[37]  Giovanni Di Crescenzo,et al.  Succinct NP Proofs from an Extractability Assumption , 2008, CiE.

[38]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[39]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[40]  Guy N. Rothblum,et al.  Are PCPs Inherent in Efficient Arguments? , 2009, Computational Complexity Conference.

[41]  Ran Canetti,et al.  Towards a Theory of Extractable Functions , 2009, TCC.

[42]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[43]  Yuval Ishai,et al.  From Secrecy to Soundness: Efficient Verification via Secure Computation , 2010, ICALP.

[44]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[45]  Yunlei Zhao,et al.  Deniable Internet Key Exchange , 2010, ACNS.

[46]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[47]  Guy N. Rothblum,et al.  Are PCPs Inherent in Efficient Arguments? , 2009, 2009 24th Annual IEEE Conference on Computational Complexity.

[48]  Frederik Vercauteren,et al.  On CCA-Secure Somewhat Homomorphic Encryption , 2011, Selected Areas in Cryptography.

[49]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, IACR Cryptol. ePrint Arch..

[50]  Vinod Vaikuntanathan,et al.  How to Delegate and Verify in Public: Verifiable Computation from Attribute-based Encryption , 2012, IACR Cryptol. ePrint Arch..

[51]  Shafi Goldwasser,et al.  Delegation of Computation without Rejection Problem from Designated Verifier CS-Proofs , 2011, IACR Cryptol. ePrint Arch..

[52]  Ivan Damgård,et al.  Secure Two-Party Computation with Low Communication , 2012, IACR Cryptol. ePrint Arch..

[53]  Benjamin Braun,et al.  Taking Proof-Based Verified Computation a Few Steps Closer to Practicality , 2012, USENIX Security Symposium.

[54]  Eli Ben-Sasson,et al.  On the Concrete-Efficiency Threshold of Probabilistically-Checkable Proofs , 2012, Electron. Colloquium Comput. Complex..

[55]  Helger Lipmaa,et al.  Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments , 2012, TCC.

[56]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[57]  Christel Baier,et al.  Probabilistic ω-automata , 2012, JACM.

[58]  Markulf Kohlweiss,et al.  Malleable Proof Systems and Applications , 2012, EUROCRYPT.

[59]  Brent Waters,et al.  Targeted malleability: homomorphic encryption for restricted computations , 2012, ITCS '12.

[60]  Amit Sahai,et al.  Efficient Noninteractive Proof Systems for Bilinear Groups , 2008, SIAM J. Comput..

[61]  Rafail Ostrovsky,et al.  New Techniques for Noninteractive Zero-Knowledge , 2012, JACM.

[62]  Graham Cormode,et al.  Practical verified computation with streaming interactive proofs , 2011, ITCS '12.

[63]  Srinath T. V. Setty,et al.  Making argument systems for outsourced computation practical (sometimes) , 2012, NDSS.

[64]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, IEEE Symposium on Security and Privacy.

[65]  Eli Ben-Sasson,et al.  On the concrete efficiency of probabilistically-checkable proofs , 2013, STOC '13.

[66]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.