Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linear Algebra with Sub-linear Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual before.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Linear Algebra with Sub-linear Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual before."— Presentation transcript:

1 Linear Algebra with Sub-linear Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A AAAAA A A A A A A

2 Motivation PeggyVictor Why does Victor want to know my password, bank statement, etc.? Did Peggy honestly follow the protocol? Show me all your inputs! No!

3 Zero-knowledge argument Statement ProverVerifier Witness  Soundness: Statement is true Zero-knowledge: Nothing but truth revealed

4 Statements Mathematical theorem: 2+2=4 Identification: I am me! Verification: I followed the protocol correctly. Anything: X belongs to NP-language L

5 Our contribution Perfect completeness Perfect (honest verifier) zero-knowledge Computational soundness –Discrete logarithm problem Efficient RoundsCommunicationProver comp.Verifier comp. O(1)O(√N) group elementsω(N) expos/multsO(N) mults O(log N)O(√N) group elementsO(N) expos/multsO(N) mults

6 Which NP-language L? George the Generalist Sarah the Specialist Circuit Satisfiability! Anonymous Proxy Group Voting!

7 Linear algebra George the Generalist Sarah the Specialist Great, it is NP-complete If I store votes as vectors and add them...

8 Statements RoundsCommunicationProver comp.Verifier comp. O(1)O(n) group elementsω(n 2 ) exposO(n 2 ) mults O(log n)O(n) group elementsO(n 2 ) exposO(n 2 ) mults

9 Levels of statements Circuit satisfiability Known

10 Reduction 1 Circuit satisfiability See paper

11 Reduction 2 Example:

12 commit Reduction 3 Peggy Victor

13 Pedersen commitment Computationally binding –Discrete logarithm hard Perfectly hiding Only 1 group element to commit to n elements Only n group elements to commit to n rows of matrix Computational soundness Perfect zero- knowledge Sub-linear size

14 Pedersen commitment Homomorphic So

15 Example of reduction 3 commit

16 Reduction 4 commit

17 Product

18 Example of reduction 4 Statement: Commitments to Peggy → Victor: Commits to diagonal sums Peggy ← Victor: Challenge New statement: Soundness: For the s m parts to match for random s it must be that

19 Reducing prover’s computation Computing diagonal sums requires ω(mn) multiplications With 2log m rounds prover only uses O(mn) multiplications RoundsComm.Prover comp.Verifier comp. 22m groupm 2 n mult4m expo 2log m2log m group4mn mult2m expo

20 Basic step Known RoundsCommunicationProver comp.Verifier comp. 32n elements2n exposn expos

21 Conclusion RoundsComm.Prover comp.Verifier comp. 32n group2n expon expo 52n+2m groupm 2 n mult4m+n expo 2log m+32n group4mn mult2m+n expo Upper triangular64n groupn 3 add5n expo Upper triangular2log n+42n group6n 2 mult3n expo Arithmetic circuit7O(√N) groupO(N√N) multO(N) mult Arithmetic circuitlog N + 5O(√N) groupO(N) expoO(N) mult Binary circuit7O(√N) groupO(N√N) addO(N) mult Binary circuitlog N + 5O(√N) groupO(N) mult

Download ppt "Linear Algebra with Sub-linear Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual before."

Similar presentations

Perfect Non-interactive Zero-Knowledge for NP

Perfect Non-interactive Zero-Knowledge for NP
Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.

Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.
Non-interactive Zero- Knowledge Arguments for Voting Jens Groth UCLA.

Non-interactive Zero- Knowledge Arguments for Voting Jens Groth UCLA.
Short Non-interactive Zero-Knowledge Proofs

Short Non-interactive Zero-Knowledge Proofs
A Verifiable Secret Shuffle of Homomorphic Encryptions Jens Groth UCLA On ePrint archive:

A Verifiable Secret Shuffle of Homomorphic Encryptions Jens Groth UCLA On ePrint archive:
Multi-Query Computationally-Private Information Retrieval with Constant Communication Rate Jens Groth, University College London Aggelos Kiayias, University.

Multi-Query Computationally-Private Information Retrieval with Constant Communication Rate Jens Groth, University College London Aggelos Kiayias, University.
Efficient Zero-Knowledge Argument for Correctness of a Shuffle Stephanie Bayer University College London Jens Groth University College London.

Efficient Zero-Knowledge Argument for Correctness of a Shuffle Stephanie Bayer University College London Jens Groth University College London.
Are PCPs Inherent in Efficient Arguments? Guy Rothblum, MIT ) MSR-SVC ) IAS Salil Vadhan, Harvard University.

Are PCPs Inherent in Efficient Arguments? Guy Rothblum, MIT ) MSR-SVC ) IAS Salil Vadhan, Harvard University.
Sublinear Algorithms 1 3 2 … Lecture 23: April 20.

Sublinear Algorithms … Lecture 23: April 20.
Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.

Efficient Non-interactive Proof Systems for Bilinear Groups Jens Groth University College London Amit Sahai University of California Los Angeles TexPoint.
Secure Linear Algebra against Covert or Unbounded Adversaries Payman Mohassel and Enav Weinreb UC Davis CWI.

Secure Linear Algebra against Covert or Unbounded Adversaries Payman Mohassel and Enav Weinreb UC Davis CWI.
On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.

On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.
Applied Informatics Štefan BEREŽNÝ

Applied Informatics Štefan BEREŽNÝ
Efficient Non-Interactive Zero Knowledge Arguments for Set Operations Prastudy Fauzi, Helger Lipmaa, Bingsheng Zhang University of Tartu, University of.

Efficient Non-Interactive Zero Knowledge Arguments for Set Operations Prastudy Fauzi, Helger Lipmaa, Bingsheng Zhang University of Tartu, University of.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
Probabilistically checkable proofs, hidden random bits and non-interactive zero-knowledge proofs Jens Groth University College London TexPoint fonts used.

Probabilistically checkable proofs, hidden random bits and non-interactive zero-knowledge proofs Jens Groth University College London TexPoint fonts used.
Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Sigma Protocols and (Non-Interactive) Zero Knowledge.

Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Sigma Protocols and (Non-Interactive) Zero Knowledge.
Optimistic Concurrent Zero-Knowledge Alon Rosen IDC Herzliya abhi shelat University of Virginia.

Optimistic Concurrent Zero-Knowledge Alon Rosen IDC Herzliya abhi shelat University of Virginia.
Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle Jens Groth University College London Yuval Ishai Technion and University of California.

Sub-linear Zero-Knowledge Argument for Correctness of a Shuffle Jens Groth University College London Yuval Ishai Technion and University of California.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Similar presentations

Ads by Google