zero knowledge arguments
play

Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, - PowerPoint PPT Presentation

Mar 29, 2023 •370 likes •712 views

Sub-Linear Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli, Rafael del Pino, Jens Groth and Vadim Lyubashevsky Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits 2

  1. Sub-Linear Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits Carsten Baum, Jonathan Bootle, Andrea Cerulli, Rafael del Pino, Jens Groth and Vadim Lyubashevsky

  2. Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits 2

  3. Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits Commitment/hash from SIS: = • Binding/collision resistant by SIS • Hiding by Leftover Hash Lemma • Homomorphic • Compressing [A96] 3

  4. Lattice-Based Statement Zero-Knowledge Arguments for Arithmetic Circuits Witness Prover Verifier 4

  5. Lattice-Based Statement Zero-Knowledge Arguments for Arithmetic Circuits Witness Prover Verifier 5

  6. Lattice-Based Statement Zero-Knowledge Arguments for Arithmetic Circuits Completeness: An honest prover Prover Verifier convinces the verifier. 6

  7. Lattice-Based Statement Zero-Knowledge Arguments for Arithmetic Circuits Soundness: A dishonest prover never convinces the verifier. Completeness: An honest prover Prover Verifier Computational guarantee convinces the verifier. -> argument 7

  8. Lattice-Based Statement Zero-Knowledge Arguments for Arithmetic Circuits Knowledge Soundness: The prover must know a witness to convince the Completeness: verifier. An honest prover Prover Verifier -> Proof/argument convinces the verifier. of knowledge 8

  9. Lattice-Based Statement Zero-Knowledge Arguments for Arithmetic Circuits Witness Knowledge Soundness: The prover must know a witness to convince the Completeness: verifier. An honest prover Prover Verifier -> Proof/argument convinces the verifier. Zero-knowledge: of knowledge 9 Nothing but the truth of the statement is revealed.

  10. Lattice-Based Zero-Knowledge Arguments for Arithmetic Circuits 3 Why arithmetic circuits? • C to circuit compilers Statement • Models cryptographic computations • Witness existence? NP-Complete Witness 10

  11. Lattice-Based Statement Zero-Knowledge Arguments for Arithmetic Circuits Interaction Prover Verifier Communication Computation Computation Prover Verifier Cryptographic 11 Assumption

  12. Results Table Expected Communication Prover Verifier # Moves Complexity Complexity [DL12] [BKLP15] This Work 12

  13. Arithmetic Circuit Argument Featured in prior works Arithmetic Circuits DLOG Protocols Information Theoretic Proofs Matrix Equations The interesting parts Extension Fields Polynomials Proof of Knowledge Commitments Rejection Sampling Protocol 13

  14. Proof of Knowledge Statement Witness 14

  15. Proof of Knowledge … 15

  16. Typical Proofs of Knowledge Completeness: Knowledge Soundness: Soundness None for us* Slack 16

  17. Simplistic Protocol P V Rejection Sampling 17

  18. Our Protocol 18

  19. Our Protocol 19

  20. Proof-of-Knowledge Performance Expected Communication Prover Verifier # Moves Complexity Complexity [BDLN16] [CDXY17] This Work This Work 20

  21. Arithmetic Circuit Argument Arithmetic Circuits Matrix Equations Extension Fields Polynomials Proof of Knowledge Commitments Rejection Sampling Protocol 21

  22. High Level Structure L R O 3 5 15 7 5 O = 15 12 180 15 12 5 7 12 + = 180 22

  23. High Level Structure L R O 3 5 15 7 5 O = 15 12 180 15 12 5 7 12 + = 180 23

  24. High Level Structure L R O O = + = 24

  25. High Level Structure L R O O = + = 25

  26. Matrix Dimensions ~√N ~√N ~√N ~√N 26

  27. Paradigm from Previous Arguments 2 6 6 2 0 1 9 2 7 4 5 3 7 2 8 3 6 1 6 9 5 7 6 7 1 4 2 6 8 3 6 3 7 2 7 5 3 2 4 7 5 2 8 7 3 1 0 4 7 3 27

  28. Protocol Flow 1. Commit to wire values P V 2. Commit to polynomial coefficients 3. Commit to mod p correction factors Check size bounds and linear combinations 4. Compute linear combinations, do , Proof of Knowledge rejection sampling, proof of knowledge

  29. Protocol Flow √N √N P V √N √N O(1) √N O(1) , Proof of Knowledge

  30. Parameter Choice q, modulus for SIS Polynomial- binding space for SIS commitments sized gap maximum size of openings from knowledge-extractor maximum size of honest prover committed values p, arithmetic circuits modulo p 30

