16,948 research outputs found
Efficient zero-knowledge arguments in the discrete log setting, revisited
Zero-knowledge arguments have become practical, and widely used,
especially in the world of Blockchain, for example in Zcash.
This work revisits zero-knowledge proofs in the discrete logarithm setting.
First, we identify and carve out basic techniques (partly being used implicitly before) to optimize proofs in this setting.
In particular, the linear combination of protocols
is a useful tool to obtain zero-knowledge and/or
reduce communication.
With these techniques, we are able to devise zero-knowledge variants of the logarithmic communication arguments by Bootle et al.\ (EUROCRYPT \u2716) and BĂŒnz et al. (S\&P \u2718) thereby introducing almost no overhead.
We then construct a conceptually simple commit-and-prove argument
for satisfiability of a set of quadratic equations.
Unlike previous work, we are not restricted to rank 1 constraint systems (R1CS).
This is, to the best of our knowledge,
the first work demonstrating that general quadratic constraints, not just R1CS,
are a natural relation in the dlog (or ideal linear commitment)
setting.
This enables new possibilities for optimisation, as, eg., any degree polynomial can now be ``evaluated\u27\u27 with at most quadratic constraints.
Our protocols are modular.
We easily construct an efficient, logarithmic size shuffle proof,
which can be used in electronic voting.
Additionally, we take a closer look at quantitative security measures,
eg. the efficiency of an extractor.
We formalise short-circuit extraction,
which allows us to give tighter bounds on
the efficiency of an extractor
On Constant-Round Concurrent Zero-Knowledge from a Knowledge Assumption
In this work, we consider the long-standing open question of constructing
constant-round concurrent zero-knowledge protocols in the plain model.
Resolving this question is known to require non-black-box techniques.
We consider non-black-box techniques for zero-knowledge based on knowledge
assumptions, a line of thinking initiated by the work of Hada and Tanaka
(CRYPTO 1998). Prior to our work, it was not known whether knowledge
assumptions could be used for achieving security in the concurrent setting, due
to a number of significant limitations that we discuss here. Nevertheless, we
obtain the following results:
1. We obtain the first constant round concurrent zero-knowledge argument for
\textbf{NP} in the plain model based on a new variant of knowledge of exponent
assumption. Furthermore, our construction avoids the inefficiency inherent in
previous non-black-box techniques such that those of Barak (FOCS 2001); we
obtain our result through an efficient protocol compiler.
2. Unlike Hada and Tanaka, we do not require a knowledge assumption to argue
the soundness of our protocol. Instead, we use a discrete log like assumption,
which we call Diffie-Hellman Logarithm Assumption, to prove the soundness of
our protocol.
3. We give evidence that our new variant of knowledge of exponent assumption
is in fact plausible. In particular, we show that our assumption holds in the
generic group model.
4. Knowledge assumptions are especially delicate assumptions whose
plausibility may be hard to gauge. We give a novel framework to express
knowledge assumptions in a more flexible way, which may allow for formulation
of plausible assumptions and exploration of their impact and application in
cryptography.Comment: 30 pages, 3 figure
A Hierarchy of Scheduler Classes for Stochastic Automata
Stochastic automata are a formal compositional model for concurrent
stochastic timed systems, with general distributions and non-deterministic
choices. Measures of interest are defined over schedulers that resolve the
nondeterminism. In this paper we investigate the power of various theoretically
and practically motivated classes of schedulers, considering the classic
complete-information view and a restriction to non-prophetic schedulers. We
prove a hierarchy of scheduler classes w.r.t. unbounded probabilistic
reachability. We find that, unlike Markovian formalisms, stochastic automata
distinguish most classes even in this basic setting. Verification and strategy
synthesis methods thus face a tradeoff between powerful and efficient classes.
Using lightweight scheduler sampling, we explore this tradeoff and demonstrate
the concept of a useful approximative verification technique for stochastic
automata
Greedy Algorithms for Optimal Distribution Approximation
The approximation of a discrete probability distribution by an
-type distribution is considered. The approximation error is
measured by the informational divergence
, which is an appropriate measure, e.g.,
in the context of data compression. Properties of the optimal approximation are
derived and bounds on the approximation error are presented, which are
asymptotically tight. It is shown that -type approximations that minimize
either , or
, or the variational distance
can all be found by using specific
instances of the same general greedy algorithm.Comment: 5 page
Learning High-Dimensional Markov Forest Distributions: Analysis of Error Rates
The problem of learning forest-structured discrete graphical models from
i.i.d. samples is considered. An algorithm based on pruning of the Chow-Liu
tree through adaptive thresholding is proposed. It is shown that this algorithm
is both structurally consistent and risk consistent and the error probability
of structure learning decays faster than any polynomial in the number of
samples under fixed model size. For the high-dimensional scenario where the
size of the model d and the number of edges k scale with the number of samples
n, sufficient conditions on (n,d,k) are given for the algorithm to satisfy
structural and risk consistencies. In addition, the extremal structures for
learning are identified; we prove that the independent (resp. tree) model is
the hardest (resp. easiest) to learn using the proposed algorithm in terms of
error rates for structure learning.Comment: Accepted to the Journal of Machine Learning Research (Feb 2011
Innovative coordination of agribusiness chains and networks
To facilitate scientifically grounded innovative forms of strategic network coordination, this paper integrates two major bodies of literature on competitive advantage. The two bodies of literature are the industry-oriented outside-in approach, and the competence-oriented inside-out approach, here homogenized along the dimensions of degrees of firm embeddedness, respectively, the broadness of shared resource bases. The elements detailed are interfirm relationships, resource bases, network governance instruments, coordination mechanisms, the impact of events on network structures, and the active mobilisation of actors and resource. Thereby, the paper is able to detail 5 generic types of business networks. Next, it relates 21 network governance instruments to type of partnerships (binding vs loosening), forms of interaction (cooperative vs opportunistic). The realized reduction of network complexity enhances conceptual transparency and increases the instrumental usage of this research for effective network coordination by businesses. An integrated case illustrates the usefulness of the various concepts and the coherency of the different elements
- âŠ