NIR BITANSKY, OMER PANETH, ALON ROSEN ON THE CRYPTOGRAPHIC HARDNESS OF FINDING A NASH EQUILIBRIUM.

Slides:

Advertisements

Similar presentations

Impagliazzos Worlds in Arithmetic Complexity: A Progress Report Scott Aaronson and Andrew Drucker MIT 100% QUANTUM-FREE TALK (FROM COWS NOT TREATED WITH.

Advertisements

On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.

1 A Graph-Theoretic Network Security Game M. Mavronicolas , V. Papadopoulou , A. Philippou  and P. Spirakis § University of Cyprus, Cyprus  University.

The Complexity of Zero-Knowledge Proofs Salil Vadhan Harvard University.

Bilinear Games: Polynomial Time Algorithms for Rank Based Subclasses Ruta Mehta Indian Institute of Technology, Bombay Joint work with Jugal Garg and Albert.

6.896: Topics in Algorithmic Game Theory Lecture 8 Constantinos Daskalakis.

COMP 553: Algorithmic Game Theory Fall 2014 Yang Cai Lecture 21.

Computation of Nash Equilibrium Jugal Garg Georgios Piliouras.

Yesterday Walras-Arrow-Debreu equilibria require centralized price determination Decentralized exchange models… –Generate market-clearing prices that are.

REDUCTION-RESILIENT CRYPTOGRAPHY: PRIMITIVES THAT RESIST REDUCTIONS FROM ALL STANDARD ASSUMPTIONS Daniel Wichs (Charles River Crypto Day ‘12)

1 Vipul Goyal Abhishek Jain UCLA On the Round Complexity of Covert Computation.

11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.

Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen.

Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.

On the Composition of Public- Coin Zero-Knowledge Protocols Rafael Pass (Cornell) Wei-Lung Dustin Tseng (Cornell) Douglas Wiktröm (KTH) 1.

Cryptography and Network Security CSL 759 Shweta Agrawal.

Nir Bitansky and Omer Paneth. Interactive Proofs.

On Virtual Grey-Box Obfuscation for General Circuits Nir Bitansky Ran Canetti Yael Tauman-Kalai Omer Paneth.

COMP 553: Algorithmic Game Theory Fall 2014 Yang Cai Lecture 20.

A Parallel Repetition Theorem for Any Interactive Argument Iftach Haitner Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before.

CRYPTOGRAPHY WHAT IS IT GOOD FOR? Andrej Bogdanov Chinese University of Hong Kong CMSC 5719 | 6 Feb 2012.

1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.

On Bounded Rationality and Computational Complexity Christos Papadimitriou and Mihallis Yannakakis.

Network Formation Games. Netwok Formation Games NFGs model distinct ways in which selfish agents might create and evaluate networks We’ll see two models:

Computing Equilibria Christos H. Papadimitriou UC Berkeley “christos”

Nir Bitansky Ran Canetti Henry Cohn Shafi Goldwasser Yael Tauman-Kalai

On the Implausibility of Differing-Inputs Obfuscation (and Extractable Witness Encryption) with Auxiliary Input Daniel Wichs (Northeastern U) with: Sanjam.

On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.

Network Formation Games. Netwok Formation Games NFGs model distinct ways in which selfish agents might create and evaluate networks We’ll see two models:

Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.

Foundations of Cryptography Rahul Jain CS6209, Jan – April 2011

6.896: Topics in Algorithmic Game Theory Lecture 7 Constantinos Daskalakis.

Shai Halevi – IBM Research PKC 2014 Multilinear Maps and Obfuscation A Survey of Recent Results.

Computing Equilibria Christos H. Papadimitriou UC Berkeley “christos”

1 CIS 5371 Cryptography 3. Private-Key Encryption and Pseudorandomness B ased on: Jonathan Katz and Yehuda Lindel Introduction to Modern Cryptography.

CS 4/585: Cryptography Tom Shrimpton FAB

6.853: Topics in Algorithmic Game Theory Fall 2011 Constantinos Daskalakis Lecture 11.

