View
5
Download
0
Category
Preview:
Citation preview
Languages witEfficient Zer
i SZKare in SZKMOHAMMAD MA
DAVID XIAO
h o-Knowledge PCP
HMOODY (CORNELL)
(LIAFA)
ProbabilisticallyyProofs (PCPs)
y Checkable y
accept / reject
Z K l d PCZero-Knowledge PC
actualstatisti(default
Def: View of any efficient verifier can be efficientl
execution(default
Def: View of any efficient verifier can be efficientl
• Harder to achieve zero‐knowledge PCPs (than pr
• Easier to achieve sound PCPs (than provers)• Easier to achieve sound PCPs (than provers).
[Kilian‐Petrank‐Tardos’97] NEXP has (statistical) ze
I h tl f l i l l th ( f• Inherently of super‐polynomial length (even for
CPCPs
generatedically closein this talk) SIM
y “simulated” (similar to ZK interactive proofs)
generated efficiently
in this talk)
y simulated (similar to ZK interactive proofs)
rovers) verifier can read any PCP answers.
ero‐knowledge PCPs
NP)NP)
Efficient Zero-KnEfficient Zero-Knnowledge PCPsnowledge PCPs
accept / reject
Main Q estion A th efficieMain Question: Are there efficient ( t ti ti l) ZK PCP f NP ?nt (statistical) ZK PCPs for NP ?
Motivation: BasinMotivation BasinProof Hardware[Kat07, MS08, CGS08,
ng Crypto on Tamperng Crypto on TamperGKR08, GISVW10, Kol10, GIMS10, ... ]
Motivation: ResetZero-Knowledge
give me
answer to q
FORGET q andFORGET q andanswer to p
ttable Statistical
answer to q
d answer pd answer p
Limits of EfficieLimits of EfficieZero-Knowledge PCMain Question: Are there efficient
[Ishai‐M‐Sahai’12] Any language w[Ishai M Sahai 12] Any language wnon‐adaptive verifier is in co‐AM
Corollary: No efficient ZK for NP usl h l i l i hiunless the polynomial‐time hierarc
ent (statistical)ent (statistical) CPs?t ZK PCPs for NP ?
with an efficient ZK PCP using awith an efficient ZK PCP using a
sing a non‐adaptive verifierh ll [BHZ’87]chy collapses [BHZ’87]
Our Result
Id b hi dIdeas behindd th fd the proof
Approach of [IMS’Approach of [IMS’12]12]
Naïve ApproachNaïve Approach
Our ApproachOur Approach
Our ApproachOur Approach
Our ApproachOur Approach
Conditional Entropy Approximpy ppin SZK [Vadhan’04]
mation:
Putting Things ToPutting Things Toogetherogether
Summary
Theorem: No efficient statistical Zhi h ll i thhierarchy collapses ‐‐ removing th
Open: Characterize languages witConjecture: All of SZK (sufficient
Open: Number of messages (2 orOpen: Number of messages (2 orefficient PCP (hardware token) to
ZK PCP for NP unless polynomial‐timh d ti it b i f [IMS’12he non‐adaptivity barrier of [IMS’12
th efficient ZK PCPs.to make compiler of [GOVW] efficie
r 3 or 4) needed in addition to anr 3 or 4) needed in addition to an o get statistical zero‐knowledge for N
Th kThank Y !You !
Recommended