2,407 research outputs found
Zero Knowledge Protocols from Succinct Constraint Detection
We study the problem of constructing proof systems that achieve both soundness and zero knowledge unconditionally (without relying on intractability assumptions). Known techniques for this goal are primarily *combinatorial*, despite the fact that constructions of interactive proofs (IPs) and probabilistically checkable proofs (PCPs) heavily rely on *algebraic* techniques to achieve their properties.
We present simple and natural modifications of well-known algebraic IP and PCP protocols that achieve unconditional (perfect) zero knowledge in recently introduced models, overcoming limitations of known techniques.
1. We modify the PCP of Ben-Sasson and Sudan [BS08] to obtain zero knowledge for NEXP in the model of Interactive Oracle Proofs [BCS16,RRR16], where the verifier, in each round, receives a PCP from the prover.
2. We modify the IP of Lund, Fortnow, Karloff, and Nisan [LFKN92] to obtain zero knowledge for #P in the model of Interactive PCPs [KR08], where the verifier first receives a PCP from the prover and then interacts with him.
The simulators in our zero knowledge protocols rely on solving a problem that lies at the intersection of coding theory, linear algebra, and computational complexity, which we call the *succinct constraint detection* problem, and consists of detecting dual constraints with polynomial support size for codes of exponential block length. Our two results rely on solutions to this problem for fundamental classes of linear codes:
* An algorithm to detect constraints for Reed--Muller codes of exponential length. This algorithm exploits the Raz--Shpilka [RS05] deterministic polynomial identity testing algorithm, and shows, to our knowledge, a first connection of algebraic complexity theory with zero knowledge.
* An algorithm to detect constraints for PCPs of Proximity of Reed--Solomon codes [BS08] of exponential degree. This algorithm exploits the recursive structure of the PCPs of Proximity to show that small-support constraints are locally spanned by a small number of small-support constraints
Lattice-Based zk-SNARKs from Square Span Programs
Zero-knowledge SNARKs (zk-SNARKs) are non-interactive proof systems with short (i.e., independent of the size of the witness) and efficiently verifiable proofs. They elegantly resolve the juxtaposition of individual privacy and public trust, by providing an efficient way of demonstrating knowledge of secret information without actually revealing it. To this day, zk-SNARKs are widely deployed all over the planet and are used to keep alive a system worth billion of euros, namely the cryptocurrency Zcash. However, all current SNARKs implementations rely on so-called pre-quantum assumptions and, for this reason, are not expected to withstand cryptanalitic efforts over the next few decades.
In this work, we introduce a new zk-SNARK that can be instantiated from lattice-based assumptions, and which is thus believed to be post-quantum secure. We provide a generalization in the spirit of Gennaro et al. (Eurocrypt'13) to the SNARK of Danezis et al. (Asiacrypt'14) that is based on Square Span Programs (SSP) and relies on weaker computational assumptions. We focus on designated-verifier proofs and propose a protocol in which a proof consists of just 5 LWE encodings. We provide a concrete choice of parameters, showing that our construction is practically instantiable
State of the Art Report: Verified Computation
This report describes the state of the art in verifiable computation. The
problem being solved is the following:
The Verifiable Computation Problem (Verifiable Computing Problem) Suppose we
have two computing agents. The first agent is the verifier, and the second
agent is the prover. The verifier wants the prover to perform a computation.
The verifier sends a description of the computation to the prover. Once the
prover has completed the task, the prover returns the output to the verifier.
The output will contain proof. The verifier can use this proof to check if the
prover computed the output correctly. The check is not required to verify the
algorithm used in the computation. Instead, it is a check that the prover
computed the output using the computation specified by the verifier. The effort
required for the check should be much less than that required to perform the
computation.
