work or knowledge
play

Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas - PowerPoint PPT Presentation

Feb 08, 2023 โ€ข182 likes โ€ข984 views

Indistinguishable Proofs of Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang ASIACRYPT 2016 8th December, Hanoi, Vietnam Motivation (ZK) Proofs of Knowledge - PoK Statement: Prover

  1. Indistinguishable Proofs of Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang ASIACRYPT 2016 8th December, Hanoi, Vietnam

  2. Motivation

  3. (ZK) Proofs of Knowledge - PoK Statement: ๐‘ฆ โˆˆ ๐‘€ โ‹ฎ Prover Verifier Witness: ๐’™ Accept/Reject Accept/Reject 1) Completeness: the verifier always accepts a valid proof 2) PoK: for any convincing verifier, we can extract ๐’™ 3) Prover privacy is preserved via some ZK variant

  4. Schnorr Identification โ€“ PoK of DLog Parameters: ๐‘•, ๐‘Ÿ Statement: โˆƒ๐‘ก๐‘™: ๐‘ž๐‘™ = ๐‘• ๐‘ก๐‘™ Prover Verifier Witness: ๐‘ก๐‘™ ๐‘ pick ๐‘ข โˆˆ ๐‘Ž ๐‘Ÿ pick ๐‘‘ โˆˆ ๐‘Ž๐‘Ÿ ๐‘‘ ๐‘ = ๐‘•๐‘ข ๐‘  ๐‘  = ๐‘ข + ๐‘‘ โˆ™ ๐‘ก๐‘™ Check if ๐‘• ๐‘  = ๐‘ โˆ™ (๐‘ž๐‘™) ๐‘‘

  5. Schnorr Identification โ€“ PoK of DLog Parameters: ๐‘•, ๐‘Ÿ Statement: โˆƒ๐‘ก๐‘™: ๐‘ž๐‘™ = ๐‘• ๐‘ก๐‘™ Prover Verifier Witness: ๐‘ก๐‘™ Schnorr identification is a Sigma protocol that achieves special soundness and honest-verifier ZK

  6. Some motivating thoughts โ€ฆ โ€ข PoK of DLog convinces us that the prover actually has the witness.

  7. Some motivating thoughts โ€ฆ โ€ข PoK of DLog convinces us that the prover actually has the witness. โ€ข But how did the prover manage to convince us? ๏‚ง Did it run efficiently because it had knowledge of the witness OR ๏‚ง Did it work for a (superpolynomial) amount of a time to solve the given DLog problem?

  8. Reducing Spam โ€œ If I don โ€™ t know you and you want to send me a message, then you must prove that you spent, say, ten seconds of CPU time, just for me and just for this message โ€ [DN92]

  9. Reducing Spam โ€œIf I donโ€™t know you and you want to send me a message, then you must prove that you spent, say, ten seconds of CPU time, just for me and just for this messageโ€ [DN92] email Server I am an approved contact Alice Verifier Bob Approved contacts: - Alice - ...

  10. Reducing Spam โ€œIf I donโ€™t know you and you want to send me a message, then you must prove that you spent, say, ten seconds of CPU time, just for me and just for this messageโ€ [DN92] email Server I am an approved contact Alice Verifier Bob Not approved! Approved contacts: - Alice Eve - ...

  11. Reducing Spam โ€œ If I don โ€™ t know you and you want to send me a message, then you must prove that you spent, say, ten seconds of CPU time, just for me and just for this message โ€ [DN92] email Server Mail server distinguishes between I am an approved contact Alice approved and non-approved contacts!! Verifier Bob Not approved! Approved contacts: - Alice Eve - ...

  12. Reducing Spam Where Email approval is done in a privacy-preserving manner! email Server I am an approved contact Alice Verifier Bob Not approved! Approved contacts: - Alice Eve - ...

  13. Reducing spam in a privacy-preserving way 1. For senders to have access, they must prove that either โ—‹ know some secret that implies their relation with the receiver OR โ—‹ has spent a certain amount of work in terms of computational resources.

