sublinear zero knowledge arguments for ram programs
play

Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike - PowerPoint PPT Presentation

Jan 09, 2024 •50 likes •1.04k views

Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike Alessandra Mohassel Scafuro Rosulek OSU NCState V I S Oregon State University A Problem C Data S Problem C Data S R 1 Problem C Data S R 1 y 1 Problem C

  1. Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike Alessandra Mohassel Scafuro Rosulek OSU NCState V I S Oregon State University A

  2. Problem C Data S

  3. Problem C Data S R 1

  4. Problem C Data S R 1 y 1

  5. Problem C Data S R 1 y 1 R 2

  6. Problem C Data S R 1 y 1 R 2 y 2

  7. Problem C Data S R 1 y 1 R 2 y 2 . . . .

  8. Problem C Data S R 1 proof 𝜌 1 y 1 correct computation on same data R 2 y 2 𝜌 2 . . . .

  9. Problem C Data S R 1 Zero-Knowledge proof 𝜌 1 y 1 correct computation on same data R 2 y 2 𝜌 2 . . . .

  10. Problem Data S C R 1 Zero-knowledge y 1 𝜌 1 proof Properties

  11. Problem Data S C R 1 Zero-knowledge y 1 𝜌 1 proof Properties Efficiency: work depends only on running time T

  12. Problem Data S C R 1 Zero-knowledge y 1 𝜌 1 proof Properties Efficiency: work depends only on running time T Security: Composability

  13. Problem Data S C R 1 Zero-knowledge y 1 𝜌 1 proof Properties Efficiency: work depends only on running time T Security: Composability [constant-round]

  14. Sub-linear Zero Knowledge

  15. Sub-linear Zero Knowledge [Kil92,Mic94,Gro10a,Lip12, GGPR13,….] P V pcp / Goal: proof as short as possible snarks

  16. Sub-linear Zero Knowledge [Kil92,Mic94,Gro10a,Lip12, GGPR13,….] P V pcp / Goal: proof as short as possible snarks Problem P’s work depends on size of the input

  17. Sub-linear Zero Knowledge [Kil92,Mic94,Gro10a,Lip12, GGPR13,….] P V pcp / Goal: proof as short as possible snarks Problem P’s work depends on size of the input Circuit-based approaches

  18. Sub-linear Zero Knowledge [Kil92,Mic94,Gro10a,Lip12, GGPR13,….] P V pcp / Goal: proof as short as possible snarks Problem P’s work depends on size of the input Circuit-based approaches

  19. Sub-linear Zero Knowledge [Kil92,Mic94,Gro10a,Lip12, GGPR13,….] P V pcp / Goal: proof as short as possible snarks Problem P’s work depends on size of the input ORAM Circuit-based approaches [GO96…]

  20. Sub-linear amortized Zero-Knowledge [HMR15] P V Setup phase proof phase

  21. Sub-linear amortized Zero-Knowledge [HMR15] P V Setup phase proof phase

  22. Sub-linear amortized Zero-Knowledge [HMR15] P V Setup phase proof phase GC GC GC GC T garbled circuits

  23. Sub-linear amortized Zero-Knowledge [HMR15] P V Setup phase proof phase GC GC GC GC T garbled circuits Problem Setup Phase : O(N) for both !

  24. Sub-linear amortized Zero-Knowledge [HMR15] P V Setup phase proof phase GC GC GC GC T garbled circuits Problem Setup Phase : O(N) for both !

  25. Sub-linear amortized Zero-Knowledge [HMR15] P V Setup phase proof phase Special cases ZK Sets [MRK03] and generalizations [ORS07,..] GC GC GC GC T garbled circuits Problem Setup Phase : O(N) for both !

  26. Our Result

  27. Sulinear Zero-Knowledge for RAM programs Setup Phase V P Proof Phase T = running time work depends only on running time T UC-Secure [based on efficient primitives (GC, Zkboo[GMO16])]

  28. Sulinear Zero-Knowledge for RAM programs Setup Phase V P Proof Phase T = running time work depends only on running time T UC-Secure [based on efficient primitives (GC, Zkboo[GMO16])]

