Embed Size (px)
Citation preview
Languages witEfficient Zer
i SZKare in SZKMOHAMMAD MA
DAVID XIAO
h o-Knowledge PCP
HMOODY (CORNELL)
(LIAFA)
ProbabilisticallyyProofs (PCPs)
y Checkable y
accept / reject
Z K l d PCZero-Knowledge PC
actualstatisti(default
Def: View of any efficient verifier can be efficientl
execution(default
Def: View of any efficient verifier can be efficientl
• Harder to achieve zero‐knowledge PCPs (than pr
• Easier to achieve sound PCPs (than provers)• Easier to achieve sound PCPs (than provers).
[Kilian‐Petrank‐Tardos’97] NEXP has (statistical) ze
I h tl f l i l l th ( f• Inherently of super‐polynomial length (even for
CPCPs
generatedically closein this talk) SIM
y “simulated” (similar to ZK interactive proofs)
generated efficiently
in this talk)
y simulated (similar to ZK interactive proofs)
rovers) verifier can read any PCP answers.
ero‐knowledge PCPs
NP)NP)
Efficient Zero-KnEfficient Zero-Knnowledge PCPsnowledge PCPs
accept / reject
Main Q estion A th efficieMain Question: Are there efficient ( t ti ti l) ZK PCP f NP ?nt (statistical) ZK PCPs for NP ?
Motivation: BasinMotivation BasinProof Hardware[Kat07, MS08, CGS08,
ng Crypto on Tamperng Crypto on TamperGKR08, GISVW10, Kol10, GIMS10, ... ]
Motivation: ResetZero-Knowledge
give me
answer to q
FORGET q andFORGET q andanswer to p
ttable Statistical
answer to q
d answer pd answer p
Limits of EfficieLimits of EfficieZero-Knowledge PCMain Question: Are there efficient
[Ishai‐M‐Sahai’12] Any language w[Ishai M Sahai 12] Any language wnon‐adaptive verifier is in co‐AM
Corollary: No efficient ZK for NP usl h l i l i hiunless the polynomial‐time hierarc
ent (statistical)ent (statistical) CPs?t ZK PCPs for NP ?
with an efficient ZK PCP using awith an efficient ZK PCP using a
sing a non‐adaptive verifierh ll [BHZ’87]chy collapses [BHZ’87]
Our Result
Id b hi dIdeas behindd th fd the proof
Approach of [IMS’Approach of [IMS’12]12]
Naïve ApproachNaïve Approach
Our ApproachOur Approach
Our ApproachOur Approach
Our ApproachOur Approach
Conditional Entropy Approximpy ppin SZK [Vadhan’04]
mation:
Putting Things ToPutting Things Toogetherogether
Summary
Theorem: No efficient statistical Zhi h ll i thhierarchy collapses ‐‐ removing th
Open: Characterize languages witConjecture: All of SZK (sufficient
Open: Number of messages (2 orOpen: Number of messages (2 orefficient PCP (hardware token) to
ZK PCP for NP unless polynomial‐timh d ti it b i f [IMS’12he non‐adaptivity barrier of [IMS’12
th efficient ZK PCPs.to make compiler of [GOVW] efficie
r 3 or 4) needed in addition to anr 3 or 4) needed in addition to an o get statistical zero‐knowledge for N
Th kThank Y !You !
![New (and Old) Proof Systems for ... - web.eecs.umich.eduweb.eecs.umich.edu/~cpeikert/pubs/slides-proofs.pdf · F Both SZK and NISZK have complete problems [SV’97, GSV’99] F SZK](https://img.pdfslide.net/doc/110x75/5c44484a93f3c34c4656e68a/new-and-old-proof-systems-for-webeecsumich-cpeikertpubsslides-proofspdf.jpg)
![Kryptonimy: Polski Związek Powstańczy [PZP], Siły Zbrojne w Kraju [SZK]](https://img.pdfslide.net/doc/110x75/56812d7c550346895d9290fa/kryptonimy-polski-zwiazek-powstanczy-pzp-sily-zbrojne-w-kraju-szk.jpg)