  14. Reducing spam in a privacy-preserving way 1. For senders to have access, they must prove that either โ—‹ know some secret that implies their relation with the receiver OR โ—‹ has spent a certain amount of work in terms of computational resources. 2. The proverโ€™s mode that provided access to the sender, remains unknown to the mail server.

  15. Proofs of Work - PoW Task/Puzzle Prover Verifier solution Accept/Reject

  16. Proofs of Work - PoW Task/Puzzle Prover Verifier solution Accept The verifier ascertains that the prover performed some certain amount of work, given the difficulty of the puzzle parameters

  17. Proofs of Work or Knowledge (PoWorKs) Statement: ๐‘ฆ โˆˆ ๐‘€ PoK: Prover Verifier Prover either knows a witness to the statement PoW: or performed work to solve a puzzle Prover

  18. Indistinguishable Proofs of Work or Knowledge (PoWorKs) Statement: ๐‘ฆ โˆˆ ๐‘€ PoK: Prover Verifier Prover either knows a witness to the statement PoW: or performed work to solve a puzzle Prover

  19. Our contributions

  20. Our contributions ๏ถ We define cryptographic puzzle systems .

  21. Our contributions ๏ถ We define cryptographic puzzle systems. ๏ถ We define PoWorKs w.r.t. some language in NP and a fixed puzzle system.

  22. Our contributions ๏ถ We define cryptographic puzzle systems. ๏ถ We define PoWorKs w.r.t. some language in NP and a fixed puzzle system. ๏ถ We provide an efficient 3-move PoWorK construction .

  23. Our contributions ๏ถ We define cryptographic puzzle systems. ๏ถ We define PoWorKs w.r.t. some language in NP and a fixed puzzle system. ๏ถ We provide an efficient 3-move PoWorK construction. ๏ถ We provide two puzzle system instantiations (one in the RO model and one under complexity assumptions).

  24. Our contributions ๏ถ We define cryptographic puzzle systems. ๏ถ We define PoWorKs w.r.t. some language in NP and a fixed puzzle system. ๏ถ We provide an efficient 3-move PoWorK construction. ๏ถ We provide two puzzle system instantiations (one in the RO model and one under complexity assumptions). ๏ถ We present applications of PoWorKs in 1. Privacy-preserving reduce spam . 2. Robustness in cryptocurrencies . 3. 3-round concurrently simulatable arguments of knowledge.

  25. Cryptographic puzzles

  26. Cryptographic Puzzles Basic properties: 1) Easy to generate and efficiently sampleable 2) Hard to solve 3) Easy to verify 4) Amortization resistant

  27. Cryptographic Puzzles Basic properties: 1) Easy to generate and efficiently sampleable 2) Hard to solve 3) Easy to verify 4) Amortization resistant 5) Dense (can be sampled by just generating random strings )

  28. Cryptographic Puzzles We do not restrict parallelizability of our puzzles!

  29. Dense Cryptographic Puzzles Puzzle Space ๐‘ธ๐‘ป , Solution Space ๐‘ป๐‘ป , Hardness space ๐‘ฐ๐‘ป PuzSys = {Sample, Solve , SampleSol, Verify} hardness parameter โ— Sample (๐’Š) โˆ’> ๐’’๐’—๐’œ โˆˆ ๐‘ธ๐‘ป โ— Solve (๐’Š, ๐’’๐’—๐’œ) โˆ’> ๐’•๐’‘๐’Ž๐’ โˆˆ ๐‘ป๐‘ธ โ— SampleSol (๐’Š) โˆ’> (๐’’๐’—๐’œ, ๐’•๐’‘๐’Ž๐’) โ— Verify (๐’Š, ๐’’๐’—๐’œ, ๐’•๐’‘๐’Ž๐’) โˆ’> ๐‘ข๐‘ ๐‘ฃ๐‘“/๐‘”๐‘๐‘š๐‘ก๐‘“