  29. UC-Secure Ideal functionality F zkRAM F zkRAM V P

  30. UC-Secure Ideal functionality F zkRAM F zkRAM Init: M V P

  31. UC-Secure Ideal functionality F zkRAM M F zkRAM Init: M V P

  32. UC-Secure Ideal functionality F zkRAM M F zkRAM Init: M V P Prove: R i , w i

  33. UC-Secure Ideal functionality F zkRAM M’,y ← R i ( M , w i ) M F zkRAM Init: M V P Prove: R i , w i

  34. UC-Secure Ideal functionality F zkRAM M’,y ← R i ( M , w i ) M ’ M F zkRAM Init: M V P Prove: R i , w i

  35. UC-Secure Ideal functionality F zkRAM M’,y ← R i ( M , w i ) M ’ M F zkRAM Init: M R i , y V P Prove: R i , w i

  36. UC-Secure Ideal functionality F zkRAM Challenge: extract M from M’,y ← R i ( M , w i ) M ’ M transcript F zkRAM Init: M R i , y V P Prove: R i , w i

  37. Our technique

  38. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data

  39. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values

  40. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - Garbling

  41. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - Garbling R i

  42. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - Garbling access pattern (i 1, i 2, i 3,.. ) R i

  43. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - Garbling access pattern (i 1, i 2, i 3,.. ) R i prepares T garbled circuits

  44. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - Garbling access pattern (i 1, i 2, i 3,.. ) R i prepares T garbled circuits GC GC GC [JOK13]

  45. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i GC GC GC

  46. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i i 1 GC GC GC

  47. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i i 2 i 1 GC GC GC

  48. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i i 2 i 1 i 3 GC GC GC

  49. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i 0/1 i 2 i 1 i 3 GC GC GC

  50. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i 0/1 i 2 i 1 i 3 GC GC GC y

  51. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i 0/1 i 2 i 1 i 3 GC GC GC y replace used encoding

  52. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data Garbling values - ORAM - “Garbling” access pattern (i 1, i 2, i 3,.. ) R i 0/1 i 2 i 1 i 3 GC GC GC y replace used encoding soundness: V fully controls encoding of the dataset

  53. Sub-linear amortized Zero-Knowledge [HMR15] Setup phase P V Data V should do nothing. Garbling values - ORAM - “Garbling” Soundness….? access pattern (i 1, i 2, i 3,.. ) R i 0/1 i 2 i 1 i 3 GC GC GC y replace used encoding soundness: V fully controls encoding of the dataset

  54. P V Setup phase access pattern (i 1, i 2, i 3,.. ) GC GC GC

  55. P V Setup phase access pattern (i 1, i 2, i 3,.. ) initial data GC GC GC

  56. P V Setup phase access pattern (i 1, i 2, i 3,.. ) ORAM initial data GC GC GC

  57. P V Setup phase encode access pattern (i 1, i 2, i 3,.. ) ORAM initial data GC GC GC

  58. P V Merkle Tree Setup phase encode access pattern (i 1, i 2, i 3,.. ) ORAM initial data GC GC GC

  59. P V Merkle Tree Setup phase encode access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC

  60. P V Merkle Tree Setup phase encode access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC

  61. P V Merkle Tree Setup phase encode access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC

  62. P V Merkle Tree Setup phase encode access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC

  63. P V Merkle Tree Setup phase encode ? access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC 1. Consistency with committed input? (black-box)

  64. P V Merkle Tree Setup phase encode ? access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC 1. Consistency with committed input? (black-box) 2. Extraction committed input?

  65. P V Merkle Tree Setup phase encode ? access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC 1. Consistency with committed input? (black-box) 2. Extraction committed input? 3. “Malicious" ORAM?

  66. P V Merkle Tree Setup phase encode ? access pattern (i 1, i 2, i 3,.. ) ORAM OT initial data GC GC GC 1. Consistency with committed input? (black-box) 2. Extraction committed input? 3. “Malicious" ORAM?

  67. 1. Black box proof of consistency V P y GC GC [GO S V14, IW14]

  68. 1. Black box proof of consistency V P y GC GC encode Reed- Solomon [GO S V14, IW14]

  69. 1. Black box proof of consistency V P commit y GC GC encode Reed- Solomon [GO S V14, IW14]

  70. 1. Black box proof of consistency V P Merkle Tree commit y GC GC encode Reed- Solomon [GO S V14, IW14]

  71. 1. Black box proof of consistency V P Merkle Tree commit codeword y GC GC encode Reed- Solomon i 1 [GO S V14, IW14]

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Short Pairing-based Non-interactive Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In a zero knowledge protocol a prover can convince a verifier that some statement is true without leaking any side

