proof of work certificates for high complexity
play

Proof-of-work Certificates for High Complexity Computations for - PowerPoint PPT Presentation

Mar 04, 2024 •156 likes •543 views

Proof-of-work Certificates for High Complexity Computations for Linear Algebra Erich L. Kaltofen NCSU , DUKE UNIVERSITY google->kaltofen 2 Computations for the Cloud: RSA Challenge RSA220 =

  1. Proof-of-work Certificates for High Complexity Computations for Linear Algebra Erich L. Kaltofen NCSU , DUKE UNIVERSITY google->kaltofen

  2. 2 Computations for the Cloud: RSA Challenge RSA220 = 22601385262034057849416540486101975135080389157197767183211 97768109445641817966676608593121306582577250631562886676970 44807000181114971186300211248792819948748206607013106658664 6083327982803560379205391980139946496955261 = 68636564122675662743823714992884378001308422399791648446212 449933215410614414642667938213644208420192054999687 × 329290743948634981204930154921293529191645519653623395246 2860511692903493094652463337824866390738191765712603 S. Bai, P. Gaudry, A. Kruppa, E. Thom´ e, P. Zimmermann [May 2014–May 2016] Verification on any tablet computer in under one second

  3. 3 Computations for the Cloud: Sparse Matrix GL7d19 Rank From K-Theory Conjectures [Elbaz-Vincent, Gangle, Soul´ e ’05] 1 , 911 , 130 × 1 , 955 , 309 matrix of rank 1 , 033 , 568 Computed by J.-G. Dumas et al. 2007 with LinBox in 1050 CPU days With Monte-Carlo randomized algorithm ... Do you believe the rank?

  4. 3 Computations for the Cloud: Sparse Matrix GL7d19 Rank From K-Theory Conjectures [Elbaz-Vincent, Gangle, Soul´ e ’05] 1 , 911 , 130 × 1 , 955 , 309 matrix of rank 1 , 033 , 568 Computed by J.-G. Dumas et al. 2007 with LinBox in 1050 CPU days With Monte-Carlo randomized algorithm ... Do you believe the rank? [Dumas-Kaltofen ISSAC 2014] construct a linear-time checkable interactive proof-of-work certificate

  5. 4 Theoretical Computer Science Landmark Result In order to verify a proof/computation, one does not need to check every step: exponential speed-up for verifier is possible

  6. 4 Theoretical Computer Science Landmark Result In order to verify a proof/computation, one does not need to check every step: exponential speed-up for verifier is possible Ingredients 1. Randomized identity testing [DeMillo-Lipton’78;Schwartz,Zippel’79] 2. Interactive protocols [Goldwasser-Micali-Rackoff’85] 3. Replacing interaction by cryptography [Fiat-Shamir 1986] 4. Exponential speed-up for verifier [Lund-Fortnow-Karloff-Nisan’92]

  7. 5 Randomization: Rusin Freivalds’s 1979 Check Let A , B , C ∈ K n × n , K a field Certify C = A · B via a random vector y ∈ { 0 , 1 } n , and check Cy = A ( By ) : randomized of O ( n 2 ) complexity Probability ( Cy � = ABy | C � = AB ) ≥ 1 2

  8. 5 Randomization: Rusin Freivalds’s 1979 Check Let A , B , C ∈ K n × n , K a field Certify C = A · B via a random vector y ∈ { 0 , 1 } n , and check Cy = A ( By ) : randomized of O ( n 2 ) complexity Probability ( Cy � = ABy | C � = AB ) ≥ 1 2 Application: O ( n 2 ) verification of determinant Prover: Run fastest determinant algorithm, eg, Storjohann’s For the matrix multiplications, record inputs and outputs Verifier: rerun algorithm and instead of the doing matrix multiplications, verify the AB = C by Freivalds’s algorithm It’s like running the det algorithm with a quadratic-time matrix multiplication procedure

  9. 5 Randomization: Rusin Freivalds’s 1979 Check Let A , B , C ∈ K n × n , K a field Certify C = A · B via a random vector y ∈ { 0 , 1 } n , and check Cy = A ( By ) : randomized of O ( n 2 ) complexity Probability ( Cy � = ABy | C � = AB ) ≥ 1 2 Application: O ( n 2 ) verification of determinant Prover: Run fastest determinant algorithm, eg, Storjohann’s For the matrix multiplications, record inputs and outputs Verifier: rerun algorithm and instead of the doing matrix multiplications, verify the AB = C by Freivalds’s algorithm Problem: proof-of-work certificate has O ( n 2 ) size