Client-Server Concurrent Zero Knowledge with Constant Rounds and Guaranteed Complexity Ran Canetti, Abhishek Jain and Omer Paneth 1.

Ásbjörn H Kristbjörnsson1 The complexity of Finding Nash Equilibria Ásbjörn H Kristbjörnsson Algorithms, Logic and Complexity.

On the Complexity of Search Problems George Pierrakos Mostly based on: On the Complexity of the Parity Argument and Other Insufficient Proofs of Existence.

Nir Bitansky and Omer Paneth. Program Obfuscation.

Witness Encryption and Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption Craig Gentry IBM Allison Lewko Columbia Amit.

Lower Bounds on Assumptions behind Indistinguishability Obfuscation

Based on work with: Sergey Gorbunov and Vinod Vaikuntanathan Homomorphic Commitments & Signatures Daniel Wichs Northeastern University.

CRYPTOGRAPHY AND NP-HARDNESS Andrej Bogdanov Chinese University of Hong Kong MACS Foundations of Cryptography| January 2016.

CRYPTOGRAPHIC HARDNESS OTHER FUNCTIONALITIES Andrej Bogdanov Chinese University of Hong Kong MACS Foundations of Cryptography| January 2016.

Boaz Barak, Nir Bitansky, Ran Canetti, Yael Tauman Kalai, Omer Paneth, Amit Sahai.

6.853: Topics in Algorithmic Game Theory Fall 2011 Constantinos Daskalakis Lecture 8.

Ilya Mironov, Omkant Pandey, Omer Reingold, Gil Segev Microsoft Research.

Parameterized Two-Player Nash Equilibrium Danny Hermelin, Chien-Chung Huang, Stefan Kratsch, and Magnus Wahlstrom..

Fine Grained Hardness in Cryptography Omer Reingold SRA.

6.853: Topics in Algorithmic Game Theory Fall 2011 Constantinos Daskalakis Lecture 9.

Verifiable Outsourcing of Computation Ron Rothblum.

The Many Faces of Garbled Circuits MIT Vinod Vaikuntanathan.

Lower Bounds on Assumptions behind Indistinguishability Obfuscation

Spring School on Lattice-Based Crypto, Oxford

iO with Exponential Efficiency

COMP/MATH 553: Algorithmic Game Theory

CS154, Lecture 18:.

COMP 553: Algorithmic Game Theory

Our Current Knowledge of Knowledge Assumptions

Historical Note von Neumann’s original proof (1928) used Brouwer’s fixed point theorem. Together with Danzig in 1947 they realized the above connection.

A Generic Approach for Constructing Verifiable Random Functions

CAS CS 538 Cryptography.

Cryptography for Quantum Computers

The Journey from NP to TFNP Hardness

Exponential Time Paradigms Through the Polynomial Time Lens

Fiat-Shamir for Highly Sound Protocols is Instantiable

Computing a Nash Equilibrium of a Congestion Game: PLS-completeness

Impossibility of SNARGs

Presentation transcript:

NIR BITANSKY, OMER PANETH, ALON ROSEN ON THE CRYPTOGRAPHIC HARDNESS OF FINDING A NASH EQUILIBRIUM

The Story Line GamesComplexityCrypto

Game Theory and Nash Equilibrium CooperateDefect Cooperate 2 \ 20 \ 3 Defect 3 \ 01 \ 1 [Nash 51]: a (mixed) equilibrium always exists Nash Equilibrium

The CS Perspective A (mixed) equilibrium always exists Can it be computed efficiently? “if your laptop can’t find it, then neither can the market.” [Kamal Jain, eBay]

How hard is finding a Nash Equilibrium?

CD C2 \ 20 \ 3 D3 \ 01 \ 1 Reduction ? ? ?

