8,226 research outputs found
A Protocol for Generating Random Elements with their Probabilities
We give an AM protocol that allows the verifier to sample elements x from a
probability distribution P, which is held by the prover. If the prover is
honest, the verifier outputs (x, P(x)) with probability close to P(x). In case
the prover is dishonest, one may hope for the following guarantee: if the
verifier outputs (x, p), then the probability that the verifier outputs x is
close to p. Simple examples show that this cannot be achieved. Instead, we show
that the following weaker condition holds (in a well defined sense) on average:
If (x, p) is output, then p is an upper bound on the probability that x is
output. Our protocol yields a new transformation to turn interactive proofs
where the verifier uses private random coins into proofs with public coins. The
verifier has better running time compared to the well-known Goldwasser-Sipser
transformation (STOC, 1986). For constant-round protocols, we only lose an
arbitrarily small constant in soundness and completeness, while our public-coin
verifier calls the private-coin verifier only once
Generalized Quantum Arthur-Merlin Games
This paper investigates the role of interaction and coins in public-coin
quantum interactive proof systems (also called quantum Arthur-Merlin games).
While prior works focused on classical public coins even in the quantum
setting, the present work introduces a generalized version of quantum
Arthur-Merlin games where the public coins can be quantum as well: the verifier
can send not only random bits, but also halves of EPR pairs. First, it is
proved that the class of two-turn quantum Arthur-Merlin games with quantum
public coins, denoted qq-QAM in this paper, does not change by adding a
constant number of turns of classical interactions prior to the communications
of the qq-QAM proof systems. This can be viewed as a quantum analogue of the
celebrated collapse theorem for AM due to Babai. To prove this collapse
theorem, this paper provides a natural complete problem for qq-QAM: deciding
whether the output of a given quantum circuit is close to a totally mixed
state. This complete problem is on the very line of the previous studies
investigating the hardness of checking the properties related to quantum
circuits, and is of independent interest. It is further proved that the class
qq-QAM_1 of two-turn quantum-public-coin quantum Arthur-Merlin proof systems
with perfect completeness gives new bounds for standard well-studied classes of
two-turn interactive proof systems. Finally, the collapse theorem above is
extended to comprehensively classify the role of interaction and public coins
in quantum Arthur-Merlin games: it is proved that, for any constant m>1, the
class of problems having an m-turn quantum Arthur-Merlin proof system is either
equal to PSPACE or equal to the class of problems having a two-turn quantum
Arthur-Merlin game of a specific type, which provides a complete set of quantum
analogues of Babai's collapse theorem.Comment: 31 pages + cover page, the proof of Lemma 27 (Lemma 24 in v1) is
corrected, and a new completeness result is adde
Predictable arguments of knowledge
We initiate a formal investigation on the power of predictability for argument of knowledge systems for NP. Specifically, we consider private-coin argument systems where the answer of the prover can be predicted, given the private randomness of the verifier; we call such protocols Predictable Arguments of Knowledge (PAoK).
Our study encompasses a full characterization of PAoK, showing that such arguments can be made extremely laconic, with the prover sending a single bit, and assumed to have only one round (i.e., two messages) of communication without loss of generality.
We additionally explore PAoK satisfying additional properties (including zero-knowledge and the possibility of re-using the same challenge across multiple executions with the prover), present several constructions of PAoK relying on different cryptographic tools, and discuss applications to cryptography
Recommended from our members
On Transformations of Interactive Proofs that Preserve the Prover's Complexity
Goldwasser and Sipser [GS89] proved that every interactive proof system can be transformed into a public-coin one (a.k.a., an Arthur-Merlin game). Their transformation has the drawback that the computational complexity of the prover's strategy is not preserved. We show that this is inherent, by proving that the same must be true of any transformation which only uses the original prover and verifier strategies as "black boxes". Our negative result holds even if the original proof system is restricted to be honest-verifier perfect zero knowledge and the transformation can also use the simulator as a black box.
We also examine a similar deficiency in a transformation of Fürer et al. [FGM+89] from interactive proofs to ones with perfect completeness. We argue that the increase in prover complexity incurred by their transformation is necessary, given that their construction is a black-box transformation which works regardless of the verifier's computational complexity.Engineering and Applied Science
- …