17,785 research outputs found
Special Soundness Revisited
We generalize and abstract the problem of extracting a witness from a prover of a special sound protocol into a combinatorial problem induced by a sequence of matroids and a predicate, and present a parametrized algorithm for solving this problem.
The parametrization provides a tight tradeoff between the running time and the extraction error of the algorithm, which allows optimizing the parameters to minimize: the soundness error for interactive proofs, or the extraction time for proofs of knowledge.
In contrast to previous work we bound the distribution of the running time and not only the expected running time. Tail bounds give a tighter analysis when applied recursively and concentrated running time
Tardos fingerprinting is better than we thought
We review the fingerprinting scheme by Tardos and show that it has a much
better performance than suggested by the proofs in Tardos' original paper. In
particular, the length of the codewords can be significantly reduced.
First we generalize the proofs of the false positive and false negative error
probabilities with the following modifications: (1) we replace Tardos'
hard-coded numbers by variables and (2) we allow for independently chosen false
positive and false negative error rates. It turns out that all the
collusion-resistance properties can still be proven when the code length is
reduced by a factor of more than 2.
Second, we study the statistical properties of the fingerprinting scheme, in
particular the average and variance of the accusations. We identify which
colluder strategy forces the content owner to employ the longest code. Using a
gaussian approximation for the probability density functions of the
accusations, we show that the required false negative and false positive error
rate can be achieved with codes that are a factor 2 shorter than required for
rigid proofs.
Combining the results of these two approaches, we show that the Tardos scheme
can be used with a code length approximately 5 times shorter than in the
original construction.Comment: Modified presentation of result
Dialectica Interpretation with Marked Counterexamples
Goedel's functional "Dialectica" interpretation can be used to extract
functional programs from non-constructive proofs in arithmetic by employing two
sorts of higher-order witnessing terms: positive realisers and negative
counterexamples. In the original interpretation decidability of atoms is
required to compute the correct counterexample from a set of candidates. When
combined with recursion, this choice needs to be made for every step in the
extracted program, however, in some special cases the decision on negative
witnesses can be calculated only once. We present a variant of the
interpretation in which the time complexity of extracted programs can be
improved by marking the chosen witness and thus avoiding recomputation. The
achieved effect is similar to using an abortive control operator to interpret
computational content of non-constructive principles.Comment: In Proceedings CL&C 2010, arXiv:1101.520
Predictable arguments of knowledge
We initiate a formal investigation on the power of predictability for argument of knowledge systems for NP. Specifically, we consider private-coin argument systems where the answer of the prover can be predicted, given the private randomness of the verifier; we call such protocols Predictable Arguments of Knowledge (PAoK).
Our study encompasses a full characterization of PAoK, showing that such arguments can be made extremely laconic, with the prover sending a single bit, and assumed to have only one round (i.e., two messages) of communication without loss of generality.
We additionally explore PAoK satisfying additional properties (including zero-knowledge and the possibility of re-using the same challenge across multiple executions with the prover), present several constructions of PAoK relying on different cryptographic tools, and discuss applications to cryptography
Fiat-Shamir for highly sound protocols is instantiable
The FiatâShamir (FS) transformation (Fiat and Shamir, Crypto '86) is a popular paradigm for constructing very efficient non-interactive zero-knowledge (NIZK) arguments and signature schemes from a hash function and any three-move interactive protocol satisfying certain properties. Despite its wide-spread applicability both in theory and in practice, the known positive results for proving security of the FS paradigm are in the random oracle model only, i.e., they assume that the hash function is modeled as an external random function accessible to all parties. On the other hand, a sequence of negative results shows that for certain classes of interactive protocols, the FS transform cannot be instantiated in the standard model.