  31. Additional Issues Schwarz-Zippel Lemma: Not negligible! Negligible! Empty Empty Rubbish Rubbish 31

  32. 32

  33. Thanks! Expected Communication Prover Complexity Verifier Complexity # Moves • General Statements • Sub-linear proofs • Relies on SIS 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Short Pairing-based Non-interactive Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In a zero knowledge protocol a prover can convince a verifier that some statement is true without leaking any side

628 views • 14 slides
Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran

Zero Knowledge Succinct Noninteractive ARguments of Knowledge Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay October 15, 2019 1 / 24 zkSNARKs Arguments ZK proofs

435 views • 24 slides
Lattice-Based Zero-Knowledge Arguments for Integer Relations t Libert 1 San Ling 2 Khoa Nguyen 2

Lattice-Based Zero-Knowledge Arguments for Integer Relations t Libert 1 San Ling 2 Khoa Nguyen 2

Lattice-Based Zero-Knowledge Arguments for Integer Relations t Libert 1 San Ling 2 Khoa Nguyen 2 Huaxiong Wang 2 Beno 1 CNRS and ENS Lyon, France 2 Nanyang Technological University, Singapore CRYPTO 2018, 20 August 2018 Zero-Knowledge

422 views • 30 slides
On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger Pedase Theory Day, 04.10.2003 On Diophantine Complexity and SZK Arguments, Helger Lipmaa 1

501 views • 24 slides
Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science,

Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science,

Our result Features A peak under the hood Summary Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science, Technion DIMACS Workshop on Outsourcing Computation Securely Joint work with Eli Ben-Sasson, Iddo

599 views • 32 slides
Transferring knowledge from discourse to arguments: A case study with scientific abstracts Pablo

Transferring knowledge from discourse to arguments: A case study with scientific abstracts Pablo

Transferring knowledge from discourse to arguments: A case study with scientific abstracts Pablo Accuosto Horacio Saggion Large-Scale Text Understanding Systems Lab, NLP Group (LaSTUS/TALN) Universitat Pompeu Fabra ArgMining 2019 ACL

639 views • 33 slides
Classical arguments that for us is a PP complement of easy The following arguments are the

Classical arguments that for us is a PP complement of easy The following arguments are the

Classical arguments that for us is a PP complement of easy The following arguments are the principle bases for the claim that tough predicates select the control complement structure, along with a brief indication of why these arguments fail to

330 views • 8 slides
Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and

Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and

Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures without Trapdoors t Libert 1 San Ling 2 Khoa Nguyen 2 Huaxiong Wang 2 Beno 1 Ecole Normale Sup erieure de Lyon (France) 2

681 views • 33 slides
Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption t Libert

Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption t Libert

Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption t Libert 1 San Ling 2 Fabrice Mouhartem 1 Beno Khoa Nguyen 2 Huaxiong Wang 2 1 Ecole Normale Sup erieure de Lyon (France) 2 Nanyang Technological

618 views • 46 slides
On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki

On Diophantine Complexity and Statistical Zero-Knowledge Arguments Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger Asiacrypt 2003, 03.12.2003 On Diophantine Complexity and SZK Arguments, Helger Lipmaa 1

433 views • 25 slides
Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft

Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft

Secure Database Commitments and Universal Arguments of Quasi Knowledge Melissa Chase (Microsoft Research) Ivan Visconti (University of Salerno) Size hiding protocols Traditional secure computation: All existing definitions and Parties

631 views • 22 slides
Focused search for arguments from propositional knowledge Vasiliki Efstathiou and Anthony Hunter

Focused search for arguments from propositional knowledge Vasiliki Efstathiou and Anthony Hunter

Introduction Connection Graphs Results Conclusions Focused search for arguments from propositional knowledge Vasiliki Efstathiou and Anthony Hunter Department of Computer Science University College London Vasiliki Efstathiou and Anthony

415 views • 38 slides
Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike Alessandra Mohassel Scafuro

Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike Alessandra Mohassel Scafuro

Sublinear Zero-Knowledge Arguments for RAM Programs Payman Mike Alessandra Mohassel Scafuro Rosulek OSU NCState V I S Oregon State University A Problem C Data S Problem C Data S R 1 Problem C Data S R 1 y 1 Problem C

1.04k views • 99 slides
Delay and laziness no not ea eager er ... When are expressions

Delay and laziness no not ea eager er ... When are expressions

11/1/15 Ea Eager evaluation: evaluate arguments first call-by-value semantics When do arguments/subexpressions evaluate (ML, Racket, ...)? Function arguments: once, before calling

157 views • 4 slides
Animate 2 Cor 10:5 5 We demolish arguments (mental strongholds) and every pretension (reasoning

