Delegation with (nearly) optimal time/space overhead Justin - PowerPoint PPT Presentation

Talk Outline NOT proving NS-soundness of BFLS for deterministic circuits Part 1: Turing / RAM Machines (non-succinct) deterministic circuits Part 2: (part of) BFLS prover efficiency despite non- succinctness.

Turing Machines as Circuits tape TM Configuration

Turing Machines as Circuits tape TM Configuration

Turing Machines as Circuits tape TM Configuration

Turing Machines as Circuits … tape TM Configuration

Turing Machines as Circuits Config T-1 … … Config 1 tape Config 0 TM Configuration Transcript / Circuit

Turing Machines as Circuits Config T-1 … … Config 1 tape Config 0 TM Configuration Transcript / Circuit

RAM Machines as Circuits Configuration:

RAM Machines as Circuits Configuration: (diameter log S) leaves = memory

RAM Machines as Circuits Configuration: (diameter log S) leaves = memory

RAM Machines as Circuits Configuration: (diameter log S) leaves = memory

RAM Machines as Circuits Configuration: (diameter log S) leaves = memory

RAM Machines as Circuits Configuration: (diameter log S) leaves = memory Important for BFLS: 
 Graph is “regular”!

RAM Machines as Circuits Transcript / Circuit: Configuration: (diameter log S) Config T-1 … leaves = memory Config 1 Config 0 Important for BFLS: 
 Graph is “regular”!

RAM Machines as Circuits Transcript / Circuit: Configuration: (diameter log S) Config T-1 … leaves = memory Config 1 Config 0 Important for BFLS: 
 Graph is “regular”!

RAM Machines as Circuits no routing networks! Transcript / Circuit: Configuration: (diameter log S) Config T-1 … leaves = memory Config 1 Config 0 Important for BFLS: 
 Graph is “regular”!

RAM Machines as Circuits no Merkle trees! no routing networks! Transcript / Circuit: Configuration: (diameter log S) Config T-1 … leaves = memory Config 1 Config 0 Important for BFLS: 
 Graph is “regular”!

The PCP (BFLS) Part 1: Multilinear extension

The PCP (BFLS) Part 1: Multilinear extension f : { 0 , 1 } m → F Let be any function.

The PCP (BFLS) Part 1: Multilinear extension f : { 0 , 1 } m → F Let be any function. 0 0 0 1

The PCP (BFLS) Part 1: Multilinear extension multilinear f : { 0 , 1 } m → F Let f : F m → F ˆ be any function. 0 -2 -4 -6 0 -1 -2 -3 0 0 0 0 0 0 0 1 3 2 0 1

The PCP (BFLS) Part 1: Multilinear extension multilinear f : { 0 , 1 } m → F Let f : F m → F ˆ be any function. 0 -2 -4 -6 0 -1 -2 -3 0 0 0 0 0 0 0 1 3 2 0 1 ˆ f ( x ) · ˆ X f ( ) = 1 x ( ) x ∈ { 0 , 1 } m

The PCP (BFLS) Part 1: Multilinear extension multilinear f : { 0 , 1 } m → F Let f : F m → F ˆ be any function. 0 -2 -4 -6 0 -1 -2 -3 0 0 0 0 0 0 0 1 3 2 0 1 “funny x” ∈ F m ˆ f ( x ) · ˆ X f ( ) = 1 x ( ) x ∈ { 0 , 1 } m

The PCP (BFLS) Part 1: Multilinear extension multilinear f : { 0 , 1 } m → F Let f : F m → F ˆ be any function. 0 -2 -4 -6 0 -1 -2 -3 0 0 0 0 0 0 0 1 3 2 0 1 “funny x” ∈ F m ˆ f ( x ) · ˆ X f ( ) = 1 x ( ) x ∈ { 0 , 1 } m “bold x” ∈ { 0 , 1 } m

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript sum sum

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x sum sum

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x sum sum

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x Config 0 sum sum

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x Config 0 sum sum

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x 3 Config 0 sum sum

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x Config 0 sum sum 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x 1 Config 0 sum sum 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x 2 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x 2 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x 2 2 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x 2 2 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x 2 2 5 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x 5 2 2 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x Config 1 5 2 2 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x Config 1 5 2 2 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x Config 1 5 13 2 2 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x Config 1 5 13 2 2 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x was 3, 
 now 0 Config 1 5 13 2 2 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x was 3, 
 now 0 -3 Config 1 5 13 2 2 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x was 3, 
 now 0 Config 1 5 13 2 2 -3 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x was 3, 
 now 0 Config 1 5 13 2 10 2 -3 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x was 3, 
 now 0 Config 2 Config 1 5 13 2 10 2 -3 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x was 1, 
 was 3, 
 now 2 now 0 Config 2 Config 1 5 13 2 10 2 -3 Config 0 sum sum 1 3

Prover Efficiency C : { 0 , 1 } t + s → { 0 , 1 } ˆ 1. Evaluating extension of transcript ˆ C ( y , x ) · ˆ X C ( , ) = 1 y , x ( , ) y , x was 1, 
 was 3, 
 now 2 now 0 +1 Config 2 Config 1 5 13 2 10 2 -3 Config 0 sum sum 1 3