Separating succinct non-interactive arguments from all falsifiable assumptions
Craig Gentry,Daniel Wichs +1 more
- 06 Jun 2011
- pp 99-108
TL;DR: In this article, it was shown that black-box reductions cannot be used to prove the security of any SNARG construction based on any falsifiable cryptographic assumption, including one-way functions, trapdoor permutations, DDH, RSA, LWE etc.
read more
Abstract: An argument system for NP is succinct, if its communication complexity is polylogarithmic the instance and witness sizes. The seminal works of Kilian '92 and Micali '94 show that such arguments can be constructed under standard cryptographic hardness assumptions with four rounds of interaction, and that they be made non-interactive in the random-oracle model. However, we currently do not have any construction of succinct non-interactive arguments (SNARGs) in the standard model with a proof of security under any simple cryptographic assumption.In this work, we give a broad black-box separation result, showing that black-box reductions cannot be used to prove the security of any SNARG construction based on any falsifiable cryptographic assumption. This includes essentially all common assumptions used in cryptography (one-way functions, trapdoor permutations, DDH, RSA, LWE etc.). More generally, we say that an assumption is falsifiable if it can be modeled as an interactive game between an adversary and an efficient challenger that can efficiently decide if the adversary won the game. This is similar, in spirit, to the notion of falsifiability of Naor '03, and captures the fact that we can efficiently check if an adversarial strategy breaks the assumption.Our separation result also extends to designated verifier SNARGs, where the verifier needs a trapdoor associated with the CRS to verify arguments, and slightly succinct SNARGs, whose size is only required to be sublinear in the statement and witness size.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Zerocash: Decentralized Anonymous Payments from Bitcoin
Eli Ben Sasson,Alessandro Chiesa,Christina Garman,Matthew Green,Ian Miers,Eran Tromer,Madars Virza +6 more
- 18 May 2014
TL;DR: This paper formulate and construct decentralized anonymous payment schemes (DAP schemes) and builds Zero cash, a practical instantiation of the DAP scheme construction that is orders of magnitude more efficient than the less-anonymous Zero coin and competitive with plain Bit coin.
On the Size of Pairing-Based Non-interactive Arguments
Jens Groth
- 08 May 2016
TL;DR: It is shown that linear interactive proofs cannot have a linear decision procedure, and it follows that SNARGs where the prover and verifier use generic asymmetric bilinear group operations cannot consist of a single group element.
On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption
Adriana López-Alt,Eran Tromer,Vinod Vaikuntanathan +2 more
- 19 May 2012
TL;DR: In this article, the authors proposed a new notion of secure multiparty computation aided by a computationally-powerful but untrusted "cloud" server, where each user is involved only when initially uploading his (encrypted) data to the cloud, and in a final output decryption phase when outputs are revealed.
Pinocchio: Nearly Practical Verifiable Computation
Bryan Parno,Jon Howell,Craig Gentry,Mariana Raykova +3 more
- 19 May 2013
TL;DR: This work introduces Pinocchio, a built system for efficiently verifying general computations while relying only on cryptographic assumptions, and is the first general-purpose system to demonstrate verification cheaper than native execution (for some apps).
•Posted Content
Pinocchio: Nearly Practical Verifiable Computation.
TL;DR: Pinocchio as discussed by the authors is a built system for efficiently verifying general computations while relying only on cryptographic assumptions, where the client creates a public evaluation key to describe her computation; this setup is proportional to evaluating the computation once.
References
How to prove yourself: practical solutions to identification and signature problems
Amos Fiat,Adi Shamir +1 more
- 01 Jan 1987
TL;DR: Simple identification and signature schemes which enable any user to prove his identity and the authenticity of his messages to any other user without shared or public keys are described.
Proof verification and the hardness of approximation problems
TL;DR: It is proved that no MAX SNP-hard problem has a polynomial time approximation scheme, unless NP = P, and there exists a positive ε such that approximating the maximum clique size in an N-vertex graph to within a factor of Nε is NP-hard.
2.2K
The knowledge complexity of interactive proof-systems
Shafi Goldwasser,Silvio Micali,Charles Rackoff +2 more
- 04 Oct 2019
TL;DR: Permission to copy without fee all or part of this material is granted provided that the copies arc not made or distributed for direct commercial advantage.
Proof verification and hardness of approximation problems
Sanjeev Arora,C. Lund,Rajeev Motwani,Madhu Sudan,Mario Szegedy +4 more
- 24 Oct 1992
TL;DR: Agarwal et al. as discussed by the authors showed that the MAXSNP-hard problem does not have polynomial-time approximation schemes unless P=NP, and for some epsilon > 0 the size of the maximal clique in a graph cannot be approximated within a factor of n/sup 1/ε / unless P = NP.