628 views • 14 slides
Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay October 15, 2019 1 / 24 zkSNARKs Arguments ZK proofs

435 views • 24 slides
Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 3: Sublinear in Time 2-1 Sublinear in

Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 3: Sublinear in Time 2-1 Sublinear in

Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 3: Sublinear in Time 2-1 Sublinear in time Given a social network graph, if we have no time to ask everyone, can we still compute something non-trivial? For example, the average # of

557 views • 26 slides
Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 2: Sublinear in Communication 2-1

Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 2: Sublinear in Communication 2-1

Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 2: Sublinear in Communication 2-1 Sublinear in communication x 2 = 111011 x 1 = 010011 The model x 3 = 111111 x k = 100011 They want to jointly compute f ( x 1 , x 2 , . . . , x k ) Goal:

819 views • 70 slides
Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli,

Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli,

Sub-Linear Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli, Rafael del Pino, Jens Groth and Vadim Lyubashevsky Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits 2

712 views • 33 slides
Lattice-Based Zero-Knowledge Arguments for Integer Relations t Libert 1 San Ling 2 Khoa Nguyen 2

Lattice-Based Zero-Knowledge Arguments for Integer Relations t Libert 1 San Ling 2 Khoa Nguyen 2

Lattice-Based Zero-Knowledge Arguments for Integer Relations t Libert 1 San Ling 2 Khoa Nguyen 2 Huaxiong Wang 2 Beno 1 CNRS and ENS Lyon, France 2 Nanyang Technological University, Singapore CRYPTO 2018, 20 August 2018 Zero-Knowledge

422 views • 30 slides
On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger Pedase Theory Day, 04.10.2003 On Diophantine Complexity and SZK Arguments, Helger Lipmaa 1

501 views • 24 slides
Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science,

Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science,

Our result Features A peak under the hood Summary Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science, Technion DIMACS Workshop on Outsourcing Computation Securely Joint work with Eli Ben-Sasson, Iddo

599 views • 32 slides
Transferring knowledge from discourse to arguments: A case study with scientific abstracts Pablo

Transferring knowledge from discourse to arguments: A case study with scientific abstracts Pablo

Transferring knowledge from discourse to arguments: A case study with scientific abstracts Pablo Accuosto Horacio Saggion Large-Scale Text Understanding Systems Lab, NLP Group (LaSTUS/TALN) Universitat Pompeu Fabra ArgMining 2019 ACL

639 views • 33 slides
B669 Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 1: Sublinear in Space 2-1 The model

B669 Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 1: Sublinear in Space 2-1 The model

B669 Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 1: Sublinear in Space 2-1 The model and challenge The data stream model (Alon, Matias and Szegedy 1996) RAM a n a 2 a 1 CPU Why hard? Cannot store everything. Applications : Internet

702 views • 34 slides
B669 Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 1: Sublinear in Space 2-1 The model

B669 Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 1: Sublinear in Space 2-1 The model

B669 Sublinear Algorithms for Big Data Qin Zhang 1-1 Part 1: Sublinear in Space 2-1 The model and challenge The data stream model (Alon, Matias and Szegedy 1996) RAM a n a 2 a 1 CPU Why hard? Cannot store everything. Applications : Internet

718 views • 69 slides
Classical arguments that for us is a PP complement of easy The following arguments are the

Classical arguments that for us is a PP complement of easy The following arguments are the

Classical arguments that for us is a PP complement of easy The following arguments are the principle bases for the claim that tough predicates select the control complement structure, along with a brief indication of why these arguments fail to

330 views • 8 slides
Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and

Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and

Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures without Trapdoors t Libert 1 San Ling 2 Khoa Nguyen 2 Huaxiong Wang 2 Beno 1 Ecole Normale Sup erieure de Lyon (France) 2

681 views • 33 slides
Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption t Libert

Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption t Libert

Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption t Libert 1 San Ling 2 Fabrice Mouhartem 1 Beno Khoa Nguyen 2 Huaxiong Wang 2 1 Ecole Normale Sup erieure de Lyon (France) 2 Nanyang Technological

618 views • 46 slides
Random Local Exploration Techniques for Sublinear-Time Algorithms Krzysztof Onak IBM Research

Random Local Exploration Techniques for Sublinear-Time Algorithms Krzysztof Onak IBM Research

Random Local Exploration Techniques for Sublinear-Time Algorithms Krzysztof Onak IBM Research Sublinear-Time Algorithms BIG DATA Sublinear-Time Algorithms Sublinear-time algorithms: Fast answer based on inspecting a tiny fraction of the

