interactive proofs proofs from 900 bce until 1800s
play

(Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass - PowerPoint PPT Presentation

Apr 04, 2023 •432 likes •949 views

15-251: Great Theoretical Ideas in Computer Science Lecture 24 (Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit. Then there was Russell Principia Mathematica Volume 2 Russell and others worked

  1. 15-251: Great Theoretical Ideas in Computer Science Lecture 24 (Interactive) Proofs

  2. Proofs from 900 BCE until 1800s Pythagoras’s Theorem: Proof: Looks legit.

  3. Then there was Russell Principia Mathematica Volume 2 Russell and others worked on formalizing proofs. This meant proofs could be verified mechanically.

  4. Proofs and Computers All this played a key role in the birth of computer science. Computers themselves can verify proofs. (automated theorem provers) Computers can help us find proofs (e.g. 4-Color Theorem) Are these really proofs?

  5. TODAY: Proofs and Computer Science A modern understanding of proofs in computer science includes proofs that are: - randomized - interactive - zero-knowledge (proofs which don’t explain anything) - spot-checkable This modern understanding of proofs has revolutionized much of theoretical computer science.

  6. Review of NP Definition: A language is in if - there is a polynomial time TM V - a polynomial such that for all : “ iff there is a polynomial length proof that is verifiable by a poly- time algorithm.” If , there is some proof that leads V to accept. If , every “ proof ” leads V to reject.

  7. NP: A game between a Prover and a Verifier Verifier Prover poly-time omniscient skeptical untrustworthy Given some string . Prover wants to convince Verifier . Prover cooks up a proof string and sends it to Verifier. Verifier, in polynomial time, should be able to tell if the proof is legit.

  8. NP: A game between a Prover and a Verifier Verifier Prover poly-time omniscient skeptical untrustworthy “Completeness” If , there must be some proof that convinces the Verifier. “Soundness” If , no matter what “proof” Prover gives, Verifier should detect the lie.

  9. Limitations of NP We know many languages are in NP. SAT, 3SAT, CLIQUE, MAX-CUT, VERTEX-COVER, SUDOKU, THEOREM- PROVING, 3COL, … What about 3COL or 3SAT? i.e. Given an unsatisfiable formula, is there a way for the Prover to convince the Verifier that it is unsatisfiable?

  10. How can we generalize proofs? The NP setting seems too weak for this purpose. But, in real life, people use more general ways of convincing each other of the validity of statements. - Make the protocol interactive. One can show interaction does not change the model. I.e., whatever you can do with interaction, you can do with the original setting. - Make the verifier probabilistic. We do not think randomization by itself adds significant power. But, magic happens when you combine the two.

  11. Interaction + Randomization Coke vs Pepsi Challenge Your friend tells you he can taste the difference between Coke and Pepsi. How can he convince you of this?

  12. Coke vs Pepsi Choose Coke or Pepsi a challenge at random. Send it to your friend. Your friend tastes it. Coke Gives an answer. a response Repeat to the challenge

  13. Graph Isomorphism Problem Given two graphs , are they isomorphic? i.e., is there a permutation of the vertices such that 1 2 1 2 = 3 4 3 4 1 1 2 ≠ 3 2 3 5 5 4 4

  14. Graph Isomorphism Problem Is Graph Isomorphism in NP? Sure! A good proof is the permutation of the vertices. Is Graph Non-isomorphism in NP? No one knows! But there is a simple randomized interactive proof.

  15. Interactive Proof for Graph Non-isomorphism Pick at random a challenge Choose a permutation of vertices at random. Accept if a response to the challenge

  16. The complexity class IP We say that a language is in if: - there is a probabilistic poly-time Verifier - there is a computationally unbounded Prover challenges (poly rounds) and responses “Completeness” If , Verifier accepts. “Soundness” If , Verifier rejects with prob. at least 1/2.

  17. The complexity class IP But being fooled with probability ½ is still pretty bad! What can we do about it? Repeat: After 100 challenges the probability to be fooled is < 1/1000000000000000000000000000000

  18. Poll 1: What is the power of IP Poll 1: What is the relation between NP and IP ? 1. NP ⊂ IP 2. IP ⊂ NP 3. IP = NP 4. They are incomparable

  19. Poll 1: What is the power of IP Poll 1: What is the relation between NP and IP ? 1. NP ⊂ IP 2. IP ⊂ NP 3. IP = NP 4. They are incomparable

  20. The power of IP We showed that Graph Non-Isomorphism is in IP. What about ? Is it in IP? Yes! In fact, the complement of any language in NP is in IP. Many more languages beyond this are in IP, too.