  30. Dense Cryptographic Puzzles Puzzle Space ๐‘ธ๐‘ป , Solution Space ๐‘ป๐‘ป , Hardness space ๐‘ฐ๐‘ป PuzSys = {Sample, Solve , SampleSol, Verify} hardness parameter โ— Sample (๐’Š) โˆ’> ๐’’๐’—๐’œ โˆˆ ๐‘ธ๐‘ป โ— Solve (๐’Š, ๐’’๐’—๐’œ) โˆ’> ๐’•๐’‘๐’Ž๐’ โˆˆ ๐‘ป๐‘ธ โ— SampleSol (๐’Š) โˆ’> (๐’’๐’—๐’œ, ๐’•๐’‘๐’Ž๐’) โ— Verify (๐’Š, ๐’’๐’—๐’œ, ๐’•๐’‘๐’Ž๐’) โˆ’> ๐‘ข๐‘ ๐‘ฃ๐‘“/๐‘”๐‘๐‘š๐‘ก๐‘“

  31. Cryptographic Puzzles Security PuzSys = {Sample, Solve, SampleSol, Verify} 1) Completeness/Correctness and Efficient Sampleability of Sample and SampleSol

  32. Cryptographic Puzzles Security PuzSys = {Sample, Solve , SampleSol, Verify} 1) Completeness and Efficient sampleability of Sample and SampleSol 2) ๐’‰ -Hardness:

  33. Cryptographic Puzzles Security PuzSys = {Sample, Solve , SampleSol, Verify} 1) Completeness and Efficient Sampleability of Sample and SampleSol 2) ๐’‰ -Hardness: PuzSys is ๐’‰ -hard , if for every adversary: ๐’Š, ๐’’๐’—๐’œ ๐’’๐’—๐’œ < โˆ’ Sample (๐’Š) ๐’•๐’‘๐’Ž๐’ Verify (๐’Š, ๐’’๐’—๐’œ, ๐’•๐’‘๐’Ž๐’) โˆ’> ๐‘ข๐‘ ๐‘ฃ๐‘“ ๐‘ผ๐’‹๐’๐’‡ ๐‘ฉ๐’†๐’˜๐’‡๐’”๐’•๐’ƒ๐’”๐’› (๐’Š, ๐’’๐’—๐’œ) < ๐’‰ (๐‘ผ๐’‹๐’๐’‡ ๐“๐ฉ๐ฆ๐ฐ๐Ÿ (๐’Š, ๐’’๐’—๐’œ)) With negligible probability

  34. Cryptographic Puzzles Security PuzSys = {Sample, Solve , SampleSol, Verify} 1) Completeness and Efficient sampleability of Sample and SampleSol 2) ๐’‰ -Hardness 3) Statistical indistinguishability of Sample and SampleSol

  35. Cryptographic Puzzles Security PuzSys = {Sample, Solve , SampleSol, Verify} 1) Completeness and Efficient sampleability of Sample and SampleSol 2) ๐’‰ -Hardness 3) Statistical indistinguishability of Sample and SampleSol 4) (๐’–, ๐’) โˆ’ amortization resistance ๐’Š, ๐’’๐’—๐’œ ๐Ÿ , โ€ฆ , ๐’’๐’—๐’œ๐’ ๐’’๐’—๐’œ ๐Ÿ , โ€ฆ , ๐’’๐’—๐’œ๐’ < โˆ’ Sample (๐’Š) ๐’•๐’‘๐’Ž๐’ ๐Ÿ , โ€ฆ , ๐’•๐’‘๐’Ž๐’๐’ for all 1 < ๐‘— < ๐‘™ Verify (๐’Š, ๐’’๐’—๐’œ๐’‹, ๐’•๐’‘๐’Ž๐’๐’‹) โˆ’> ๐‘ข๐‘ ๐‘ฃ๐‘“ ๐’ ๐‘ผ๐’‹๐’๐’‡ ๐‘ฉ๐’†๐’˜๐’‡๐’”๐’•๐’ƒ๐’”๐’› (๐’Š, ๐’’๐’—๐’œ) < ๐’–(เท ๐’‰ (๐‘ผ๐’‹๐’๐’‡๐‘ป๐’‘ ๐’Ž๐’˜๐’‡ (๐’Š, ๐’’๐’—๐’œ๐’‹)) ๐’‹=๐Ÿ With negligible probability