FNP FP 3SAT TFNP NASH

The Class PPAD [Papadimitriou 94] Totality is proved via “a parity argument in directed graphs” FP TFNP NASH PPAD

The Class PPAD [Papadimitriou 94] EOL PPAD Defined through its complete problem: END-OF-THE-LINE (EOL)

End of the Line Problem (EOL)

… … Exponential size graph:

CD C2 \ 20 \ 3 D3 \ 01 \ 1 Reduction? Reduction [Daskalakis-Goldberg-Papadimitriou 05], [Chen-Deng 05] PPAD and NASH [Papadimitriou 94]

FNP FP 3SAT PPAD NASH EOL BROUWER SPERNER FACTORING DLOG LWE ? Crypto:

PPAD is as hard as breaking indistinguishability obfuscation Cryptographic hardness in PPAD Today

The Story Line GamesComplexity Crypto

Program Obfuscation obfuscated program obfuscator

Ideal Obfuscation [Hada 00, Barak-Goldreich-Impagliazzo-Rudich-Sahai-Vadhan-Yang 01]

Hard EOL Instance from Ideal Obfuscation … … [Folklore, Abbot-Kane-Valiant 04]

Hard EOL Instance from Ideal Obfuscation [Folklore, Abbot-Kane-Valiant 04] … …

Ideal obfuscation is subject to strong lower bounds Hada 00 Barak-Goldreich-Impagliazzo-Rudich-Sahai-Vadhan-Yang 01 Goldwasser-Kalai 05 Bitansky-Canetti-Cohn-Goldwasser-Kalai-P-Rosen 14

Indistinguishability Obfuscation (IO) [Barak-Goldreich-Impagliazzo-Rudich-Sahai-Vadhan-Yang 01] Indistinguishability obfuscation

[Garg-Gentry-Halevi-Raykova-Sahai-Waters 13]: First candidate construction of IO Functional encryption, Deniable encryption, Multiparty key exchange, Efficient traitor tracing, Full Domain Hash, Adaptively secure 2-round MPC, Publicly verifiable delegation, Non- interactive witness indistinguishable proofs, Trapdoor permutations, Constant-rounds concurrent zero-knowledge… [GGHRSW 13, Sahai-Waters 14, … ]:

Main Theorem Assuming sub-exponentially secure IO, The EOL problem is hard. Should we believe in IO?

Hard EOL Instances … …

… … ……

Need To Prove … …

… … … …

… … … …

… … … …

… … … … … … … … … … Step 1: remove a random edge Step 2: modify a node with in-degree 0 Step 2 …

A Useful Lemma

Proof of Lemma (using ideas from [SW14]) using IO

Proof of Lemma using IO

Step 1 - Proof … … … … Step 1: remove a random edge

Step 2 - Proof … … … … Step 2: modify a node with in-degree 0 pseudorandom

Puncturable Pseudorandom Functions [Boneh-Waters 13, Boyle-Goldwasser-Ivan 13, Sahai-Waters 14]

Puncturable Pseudorandom Functions [Boneh-Waters 13, Boyle-Goldwasser-Ivan 13, Sahai-Waters 14]

Step 2 - Proof … … … … By IO and puncturing … … By Lemma

… … … …

The Problem of Going Backwards … … … … Step 2: modify a node with in-degree 0

Solution [Abbot-Kane-Valiant 04] Idea: reversible computation [Bennet 84] : Any sequential computation can be simulated in a reversible way, with low overhead

Reversible Computation ……

CD C2 \ 20 \ 3 D3 \ 01 \ 1 multi-linear maps lattices

Security of IO and Multi-Linear Maps Garg-Gentry-Halevi-Raykova-Sahai-Waters 13, Brakerski- Rothblum 14, Barak-Garg-Kalai-P-Sahai 14, Brakerski- Applebaum 15, Zimmerman 15, Pass-Seth-Telang 14, Gentry-Lewko-Sahai-Waters 14, Cheon-Han-Lee-Ryu-Stehlé 14, Boneh-Wu-Zimmerman 14, Gentry-Halevi-Maji-Sahai 14, Coron-Lepoint-Tibouchi 14, Gentry-Halevi-Gorbunov 15, Ananth-Jain 15, Bitansky-Vaikuntanathan 15 …

CD C2 \ 20 \ 3 D3 \ 01 \ 1 multi-linear maps lattices Thanks!