2.05k views • 152 slides
L ECTURE 2 Last time Introduction Basic models for sublinear-time computation Simple

L ECTURE 2 Last time Introduction Basic models for sublinear-time computation Simple

Sublinear Algorithms L ECTURE 2 Last time Introduction Basic models for sublinear-time computation Simple examples of sublinear algorithms Today Properties of lists and functions. Testing if a list is sorted/Lipschitz and if a

266 views • 24 slides
Combining predicate transformer semantics for efgects A case study in parsing regular languages

Combining predicate transformer semantics for efgects A case study in parsing regular languages

Combining predicate transformer semantics for efgects A case study in parsing regular languages Anne Baanen Wouter Swierstra Vrije Universiteit Amsterdam Utrecht University 1 Algebraic efgects Algebraic efgects separate the syntax and

669 views • 31 slides
Think. . . . . . of simply typed lambda calculus extended with a boolean type Bool

Think. . . . . . of simply typed lambda calculus extended with a boolean type Bool

Normalization by Evaluation for , 2 Thorsten Altenkirch Tarmo Uustalu Workshop on NbE, Tallinn, 17 April 2004 1 Think. . . . . . of simply typed lambda calculus extended with a boolean type Bool (but

538 views • 27 slides
For next class, install LaTeX (pronounced "LAH-tech") CS 252: Advanced Programming

For next class, install LaTeX (pronounced "LAH-tech") CS 252: Advanced Programming

For next class, install LaTeX (pronounced "LAH-tech") CS 252: Advanced Programming Language Principles Operational Semantics, Continued Prof. Tom Austin San Jos State University Review: Higher order functions lab Review: Bool*

572 views • 28 slides
Words: Surface Variation and Automata CMSC 35100 Natural Language Processing April 3, 2003

Words: Surface Variation and Automata CMSC 35100 Natural Language Processing April 3, 2003

Words: Surface Variation and Automata CMSC 35100 Natural Language Processing April 3, 2003 Roadmap The NLP Pipeline Words: Surface variation and automata Motivation: Morphological and pronunciation variation Mechanisms:

688 views • 29 slides
The Scattering Equations in Curved Space Tim Adamo DAMTP, University of Cambridge New Geometric

The Scattering Equations in Curved Space Tim Adamo DAMTP, University of Cambridge New Geometric

The Scattering Equations in Curved Space Tim Adamo DAMTP, University of Cambridge New Geometric Structures in Scattering Amplitudes 22 September 2014 Work with E. Casali & D. Skinner [arXiv:1409.????] T Adamo (DAMTP) Scattering Eqns +

777 views • 60 slides
In-medium 3 decay width and chiral restoration in nuclear medium Shuntaro Sakai (Kyoto

In-medium 3 decay width and chiral restoration in nuclear medium Shuntaro Sakai (Kyoto

1 In-medium 3 decay width and chiral restoration in nuclear medium Shuntaro Sakai (Kyoto Univ.) Teiji Kunihiro (Kyoto Univ.) S.S. and Teiji Kunihiro, arXiv: 1512.04000 [nucl-th] (accepted in Prog. Theor. Exp. Phys.) 2 Contents

208 views • 17 slides
Partially Composite Higgs in Supersymmetry Ryuichiro Kitano (Tohoku U.) based on 1206.4053

Partially Composite Higgs in Supersymmetry Ryuichiro Kitano (Tohoku U.) based on 1206.4053

Partially Composite Higgs in Supersymmetry Ryuichiro Kitano (Tohoku U.) based on 1206.4053 [hep-ph] (with Markus Luty and Yuichiro Nakai) SCGT12, December 4-7, 2012, Nagoya, Japan The Higgs boson 126GeV light? heavy? For MSSM believers

327 views • 21 slides
Clustering in the N=4 SYM three point function D. Serban w/ Y. Jiang, S. Komatsu, I. Kostov,

Clustering in the N=4 SYM three point function D. Serban w/ Y. Jiang, S. Komatsu, I. Kostov,

Clustering in the N=4 SYM three point function D. Serban w/ Y. Jiang, S. Komatsu, I. Kostov, arXiv:1604.03575 Overview Introduction: AdS/CFT integrability The three point function proposal by [Basso, Komatsu, Vieira, 15] Simple

358 views • 22 slides

More recommend