  36. PoWorKs

  37. PoWorK Definition (๐‘„, ๐‘Š) is an f -sound PoWorK for ๐‘€ โˆˆ ๐‘ถ๐‘ธ w.r.t. witness relation ๐‘† ๐‘€ and PuzSys , if it achieves the following properties:

  38. PoWorK Definition (๐‘„, ๐‘Š) is an f -sound PoWorK for ๐‘€ โˆˆ ๐‘ถ๐‘ธ w.r.t. witness relation ๐‘† ๐‘€ and PuzSys , if it achieves the following properties: โˆ— , ๐’Š โˆˆ ๐ผ๐‘‡ 1) Completeness: for all ๐’š โˆˆ ๐‘€, ๐’™ โˆˆ ๐‘†๐‘€ ๐‘ฆ , ๐’œ โˆˆ 0,1 Pr[< ๐‘„(๐’™) โ†” ๐‘Š > (๐’š, ๐’œ, ๐’Š); ๐‘Š โ†’ โ€œ accept โ€] = 1 โˆ’ negl(๐œ‡) & Pr[< ๐‘„ Solve ( h ) โ†” ๐‘Š > ๐’š, ๐’œ, ๐’Š ; ๐‘Š โ†’ โ€œ accept โ€] = 1 โˆ’ negl(๐œ‡)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AUTOMATING KNOWLEDGE WORK WITH LARGE-SCALE KNOWLEDGE GRAPHS 2018 Strata Data Conference, New

AUTOMATING KNOWLEDGE WORK WITH LARGE-SCALE KNOWLEDGE GRAPHS 2018 Strata Data Conference, New

AUTOMATING KNOWLEDGE WORK WITH LARGE-SCALE KNOWLEDGE GRAPHS 2018 Strata Data Conference, New York Mike Tung, Founder &amp; CEO What youll learn in this talk An architecture for future knowledge work What is a Knowledge Graph? A

478 views โ€ข 36 slides
SLA at 100: From Putting Knowledge to Work to Building the Knowledge Culture Guy St. Clair

SLA at 100: From Putting Knowledge to Work to Building the Knowledge Culture Guy St. Clair

SLA at 100: From Putting Knowledge to Work to Building the Knowledge Culture Guy St. Clair It all began with an idea, the idea that specialist librarians were different. The people we today call information professionals and

582 views โ€ข 11 slides
Towards Analytical Data and Knowledge . . . Knowledge . . . Techniques for Optimizing Resulting

Towards Analytical Data and Knowledge . . . Knowledge . . . Techniques for Optimizing Resulting

Introduction Outline Sensor Placement: . . . Towards Analytical Data and Knowledge . . . Knowledge . . . Techniques for Optimizing Resulting Geometric . . . How to Use the . . . Knowledge Acquisition, Future Work Processing, Propagation,

778 views โ€ข 60 slides
Semant ic Knowledge f or Semant ic Knowledge f or Text ual Ent ailment Text ual Ent ailment

Semant ic Knowledge f or Semant ic Knowledge f or Text ual Ent ailment Text ual Ent ailment

Semant ic Knowledge f or Semant ic Knowledge f or Text ual Ent ailment Text ual Ent ailment Bernardo Magnini J oint work wit h: Elena Cabrio, Milen Kouylekov, Mat t eo Negri FBK-I rst Trent o, I t aly NSF Symposium on Semant ic Knowledge

467 views โ€ข 11 slides
Selfish Load Balancing under Partial Knowledge Panagiota N. Panagopoulou Research Academic

Selfish Load Balancing under Partial Knowledge Panagiota N. Panagopoulou Research Academic