  21. How powerful is IP? So how powerful are interactive proofs? How big is IP? Theorem: Adi Shamir 1990 (another application of polynomials)

  22. Chess An interesting corollary: Suppose in chess, white can always win in ≤ 300 moves. How can the wizard prove this to you?

  23. Zero Knowledge Proofs

  24. Zero-Knowledge Proofs I found a truly marvelous proof of Riemann Hypothesis. I want to convince you that I have a valid proof. But I don’t want you to learn anything about the proof. Is this possible? For what problems is there a zero-knowledge IP?

  25. Back to Graph Non-isomorphism Pick at random Choose a permutation There is more of vertices at random. to this protocol than meets the Accept if eye.

  26. Back to Graph Non-isomorphism Does the verifier gain any insight about why the graphs are not isomorphic? Pick at random Choose a permutation There is more of vertices at random. to this protocol than meets the Accept if eye.

  27. Zero-Knowledge Proofs The Verifier is convinced, but he learns nothing about why the graphs are not isomorphic! The Verifier could have produced the communication transcript by himself, with no help from the Prover. A proof with 0 explanatory content!

  28. Zero-Knowledge Proofs for NP Goldreich Micali Wigderson 1986 Does every problem in NP have a zero-knowledge IP? Yes! (under plausible cryptographic assumptions) And the prover need not be a wizard. He just needs to know the ordinary proof.

  29. Zero-Knowledge Proofs for NP Does every problem in NP have a zero-knowledge IP? Yes! (under plausible cryptographic assumptions) And the prover need not be a wizard. He just needs to know the ordinary proof. It suffices to show this for your favorite NP-complete (every problem in NP reduces to an NP- problem. complete prob.) We’ll pick the 3- COLORING Problem.

  30. Zero-Knowledge Proof for 3-Coloring • We want to design an zero knowledge proof system for 3- COLORING • We will rely on a cryptographic construction known as bit commitment • Prover can put bits in envelopes and send them to Verifier • Verifier can only open an envelope if Prover provides the key

  31. Zero-Knowledge Proof for 3-Coloring Selects random permutation 𝜌 of 𝑆, 𝐻, 𝐶 ; commits to 𝜌 𝛿 𝑤 for all 𝑤 ∈ 𝑊 Selects an edge 𝑣, 𝑤 ∈ 𝐹 uniformly at random Reveals 𝑏 = 𝜌 𝛿 𝑣 and 𝑐 = 𝜌(𝛿 𝑤 ) Accepts iff 𝑏 ≠ 𝑐

  32. Zero-Knowledge Proof for 3-Coloring 𝑏 𝑒 𝑒 𝑑 𝑐 𝑑 𝑓 𝑑 𝑒 𝛿(𝐻) Accept

  33. Poll 2: Zero-Knowledge Proof for 3-Coloring Selects random permutation 𝜌 of 𝑆, 𝐻, 𝐶 ; commits to 𝜌 𝛿 𝑤 for all 𝑤 ∈ 𝑊 Selects an edge 𝑣, 𝑤 ∈ 𝐹 uniformly at random Reveals 𝑏 = 𝜌 𝛿 𝑣 and 𝑐 = 𝜌(𝛿 𝑤 ) Accepts iff 𝑏 ≠ 𝑐 Poll 2: If 𝐻 has no 3-coloring, what is the worst- case prob. for Prover to convince Verifier? 1 1 1 1 1 − 3! 1 − 𝐹 1 − 2 1 − 𝑜!

  34. Poll 2: Zero-Knowledge Proof for 3-Coloring Selects random permutation 𝜌 of 𝑆, 𝐻, 𝐶 ; commits to 𝜌 𝛿 𝑤 for all 𝑤 ∈ 𝑊 Selects an edge 𝑣, 𝑤 ∈ 𝐹 uniformly at random Reveals 𝑏 = 𝜌 𝛿 𝑣 and 𝑐 = 𝜌(𝛿 𝑤 ) Accepts iff 𝑏 ≠ 𝑐 Poll 2: If 𝐻 has no 3-coloring, what is the worst- case prob. for Prover to convince Verifier? 1 1 1 1 1 − 3! 1 − 𝐹 1 − 2 1 − 𝑜!

  35. Zero-Knowledge Proof for 3-Coloring Selects random permutation 𝜌 of 𝑆, 𝐻, 𝐶 ; commits to 𝜌 𝛿 𝑤 for all 𝑤 ∈ 𝑊 Selects an edge 𝑣, 𝑤 ∈ 𝐹 uniformly at random Reveals 𝑏 = 𝜌 𝛿 𝑣 and 𝑐 = 𝜌(𝛿 𝑤 ) Accepts iff 𝑏 ≠ 𝑐 Completeness: Follows from valid 3-coloring Soundness: Repeat 2 𝐹 times to get ½ prob. Zero knowledge: Prover just reveals a pair of distinct random colors.

