interactive proofs
play

Interactive Proofs Lecture 19 And Beyond 1 So far 2 So far IP - PowerPoint PPT Presentation

Oct 18, 2022 •163 likes •1.33k views

Interactive Proofs Lecture 19 And Beyond 1 So far 2 So far IP = PSPACE = AM[poly] 2 So far IP = PSPACE = AM[poly] PSPACE enough to calculate max Pr[yes] 2 So far IP = PSPACE = AM[poly] PSPACE enough to calculate max Pr[yes] AM[poly]

  1. Program Checking and IP PC for L from IP protocols (for L and L c ) L PC must be efficient. Provers may not be Prover Verifier If provers (for L and L c ) are efficient given L-oracle, can construct PC! x P User f(x) or P ! f 8

  2. Program Checking and IP PC for L from IP protocols (for L and L c ) L PC must be efficient. Provers may not be Prover Verifier If provers (for L and L c ) are efficient given L-oracle, can construct PC! x P User f(x) or P ! f 8

  3. Program Checking and IP PC for L from IP protocols (for L and L c ) L PC must be efficient. Provers may not be Prover Verifier If provers (for L and L c ) are efficient given L-oracle, can construct PC! x P User f(x) or P ! f 8

  4. Program Checking and IP PC for L from IP protocols (for L and L c ) L PC must be efficient. Provers may not be Prover Verifier If provers (for L and L c ) are efficient given L-oracle, can construct PC! x Retains completeness and P soundness User f(x) or P ! f 8

  5. Program Checking and IP PC for L from IP protocols (for L and L c ) L PC must be efficient. Provers may not be Prover Verifier If provers (for L and L c ) are efficient given L-oracle, can construct PC! x Retains completeness and P soundness User f(x) or P ! f e.g. For PSPACE-complete L (why?) 8

  6. Program Checking and IP PC for L from IP protocols (for L and L c ) L PC must be efficient. Provers may not be Prover Verifier If provers (for L and L c ) are efficient given L-oracle, can construct PC! x Retains completeness and P soundness User f(x) or P ! f e.g. For PSPACE-complete L (why?) How about Graph Isomorphism? 8

  7. Program Checking for GI 9

  8. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≡ G 1 , try to extract the isomorphism 9

  9. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≡ G 1 , try to extract the isomorphism Pick node v 1 in G 0 . For each node u in G 1 attach a marker (say a large clique) to u and v 1 and ask if the new graphs G 0 ’ and G 1 ’ are isomorphic. 9

  10. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≡ G 1 , try to extract the isomorphism Pick node v 1 in G 0 . For each node u in G 1 attach a marker (say a large clique) to u and v 1 and ask if the new graphs G 0 ’ and G 1 ’ are isomorphic. If P says no for all u in G 1 , report “P bad” 9

  11. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≡ G 1 , try to extract the isomorphism Pick node v 1 in G 0 . For each node u in G 1 attach a marker (say a large clique) to u and v 1 and ask if the new graphs G 0 ’ and G 1 ’ are isomorphic. If P says no for all u in G 1 , report “P bad” Else remember v 1 � u, and continue with v 2 ; keep old markers and use new larger markers to get G 0 ’’ and G 1 ’’ 9

  12. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≡ G 1 , try to extract the isomorphism Pick node v 1 in G 0 . For each node u in G 1 attach a marker (say a large clique) to u and v 1 and ask if the new graphs G 0 ’ and G 1 ’ are isomorphic. If P says no for all u in G 1 , report “P bad” Else remember v 1 � u, and continue with v 2 ; keep old markers and use new larger markers to get G 0 ’’ and G 1 ’’ On finding isomorphism, verify and output G 0 ≡ G 1 9

  13. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≡ G 1 , try to extract the isomorphism Pick node v 1 in G 0 . For each node u in G 1 attach a marker (say a large clique) to u and v 1 and ask if the new graphs G 0 ’ and G 1 ’ are isomorphic. If P says no for all u in G 1 , report “P bad” Else remember v 1 � u, and continue with v 2 ; keep old markers and use new larger markers to get G 0 ’’ and G 1 ’’ On finding isomorphism, verify and output G 0 ≡ G 1 Note: An IP protocol (i.e., NP proof) for GI, where prover is in P GI 9

  14. Program Checking for GI 10

  15. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≢ G 1 , test P similar to in IP protocol for GNI (coke from can/bottle) 10

