Cynthia Dwork Moni Naor Guy Rothblum

Slides:

Advertisements

Similar presentations

Perfect Non-interactive Zero-Knowledge for NP

Advertisements

Low-End Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Ronen Shaltiel, University of Haifa Chris Umans, Caltech.

Lower Bounds for Non-Black-Box Zero Knowledge Boaz Barak (IAS*) Yehuda Lindell (IBM) Salil Vadhan (Harvard) *Work done while in Weizmann Institute. Short.

Are PCPs Inherent in Efficient Arguments? Guy Rothblum, MIT ) MSR-SVC ) IAS Salil Vadhan, Harvard University.

Parallel Repetition of Two Prover Games Ran Raz Weizmann Institute and IAS.

Statistical Zero-Knowledge Arguments for NP from Any One-Way Function Salil Vadhan Minh Nguyen Shien Jin Ong Harvard University.

On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.

Derandomization & Cryptography Boaz Barak, Weizmann Shien Jin Ong, MIT Salil Vadhan, Harvard.

Foundations of Cryptography Lecture 2: One-way functions are essential for identification. Amplification: from weak to strong one-way function Lecturer:

Inaccessible Entropy Iftach Haitner Microsoft Research Omer Reingold Weizmann & Microsoft Hoeteck Wee Queens College, CUNY Salil Vadhan Harvard University.

Inaccessible Entropy Iftach Haitner Microsoft Research Omer Reingold Weizmann Institute Hoeteck Wee Queens College, CUNY Salil Vadhan Harvard University.

Quantum Information and the PCP Theorem Ran Raz Weizmann Institute.

Secure Computation of Linear Algebraic Functions

Cryptography and Game Theory: Designing Protocols for Exchanging Information Gillat Kol and Moni Naor.

Efficient Non-Interactive Zero Knowledge Arguments for Set Operations Prastudy Fauzi, Helger Lipmaa, Bingsheng Zhang University of Tartu, University of.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Computational Complexity & Differential Privacy Salil Vadhan Harvard University Joint works with Cynthia Dwork, Kunal Talwar, Andrew McGregor, Ilya Mironov,

Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.

How to Delegate Computations: The Power of No-Signaling Proofs Ron Rothblum Weizmann Institute Joint work with Yael Kalai and Ran Raz.

Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.

Probabilistically Checkable Arguments Yael Tauman Kalai Microsoft Research Ran Raz Weizmann Institute.

Immunizing Encryption Schemes from Decryption Errors Cynthia Dwork Moni Naor Omer Reingold Weizmann Institute of ScienceMicrosoft Research.

Non-interactive Zaps and New Techniques for NIZK Jens Groth Rafail Ostrovsky Amit Sahai University of California Los Angeles.

A Parallel Repetition Theorem for Any Interactive Argument Iftach Haitner Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before.

1 Adapted from Oded Goldreich’s course lecture notes.

Perfect and Statistical Secrecy, probabilistic algorithms, Definitions of Easy and Hard, 1-Way FN -- formal definition.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

Analysis of Security Protocols (V) John C. Mitchell Stanford University.

Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung.

Position Based Cryptography* Nishanth Chandran Vipul Goyal Ryan Moriarty Rafail Ostrovsky UCLA CRYPTO ‘09.

1 Zaps and Apps Cynthia Dwork Microsoft Research Moni Naor Weizmann Institute of Science.

Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.

1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.

The Power of Randomness in Computation 呂及人中研院資訊所.

On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.

Lecturer: Moni Naor Foundations of Cryptography Lecture 9: Pseudo-Random Functions and Permutations.

Simons Institute, Cryptography Boot Camp

Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.

Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.

On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.

Succinct Functional Encryption: d Reusable Garbled Circuits and Beyond

Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.

New Techniques for NIZK Jens Groth Rafail Ostrovsky Amit Sahai University of California Los Angeles.

Based on work with: Sergey Gorbunov and Vinod Vaikuntanathan Homomorphic Commitments & Signatures Daniel Wichs Northeastern University.