  10. 6 Interactive Proof Protocol: Dumas’s & Kaltofen’s 2014 CharPoly Certificate Prover “Peggy” must convince Verifier “Victor” that χ A ( λ ) = det ( λ I − A ) , A ∈ Z n × n Prover Commun. Verifier χ A ( λ ) χ A ( λ ) = det ( λ I − A ) − − − − − − − − → “commits” p a smallish random prime p , r ← − − − − − − − − r a smallish random integer Non-interactive certificate for ∆ = det ( rI − A ) mod p Checks ∆ ≡ χ A ( r ) ( mod p )

  11. 6 Interactive Proof Protocol: Dumas’s & Kaltofen’s 2014 CharPoly Certificate Prover “Peggy” must convince Verifier “Victor” that χ A ( λ ) = det ( λ I − A ) , A ∈ Z n × n Prover Commun. Verifier χ A ( λ ) χ A ( λ ) = det ( λ I − A ) − − − − − − − − → “commits” p a smallish random prime p , r ← − − − − − − − − r a smallish random integer Non-interactive certificate for ∆ = det ( rI − A ) mod p Checks ∆ ≡ χ A ( r ) ( mod p ) Verification bit complexity: essentially linear in input bit size

  12. 7 Replace Interaction by Crypto: Dumas’s & Kaltofen’s 2014 CharPoly Certificate Prover “Peggy” must convince Verifier “Victor” that χ A ( λ ) = det ( λ I − A ) , A ∈ Z n × n Prover Commun. Verifier χ A ( λ ) χ A ( λ ) = det ( λ I − A ) − − − − − − − − → p , r p , r = hash ( A , χ A ) − − − − − − − − → Non-interactive certificate for ∆ = det ( rI − A ) mod p Checks p , r = hash ( A , χ A ) Checks ∆ ≡ χ A ( r ) ( mod p )

  13. 7 Replace Interaction by Crypto: Dumas’s & Kaltofen’s 2014 CharPoly Certificate Prover “Peggy” must convince Verifier “Victor” that χ A ( λ ) = det ( λ I − A ) , A ∈ Z n × n Prover Commun. Verifier χ A ( λ ) χ A ( λ ) = det ( λ I − A ) − − − − − − − − → p , r p , r = hash ( A , χ A ) − − − − − − − − → Non-interactive certificate for ∆ = det ( rI − A ) mod p Checks p , r = hash ( A , χ A ) Checks ∆ ≡ χ A ( r ) ( mod p ) Yields sum-of-squares proofs in non-linear optimization with fastest verification [Kaltofen, Li, Yang, Zhi 2008]

  14. 8 Sparse Determinant Proof-of-Work Based on Cramer’s Rule [Dumas and Kaltofen 2015] � w 1 � � 0 � . . . . = = ⇒ A . . w n − 1 0 w n 1   a 1 , 1 ... a 1 , n − 1 0 . . .   . . .   . . . det     ... M a n − 1 , 1 a n − 1 , n − 1 0 � �� � ... a n , 1 a n , n − 1 1 = det ( A 1 ... n − 1 , 1 ... n − 1 ) w n =   det ( A ) a 1 , 1 ... a 1 , n − 1 a 1 , n  . . .  . . .   . . . det     ... a n − 1 , 1 a n − 1 , n − 1 a n − 1 , n ... a n , 1 a n , n − 1 a n , n

  15. 9 Prover Communication Verifier χ A 1. χ A ( λ ) = det ( λ I n − A ) − − → 2. M = [ a i , j ] 1 ≤ i , j ≤ n − 1 , χ M ( λ ) = det ( λ I n − 1 − M ) χ M → Checks GCD ( χ A , χ M ) = 1; − − r 1 − r 1 ∈ S ⊆ K random with χ A ( r 1 ) � = 0 ← − 3. 4. Computes w such that � 0 � . . w ( r 1 I n − A ) w = e n = . − − → Checks ( r 1 I n − A ) w = e n and 0 w n = χ A ( r 1 ) / χ M ( r 1 ) ; 1 Returns det ( A ) = ( − 1 ) n χ A ( 0 ) 5. Note: GCD ( χ A , χ M ) = 1 is achieved by preconditioning