  16. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≢ G 1 , test P similar to in IP protocol for GNI (coke from can/bottle) Let H = π (G b ) where π is a random permutation and b = 0 or 1 at random 10

  17. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≢ G 1 , test P similar to in IP protocol for GNI (coke from can/bottle) Let H = π (G b ) where π is a random permutation and b = 0 or 1 at random Run P(G 0 ,H) with many such H 10

  18. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≢ G 1 , test P similar to in IP protocol for GNI (coke from can/bottle) Let H = π (G b ) where π is a random permutation and b = 0 or 1 at random Run P(G 0 ,H) with many such H If P says G 0 ≡ H exactly whenever b=0, output G 0 ≢ G 1 10

  19. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≢ G 1 , test P similar to in IP protocol for GNI (coke from can/bottle) Let H = π (G b ) where π is a random permutation and b = 0 or 1 at random Run P(G 0 ,H) with many such H If P says G 0 ≡ H exactly whenever b=0, output G 0 ≢ G 1 Else output “Bad P” 10

  20. Program Checking for GI If P(G 0 ,G 1 ) says G 0 ≢ G 1 , test P similar to in IP protocol for GNI (coke from can/bottle) Let H = π (G b ) where π is a random permutation and b = 0 or 1 at random Run P(G 0 ,H) with many such H If P says G 0 ≡ H exactly whenever b=0, output G 0 ≢ G 1 Else output “Bad P” Note: Prover in the IP protocol for GNI is in P GI 10

  21. Multi-Prover Interactive Proofs 11

  22. Multi-Prover Interactive Proofs Interrogate multiple provers separately 11

  23. Multi-Prover Interactive Proofs Interrogate multiple provers separately Provers can’ t talk to each other during the interrogation (but can agree on a strategy a priori) 11

  24. Multi-Prover Interactive Proofs Interrogate multiple provers separately Provers can’ t talk to each other during the interrogation (but can agree on a strategy a priori) Verifier cross-checks answers from the provers 11

  25. Multi-Prover Interactive Proofs Interrogate multiple provers separately Provers can’ t talk to each other during the interrogation (but can agree on a strategy a priori) Verifier cross-checks answers from the provers 2 provers as good as k provers 11

  26. Multi-Prover Interactive Proofs Interrogate multiple provers separately Provers can’ t talk to each other during the interrogation (but can agree on a strategy a priori) Verifier cross-checks answers from the provers 2 provers as good as k provers MIP = NEXP 11

  27. Multi-Prover Interactive Proofs Interrogate multiple provers separately Provers can’ t talk to each other during the interrogation (but can agree on a strategy a priori) Verifier cross-checks answers from the provers 2 provers as good as k provers MIP = NEXP Parallel repetition theorem highly non-trivial! 11

  28. Probabilistically Checkable Proofs (PCPs) 12

  29. Probabilistically Checkable Proofs (PCPs) Prover submits a (very long) written proof 12

  30. Probabilistically Checkable Proofs (PCPs) Prover submits a (very long) written proof Verifier reads some positions (probabilistically chosen) from the proof and decides to accept or reject 12

  31. Probabilistically Checkable Proofs (PCPs) Prover submits a (very long) written proof Verifier reads some positions (probabilistically chosen) from the proof and decides to accept or reject PCP[r,q]: length of proof 2 r , number of queries q 12

  32. Probabilistically Checkable Proofs (PCPs) Prover submits a (very long) written proof Verifier reads some positions (probabilistically chosen) from the proof and decides to accept or reject PCP[r,q]: length of proof 2 r , number of queries q Intuitively, in MIP, the provers cannot change their strategy (because one does not know what the other sees), so must stick to a prior agreed up on strategy 12

  33. Probabilistically Checkable Proofs (PCPs) Prover submits a (very long) written proof Verifier reads some positions (probabilistically chosen) from the proof and decides to accept or reject PCP[r,q]: length of proof 2 r , number of queries q Intuitively, in MIP, the provers cannot change their strategy (because one does not know what the other sees), so must stick to a prior agreed up on strategy Which will be the written proof 12

  34. Probabilistically Checkable Proofs (PCPs) Prover submits a (very long) written proof Verifier reads some positions (probabilistically chosen) from the proof and decides to accept or reject PCP[r,q]: length of proof 2 r , number of queries q Intuitively, in MIP, the provers cannot change their strategy (because one does not know what the other sees), so must stick to a prior agreed up on strategy Which will be the written proof PCP[poly,poly] = MIP = NEXP 12