This state-of-the-art report surveys 128 papers from the literature
comprising more than 4,000 pages. Other papers and books were surveyed but were
omitted. The papers surveyed were overwhelmingly mathematical. We have
summarised the major concepts that form the foundations for verifiable
computation. The report contains two main sections. The first, larger section
covers the theoretical foundations for probabilistically checkable and
zero-knowledge proofs. The second section contains a description of the current
practice in verifiable computation. Two further reports will cover (i) military
applications of verifiable computation and (ii) a collection of technical
demonstrators. The first of these is intended to be read by those who want to
know what applications are enabled by the current state of the art in
verifiable computation. The second is for those who want to see practical tools
and conduct experiments themselves.Comment: 54 page
Spatial isolation implies zero knowledge even in a quantum world
Zero knowledge plays a central role in cryptography and complexity. The seminal work of Ben-Or et al. (STOC 1988) shows that zero knowledge can be achieved unconditionally for any language in NEXP, as long as one is willing to make a suitable physical assumption: if the provers are spatially isolated, then they can be assumed to be playing independent strategies. Quantum mechanics, however, tells us that this assumption is unrealistic, because spatially-isolated provers could share a quantum entangled state and realize a non-local correlated strategy. The MIP* model captures this setting. In this work we study the following question: does spatial isolation still suffice to unconditionally achieve zero knowledge even in the presence of quantum entanglement? We answer this question in the affirmative: we prove that every language in NEXP has a 2-prover zero knowledge interactive proof that is sound against entangled provers; that is, NEXP ⊆ ZK-MIP*. Our proof consists of constructing a zero knowledge interactive PCP with a strong algebraic structure, and then lifting it to the MIP* model. This lifting relies on a new framework that builds on recent advances in low-degree testing against entangled strategies, and clearly separates classical and quantum tools. Our main technical contribution is the development of new algebraic techniques for obtaining unconditional zero knowledge; this includes a zero knowledge variant of the celebrated sumcheck protocol, a key building block in many probabilistic proof systems. A core component of our sumcheck protocol is a new algebraic commitment scheme, whose analysis relies on algebraic complexity theory
Spatial isolation implies zero knowledge even in a quantum world
Zero knowledge plays a central role in cryptography and complexity. The seminal work of Ben-Or et al. (STOC 1988) shows that zero knowledge can be achieved unconditionally for any language in NEXP, as long as one is willing to make a suitable physical assumption: if the provers are spatially isolated, then they can be assumed to be playing independent strategies. Quantum mechanics, however, tells us that this assumption is unrealistic, because spatially-isolated provers could share a quantum entangled state and realize a non-local correlated strategy. The MIP* model captures this setting. In this work we study the following question: does spatial isolation still suffice to unconditionally achieve zero knowledge even in the presence of quantum entanglement? We answer this question in the affirmative: we prove that every language in NEXP has a 2-prover zero knowledge interactive proof that is sound against entangled provers; that is, NEXP ⊆ ZK-MIP*. Our proof consists of constructing a zero knowledge interactive PCP with a strong algebraic structure, and then lifting it to the MIP* model. This lifting relies on a new framework that builds on recent advances in low-degree testing against entangled strategies, and clearly separates classical and quantum tools. Our main technical contribution is the development of new algebraic techniques for obtaining unconditional zero knowledge; this includes a zero knowledge variant of the celebrated sumcheck protocol, a key building block in many probabilistic proof systems. A core component of our sumcheck protocol is a new algebraic commitment scheme, whose analysis relies on algebraic complexity theory
ezDPS: An Efficient and Zero-Knowledge Machine Learning Inference Pipeline
Machine Learning as a service (MLaaS) permits resource-limited clients to
access powerful data analytics services ubiquitously. Despite its merits, MLaaS
poses significant concerns regarding the integrity of delegated computation and
the privacy of the server's model parameters. To address this issue, Zhang et
al. (CCS'20) initiated the study of zero-knowledge Machine Learning (zkML). Few
zkML schemes have been proposed afterward; however, they focus on sole ML
classification algorithms that may not offer satisfactory accuracy or require
large-scale training data and model parameters, which may not be desirable for
some applications. We propose ezDPS, a new efficient and zero-knowledge ML
inference scheme. Unlike prior works, ezDPS is a zkML pipeline in which the
data is processed in multiple stages for high accuracy. Each stage of ezDPS is
harnessed with an established ML algorithm that is shown to be effective in
various applications, including Discrete Wavelet Transformation, Principal
Components Analysis, and Support Vector Machine. We design new gadgets to prove
ML operations effectively. We fully implemented ezDPS and assessed its
performance on real datasets. Experimental results showed that ezDPS achieves
one-to-three orders of magnitude more efficient than the generic circuit-based
approach in all metrics while maintaining more desirable accuracy than single
ML classification approaches.Comment: This paper is to appear in Privacy-Enhancing Technologies Symposium
(PETS) 202
- …