49 research outputs found
Parallel Repetition From Fortification
The Parallel Repetition Theorem upper-bounds the value of a repeated (tensored) two prover game in terms of the value of the base game and the number of repetitions. In this work we give a simple transformation on games â âfortificationâ â and show that for fortified games, the value of the repeated game decreases perfectly exponentially with the number of repetitions, up to an arbitrarily small additive error. Our proof is combinatorial and short. As corollaries, we obtain: (1) Starting from a PCP Theorem with soundness error bounded away from 1, we get a PCP with arbitrarily small constant soundness error. In particular, starting with the combinatorial PCP of Dinur, we get a combinatorial PCP with low error. The latter can be used for hardness of approximation as in the work of Hastad. (2) Starting from the work of the author and Raz, we get a projection PCP theorem with the smallest soundness error known today. The theorem yields nearly a quadratic improvement in the size compared to previous work. We then discuss the problem of derandomizing parallel repetition, and the limitations of the fortification idea in this setting. We point out a connection between the problem of derandomizing parallel repetition and the problem of composition. This connection could shed light on the so-called Projection Games Conjecture, which asks for projection PCP with minimal error.National Science Foundation (U.S.) (Grant 1218547
Individual Simulations
We develop an individual simulation technique that explicitly makes use of particular properties/structures of a given adversary\u27s functionality. Using this simulation technique, we obtain the following results.
1. We construct the first protocols that \emph{break previous black-box barriers} of [Xiao, TCC\u2711 and Alwen et al., Crypto\u2705] under the standard hardness of factoring, both of which are polynomial time simulatable against all a-priori bounded polynomial size distinguishers:
-- Two-round selective opening secure commitment scheme.
-- Three-round concurrent zero knowledge and concurrent witness hiding argument for NP in the bare public-key model.
2. We present a simpler two-round weak zero knowledge and witness hiding argument for NP in the plain model under the sub-exponential hardness of factoring. Our technique also yields a significantly simpler proof that existing distinguisher-dependent simulatable zero knowledge protocols are also polynomial time simulatable against all distinguishers of a-priori bounded polynomial size.
The core conceptual idea underlying our individual simulation technique is an observation of the existence of nearly optimal extractors for all hard distributions: For any NP-instance(s) sampling algorithm, there exists a polynomial-size witness extractor (depending on the sampler\u27s functionality) that almost outperforms any circuit of a-priori bounded polynomial size in terms of the success probability
Multi-Prover and parallel repetition in non-classical interactive games
Depuis lâintroduction de la mĂ©canique quantique, plusieurs mystĂšres de la nature
ont trouvé leurs explications. De plus en plus, les concepts de la mécanique
quantique se sont entremĂȘlĂ©s avec dâautres de la thĂ©orie de la complexitĂ© du
calcul. De nouvelles idées et solutions ont été découvertes et élaborées dans
le but de résoudre ces problÚmes informatiques. En particulier, la mécanique
quantique a secoué plusieurs preuves de sécurité de protocoles classiques.
Dans ce mŽemoire, nous faisons un étalage de résultats récents de
lâimplication de la mĂ©canique quantique sur la complexitĂ© du calcul, et cela
plus précisément dans le cas de classes avec interaction. Nous présentons ces
travaux de recherches avec la nomenclature des jeux Ă information imparfaite
avec coopération. Nous exposons les différences entre les théories classiques,
quantiques et non-signalantes et les dĂ©montrons par lâexemple du jeu Ă cycle
impair. Nous centralisons notre attention autour de deux grands thĂšmes : lâeffet
sur un jeu de lâajout de joueurs et de la rĂ©pĂ©tition parallĂšle. Nous observons
que lâeffet de ces modifications a des consĂ©quences trĂšs diffĂ©rentes en fonction
de la théorie physique considérée.Since the introduction of quantum mechanics, many mysteries of nature have
found explanations. Many quantum-mechanical concepts have merged with the
field of computational complexity theory. New ideas and solutions have been
put forward to solve computational problems. In particular, quantum mechanics
has struck down many security proofs of classical protocols.
In this thesis, we survey recent results regarding the implication of quantum
mechanics to computational complexity and more precisely to classes with interaction.
We present the work done in the framework of cooperative games with
imperfect information. We give some differences between classical, quantum
and no-signaling theories and apply them to the specific example of Odd Cycle
Games. We center our attention on two different themes: the effect on a game
of adding more players and of parallel repetition. We observe that depending
of the physical theory considered, the consequences of these changes is very
different
A Tight Parallel Repetition Theorem for Partially Simulatable Interactive Arguments via Smooth KL-Divergence
Hardness amplification is a central problem in the study of interactive protocols. While natural parallel repetition transformation is known to reduce the soundness error of some special cases of interactive arguments: three-message protocols (Bellare, Impagliazzo, and Naor [FOCS \u2797]) and public-coin protocols (Hastad, Pass, Wikstrom, and Pietrzak [TCC \u2710], Chung and Lu [TCC \u2710] and Chung and Pass [TCC \u2715]), it fails to do so in the general case (the above Bellare et al.; also Pietrzak and Wikstrom [TCC \u2707]).