The Model Zero Knowledge Arbitrary Knowledge Full Knowledge Selfish Load Balancing under Partial Knowledge Panagiota N. Panagopoulou Research Academic Computer Technology Institute University of Patras, Greece panagopp@cti.gr joint work

961 views โ€ข 31 slides
KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the

KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the

KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the process of extracting knowledge from whatever source including document, manuals, case studies, etc. Knowledge elicitation is a type of the

373 views โ€ข 26 slides
Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Short Pairing-based Non-interactive Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In a zero knowledge protocol a prover can convince a verifier that some statement is true without leaking any side

628 views โ€ข 14 slides
Digital Me Leveraging your digital footprint to track your time Mats Sj oberg March 28, 2017

Digital Me Leveraging your digital footprint to track your time Mats Sj oberg March 28, 2017

Digital Me Leveraging your digital footprint to track your time Mats Sj oberg March 28, 2017 Quantified Employee 2017 Seminar Knowledge work is changing Tuukka Lehtiniemi et al, Trends of Knowledge Work and Needs for Knowledge Work

422 views โ€ข 15 slides
Global Knowledge Management Knowledge Representation Jan M. Pawlowski Autumn 2013 Licensing:

Global Knowledge Management Knowledge Representation Jan M. Pawlowski Autumn 2013 Licensing:

Global Knowledge Management Knowledge Representation Jan M. Pawlowski Autumn 2013 Licensing: Creative Commons You are free: to Share to copy, distribute and transmit Collaborative Course Development! the work Thanks to my colleagues Prof.

510 views โ€ข 30 slides
Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge

Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge

CPE/CSC 580-S06 Artificial Intelligence Intelligent Agents Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge wumpus world example of knowledge-based agents knowledge representation language

325 views โ€ข 31 slides
What does it mean to know a work of architecture, or anything? Knowledge is tied to what

What does it mean to know a work of architecture, or anything? Knowledge is tied to what

What does it mean to know a work of architecture, or anything? Knowledge is tied to what a thing does. Example: Ear What makes an ear an ear? It allows something to hear. If it does not do this, its not an ear. We do not

846 views โ€ข 47 slides
OUTLINE CAPITALIZATION OF COLLECTIVE KNOWLEDGE: Knowledge management and Knowledge

OUTLINE CAPITALIZATION OF COLLECTIVE KNOWLEDGE: Knowledge management and Knowledge

OUTLINE CAPITALIZATION OF COLLECTIVE KNOWLEDGE: Knowledge management and Knowledge Engineering FROM KNOWLEDGE Definitions ENGINEERING, MULTI- Process AGENTS TO CSCW AND SOCIO Knowledge Capitalization approaches Cooperative

976 views โ€ข 51 slides
Common Knowledge AND Global Games 1 This talk combines common knowledge with global games

Common Knowledge AND Global Games 1 This talk combines common knowledge with global games

Common Knowledge AND Global Games 1 This talk combines common knowledge with global games another advanced branch of game theory See Stephen Morriss work 2 Today well go back to a puzzle that arose during the Hawk-Dove lecture:

503 views โ€ข 35 slides
Plan for today Knowledge-based systems 1 Explicit knowledge Knowledge Representation Inferred

Plan for today Knowledge-based systems 1 Explicit knowledge Knowledge Representation Inferred

Knowledge Representation Knowledge Representation Plan for today Knowledge-based systems 1 Explicit knowledge Knowledge Representation Inferred knowledge Domain-specific stuff A very brief intro Changing premises Uncertainty Jacek Malec

179 views โ€ข 13 slides
Plan for today Knowledge-based systems 1 Tacit knowledge Knowledge Representation Inferred

Plan for today Knowledge-based systems 1 Tacit knowledge Knowledge Representation Inferred

Knowledge Representation Knowledge Representation Plan for today Knowledge-based systems 1 Tacit knowledge Knowledge Representation Inferred knowledge Domain-specific stuff A very brief intro Changing premises Uncertainty Jacek Malec