Animate 2 Cor 10:5 5 We demolish arguments (mental strongholds) and every pretension (reasoning

Animate 2 Cor 10:5 5 We demolish arguments (mental strongholds) and every pretension (reasoning process) that sets itself up against the knowledge of God, and we take captive every thought to make it obedient to Christ. Spiritual Formation (1)

423 views • 25 slides
Back Up Your Stance: Recognizing Arguments in Online Discussions Filip Boltui c and Jan

Back Up Your Stance: Recognizing Arguments in Online Discussions Filip Boltui c and Jan

Back Up Your Stance: Recognizing Arguments in Online Discussions Filip Boltui c and Jan najder Text Analysis and Knowledge Engineering Lab FER, University of Zagreb First Workshop on Argumentation Mining ACL 2014 Baltimore, Maryland

668 views • 43 slides
Presentation to ISASI 2016 Kathy Fox Chair, Transportation Safety Board of Canada Reykjavik,

Presentation to ISASI 2016 Kathy Fox Chair, Transportation Safety Board of Canada Reykjavik,

Presentation to ISASI 2016 Kathy Fox Chair, Transportation Safety Board of Canada Reykjavik, Iceland 20 October 2016 Investigations: Putting the pieces together Operational Technical Human 2 Investigations: Putting the pieces together

285 views • 10 slides
Knowledge Graphs Large ge and complex plex graphs capturing millions of entities and

Knowledge Graphs Large ge and complex plex graphs capturing millions of entities and

Knowledge Graphs Large ge and complex plex graphs capturing millions of entities and relationships between them! Entity Relationship Ubiqu quitous itous toda day: y: Linking Open Data Freebase DBpedia YAGO How to Query Knowledge

512 views • 16 slides
JBOORET: an Automated Tool to Recover OO Design and Source Models Hong Mei, Tao Xie, Fuqing Yang

JBOORET: an Automated Tool to Recover OO Design and Source Models Hong Mei, Tao Xie, Fuqing Yang

JBOORET: an Automated Tool to Recover OO Design and Source Models Hong Mei, Tao Xie, Fuqing Yang Department of Computer Science & Technology Peking University, Beijing, China Oct. 2001 Outline Tool Design Principles Tool

487 views • 10 slides
Better generalization with less data using robust gradient descent Matthew J. Holland 1 Kazushi

Better generalization with less data using robust gradient descent Matthew J. Holland 1 Kazushi

Better generalization with less data using robust gradient descent Matthew J. Holland 1 Kazushi Ikeda 2 1 Osaka University 2 Nara Institute of Science and Technology Distribution robustness In practice, the learner does not know what kind of data

893 views • 16 slides
Learning higher-order logic programs through abstraction and invention [IJCAI16] T T C T C

Learning higher-order logic programs through abstraction and invention [IJCAI16] T T C T C

Learning higher-order logic programs through abstraction and invention [IJCAI16] T T C T C Initial state: Final state: First-order recursive solution [MLJ2015] f(A,B):-f3(A,B),at_end(B). f(A,B):-f3(A,C),f(C,B).

195 views • 15 slides
Mining the mind: Machine learning in brain research Matthias Treder 2016-12-16 Introduction ML

Mining the mind: Machine learning in brain research Matthias Treder 2016-12-16 Introduction ML

Introduction ML in BCI ML in brain research Ethics Mining the mind: Machine learning in brain research Matthias Treder 2016-12-16 Introduction ML in BCI ML in brain research Ethics Introduction ML in BCI ML in brain research Ethics M

674 views • 43 slides
Machine Learning in Science and Engineering Gunnar Rtsch Friedrich Miescher Laboratory Max

Machine Learning in Science and Engineering Gunnar Rtsch Friedrich Miescher Laboratory Max

Machine Learning in Science and Engineering Gunnar Rtsch Friedrich Miescher Laboratory Max Planck Society Tbingen, Germany http://www.tuebingen.mpg.de/~raetsch 1 Gunnar Rtsch Machine Learning in Science and Engineering CCC Berlin,

675 views • 65 slides
Eeva Sala, MD, docent in phoniatrics eevasala@gmail.com 12th October 2012 at 15:10 15:30 Eeva

Eeva Sala, MD, docent in phoniatrics eevasala@gmail.com 12th October 2012 at 15:10 15:30 Eeva

Possible ways to improve the voice ergonomics in schools Voice ergonomic assessment of the work environment, standards and laws Eeva Sala, MD, docent in phoniatrics eevasala@gmail.com 12th October 2012 at 15:10 15:30 Eeva Sala 2012 Reykjavik 1

685 views • 42 slides

More recommend