  16. 9 Prover Communication Verifier χ A 1. χ A ( λ ) = det ( λ I n − A ) − − → 2. M = [ a i , j ] 1 ≤ i , j ≤ n − 1 , χ M ( λ ) = det ( λ I n − 1 − M ) χ M → Checks GCD ( χ A , χ M ) = 1; − − r 1 − r 1 ∈ S ⊆ K random with χ A ( r 1 ) � = 0 ← − 3. 4. Computes w such that � 0 � . . w ( r 1 I n − A ) w = e n = . − − → Checks ( r 1 I n − A ) w = e n and 0 w n = χ A ( r 1 ) / χ M ( r 1 ) ; 1 Returns det ( A ) = ( − 1 ) n χ A ( 0 ) 5. Note: GCD ( χ A , χ M ) = 1 is achieved by preconditioning Prover cheats by sending monic h , H with GCD ( h , H )= 1 , h / H � = χ M / χ A Then with high probab.: w n = χ A ( r 1 ) / χ M ( r 1 ) � = h ( r 1 ) / H ( r 1 )

  17. 9 Prover Communication Verifier χ A 1. χ A ( λ ) = det ( λ I n − A ) − − → 2. M = [ a i , j ] 1 ≤ i , j ≤ n − 1 , χ M ( λ ) = det ( λ I n − 1 − M ) χ M → Checks GCD ( χ A , χ M ) = 1; − − r 1 − r 1 ∈ S ⊆ K random with χ A ( r 1 ) � = 0 ← − 3. 4. Computes w such that � 0 � . . w ( r 1 I n − A ) w = e n = . − − → Checks ( r 1 I n − A ) w = e n and 0 w n = χ A ( r 1 ) / χ M ( r 1 ) ; 1 Returns det ( A ) = ( − 1 ) n χ A ( 0 ) 5. Note: GCD ( χ A , χ M ) = 1 is achieved by preconditioning Protocol communication: O ( n ) scalars Prover complexity: fast by Block Wiedemann Algorithm

  18. 10 Our 2015 Preconditioner   τ − 1 0 ... 0   . ...   . − 1 . 0 τ     . ... ... A ) = det ( A ) ( τ n + σ ) �   det ( � . A = A , .  0 0    ...    τ − 1  0 σ 0 ... 0 τ ⇒ χ � A ( λ ) is irreducible for variables σ , τ det ( A ) � = 0 = ⇒ GCD ( χ � A , χ � M ) = 1 with high probability = for random scalars σ , τ

  19. 11 The Rank Profile Matrix [Dumas, Pernet, Sultan 2015] Definition: Let A ∈ K m × n ; the rank profile matrix R A = [ r A i , j ] ∈ { 0 , 1 } m × n satisfies: 1. all rows and columns have at most one 1 2. the ranks of all upper-left submatrices are the same: ∀ i , j : rank ([ a µ , ν ] 1 ≤ µ ≤ i , 1 ≤ ν ≤ j ) = rank ([ r A µ , ν ] 1 ≤ µ ≤ i , 1 ≤ ν ≤ j )     2 0 3 0 1 0 0 0     1 0 0 0 0 0 1 0 ⇒ R A =     Example: A =  =    0 0 4 0 0 0 0 0 0 2 0 1 0 1 0 0

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Proof Systems and Proof Complexity Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/

Proof Systems and Proof Complexity Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/

Proof Systems and Proof Complexity Marijn J.H. Heule http://www.cs.cmu.edu/~mheule/15816-f19/ Automated Reasoning and Satisfiability, September 24, 2019 Certificates What makes a problem hard? Certificate angle: can one efficiently check an

1.11k views • 107 slides
Foundational Proof Certificates Making proof universal and permanent Dale Miller INRIA-Saclay

Foundational Proof Certificates Making proof universal and permanent Dale Miller INRIA-Saclay

Foundational Proof Certificates Making proof universal and permanent Dale Miller INRIA-Saclay & LIX, Ecole Polytechnique 23 September 2013 Can we standardize, communicate, and trust formal proofs? Joint work with Zakaria Chihani and

864 views • 37 slides
Foundational Proof Certificates Dale Miller INRIA-Saclay & LIX, Ecole Polytechnique

Foundational Proof Certificates Dale Miller INRIA-Saclay & LIX, Ecole Polytechnique

Foundational Proof Certificates Dale Miller INRIA-Saclay & LIX, Ecole Polytechnique Palaiseau, France Joint work with Zakaria Chihani and Fabien Renaud, INRIA. See: CADE 2013, CPP 2011. APPA 2014, Vienna, 18 July 2014 The network is

514 views • 25 slides
Hardness Escalation in Proof Complexity via Composition Marc Vinyals KTH Royal Institute of

Hardness Escalation in Proof Complexity via Composition Marc Vinyals KTH Royal Institute of

