SNARGs for bounded depth computations and PPAD hardness from sub-exponential LWE

We construct a succinct non-interactive publicly-verifiable delegation scheme for any logspace uniform circuit under the sub-exponential Learning With Errors (LWE) assumption. For a circuit C : {0, 1} N → {0, 1} of size S and depth D, the prover runs in time poly(S), the communication complexity is D · polylog(S), and the verifier runs in time (D + N) · polylog(S). To obtain this result, we introduce a new cryptographic primitive: lossy correlation-intractable hash functions. We use this primitive to soundly instantiate the Fiat-Shamir transform for a large class of interactive proofs, including the interactive sum-check protocol and the GKR protocol, assuming the sub-exponential hardness of LWE. By relying on the result of Choudhuri et al. (STOC 2019), we also establish the subexponential average-case hardness of PPAD, assuming the sub-exponential hardness of LWE.

[1]  Ron Rothblum,et al.  Fiat-Shamir: from practice to theory , 2019, STOC.

[2]  Guy N. Rothblum,et al.  Constant-Round Interactive Proofs for Delegating Computation , 2016, Electron. Colloquium Comput. Complex..

[3]  Abhi Shelat,et al.  Doubly-Efficient zkSNARKs Without Trusted Setup , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[4]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[5]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[6]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[7]  Ran Canetti,et al.  Fully Succinct Garbled RAM , 2016, ITCS.

[8]  D. Cantor,et al.  A new algorithm for factoring polynomials over finite fields , 1981 .

[9]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[10]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[11]  Silvio Micali,et al.  CS Proofs (Extended Abstracts) , 1994, FOCS 1994.

[12]  Nir Bitansky,et al.  Succinct Randomized Encodings and their Applications , 2015, IACR Cryptol. ePrint Arch..

[13]  Ivan Damgård,et al.  Secure Two-Party Computation with Low Communication , 2012, IACR Cryptol. ePrint Arch..

[14]  Allison Bishop,et al.  Indistinguishability Obfuscation for Turing Machines with Unbounded Memory , 2015, IACR Cryptol. ePrint Arch..

[15]  Xiaotie Deng,et al.  Settling the complexity of computing two-player Nash equilibria , 2007, JACM.

[16]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[17]  Vinod Vaikuntanathan,et al.  How to Delegate and Verify in Public: Verifiable Computation from Attribute-based Encryption , 2012, IACR Cryptol. ePrint Arch..

[18]  R. Raz,et al.  How to delegate computations: the power of no-signaling proofs , 2014, Electron. Colloquium Comput. Complex..

[19]  Yael Tauman Kalai,et al.  SNARGs for Bounded Depth Computations from Sub-Exponential LWE , 2020, IACR Cryptol. ePrint Arch..

[20]  Alex Lombardi,et al.  Cryptographic Hashing from Strong One-Way Functions (Or: One-Way Product Functions and Their Applications) , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[21]  Guy N. Rothblum,et al.  PPAD-Hardness via Iterated Squaring Modulo a Composite , 2019, IACR Cryptol. ePrint Arch..

[22]  Brent Waters,et al.  Lossy trapdoor functions and their applications , 2008, SIAM J. Comput..

[23]  Zvika Brakerski,et al.  Witness Indistinguishability for Any Single-Round Argument with Applications to Access Control , 2020, Public Key Cryptography.

[24]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[25]  Krzysztof Pietrzak,et al.  Simple Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[26]  Nir Bitansky,et al.  The Hunting of the SNARK , 2016, Journal of Cryptology.

[27]  Chris Peikert,et al.  Noninteractive Zero Knowledge for NP from (Plain) Learning With Errors , 2019, IACR Cryptol. ePrint Arch..

[28]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[29]  Yael Tauman Kalai,et al.  Succinct delegation for low-space non-deterministic computation , 2018, STOC.

[30]  Ilan Komargodski,et al.  Continuous Verifiable Delay Functions , 2020, IACR Cryptol. ePrint Arch..

[31]  Yael Tauman Kalai,et al.  Non-interactive delegation and batch NP verification from standard computational assumptions , 2017, STOC.

