Download presentation

Presentation is loading. Please wait.

Published byDamon Reeves Modified over 2 years ago

1
How to Delegate Computations: The Power of No-Signaling Proofs Ron Rothblum Weizmann Institute Joint work with Yael Kalai and Ran Raz

2
Delegation Motivation: allow a computationally weak device to outsource computation to the cloud.

3
Delegation A computationally weak device outsources its computation to the cloud.

4
Delegation The device does not trust the cloud and so it wants to verify the result super-efficiently (say in linear-time).

5
Delegation Focus of this talk: 1-round arguments.

6
Delegation

7
Comparison with Succinct Arguments A succinct non-interactive argument system (SNARG) is the same model but focus is small communication rather than verifier run-time. SNARGs for P = Trivial.

8
Prior Work

10
Main Result 1

11
quasi-polynomially

12
Main Result 1 (General)

13
The Approach of [ABOR00] [ Aiello-Bhatt-Ostrovsky-Rajogopalan 00] suggested to construct a delegation scheme by combining a Multi-Prover Interactive Proof-System with an FHE. Actually PIR suffices, but easier to describe with FHE

14
Multi Prover Interactive Proofs (MIP) [BenOr-Goldwasser-Kilian-Wigderson88]...... [Babai-Fortnow-Lund91]

15
Fully Homomorphic Encryption Eval

16
The [ABOR00] Protocol......

17
Encrypt the queries and answer homomorphically.......

18
The [ABOR00] Protocol Simulate using a single prover.......

19
The [ABOR00] Protocol Simulate using a single prover.

20
The [ABOR00] Protocol Intuition: since encrypted under different keys, prover cannot use one query to answer a different query. [ Dwork-Landberg-Naor-Nissim-Reingold 01]: this intuition is false*! [Kalai-Raz09]: correct for single prover interactive proofs. We show: protocol works if MIP satisfies a stronger soundness condition called no-signaling soundness.

21
No-Signaling Prover Strategies Allow the provers a minimal form of communication. The answer of each prover may depend on the other queries as a function but must be independent as a RV.

22
No-Signaling Prover Strategies

23
Example

24
Relation to Quantum MIP No-signaling strategies originally motivated by quantum MIPs – the (cheating) provers share an entangled quantum state. Entangled strategies are no-signaling. No-signaling soundness is likely to hold in future theories of physics (if information cannot travel faster than light).

25
The Power of No-Signaling Strategies

27
Main Technical Result

28
Proof Outline

30
Proof of Technical Result (High Level Overview)

31
Proof Sketch

32
The Provers Each prover generates the entire tableau of the computation. Output bit Input bits

33
The provers encode the computation via the [BFLS] PCP. The Provers

34
Each (honest) prover expects to be queried on a single point in the PCP and answers accordingly. The Provers

35
The verifier generates the PCP queries. Randomly permutes the queries and sends to the provers. Also explicitly checks input and output gates. Accepts the answers if PCP verifier accepts and input/output gates are correct. The Verifier

36
No-Signaling Soundness Challenges in NS setting: Each answer depends on other provers’ queries. No low degree test. No parallel repetition. Cheating provers are randomized.

37
[BFLS]: If the provers do not communicate, the MIP is sound. For no-signaling provers situation is more complicated. Classical Setting

38
No-Signaling Soundness

39
“Reading” a point = query provers on a random line that goes through the point and interpolate answers to get the value. Reading a Point

40
Fix some gate of the computation. Reading a Point

41
Lemma

42
First Attempt

44
Second Attempt Look at some gate in the second layer.

45
Second Attempt Look at some gate in the second layer.

46
Second Attempt Look at some gate in the second layer.

47
Second Attempt Look at neighbor of the gate.

48
Second Attempt Gate at 3 rd layer.

49
Second Attempt Gate at 3 rd layer.

50
Second Attempt Error grows exponentially in the depth. Gives delegation for low-depth computation (already known via [GKR08+KR09]).

51
Third Attempt

61
Missing Details…

62
Summary

63
Thanks!

Similar presentations

OK

Lower bounds for Unconditionally Secure MPC Ivan Damgård Jesper Buus Nielsen Antigoni Polychroniadou Aarhus University.

Lower bounds for Unconditionally Secure MPC Ivan Damgård Jesper Buus Nielsen Antigoni Polychroniadou Aarhus University.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Animated ppt on magnetism video Ppt on model united nations Ppt on social contract theory of john Download ppt on indus valley civilization seals Ppt on types of clouds Ppt on new technology gadgets Maths ppt on limits and derivatives Ppt on social entrepreneurship Ppt on school life and college life Backgrounds for ppt on social media