  36. Zero-Knowledge for all? This shows that every problem in NP has a zero knowledge IP. In fact, every problem in IP = PSPACE has a zero-knowledge proof! Ben-Or Goldreich Goldwasser Håstad Kilian Micali Rogaway 1990 "Everything provable is provable in zero-knowledge"

  37. Statistical vs Computational Zero-Knowledge There is a difference between - zero-knowledge proof for Graph Non-isomorphism - zero-knowledge proof for Hamiltonian Cycle Statistical zero-knowledge: Verifier wouldn’t learn anything even if it was computationally unbounded. Computational zero-knowledge: Verifier wouldn’t learn anything assuming it cannot unlock the locks in polynomial time.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2 Interactive Proofs IP[k] IP[poly] = PSPACE 2 Interactive Proofs IP[k] IP[poly] = PSPACE IP protocol for TQBF using arithmetization 2 Interactive

1.75k views • 136 slides
Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge Iftach Haitner, Tel Aviv University December 4, 2011 IP for GNI Part I Interactive Proofs IP for GNI Interactive Vs. Interactive Proofs Definition 1 (

1.51k views • 110 slides
Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs Prover wants to convince verifier that x has some property Interactive Proofs Prover wants to convince verifier that x has some property i.e. x is in

3.29k views • 145 slides
Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive Proofs 2 Interactive Proofs Prover wants to convince verifier that x has some property 2 Interactive Proofs Prover wants to convince verifier

1.9k views • 174 slides
Interactive Proof System We have seen interactive proofs, in various disguised forms, in the

Interactive Proof System We have seen interactive proofs, in various disguised forms, in the

Interactive Proof System We have seen interactive proofs, in various disguised forms, in the definitions of NP , OTM, Cook reduction and PH . We will see that interactive proofs have fundamental connections to cryptography and approximation

1.46k views • 107 slides
Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Euclid (300 BC) Proofs, Continued Today Proofs : A style guide Proofs should be easy to verify. All the cleverness goes into finding/writing the proof, not reading/verifying it! P vs. NP (informally) : P =

682 views • 21 slides
Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth workshop Introduction to the workshop PROOFS: Security Proofs for Embedded Systems UCSB August 20, 2016 5th edition of PROOFS PROOFS 2012:

311 views • 7 slides
On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs

On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs

On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs Robert Rothenberg 1 2 1 School of Computer Science University of St Andrews 2 Interactive Information, Ltd Edinburgh Workshop in Honour of Roy

393 views • 26 slides
Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne Broadbent (U. of Ottawa) arxiv:1911.07782 Quantum found. QZK Crypto TCS 2 / 19 Interactive proofs 3 / 19 Interactive proofs L NP P V 0

1.06k views • 89 slides
Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at,

Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at,

Real Interactive Proofs for VPSPACE Klaus Meer Brandenburgische Technische Universit at, Cottbus-Senftenberg, Germany Colloquium Logicum Hamburg, September 2016 joint work with M. Baartse Klaus Meer Real Interactive Proofs for VPSPACE 1.

800 views • 36 slides
Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in

Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in

Towards Human Interactive Proofs in the Text-Domain Richard Bergmair University of Derby in Austria and Stefan Katzenbeisser Technische Universitt Mnchen Institut fr Informatik Towards Human Interactive Proofs in the Text-Domain

572 views • 29 slides
Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of

Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of

Models for Probabilistic Programs with an Adversary Robert Rand, Steve Zdancewic University of Pennsylvania Probabilistic Programming Semantics 2016 Interactive Proofs 2/47 Interactive Proofs 2/47 Interactive Proofs 2/47 Interactive

1.17k views • 86 slides
Formal proofs, variable binding, and program extraction from proofs Colloquium Logicum 2016 (10

Formal proofs, variable binding, and program extraction from proofs Colloquium Logicum 2016 (10

Formal proofs, variable binding, and program extraction from proofs Colloquium Logicum 2016 (10 - 12 September 2016, Hamburg) Gyesik Lee Hankyong National University 1 Overview 1. Verification of proofs 2. Hales proof of the Kepler

651 views • 43 slides
Proofs that, proofs why, and the analysis of paradoxes To Gerhard, on your 60th birthday Peter

Proofs that, proofs why, and the analysis of paradoxes To Gerhard, on your 60th birthday Peter

