Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to Delegate Computations: The Power of No-Signaling Proofs Ron Rothblum Weizmann Institute Joint work with Yael Kalai and Ran Raz.

Similar presentations


Presentation on theme: "How to Delegate Computations: The Power of No-Signaling Proofs Ron Rothblum Weizmann Institute Joint work with Yael Kalai and Ran Raz."— Presentation transcript:

1 How to Delegate Computations: The Power of No-Signaling Proofs Ron Rothblum Weizmann Institute Joint work with Yael Kalai and Ran Raz

2 Delegation Motivation: allow a computationally weak device to outsource computation to the cloud.

3 Delegation A computationally weak device outsources its computation to the cloud.

4 Delegation The device does not trust the cloud and so it wants to verify the result super-efficiently (say in linear-time).

5 Delegation Focus of this talk: 1-round arguments.

6 Delegation

7 Comparison with Succinct Arguments A succinct non-interactive argument system (SNARG) is the same model but focus is small communication rather than verifier run-time. SNARGs for P = Trivial.

8 Prior Work

9

10 Main Result 1

11 quasi-polynomially

12 Main Result 1 (General)

13 The Approach of [ABOR00] [ Aiello-Bhatt-Ostrovsky-Rajogopalan 00] suggested to construct a delegation scheme by combining a Multi-Prover Interactive Proof-System with an FHE. Actually PIR suffices, but easier to describe with FHE

14 Multi Prover Interactive Proofs (MIP) [BenOr-Goldwasser-Kilian-Wigderson88] [Babai-Fortnow-Lund91]

15 Fully Homomorphic Encryption Eval

16 The [ABOR00] Protocol......

17 Encrypt the queries and answer homomorphically

18 The [ABOR00] Protocol Simulate using a single prover

19 The [ABOR00] Protocol Simulate using a single prover.

20 The [ABOR00] Protocol Intuition: since encrypted under different keys, prover cannot use one query to answer a different query. [ Dwork-Landberg-Naor-Nissim-Reingold 01]: this intuition is false*! [Kalai-Raz09]: correct for single prover interactive proofs. We show: protocol works if MIP satisfies a stronger soundness condition called no-signaling soundness.

21 No-Signaling Prover Strategies Allow the provers a minimal form of communication. The answer of each prover may depend on the other queries as a function but must be independent as a RV.

22 No-Signaling Prover Strategies

23 Example

24 Relation to Quantum MIP No-signaling strategies originally motivated by quantum MIPs – the (cheating) provers share an entangled quantum state. Entangled strategies are no-signaling. No-signaling soundness is likely to hold in future theories of physics (if information cannot travel faster than light).

25 The Power of No-Signaling Strategies

26

27 Main Technical Result

28 Proof Outline

29

30 Proof of Technical Result (High Level Overview)

31 Proof Sketch

32 The Provers Each prover generates the entire tableau of the computation. Output bit Input bits

33 The provers encode the computation via the [BFLS] PCP. The Provers

34 Each (honest) prover expects to be queried on a single point in the PCP and answers accordingly. The Provers

35 The verifier generates the PCP queries. Randomly permutes the queries and sends to the provers. Also explicitly checks input and output gates. Accepts the answers if PCP verifier accepts and input/output gates are correct. The Verifier

36 No-Signaling Soundness Challenges in NS setting: Each answer depends on other provers’ queries. No low degree test. No parallel repetition. Cheating provers are randomized.

37 [BFLS]: If the provers do not communicate, the MIP is sound. For no-signaling provers situation is more complicated. Classical Setting

38 No-Signaling Soundness

39 “Reading” a point = query provers on a random line that goes through the point and interpolate answers to get the value. Reading a Point

40 Fix some gate of the computation. Reading a Point

41 Lemma

42 First Attempt

43

44 Second Attempt Look at some gate in the second layer.

45 Second Attempt Look at some gate in the second layer.

46 Second Attempt Look at some gate in the second layer.

47 Second Attempt Look at neighbor of the gate.

48 Second Attempt Gate at 3 rd layer.

49 Second Attempt Gate at 3 rd layer.

50 Second Attempt Error grows exponentially in the depth. Gives delegation for low-depth computation (already known via [GKR08+KR09]).

51 Third Attempt

52

53

54

55

56

57

58

59

60

61 Missing Details…

62 Summary

63 Thanks!


Download ppt "How to Delegate Computations: The Power of No-Signaling Proofs Ron Rothblum Weizmann Institute Joint work with Yael Kalai and Ran Raz."

Similar presentations


Ads by Google