  35. PCP Theorem 13

  36. PCP Theorem NP = PCP[log,const] 13

  37. PCP Theorem NP = PCP[log,const] PCP is only poly long (just like usual NP certificate) 13

  38. PCP Theorem NP = PCP[log,const] PCP is only poly long (just like usual NP certificate) But verifier reads only constantly many bits! 13

  39. PCP Theorem NP = PCP[log,const] PCP is only poly long (just like usual NP certificate) But verifier reads only constantly many bits! Extensively useful in proving “hardness of approximation” results for optimization problems 13

  40. PCP Theorem NP = PCP[log,const] PCP is only poly long (just like usual NP certificate) But verifier reads only constantly many bits! Extensively useful in proving “hardness of approximation” results for optimization problems Also useful in certain cryptographic protocols 13

  41. Zero-Knowledge Proofs 14

  42. Zero-Knowledge Proofs Interactive Proof for membership in L 14

  43. Zero-Knowledge Proofs Interactive Proof for membership in L Complete and Sound 14

  44. Zero-Knowledge Proofs Interactive Proof for membership in L Complete and Sound ZK Property: Verifier “learns nothing” except that x is in L 14

  45. Zero-Knowledge Proofs Interactive Proof for membership in L Complete and Sound ZK Property: Verifier “learns nothing” except that x is in L 14

  46. Zero-Knowledge Proofs Interactive Proof for membership in L Complete and Sound ZK Property: Verifier “learns nothing” except that x is in L 14

  47. Zero-Knowledge Proofs Interactive Proof for membership in L Complete and Sound ZK Property: Verifier “learns nothing” except that x is in L 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2 Interactive Proofs IP[k] IP[poly] = PSPACE 2 Interactive Proofs IP[k] IP[poly] = PSPACE IP protocol for TQBF using arithmetization 2 Interactive

1.75k views • 136 slides
Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge Iftach Haitner, Tel Aviv University December 4, 2011 IP for GNI Part I Interactive Proofs IP for GNI Interactive Vs. Interactive Proofs Definition 1 (

1.51k views • 110 slides
Interactive Proof System We have seen interactive proofs, in various disguised forms, in the

Interactive Proof System We have seen interactive proofs, in various disguised forms, in the

Interactive Proof System We have seen interactive proofs, in various disguised forms, in the definitions of NP , OTM, Cook reduction and PH . We will see that interactive proofs have fundamental connections to cryptography and approximation

1.46k views • 107 slides
Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs Prover wants to convince verifier that x has some property Interactive Proofs Prover wants to convince verifier that x has some property i.e. x is in

3.29k views • 145 slides
Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive Proofs 2 Interactive Proofs Prover wants to convince verifier that x has some property 2 Interactive Proofs Prover wants to convince verifier

1.9k views • 174 slides
(Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit.

(Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit.

15-251: Great Theoretical Ideas in Computer Science Lecture 24 (Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit. Then there was Russell Principia Mathematica Volume 2 Russell and others worked

949 views • 50 slides
Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at,

Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at,

Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at, Cottbus-Senftenberg, Germany Colloquium Logicum Hamburg, September 2016 joint work with M. Baartse Klaus Meer Real Interactive Proofs for VPSPACE 1.

800 views • 36 slides
Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in

Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in

Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in Austria and Stefan Katzenbeisser Technische Universitt Mnchen Institut fr Informatik Towards Human Interactive Proofs in the Text-Domain

572 views • 29 slides
Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of

Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of

Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of Pennsylvania Probabilistic Programming Semantics 2016 Interactive Proofs 2/47 Interactive Proofs 2/47 Interactive Proofs 2/47 Interactive

1.17k views • 86 slides
Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne Broadbent (U. of Ottawa) arxiv:1911.07782 Quantum found. QZK Crypto TCS 2 / 19 Interactive proofs 3 / 19 Interactive proofs L NP P V 0

1.06k views • 89 slides
On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs

On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs

On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs Robert Rothenberg 1 2 1 School of Computer Science University of St Andrews 2 Interactive Information, Ltd Edinburgh Workshop in Honour of Roy

393 views • 26 slides
Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable

Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable

S C I E N C E P A S S I O N T E C H N O L O G Y Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability Olivier Blazy 1 , David Derler 2 , Daniel Slamanig 2 , Raphael

345 views • 21 slides
Lin inear Multi-Prover In Interactive Proofs Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu

Lin inear Multi-Prover In Interactive Proofs Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu

Quasi-Optimal SNARGs via ia Lin inear Multi-Prover In Interactive Proofs Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Non-Interactive Arguments for NP = , = 1 for some (, )

629 views • 36 slides
Interactive Proofs Lecture 17 IP = PSPACE 1 So far 2 So far IP 2 So far IP AM, MA 2 So

Interactive Proofs Lecture 17 IP = PSPACE 1 So far 2 So far IP 2 So far IP AM, MA 2 So

Interactive Proofs Lecture 17 IP = PSPACE 1 So far 2 So far IP 2 So far IP AM, MA 2 So far IP AM, MA GNI IP 2 So far IP AM, MA GNI IP GNI AM 2 So far IP AM, MA GNI IP GNI AM Using AM protocol for set

1.45k views • 113 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Jacques-Henri Jourdan 2 Ralf Jung 3 Joseph Tassarotti 4 Jan-Oliver Kaiser 3 Amin Timany 5 eraud 6 Derek Dreyer 3 Arthur Chargu 1 Delft

1.55k views • 141 slides
MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert

MoSeL: A General, Extensible Modal Framework for Interactive Proofs in Separation Logic Robbert Krebbers 1 Jacques-Henri Jourdan 2 Ralf Jung 3 Joseph Tassarotti 4 Jan-Oliver Kaiser 3 Amin Timany 5 eraud 6 Derek Dreyer 3 Arthur Chargu 1 Delft

710 views • 49 slides
10-Step Interrogation Perioperative Electrophysiology: 1. Get the Cardiac Anesthesia Programmer

10-Step Interrogation Perioperative Electrophysiology: 1. Get the Cardiac Anesthesia Programmer

11/25/2019 10-Step Interrogation Perioperative Electrophysiology: 1. Get the Cardiac Anesthesia Programmer Cart Perioperative Device Interrogation: How does an 2. Initiate interrogation with appropriate programmer Anesthesiologist do it 3.

418 views • 3 slides
Interrogation Policy & the Global War on Terrorism Office of Detainee Affairs Presentation

Interrogation Policy & the Global War on Terrorism Office of Detainee Affairs Presentation

Interrogation Policy & the Global War on Terrorism Office of Detainee Affairs Presentation for the University of California, Berkeley Goldman School of Public Policy November 30, 2005 Christina Filarowski Sheaks Special Assistant Office

553 views • 13 slides
ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer

ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer

ECE 697J Advanced Topics Advanced Topics ECE 697J in Computer Networks in Computer Networks Software-Based Router Architectures 9/25/03 Tilman Wolf 1 TCP Connection Recognition TCP Connection Recognition Track currently

700 views • 13 slides
Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck

Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck

Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck Frank Piessens Raoul Strackx imec-DistriNet, KU Leuven ACM CCS, October 2018 Microarchitectural side-channels and where to find them CPU cache

709 views • 47 slides
Design and Implemention of a Plugin Scheduler for DIET March 11, 2005 Design and Implemention of

Design and Implemention of a Plugin Scheduler for DIET March 11, 2005 Design and Implemention of

Background on DIET Plugin Scheduler Design and Implemention of a Plugin Scheduler for DIET March 11, 2005 Design and Implemention of a Plugin Scheduler for DIET Background on DIET Plugin Scheduler Outline Background on DIET 1

457 views • 44 slides
Last Time Today Cost of nearly full resources Advanced interrupts Race conditions

Last Time Today Cost of nearly full resources Advanced interrupts Race conditions

Last Time Today Cost of nearly full resources Advanced interrupts Race conditions RAM is limited System design Think carefully about whether you use a heap Prioritized interrupts Look carefully for stack overflow

307 views • 6 slides
Part I Introduction Hardware and OS Review The scientist described what is: the engineer creates

Part I Introduction Hardware and OS Review The scientist described what is: the engineer creates

Part I Introduction Hardware and OS Review The scientist described what is: the engineer creates what never was. Theodor von Karman 1 Fall 2015 The father of supersonic flight Mu Multipro proce cesso ssor r Sys System ems

317 views • 14 slides
Module 2: Computer-System Structures Computer-System Operation I/O Structure Storage

Module 2: Computer-System Structures Computer-System Operation I/O Structure Storage

' $ Module 2: Computer-System Structures Computer-System Operation I/O Structure Storage Structure Storage Hierarchy Hardware Protection General System Architecture & % Operating System Concepts 2.1 Silberschatz

250 views • 10 slides

More recommend