265 views โ€ข 13 slides
Texts as Knowledge Bases Christopher Manning Joint work with Gabor Angeli and Danqi Chen

Texts as Knowledge Bases Christopher Manning Joint work with Gabor Angeli and Danqi Chen

Texts as Knowledge Bases Christopher Manning Joint work with Gabor Angeli and Danqi Chen Stanford NLP Group @chrmanning @stanfordnlp AKBC 2016 Machine Comprehension = Machine has an Augmented Knowledge Base A machine comprehends a

567 views โ€ข 37 slides
Sending E-Mail Today MX Priority #1 SMTP Exchange

Sending E-Mail Today MX Priority #1 SMTP Exchange

DANE and SMTP: TLS Protec4on for SMTP Using DANE and DNSSEC Russ Mundy &amp; Wes Hardaker Parsons &lt;Russ.Mundy@parsons.com&gt; &lt;mundy@4slabs.com&gt; 7/17/13

481 views โ€ข 9 slides
Job Search Youth Employment Services provides inclusive employment services for youth between 16

Job Search Youth Employment Services provides inclusive employment services for youth between 16

Job Search Youth Employment Services provides inclusive employment services for youth between 16 and 29. Our purpose is to prepare youth in realizing their potential to become self-sufficient. Aim Know how to plan your job search and where to

212 views โ€ข 6 slides
Internationalisation of the Curriculum. Linda Renton. Senior Lecturer. Queen Margaret

Internationalisation of the Curriculum. Linda Renton. Senior Lecturer. Queen Margaret

Internationalisation of the Curriculum. Linda Renton. Senior Lecturer. Queen Margaret University, Edinburgh, Scotland. Linda BM Renton. Email: lrenton@ qmu.ac.uk Images sourced from https://search.creativecommons.org/ Introduction. 24 th

526 views โ€ข 34 slides
Online Marketing for Christian Schools Core Clarity What is the role of your schools website,

Online Marketing for Christian Schools Core Clarity What is the role of your schools website,

Online Marketing for Christian Schools Core Clarity What is the role of your schools website, email, and social media? How can you optimize these tools to get the most effective marketing? List on an index card: your name the name of your

562 views โ€ข 23 slides
Its Time Is Here David G. Ries John W. Simek David G. Ries dries@clarkhill.com 412.394.7787 John

Its Time Is Here David G. Ries John W. Simek David G. Ries dries@clarkhill.com 412.394.7787 John

Encryption for Lawyers : Its Time Is Here David G. Ries John W. Simek David G. Ries dries@clarkhill.com 412.394.7787 John W. Simek jsimek@senseient.com 703.359.0700 2 A-orneys Avoid Encryp6on Encryptio n 10 FT 3 A-orneys Avoid Encryp6on

937 views โ€ข 73 slides
2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal

2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal

2019 Cybersecurity Report Beyond Obfuscation: The Defense Industrys Position within Federal Cybersecurity Policy About the Report Section I: Illustrations of Cyber Threats and Vulnerabilities Section II: Policy Response to Cyber Risk

249 views โ€ข 20 slides
Beta Presentation Information Technology Assessment Toolkit The Capstone Experience Team IBM

Beta Presentation Information Technology Assessment Toolkit The Capstone Experience Team IBM

Beta Presentation Information Technology Assessment Toolkit The Capstone Experience Team IBM Adam Koshorek Alex Hanlon Connor Gilbert Eunbong Yang Department of Computer Science and Engineering Michigan State University Fall 2013 From

199 views โ€ข 7 slides
Distributed Computing at Hai.Thai@rackspace.com About: Me ME About: Me ME 09 Tech grad

Distributed Computing at Hai.Thai@rackspace.com About: Me ME About: Me ME 09 Tech grad

Distributed Computing at Hai.Thai@rackspace.com About: Me ME About: Me ME 09 Tech grad B.S. Computer Engineering 4 years at rackspace About: Rackspace About: Rackspace Managed + Cloud hosting Cloud Applications: Email

527 views โ€ข 30 slides

More recommend