We initiate the study of complementary positive results, namely, studying classes of interactive protocols where the FS transform does have standard-model instantiations. In particular, we show that for a class of âhighly soundâ protocols that we define, instantiating the FS transform via a q-wise independent hash function yields NIZK arguments and secure signature schemes. In the case of NIZK, we obtain a weaker âq-boundedâ zero-knowledge flavor where the simulator works for all adversaries asking an a-priori bounded number of queries q; in the case of signatures, we obtain the weaker notion of random-message unforgeability against q-bounded random message attacks.
Our main idea is that when the protocol is highly sound, then instead of using random-oracle programming, one can use complexity leveraging. The question is whether such highly sound protocols exist and if so, which protocols lie in this class. We answer this question in the affirmative in the common reference string (CRS) model and under strong assumptions. Namely, assuming indistinguishability obfuscation and puncturable pseudorandom functions we construct a compiler that transforms any 3-move interactive protocol with instance-independent commitments and simulators (a property satisfied by the LapidotâShamir protocol, Crypto '90) into a compiled protocol in the CRS model that is highly sound. We also present a second compiler, in order to be able to start from a larger class of protocols, which only requires instance-independent commitments (a property for example satisfied by the classical protocol for quadratic residuosity due to Blum, Crypto '81). For the second compiler we require dual-mode commitments.
We hope that our work inspires more research on classes of (efficient) 3-move protocols where FiatâShamir is (efficiently) instantiable
Generalised compositionality in graph transformation
We present a notion of composition applying both to graphs and to rules, based on graph and rule interfaces along which they are glued. The current paper generalises a previous result in two different ways. Firstly, rules do not have to form pullbacks with their interfaces; this enables graph passing between components, meaning that components may âlearnâ and âforgetâ subgraphs through communication with other components. Secondly, composition is no longer binary; instead, it can be repeated for an arbitrary number of components
Hardness of Vertex Deletion and Project Scheduling
Assuming the Unique Games Conjecture, we show strong inapproximability
results for two natural vertex deletion problems on directed graphs: for any
integer and arbitrary small , the Feedback Vertex Set
problem and the DAG Vertex Deletion problem are inapproximable within a factor
even on graphs where the vertices can be almost partitioned into
solutions. This gives a more structured and therefore stronger UGC-based
hardness result for the Feedback Vertex Set problem that is also simpler
(albeit using the "It Ain't Over Till It's Over" theorem) than the previous
hardness result.
In comparison to the classical Feedback Vertex Set problem, the DAG Vertex
Deletion problem has received little attention and, although we think it is a
natural and interesting problem, the main motivation for our inapproximability
result stems from its relationship with the classical Discrete Time-Cost
Tradeoff Problem. More specifically, our results imply that the deadline
version is NP-hard to approximate within any constant assuming the Unique Games
Conjecture. This explains the difficulty in obtaining good approximation
algorithms for that problem and further motivates previous alternative
approaches such as bicriteria approximations.Comment: 18 pages, 1 figur
Governance in state-owned enterprises revisited : the cases of water and electricity in Latin America and the Caribbean
This paper studies the governance structure of state-owned enterprises in the water and electricity sectors of Latin America and the Caribbean. Through a unique dataset, the paper compares 44 leading state companies of the region based on an aggregate measure of corporate governance and six salient aspects of their design: board, chief executive officer, performance orientation, management, legal framework, and transparency/disclosure. The results indicate the need for improvement in areas such as the selection and appointment of directors to the board and the performance-orientation of the enterprises. The paper also highlights the importance of discussing the management of state-owned enterprises in the wider context of public sector governance, with particular focus on accountability. Moreover, it recognizes the role of accountability as central in the management of state-owned enterprises, recommending a better understanding of regulation and performance management. The paper finds a positive correlation between corporate governance and the utilities'performance. Among the different aspects of corporate governance, performance orientation and professional management seem to be the highest contributors to well-performing state-owned enterprises. State-owned enterprises in the electricity sector show higher governance levels than those in the water sector.National Governance,Corporate Law,Private Participation in Infrastructure,Governance Indicators,Banks&Banking Reform
- âŠ