[32]  Ran Canetti,et al.  Succinct Garbling and Indistinguishability Obfuscation for RAM Programs , 2015, STOC.

[33]  Carsten Lund,et al.  Algebraic methods for interactive proof systems , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[34]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[35]  James Bartusek,et al.  On the (In)security of Kilian-Based SNARGs , 2019, IACR Cryptol. ePrint Arch..

[36]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[37]  Nir Bitansky,et al.  On the Cryptographic Hardness of Finding a Nash Equilibrium , 2015, FOCS.

[38]  Dakshita Khurana,et al.  Lossy Correlation Intractability and PPAD Hardness from Sub-exponential LWE , 2020, IACR Cryptol. ePrint Arch..

[39]  Yael Tauman Kalai,et al.  Multi-collision resistance: a paradigm for keyless hash functions , 2018, IACR Cryptol. ePrint Arch..

[40]  Zvika Brakerski,et al.  Leveraging Linear Decryption: Rate-1 Fully-Homomorphic Encryption and Time-Lock Puzzles , 2019, IACR Cryptol. ePrint Arch..

[41]  Ron Rothblum,et al.  Fiat-Shamir and Correlation Intractability from Strong KDM-Secure Encryption , 2018, IACR Cryptol. ePrint Arch..

[42]  Rafail Ostrovsky,et al.  Extended-DDH and Lossy Trapdoor Functions , 2012, Public Key Cryptography.

[43]  Yael Tauman Kalai,et al.  Delegating RAM Computations , 2016, TCC.

[44]  Kai-Min Chung,et al.  Cryptography for Parallel RAM from Indistinguishability Obfuscation , 2016, ITCS.

[45]  Guy N. Rothblum,et al.  Finding a Nash equilibrium is no easier than breaking Fiat-Shamir , 2019, IACR Cryptol. ePrint Arch..

[46]  Yael Tauman Kalai,et al.  From Obfuscation to the Security of Fiat-Shamir for Proofs , 2017, CRYPTO.

[47]  Yael Tauman Kalai,et al.  How to delegate computations publicly , 2019, IACR Cryptol. ePrint Arch..

[48]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[49]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[50]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[51]  Rafail Ostrovsky,et al.  Trapdoor Hash Functions and Their Applications , 2019, IACR Cryptol. ePrint Arch..

[52]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[53]  Helger Lipmaa,et al.  Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments , 2012, TCC.

[54]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[55]  Yael Tauman Kalai,et al.  Delegation for bounded space , 2013, STOC '13.

[56]  Nir Bitansky,et al.  On the Cryptographic Hardness of Local Search , 2020, ITCS.

[57]  Sanjam Garg,et al.  Revisiting the Cryptographic Hardness of Finding a Nash Equilibrium , 2016, CRYPTO.

[58]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[59]  Paul W. Goldberg,et al.  The complexity of computing a Nash equilibrium , 2006, STOC '06.

[60]  Timothy G. Abbott,et al.  On Algorithms for Nash Equilibria , 2004 .

[61]  Vinod Vaikuntanathan,et al.  Fiat-Shamir for Repeated Squaring with Applications to PPAD-Hardness and VDFs , 2020, IACR Cryptol. ePrint Arch..

[62]  Kai-Min Chung,et al.  Delegating RAM Computations with Adaptive Soundness and Privacy , 2016, TCC.

[63]  Oded Goldreich,et al.  On Doubly-Efficient Interactive Proof Systems , 2018, Found. Trends Theor. Comput. Sci..

[64]  Eli Ben-Sasson,et al.  Interactive Oracle Proofs , 2016, TCC.

[65]  Omer Paneth,et al.  On Publicly Verifiable Delegation From Standard Assumptions , 2018, IACR Cryptol. ePrint Arch..

[66]  Omer Paneth,et al.  On Zero-Testable Homomorphic Encryption and Publicly Verifiable Non-interactive Arguments , 2017, TCC.

[67]  Eylon Yogev,et al.  Hardness of Continuous Local Search: Query Complexity and Cryptographic Lower Bounds , 2017, SODA.

[68]  Christos H. Papadimitriou,et al.  On the Complexity of the Parity Argument and Other Inefficient Proofs of Existence , 1994, J. Comput. Syst. Sci..