Linear Algebra with Sub-linear Zero-Knowledge Arguments

Slides:



Advertisements
Similar presentations
Perfect Non-interactive Zero-Knowledge for NP
Advertisements

Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.
Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
Short Non-interactive Zero-Knowledge Proofs
A Verifiable Secret Shuffle of Homomorphic Encryptions Jens Groth UCLA On ePrint archive:
Multi-Query Computationally-Private Information Retrieval with Constant Communication Rate Jens Groth, University College London Aggelos Kiayias, University.
Low-End Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Ronen Shaltiel, University of Haifa Chris Umans, Caltech.
Efficient Zero-Knowledge Argument for Correctness of a Shuffle Stephanie Bayer University College London Jens Groth University College London.
Are PCPs Inherent in Efficient Arguments? Guy Rothblum, MIT ) MSR-SVC ) IAS Salil Vadhan, Harvard University.
Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.
Statistical Zero-Knowledge Arguments for NP from Any One-Way Function Salil Vadhan Minh Nguyen Shien Jin Ong Harvard University.
On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.
Inaccessible Entropy Iftach Haitner Microsoft Research Omer Reingold Weizmann & Microsoft Hoeteck Wee Queens College, CUNY Salil Vadhan Harvard University.
Efficient Non-Interactive Zero Knowledge Arguments for Set Operations Prastudy Fauzi, Helger Lipmaa, Bingsheng Zhang University of Tartu, University of.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
Probabilistically checkable proofs, hidden random bits and non-interactive zero-knowledge proofs Jens Groth University College London TexPoint fonts used.
Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Sigma Protocols and (Non-Interactive) Zero Knowledge.
Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle Jens Groth University College London Yuval Ishai Technion and University of California.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London FOSAD 2014.
Slide 1 Vitaly Shmatikov CS 380S Introduction to Zero-Knowledge.
Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.
Non-interactive Zaps and New Techniques for NIZK Jens Groth Rafail Ostrovsky Amit Sahai University of California Los Angeles.
A Parallel Repetition Theorem for Any Interactive Argument Iftach Haitner Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
One-out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin Jens Groth University College London Markulf Kohlweiss Microsoft Research TexPoint fonts.
Ring Signatures of Sub- linear Size without Random Oracles Nishanth Chandran Jens Groth Amit Sahai University of California Los Angeles TexPoint fonts.
Oblivious Transfer based on the McEliece Assumptions
Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
Efficient Maximal Privacy in Boardroom Voting and Anonymous Broadcast Jens Groth BRICS, University of Aarhus Cryptomathic A/S.
Sub-linear Size Pairing-Based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint.
Gaussians Pieter Abbeel UC Berkeley EECS Many slides adapted from Thrun, Burgard and Fox, Probabilistic Robotics TexPoint fonts used in EMF. Read the TexPoint.
Linear Algebra with Sub-linear Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual before.
PRESENTED BY CHRIS ANDERSON JULY 29, 2009 Using Zero Knowledge Proofs to Validate Electronic Votes.
Fine-Tuning Groth-Sahai Proofs Alex Escala Scytl Secure Electronic Voting Jens Groth University College London.
Dr. Mubashir Alam King Saud University. Outline Systems of Linear Equations (6.1) Matrix Arithmetic (6.2) Arithmetic Operations (6.2.1) Elementary Row.
Efficient Zero-Knowledge Proofs Jens Groth University College London.
SANDRA GUASCH CASTELLÓ PHD EVOTING WORKSHOP LUXEMBOURG, 15-16/10/2012 SUPERVISOR: PAZ MORILLO BOSCH Verifiable Mixnets.
Co. Chapter 3 Determinants Linear Algebra. Ch03_2 Let A be an n  n matrix and c be a nonzero scalar. (a)If then |B| = …….. (b)If then |B| = …..... (c)If.
Zero-Knowledge Argument for Polynomial Evaluation with Applications to Blacklists Stephanie Bayer Jens Groth University College London TexPoint fonts used.
New Techniques for NIZK Jens Groth Rafail Ostrovsky Amit Sahai University of California Los Angeles.
Probabilistic verification Mario Szegedy, Rutgers www/cs.rutgers.edu/~szegedy/07540 Lecture 1.
Pairing-Based Non-interactive Zero-Knowledge Proofs Jens Groth University College London Based on joint work with Amit Sahai.
Linear, Nonlinear, and Weakly-Private Secret Sharing Schemes
Cryptographic Shuffles Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAAAAAAA.
2.1 Matrix Operations 2. Matrix Algebra. j -th column i -th row Diagonal entries Diagonal matrix : a square matrix whose nondiagonal entries are zero.
Zero Knowledge r Two parties:  All powerful prover P  Polynomially bounded verifier V r P wants to prove a statement to V with the following properties:
Feige-Fiat-Shamir Zero Knowledge Proof Based on difficulty of computing square roots mod a composite n Given two large primes p, q and n=p * q, computing.
IP, (NON)ISOGRAPH and Zero Knowledge Protocol COSC 6111 Advanced Algorithm Design and Analysis Daniel Stübig.
Topic 36: Zero-Knowledge Proofs
Computer Science 210 Computer Organization
On the Size of Pairing-based Non-interactive Arguments
MPC and Verifiable Computation on Committed Data
Jens Groth, University College London
Zero Knowledge Anupam Datta CMU Fall 2017
Online/Offline OR Composition of ∑-Protocols
Perfect Non-interactive Zero-Knowledge for NP
cryptographic protocols 2014, lecture 14 Groth-Sahai proofs
Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces
A shuffle argument secure in the generic model
cryptographic protocols 2014, lecture 12 Getting full zero knowledge
The Communication Complexity of Distributed Set-Joins
cryptographic protocols 2016, lecture 16 Groth-Sahai proofs
Start by talking about lattice assumption on which protocol is based
Short Pairing-based Non-interactive Zero-Knowledge Arguments
Impossibility of SNARGs
Zero-Knowledge Proofs
Towards a Classification of Non-interactive Computational Assumptions in Cyclic Groups Essam Ghadafi University of the West of England Jens Groth University.
Jens Groth and Mary Maller University College London
Presentation transcript:

Linear Algebra with Sub-linear Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAAAAAAA

Motivation Why does Victor want to know my password, bank statement, etc.? Did Peggy honestly follow the protocol? No! Show me all your inputs! Peggy Victor

Zero-knowledge argument Statement Zero-knowledge: Nothing but truth revealed Witness Soundness: Statement is true Prover Verifier 

Statements Mathematical theorem: 2+2=4 Identification: I am me! Verification: I followed the protocol correctly. Anything: X belongs to NP-language L

Our contribution Perfect completeness Perfect (honest verifier) zero-knowledge Computational soundness Discrete logarithm problem Efficient Rounds Communication Prover comp. Verifier comp. O(1) O(√N) group elements ω(N) expos/mults O(N) mults O(log N) O(N) expos/mults

Which NP-language L? Circuit Satisfiability! Anonymous Proxy Group Voting! George the Generalist Sarah the Specialist

Linear algebra Great, it is NP-complete If I store votes as vectors and add them... George the Generalist Sarah the Specialist

Statements Rounds Communication Prover comp. Verifier comp. O(1) O(n) group elements ω(n2) expos O(n2) mults O(log n) O(n2) expos

Levels of statements Circuit satisfiability Known

Reduction 1 Circuit satisfiability See paper

Reduction 2 Example:

Reduction 3 commit Peggy Victor

Pedersen commitment Computationally binding Perfectly hiding Computational soundness Computationally binding Discrete logarithm hard Perfectly hiding Only 1 group element to commit to n elements Only n group elements to commit to n rows of matrix Perfect zero-knowledge Sub-linear size

Pedersen commitment Homomorphic So

Example of reduction 3 commit

Reduction 4 commit

Product

Example of reduction 4 Statement: Commitments to Peggy → Victor: Commits to diagonal sums Peggy ← Victor: Challenge New statement: Soundness: For the sm parts to match for random s it must be that

Reducing prover’s computation Computing diagonal sums requires ω(mn) multiplications With 2log m rounds prover only uses O(mn) multiplications Rounds Comm. Prover comp. Verifier comp. 2 2m group m2n mult 4m expo 2log m 2log m group 4mn mult 2m expo

Basic step Known Rounds Communication Prover comp. Verifier comp. 3 2n elements 2n expos n expos

Conclusion Rounds Comm. Prover comp. Verifier comp. 3 2n group 2n expo 5 2n+2m group m2n mult 4m+n expo 2log m+3 4mn mult 2m+n expo Upper triangular 6 4n group n3 add 5n expo 2log n+4 6n2 mult 3n expo Arithmetic circuit 7 O(√N) group O(N√N) mult O(N) mult log N + 5 O(N) expo Binary circuit O(N√N) add

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.