The only known round-preserving approach that applies to all interactive arguments is Haitner\u27s random-terminating transformation [SICOMP \u2713], who showed that the parallel repetition of the transformed protocol reduces the soundness error at a weak exponential rate: if the original -round protocol has soundness error , then the -parallel repetition of its random-terminating variant has soundness error (omitting constant factors). Hastad et al. have generalized this result to partially simulatable interactive arguments, showing that the -fold repetition of an -round -simulatable argument of soundness error has soundness error . When applied to random-terminating arguments, the Hastad et al. bound matches that of Haitner.
In this work we prove that parallel repetition of random-terminating arguments reduces the soundness error at a much stronger exponential rate: the soundness error of the parallel repetition is , only an factor from the optimal rate of achievable in public-coin and three-message arguments. The result generalizes to -simulatable arguments, for which we prove a bound of . This is achieved by presenting a tight bound on a relaxed variant of the KL-divergence between the distribution induced by our reduction and its ideal variant, a result whose scope extends beyond parallel repetition proofs. We prove the tightness of the above bound for random-terminating arguments, by presenting a matching protocol
Knowledge Encryption and Its Applications to Simulatable Protocols With Low Round-Complexity
We introduce a new notion of public key encryption, knowledge encryption, for which its ciphertexts can be reduced to the public-key, i.e., any algorithm that can break the ciphertext indistinguishability can be used to extract the (partial) secret key. We show that knowledge encryption can be built solely on any two-round oblivious transfer with game-based security, which are known based on various standard (polynomial-hardness) assumptions, such as the DDH, the Quadratic() Residuosity or the LWE assumption.
We use knowledge encryption to construct the first three-round (weakly) simulatable oblivious transfer. This protocol satisfies (fully) simulatable security for the receiver, and weakly simulatable security (-simulatability) for the sender in the following sense: for any polynomial and any inverse polynomial , there exists an efficient simulator such that the distinguishing gap of any distinguisher of size less than is at most .
Equipped with these tools, we construct a variety of fundamental cryptographic protocols with low round-complexity, assuming only the existence of two-round oblivious transfer with game-based security. These protocols include three-round delayed-input weak zero knowledge argument, three-round weakly secure two-party computation, three-round concurrent weak zero knowledge in the BPK model, and a two-round commitment with weak security under selective opening attack. These results improve upon the assumptions required by the previous constructions. Furthermore, all our protocols enjoy the above -simulatability (stronger than the distinguisher-dependent simulatability), and are
quasi-polynomial time simulatable under the same (polynomial hardness) assumption
Fast IDentity Online with Anonymous Credentials (FIDO-AC)
Web authentication is a critical component of today's Internet and the
digital world we interact with. The FIDO2 protocol enables users to leverage
common devices to easily authenticate to online services in both mobile and
desktop environments following the passwordless authentication approach based
on cryptography and biometric verification. However, there is little to no
connection between the authentication process and users' attributes. More
specifically, the FIDO protocol does not specify methods that could be used to
combine trusted attributes with the FIDO authentication process generically and
allows users to disclose them to the relying party arbitrarily. In essence,
applications requiring attributes verification (e.g. age or expiry date of a
driver's license, etc.) still rely on ad-hoc approaches, not satisfying the
data minimization principle and not allowing the user to vet the disclosed
data. A primary recent example is the data breach on Singtel Optus, one of the
major telecommunications providers in Australia, where very personal and
sensitive data (e.g. passport numbers) were leaked. This paper introduces
FIDO-AC, a novel framework that combines the FIDO2 authentication process with
the user's digital and non-shareable identity. We show how to instantiate this
framework using off-the-shelf FIDO tokens and any electronic identity document,
e.g., the ICAO biometric passport (ePassport). We demonstrate the practicality
of our approach by evaluating a prototype implementation of the FIDO-AC system.Comment: to be published in the 32nd USENIX Security Symposium(USENIX 2023
Extended Nonlocal Games
The notions of entanglement and nonlocality are among the most striking
ingredients found in quantum information theory. One tool to better understand
these notions is the model of nonlocal games; a mathematical framework that
abstractly models a physical system. The simplest instance of a nonlocal game
involves two players, Alice and Bob, who are not allowed to communicate with
each other once the game has started and who play cooperatively against an
adversary referred to as the referee. The focus of this thesis is a class of
games called extended nonlocal games, of which nonlocal games are a subset. In
an extended nonlocal game, the players initially share a tripartite state with
the referee. In such games, the winning conditions for Alice and Bob may depend
on outcomes of measurements made by the referee, on its part of the shared
quantum state, in addition to Alice and Bob's answers to the questions sent by
the referee. We build up the framework for extended nonlocal games and study
their properties and how they relate to nonlocal games.Comment: PhD thesis, Univ Waterloo, 2017. 151 pages, 11 figure