Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linear Algebra with Sub-linear Zero-Knowledge Arguments

Published byJulius Arnold Modified over 6 years ago

Similar presentations

Presentation on theme: "Linear Algebra with Sub-linear Zero-Knowledge Arguments"— Presentation transcript:

1 Linear Algebra with Sub-linear Zero-Knowledge Arguments
Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAAAAAAA

2 Motivation Why does Victor want to know my password, bank statement, etc.? Did Peggy honestly follow the protocol? No! Show me all your inputs! Peggy Victor

3 Zero-knowledge argument
Statement Zero-knowledge: Nothing but truth revealed Witness Soundness: Statement is true Prover Verifier

4 Statements Mathematical theorem: 2+2=4 Identification: I am me!
Verification: I followed the protocol correctly. Anything: X belongs to NP-language L

5 Our contribution Perfect completeness
Perfect (honest verifier) zero-knowledge Computational soundness Discrete logarithm problem Efficient Rounds Communication Prover comp. Verifier comp. O(1) O(√N) group elements ω(N) expos/mults O(N) mults O(log N) O(N) expos/mults

6 Which NP-language L? Circuit Satisfiability!
Anonymous Proxy Group Voting! George the Generalist Sarah the Specialist

7 Linear algebra Great, it is NP-complete
If I store votes as vectors and add them... George the Generalist Sarah the Specialist

8 Statements Rounds Communication Prover comp. Verifier comp. O(1)
O(n) group elements ω(n2) expos O(n2) mults O(log n) O(n2) expos

9 Levels of statements Circuit satisfiability Known

10 Reduction 1 Circuit satisfiability See paper

11 Reduction 2 Example:

12 Reduction 3 commit Peggy Victor

13 Pedersen commitment Computationally binding Perfectly hiding
Computational soundness Computationally binding Discrete logarithm hard Perfectly hiding Only 1 group element to commit to n elements Only n group elements to commit to n rows of matrix Perfect zero-knowledge Sub-linear size

14 Pedersen commitment Homomorphic So

15 Example of reduction 3 commit

16 Reduction 4 commit

17 Product

18 Example of reduction 4 Statement: Commitments to
Peggy → Victor: Commits to diagonal sums Peggy ← Victor: Challenge New statement: Soundness: For the sm parts to match for random s it must be that

19 Reducing prover’s computation
Computing diagonal sums requires ω(mn) multiplications With 2log m rounds prover only uses O(mn) multiplications Rounds Comm. Prover comp. Verifier comp. 2 2m group m2n mult 4m expo 2log m 2log m group 4mn mult 2m expo

20 Basic step Known Rounds Communication Prover comp. Verifier comp. 3
2n elements 2n expos n expos

21 Conclusion Rounds Comm. Prover comp. Verifier comp. 3 2n group 2n expo
5 2n+2m group m2n mult 4m+n expo 2log m+3 4mn mult 2m+n expo Upper triangular 6 4n group n3 add 5n expo 2log n+4 6n2 mult 3n expo Arithmetic circuit 7 O(√N) group O(N√N) mult O(N) mult log N + 5 O(N) expo Binary circuit O(N√N) add

Download ppt "Linear Algebra with Sub-linear Zero-Knowledge Arguments"

Similar presentations

Perfect Non-interactive Zero-Knowledge for NP

Perfect Non-interactive Zero-Knowledge for NP
Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.

Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.
Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.

Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
Short Non-interactive Zero-Knowledge Proofs

Short Non-interactive Zero-Knowledge Proofs
A Verifiable Secret Shuffle of Homomorphic Encryptions Jens Groth UCLA On ePrint archive:

A Verifiable Secret Shuffle of Homomorphic Encryptions Jens Groth UCLA On ePrint archive:
Multi-Query Computationally-Private Information Retrieval with Constant Communication Rate Jens Groth, University College London Aggelos Kiayias, University.

Multi-Query Computationally-Private Information Retrieval with Constant Communication Rate Jens Groth, University College London Aggelos Kiayias, University.
Low-End Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Ronen Shaltiel, University of Haifa Chris Umans, Caltech.

Low-End Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Ronen Shaltiel, University of Haifa Chris Umans, Caltech.
Efficient Zero-Knowledge Argument for Correctness of a Shuffle Stephanie Bayer University College London Jens Groth University College London.

Efficient Zero-Knowledge Argument for Correctness of a Shuffle Stephanie Bayer University College London Jens Groth University College London.
Are PCPs Inherent in Efficient Arguments? Guy Rothblum, MIT ) MSR-SVC ) IAS Salil Vadhan, Harvard University.

Are PCPs Inherent in Efficient Arguments? Guy Rothblum, MIT ) MSR-SVC ) IAS Salil Vadhan, Harvard University.
Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.

Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.
Statistical Zero-Knowledge Arguments for NP from Any One-Way Function Salil Vadhan Minh Nguyen Shien Jin Ong Harvard University.

Statistical Zero-Knowledge Arguments for NP from Any One-Way Function Salil Vadhan Minh Nguyen Shien Jin Ong Harvard University.
On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.

On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.
Inaccessible Entropy Iftach Haitner Microsoft Research Omer Reingold Weizmann & Microsoft Hoeteck Wee Queens College, CUNY Salil Vadhan Harvard University.

Inaccessible Entropy Iftach Haitner Microsoft Research Omer Reingold Weizmann & Microsoft Hoeteck Wee Queens College, CUNY Salil Vadhan Harvard University.
Efficient Non-Interactive Zero Knowledge Arguments for Set Operations Prastudy Fauzi, Helger Lipmaa, Bingsheng Zhang University of Tartu, University of.

Efficient Non-Interactive Zero Knowledge Arguments for Set Operations Prastudy Fauzi, Helger Lipmaa, Bingsheng Zhang University of Tartu, University of.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
Probabilistically checkable proofs, hidden random bits and non-interactive zero-knowledge proofs Jens Groth University College London TexPoint fonts used.

Probabilistically checkable proofs, hidden random bits and non-interactive zero-knowledge proofs Jens Groth University College London TexPoint fonts used.
Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Sigma Protocols and (Non-Interactive) Zero Knowledge.

Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Sigma Protocols and (Non-Interactive) Zero Knowledge.
Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle Jens Groth University College London Yuval Ishai Technion and University of California.

Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle Jens Groth University College London Yuval Ishai Technion and University of California.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London FOSAD 2014.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London FOSAD 2014.

Similar presentations

Ads by Google