Proofs that, proofs why, and the analysis of paradoxes To Gerhard, on your 60th birthday Peter Schroeder-Heister Universit at T ubingen J agerfest Bern, 13.12.2013 p. 1 Russells antinomy in naive set theory Extend natural

688 views • 41 slides
NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers

NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers

NP-Hardness Proofs . . . Usual Proofs of NP- . . . Proofs of NP- . . . Pedagogical Problem . . . NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers Instead What Is NP-Hard: . . . Proof that . . . of

296 views • 12 slides
proofs of proximity for distribution testing (Distribution testing now with proofs!) Tom Gur

proofs of proximity for distribution testing (Distribution testing now with proofs!) Tom Gur

proofs of proximity for distribution testing (Distribution testing now with proofs!) Tom Gur (UC Berkeley) October 14, 2017 FOCS 2017 Workshop: Frontiers in Distribution Testing Joint work with Alessandro Chiesa (UC Berkeley) proofs of

2.25k views • 158 slides
Social influence Conformity Informational influence Influence that produces conformity when a

Social influence Conformity Informational influence Influence that produces conformity when a

What is a norm? Informal rule for acceptable and expected behavior Scripts Rituals Customs &amp; traditions Social influence Conformity Informational influence Influence that produces conformity when a person feels that others are correct

234 views • 4 slides
Natural Language Communication with Robots Yonatan Bisk ISI-USC Joint work with: Deniz Yuret

Natural Language Communication with Robots Yonatan Bisk ISI-USC Joint work with: Deniz Yuret

Natural Language Communication with Robots Yonatan Bisk ISI-USC Joint work with: Deniz Yuret Daniel Marcu Ko University ISI-USC Components of Communication Entity/Spatial Grounding Understanding Planning and Plan Recognition

332 views • 29 slides
exclusively international students: reflections on the challenges and opportunities of native

exclusively international students: reflections on the challenges and opportunities of native

Specifically business but not exclusively international students: reflections on the challenges and opportunities of native speakers and non-native speakers together in the ESAP classroom Sarah Horrod Kingston University Outline

543 views • 33 slides
Dynamic Games and Bargaining Johan Stennek 1 Dynamic Games Logic of cartels Idea:

Dynamic Games and Bargaining Johan Stennek 1 Dynamic Games Logic of cartels Idea:

Dynamic Games and Bargaining Johan Stennek 1 Dynamic Games Logic of cartels Idea: We agree to both charge high prices and share the market Problem: Both have incentive to cheat Solution: Threat to punish cheater tomorrow

1.36k views • 131 slides
Hidden Markov Models Based on Foundations of Statistical NLP by C. Manning &amp; H.

Hidden Markov Models Based on Foundations of Statistical NLP by C. Manning &amp; H.

0. Hidden Markov Models Based on Foundations of Statistical NLP by C. Manning &amp; H. Sch utze, ch. 9, MIT Press, 2002 Biological Sequence Analysis, R. Durbin et al., ch. 3 and 11.6, Cambridge University Press, 1998 1.

929 views • 59 slides
Our Responsibility to Defeat Mass Surveillance Erik Drnenburg Martin Fowler

Our Responsibility to Defeat Mass Surveillance Erik Drnenburg Martin Fowler

Our Responsibility to Defeat Mass Surveillance Erik Drnenburg Martin Fowler http://erik.doernenburg.com http://martinfowler.com @erikdoe @martinfowler http://thoughtworks.com/de http://thoughtworks.com There was of course no way of

674 views • 33 slides
1 Domain Flux-based DGA Botnet Detection Using Feedforward Neural Network Md. Ishtiaq Ashiq

1 Domain Flux-based DGA Botnet Detection Using Feedforward Neural Network Md. Ishtiaq Ashiq

1 Domain Flux-based DGA Botnet Detection Using Feedforward Neural Network Md. Ishtiaq Ashiq Khan, Protick Bhowmick, Md. Shohrab Hossain, and Husnu S. Narman 2 Outlines Motivation Problem Contribution Results Conclusions 3

733 views • 34 slides
Can stuff be morally good? Okinawa Soba Mike Brownnutt Somewhere, something happened... 2 + 2 =

Can stuff be morally good? Okinawa Soba Mike Brownnutt Somewhere, something happened... 2 + 2 =

Redeeming Technology 7th October 2017 Can stuff be morally good? Okinawa Soba Mike Brownnutt Somewhere, something happened... 2 + 2 = 4 235 1 90 143 1 U + n Kr + Ba +

421 views • 18 slides

More recommend