Hardness Escalation in Proof Complexity via Composition Marc Vinyals KTH Royal Institute of Technology Stockholm, Sweden China Theory Week July 18 2017, Shanghai, China Proof Complexity Composition Examples Applications Proof Complexity

1.1k views • 81 slides
Long-term Storage of Forgery-Proof Certificates Patrick Roth, Omar Benkacem, Anne Ronchi, Pierre

Long-term Storage of Forgery-Proof Certificates Patrick Roth, Omar Benkacem, Anne Ronchi, Pierre

Long-term Storage of Forgery-Proof Certificates Patrick Roth, Omar Benkacem, Anne Ronchi, Pierre L'hostis, Rolf Brugger, Cline Restrepo Zea Long-term Storage of Forgery-Proof Certificates (WP 1.4) NTICE An exploratory study and reflections

536 views • 9 slides
Nonmonotonic Extensions of Low Complexity DLs: Complexity Results and Proof Methods Laura

Nonmonotonic Extensions of Low Complexity DLs: Complexity Results and Proof Methods Laura

Nonmonotonic Extensions of Low Complexity DLs: Complexity Results and Proof Methods Laura Giordano 1 , Valentina Gliozzi 2 , Nicola Olivetti 3 , and Gian Luca Pozzato 2 1 Dipartimento di Informatica - Universit` a del Piemonte Orientale A.

1.46k views • 103 slides
I-Complexity and Discrete Towards Precise . . . Derivative of Logarithms: Our Result Proof A

I-Complexity and Discrete Towards Precise . . . Derivative of Logarithms: Our Result Proof A

Kolmogorov Complexity Need for Approximate . . . I-Complexity Good Properties of I- . . . I-Complexity and Discrete Towards Precise . . . Derivative of Logarithms: Our Result Proof A Group-Theoretic Acknowledgments References Explanation

481 views • 12 slides
On the computational complexity of enumerating certificates of NP problems Marco Rospocher PhD

On the computational complexity of enumerating certificates of NP problems Marco Rospocher PhD

On the computational complexity of enumerating certificates of NP problems Marco Rospocher PhD Student International Doctorate School in ICT Department of Information and Communication Technology marco.rospocher@unitn.it Advisor: PhD Thesis

925 views • 43 slides
Proof Complexity and Computational Complexity Stephen Cook Eastern Great Lakes Theory Workshop

Proof Complexity and Computational Complexity Stephen Cook Eastern Great Lakes Theory Workshop

Proof Complexity and Computational Complexity Stephen Cook Eastern Great Lakes Theory Workshop September 6, 2008 1 advertisement advertisement advertisement Logical Foundations of Proof Complexity Stephen Cook Phuong Nguyen To be

491 views • 32 slides
Lifting Applied to Proof Complexity Marc Vinyals Technion Haifa, Israel FSTTCS Workshop on

Lifting Applied to Proof Complexity Marc Vinyals Technion Haifa, Israel FSTTCS Workshop on

Lifting Applied to Proof Complexity Marc Vinyals Technion Haifa, Israel FSTTCS Workshop on Extension Complexity and Lifting Theorems Supported by ERC project HARMONIC Proof Complexity Lifting Examples Wishlist SAT Is this formula

1.26k views • 82 slides
Proof Complexity of Quantified Boolean Formulas Olaf Beyersdorff School of Computing, University

Proof Complexity of Quantified Boolean Formulas Olaf Beyersdorff School of Computing, University

Proof Complexity of Quantified Boolean Formulas Olaf Beyersdorff School of Computing, University of Leeds Olaf Beyersdorff Proof Complexity of Quantified Boolean Formulas 1 / 39 Proof complexity (in one slide) Main question What is the size

575 views • 39 slides
A Logic of Proofs for Differential Dynamic Logic Toward Independently Checkable Proof Certificates

A Logic of Proofs for Differential Dynamic Logic Toward Independently Checkable Proof Certificates

A Logic of Proofs for Differential Dynamic Logic Toward Independently Checkable Proof Certificates for Differential Dynamic Logic Nathan Fulton Andr` e Platzer Carnegie Mellon University CPP16 January 19, 2016 1 Motivation Strong

383 views • 37 slides
A Proof Complexity View of Pseudo-Boolean Solving Marc Vinyals Tata Institute of Fundamental

A Proof Complexity View of Pseudo-Boolean Solving Marc Vinyals Tata Institute of Fundamental

A Proof Complexity View of Pseudo-Boolean Solving Marc Vinyals Tata Institute of Fundamental Research Mumbai, India Joint work with Jan Elffers, Jess Girldez-Cru, Stephan Gocht, and Jakob Nordstrm Theory and Practice of Satisfiability

