AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
Our work provides a brand new form of arithmetization which we call Quadratic Span Programs, since it is a generalization of the notion of Span Programs proposed by Karchmer and Wigderson

Quadratic Span Programs and Succinct NIZKs without PCPs.

ADVANCES IN CRYPTOLOGY - EUROCRYPT 2013, (2013): 626-645

Cited by: 568|Views167
EI

Abstract

We introduce a new characterization of the NP complexity class, called Quadratic Span Programs (QSPs), which is a natural extension of span programs defined by Karchmer and Wigderson. Our main motivation is the quick construction of succinct, easily verified arguments for NP statements. To achieve this goal, QSPs use a new approach to the...More

Code:

Data:

Introduction
  • Arithmetization of Boolean computations is a well known technique: it maps a Boolean circuit to a set of polynomial equations over a field.
  • To compensate for the weakness of the wire checker, the authors require the SP being checked to be conscientious, which guarantees that every satisfying linear combination uses at least one polynomial from the sets associated with its input.
  • To obtain a conscientious SP for an entire circuit, the authors build a conscientious SP for each gate, using a distinct set of roots Ri for each SP, and compose the gate SPs together using the Chinese Remainder Theorem, just as the authors did when building the aggregate wire checker.
Highlights
  • Arithmetization of Boolean computations is a well known technique: it maps a Boolean circuit to a set of polynomial equations over a field
  • The celebrated result IP=PSPACE [35, 41] used arithmetization as a crucial tool and set the stage for the probabilistically checkable proofs theorem [2,3,4, 20], which provided a new characterization of NP that revolutionized the notion of “proof” – in particular, it shows that NP statements have probabilistically checkable proofs (PCPs) that can be verified in time polylogarithmic in the size of a classical proof
  • Our work provides a brand new form of arithmetization which we call Quadratic Span Programs (QSPs), since it is a generalization of the notion of Span Programs proposed by Karchmer and Wigderson [31]
  • If the q-power Diffie-Hellman and d-PKE assumptions hold for some q ≥ max{2d− 1, d + 2}, the non-interactive zero-knowledge scheme defined in Section 3.3, instantiated with a Quadratic Span Programs of degree d, is secure under Definition 6
  • The full details of the Quadratic Arithmetic Programs construction appear in the final version [22]; here we present the definition of Quadratic Arithmetic Programs and our main result about them
  • We developed a system called Pinocchio [38] that includes a compiler that transforms a subset of C into either a Quadratic Span Programs or Quadratic Arithmetic Programs, and a set of programs for generating the common reference string, creating proofs, and verifying proofs
Results
  • For each gate g ∈ Γ , there is a conscientious SP of size m and degree d that computes whether its input is a satisfying assignment of g’s input/output wires.
  • The wire checker’s guarantee of no double assignments relies on the fact that the SP for the gate checker is conscientious, and must use at least one polynomial for each wire to arrive at a satisfying linear combination.
  • The authors construct the polynomials for the aggregate wire checker described above, using a third set of distinct roots.
  • 4. Using disjoint sets of roots R = {R(i0), R(i1) : i ∈ [N ]} and the partition of Ilabeled, construct the aggregate wire checker from Lemma 3, which consists of the following polynomials: D (x) = r∈R(x − r), V = {v1(x), .
  • For any Boolean circuit C with n inputs, s gates, and N = n + s total wire values, the canonical QSP computes C.
  • This property helps improve the performance of the cryptographic constructions for NIZKs and verifiable computation, since a verifier who knows part of the circuit input will be able to “predict” the portion of the QSP linear combination that corresponds to u.
  • When it is applied to the partition Ilabeled = ∪i∈[N],j∈{0,1}Iij of the SP for the gate checker function, the size of the aggregate wire checker is |Ilabeled| ≤ 24s and the degree is 76s.
Conclusion
  • At a high-level, the prover uses his inputs to evaluate the circuit for f , obtaining linear combinations for the QSP that satisfy Eq.1.
  • If the q-PDH and d-PKE assumptions hold for some q ≥ max{2d− 1, d + 2}, the NIZK scheme defined in Section 3.3, instantiated with a QSP of degree d, is secure under Definition 6.
  • The authors construct Quadratic Arithmetic Programs (QAPs), a natural extension of QSPs which “naturally” compute arithmetic circuits modulo the group order p.
Funding
  • The research of this author was sponsored by the U.S Army Research Laboratory and the U.K
  • Supported by NSF Grant No.1017660
Reference
  • Abe, M., Fehr, S.: Perfect NIZK with adaptive soundness. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 118–136. Springer, Heidelberg (2007)
    Google ScholarLocate open access versionFindings
  • Arora, S., Lund, C., Motwani, R., Sudan, M., Szegedy, M.: Proof verification and the hardness of approximation problems. J. ACM 45(3), 501–555 (1998)
    Google ScholarLocate open access versionFindings
  • Arora, S., Safra, S.: Probabilistic checking of proofs: A new characterization of NP. J. ACM 45(1), 70–122 (1998)
    Google ScholarLocate open access versionFindings
  • Babai, L., Fortnow, L., Levin, L.A., Szegedy, M.: Checking computations in polylogarithmic time. In: STOC, pp. 21–31 (1991)
    Google ScholarFindings
  • Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 200LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)
    Google ScholarLocate open access versionFindings
  • Bellare, M., Palacio, A.: The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 273–289. Springer, Heidelberg (2004)