Andrew Lindell Aladdin Knowledge Systems and Bar-Ilan University 04/08/08 CRYP-106 Efficient Fully-Simulatable Oblivious Transfer.

CRYPTOGRAPHIC HARDNESS OTHER FUNCTIONALITIES Andrej Bogdanov Chinese University of Hong Kong MACS Foundations of Cryptography| January 2016.

Aggelos Kiayias, Nikos Leonardos, Helger Lipmaa, Kateryna Pavlyk, and Qiang Tang FIT 2016, February 6, 2016.

Lecture 20 CSE 331 July 30, Longest path problem Given G, does there exist a simple path of length n-1 ?

Verifiable Outsourcing of Computation Ron Rothblum.

A plausible approach to computer-aided cryptographic proofs (a collection of thoughts) Shai Halevi – May 2005.

Derandomization & Cryptography

Verifiable Oblivious Storage

Four-Round Secure Computation without Setup

Cryptography for Quantum Computers

cryptographic protocols 2014, lecture 12 Getting full zero knowledge

How to Delegate Computations: The Power of No-Signaling Proofs

Rishab Goyal Venkata Koppula Brent Waters

Zcash adds privacy to Bitcoin’s decentralization

Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.

Cryptography Reference: Network Security

Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.

Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.

Non-Trivial Witness Encryption and Null-

Presentation On Bit-Coins.

In the name of God.

Zerocash: Decentralized Anonymized Payments from Bitcoins

Cryptography Lecture 26.

Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.

Presentation transcript:

Cynthia Dwork Moni Naor Guy Rothblum Spooky Interaction and its Discontents: Compilers for Succinct Two-Message Argument Systems Cynthia Dwork Moni Naor Guy Rothblum Micorsoft Research Weizmann Institute Samsung Research

Much shorter than the computation Verification of work Mowing the Lawn Lengthy Computation Goal: Get succinct two (short) message argument for computation based on falsifiable assumptions Much shorter than the computation

Get 2 round succinct verification from PCP + cPIR His and Her Story Aiello, Bhatt, Ostrovsky and Rajagopalan, 2000: made a tantalizing suggestion: Get 2 round succinct verification from PCP + cPIR Dwork, Langberg, Naor, Nissim and Reingold, 2000: problems with such proofs and the techniques used Kalai Raz and Kalai, Raz and R. Rothblum: you can provably achieve the dream, Interactive proofs* No signaling Subexponential assumptions

b𝑖 = FHE _{pk𝑖} (P(𝛼1, 𝛼2, ⋯ 𝛼𝑖)) The Compiler Start with a k round interactive proof (P,V) and any FHE. Verifier uses public coins: 𝛼1, 𝛼2, ⋯ 𝛼𝑘 Compiled V*: Choose public keys pk1, pk2, …, pk𝑘 Encrypt c𝑖 = FHE_{pk𝑖} (𝛼1, 𝛼2, ⋯ 𝛼𝑖) Compiled P*: homomorphically compute b𝑖 = FHE _{pk𝑖} (P(𝛼1, 𝛼2, ⋯ 𝛼𝑖)) Compiled V*: decrypt the b𝑖’s and accept iff V accepts (𝜶𝟏, 𝜷𝟏, 𝜶𝟐, 𝜷𝟐, …, 𝜶𝒌, 𝜷𝒌) 𝛽𝑖

Our Results With any FHE with poly security If the verifier V is log space with no secret storage: compiler works Corollary: can adapt Goldwasser, Kalai and G Rothblum’s interactive proof for NC: obtain two round verification for any NC language Size of proof proportional to depth The compiled protocol fails if the FHE instantiated before protocol is chosen V: commit to r (by encryption) P: guess r V: open commitment and accept if guess was correct For every instantiation of the compiler there exists a protocol that is bad

Verifying Exhaustive Search Application: Bitcoin Mining From blockchain Nonce Suppose you want to run a bitcoin mining pool Each participant searches for a value r such that ℎ(𝑥,𝑟)= 0 50 How to reward failures? How to prove that you are a hard worker? Exhaustive search translates to a shallow circuit Length of argument: depth of h plus log the subset size