1.01k views • 56 slides
Proof Complexity Olaf Beyersdorff School of Computing University of Leeds, UK 1 Outline of

Proof Complexity Olaf Beyersdorff School of Computing University of Leeds, UK 1 Outline of

Proof Complexity Olaf Beyersdorff School of Computing University of Leeds, UK 1 Outline of this tutorial Tour of proof systems Resolution Frege and beyond Cutting Planes . . . Relations to other areas Separation of

1.13k views • 90 slides
Proof Certificates for SMT-based Model Checkers Alain Mebsout and Cesare Tinelli SMT 2016 July 2

Proof Certificates for SMT-based Model Checkers Alain Mebsout and Cesare Tinelli SMT 2016 July 2

Proof Certificates for SMT-based Model Checkers Alain Mebsout and Cesare Tinelli SMT 2016 July 2 nd , 2016 Motivation Model checkers return error traces but no evidence when they say yes Complex tools Goal: improve trustworthiness

809 views • 47 slides
Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

SOFSEM 2008 Filtering unwanted Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of- communication Location generation Preparing proofs Verifying proof Marek Klonowski Tomasz Strumi nski Open

348 views • 23 slides
1 Scenario I: Semantic Parsing [CoNLL 10 ,ACL 11 ] Scenario II. The language-world

1 Scenario I: Semantic Parsing [CoNLL 10 ,ACL 11 ] Scenario II. The language-world

Can we rely on this interaction to provide supervision? Connecting Language to the World Can I get a coffee with sugar and no milk Learning Great ! from Natural Instructions Arggg Semantic Parser MAKE(COFFEE,SUGAR=YES,MILK=NO) Dan Roth

820 views • 14 slides
List edge multicoloring in bounded cyclicity graphs Dniel Marx Budapest University of

List edge multicoloring in bounded cyclicity graphs Dniel Marx Budapest University of

List edge multicoloring in bounded cyclicity graphs Dniel Marx Budapest University of Technology and Economics dmarx@cs.bme.hu 1 List edge multicoloring Generalization of list edge coloring: multiple colors have to be assigned to each

551 views • 38 slides
Complexity Theory J org Kreiker Chair for Theoretical Computer Science Prof. Esparza TU M

Complexity Theory J org Kreiker Chair for Theoretical Computer Science Prof. Esparza TU M

Complexity Theory J org Kreiker Chair for Theoretical Computer Science Prof. Esparza TU M unchen Summer term 2010 1 Lecture 15 Public Coins and Graph (Non)Isomorphism 2 Intro Goal and Plan Goal understand public coins and their

391 views • 20 slides
References Gentry, C., A fully homomorphic encryption scheme , Ph.D. Thesis, 1 Standford

References Gentry, C., A fully homomorphic encryption scheme , Ph.D. Thesis, 1 Standford

References Gentry, C., A fully homomorphic encryption scheme , Ph.D. Thesis, 1 Standford University, 2009. http://crypto.stanford.edu/craig/craig-thesis.pdf Fully Homomorphic Encryption Gentry, C., Computing arbitrary functions of encrypted

233 views • 7 slides
Symmetric encrypBon CS642: Computer Security Professor

Symmetric encrypBon CS642: Computer Security Professor

Symmetric encrypBon CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

389 views • 34 slides
Structured Encryption Seny Kamara Microsoft Research Lei Wei University of North Carolina

Structured Encryption Seny Kamara Microsoft Research Lei Wei University of North Carolina

Garbled Circuits via Structured Encryption Seny Kamara Microsoft Research Lei Wei University of North Carolina Garbled Circuits Fundamental cryptographic primitive Possess many useful properties Homomorphic Functional General-purpose

918 views • 23 slides
Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute

Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute

Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute of Technology Winter School on Lattice-Based Cryptography and Applications Bar-Ilan University, Israel 19 Feb 2012 22 Feb 2012 Lattice-Based

853 views • 52 slides
Driving Semantic Parsing from the Worlds Response James Clarke , Dan Goldwasser, Ming-Wei

Driving Semantic Parsing from the Worlds Response James Clarke , Dan Goldwasser, Ming-Wei

Driving Semantic Parsing from the Worlds Response James Clarke , Dan Goldwasser, Ming-Wei Chang, Dan Roth Cognitive Computation Group University of Illinois at Urbana-Champaign CoNLL 2010 Clarke, Goldwasser, Chang, Roth 1 What is Semantic

1.07k views • 78 slides

More recommend