    Google ScholarLocate open access versionFindings
  • Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E.: On the concrete-efficiency threshold of probabilistically-checkable proofs. In: STOC (to appear 2013)
    Google ScholarFindings
  • Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In: ITCS, pp. 326–349 (2012)
    Google ScholarFindings
  • Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: STOC, pp. 103–112 (1988)
    Google ScholarFindings
  • Blum, M., De Santis, A., Micali, S., Persiano, G.: Noninteractive zero-knowledge. SIAM Journal on Computing 20(6), 1084–1118 (1991)
    Google ScholarLocate open access versionFindings
  • Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)
    Google ScholarLocate open access versionFindings
  • Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
    Google ScholarLocate open access versionFindings
  • Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275.
    Google ScholarLocate open access versionFindings
  • Brassard, G., Chaum, D., Crepeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)
    Google ScholarLocate open access versionFindings
  • Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)
    Google ScholarLocate open access versionFindings
  • Cormode, G., Mitzenmacher, M., Thaler, J.: Practical verified computation with streaming interactive proofs. In: ITCS (2012)
    Google ScholarFindings
  • Di Crescenzo, G., Lipmaa, H.: Succinct NP proofs from an extractability assumption. In: Beckmann, A., Dimitracopoulos, C., Lowe, B. (eds.) CiE 2008. LNCS, vol. 5028, pp. 175–185. Springer, Heidelberg (2008)
    Google ScholarLocate open access versionFindings
  • Damgard, I.B.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992)
    Google ScholarLocate open access versionFindings
  • Damgard, I., Faust, S., Hazay, C.: Secure two-party computation with low communication. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 54–74. Springer, Heidelberg (2012)
    Google ScholarLocate open access versionFindings
  • Feige, U., Goldwasser, S., Lovasz, L., Safra, S., Szegedy, M.: Interactive proofs and the hardness of approximating cliques. J. ACM 43(2), 268–292 (1996)
    Google ScholarLocate open access versionFindings
  • Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465–482. Springer, Heidelberg (2010)
    Google ScholarLocate open access versionFindings
  • Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. Cryptology ePrint Archive, Report 2012/215 (2012)
    Google ScholarLocate open access versionFindings
  • Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: STOC, pp. 99–108. ACM (2011)
    Google ScholarLocate open access versionFindings
  • Gjøsteen, K.: Subgroup membership problems and public key cryptosystems. PhD thesis, Norwegian University of Science and Technology (2004)
    Google ScholarFindings
  • Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: Interactive proofs for muggles. In: STOC, pp. 113–122 (2008)
    Google ScholarFindings
  • Goldwasser, S., Lin, H., Rubinstein, A.: Delegation of computation without rejection problem from designated verifier CS-proofs. IACR Cryptology ePrint Archive, 2011: 456 (2011)
    Google ScholarLocate open access versionFindings
  • Groth, J.: Short pairing-based non-interactive zero-knowledge arguments. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 321–340.
    Google ScholarLocate open access versionFindings
  • Groth, J., Ostrovsky, R., Sahai, A.: New techniques for noninteractive zeroknowledge. Journal of the ACM 59(3), 11:1–11:35 (2012)
    Google ScholarLocate open access versionFindings
  • Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. SIAM Journal on Computing 41(5), 1193–1232 (2012)
    Google ScholarLocate open access versionFindings
  • Ishai, Y., Kushilevitz, E., Ostrovsky, R.: Efficient arguments without short PCPs. In: IEEE Conference on Computational Complexity (2007)
    Google ScholarLocate open access versionFindings
  • Karchmer, M., Wigderson, A.: On span programs. In: Structure in Complexity Theory Conference, pp. 102–111 (1993)
    Google ScholarLocate open access versionFindings
  • Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: STOC, pp. 723–732 (1992)
    Google ScholarFindings
  • Lipmaa, H.: Progression-free sets and sublinear pairing-based non-interactive zeroknowledge arguments. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 169– 189.
    Google ScholarLocate open access versionFindings
  • Loftus, J., May, A., Smart, N.P., Vercauteren, F.: On CCA-secure somewhat homomorphic encryption. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 55–72.
    Google ScholarLocate open access versionFindings
  • Lund, C., Fortnow, L., Karloff, H.J., Nisan, N.: Algebraic methods for interactive proof systems. J. ACM 39(4), 859–868 (1992)
    Google ScholarLocate open access versionFindings
  • Micali, S.: Computationally sound proofs. SIAM J. Comput. 30(4), 1253–1298 (2000); Extended abstract in FOCS (1994)
    Google ScholarLocate open access versionFindings
  • Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003)
    Google ScholarLocate open access versionFindings
  • Parno, B., Gentry, C., Howell, J., Raykova, M.: Pinocchio: Nearly practical verifiable computation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2013)
    Google ScholarLocate open access versionFindings
  • Parno, B., Raykova, M., Vaikuntanathan, V.: How to delegate and verify in public: Verifiable computation from attribute-based encryption. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 422–439.
    Google ScholarLocate open access versionFindings
  • Setty, S., Vu, V., Panpalia, N., Braun, B., Blumberg, A.J., Walfish, M.: Taking proof-based verified computation a few steps closer to practicality. In: Proceedings of USENIX Security (August 2012)
    Google ScholarLocate open access versionFindings
  • Shamir, A.: IP = PSPACE. J. ACM 39(4), 869–877 (1992)
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科