research-article

Delegating computation: interactive proofs for muggles

Authors:
Shafi Goldwasser

MIT and Weizmann Institute, Cambridge, MA, USA

MIT and Weizmann Institute, Cambridge, MA, USA
View Profile

,
Yael Tauman Kalai

Georgia Institute of Technology, Atlanta, GA, USA

Georgia Institute of Technology, Atlanta, GA, USA
View Profile

,
Guy N. Rothblum

MIT, Cambridge, MA, USA

MIT, Cambridge, MA, USA
View Profile

STOC '08: Proceedings of the fortieth annual ACM symposium on Theory of computingMay 2008Pages 113–122https://doi.org/10.1145/1374376.1374396

Published:17 May 2008Publication History

STOC '08: Proceedings of the fortieth annual ACM symposium on Theory of computing

Pages 113–122

ABSTRACT

In this work we study interactive proofs for tractable languages. The (honest) prover should be efficient and run in polynomial time, or in other words a "muggle". The verifier should be super-efficient and run in nearly-linear time. These proof systems can be used for delegating computation: a server can run a computation for a client and interactively prove the correctness of the result. The client can verify the result's correctness in nearly-linear time (instead of running the entire computation itself). Previously, related questions were considered in the Holographic Proof setting by Babai, Fortnow, Levin and Szegedy, in the argument setting under computational assumptions by Kilian, and in the random oracle model by Micali. Our focus, however, is on the original interactive proof model where no assumptions are made on the computational power or adaptiveness of dishonest provers. Our main technical theorem gives a public coin interactive proof for any language computable by a log-space uniform boolean circuit with depth d and input length n. The verifier runs in time (n+d) • polylog(n) and space O(log(n)), the communication complexity is d • polylog(n), and the prover runs in time poly(n). In particular, for languages computable by log-space uniform NC (circuits of polylog(n) depth), the prover is efficient, the verifier runs in time n • polylog(n) and space O(log(n)), and the communication complexity is polylog(n). Using this theorem we make progress on several questions: We show how to construct short (polylog size) computationally sound non-interactive certificates of correctness for any log-space uniform NC computation, in the public-key model. The certificates can be verified in quasi-linear time and are for a designated verifier: each certificate is tailored to the verifier's public key. This result uses a recent transformation of Kalai and Raz from public-coin interactive proofs to one-round arguments. The soundness of the certificates is based on the existence of a PIR scheme with polylog communication. Interactive proofs with public-coin, log-space, poly-time verifiers for all of P. This settles an open question regarding the expressive power of proof systems with such verifiers. Zero-knowledge interactive proofs with communication complexity that is quasi-linear in the witness, length for any NP language verifiable in NC, based on the existence of one-way functions. Probabilistically checkable arguments (a model due to Kalai and Raz) of size polynomial in the witness length (rather than the instance length) for any NP language verifiable in NC, under computational assumptions.

References

ET, phone SETI@home!. Science@NASA headlines, 1999.Google Scholar
The great internet mersenne prime search, project webpage. http://www.mersenne.org/, 2007.Google Scholar
SETI@home project website. http://setiathome.berkeley.edu/, 2007.Google Scholar
M. Agrawal, N. Kayal, and N. Saxena. PRIMES is in P. Annals of Mathematics, 160(2):781--793, 2004.Google ScholarCross Ref
D. P. Anderson. Public computing: Reconnecting people to science. In Conference on Shared Knowledge and the Web, 2003.Google Scholar
D. P. Anderson. BOINC: A system for public-resource computing and storage. In GRID, pages 4--10, 2004. Google ScholarDigital Library
S. Arora, C. Lund, R. Motwani, M. Sudan, and M. Szegedy. Proof verification and hardness of approximation problems. In FOCS, pages 14--23, 1992. Google ScholarDigital Library
S. Arora and S. Safra. Probabilistic checking of proofs: a new characterization of NP. Journal of the ACM, 45(1):70--122, 1998. Google ScholarDigital Library
L. Babai. Trading group theory for randomness. In STOC, pages 421--429, 1985. Google ScholarDigital Library
L. Babai, L. Fortnow, L. A. Levin, and M. Szegedy. Checking computations in polylogarithmic time. In STOC, pages 21--31, 1991. Google ScholarDigital Library
L. Babai, L. Fortnow, and C. Lund. Non-deterministic exponential time has two-prover interactive protocols. In FOCS, pages 16--25, 1990. Google ScholarDigital Library
B. Barak and O. Goldreich. Universal arguments and their applications. In CCC, pages 194--203, 2002. Google ScholarDigital Library
R. Beigel, M. Bellare, J. Feigenbaum, and S. Goldwasser. Languages that are easier than their proofs. In FOCS, pages 19--28, 1991. Google ScholarDigital Library
M. Ben-Or, O. Goldreich, S. Goldwasser, J. Håstad, J. Kilian,S. Micali, and P. Rogaway. Everything provable is provable in zero-knowledge. In CRYPTO, pages 37--56, 1988. Google ScholarDigital Library
M. Ben-Or, S. Goldwasser, J. Kilian, and A. Wigderson. Multi-prover interactive proofs: How to remove intractability assumptions. In STOC, pages 113--131, 1988. Google ScholarDigital Library
E. Ben-Sasson, O. Goldreich, P. Harsha, M. Sudan, and S. P. Vadhan. Robust pcps of proximity, shorter pcps and applications to coding. In STOC, pages 1--10, 2004. Google ScholarDigital Library
E. Ben-Sasson, O. Goldreich, P. Harsha, M. Sudan, and S. P. Vadhan. Short pcps verifiable in polylogarithmic time. In CCC, pages 120--134, 2005. Google ScholarDigital Library
M. Blum. How to prove a theorem so no-one else can claim it. In Proceedings of the International Congress of Mathematicians, pages 1444--1451, 1987.Google Scholar
M. Blum and S. Kannan. Designing programs that check their work. Journal of the ACM, 42(1):269--291, 1995. Google ScholarDigital Library
C. Cachin, S. Micali, and M. Stadler. Computationally private information retrieval with polylogarithmic communication. In EUROCRYPT, pages 402--414, 1999. Google ScholarDigital Library
R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. Journal of the ACM, 51(4):557--594, 2004. Google ScholarDigital Library
A. Condon. Space-bounded probabilistic game automata. Journal of the ACM, 38(2):472--494, 1991. Google ScholarDigital Library
A. Condon and R. E. Ladner. Probabilistic game automata. Journal of Computer and System Sciences, 36(3):452--489, 1988. Google ScholarDigital Library
A. Condon and R. J. Lipton. On the complexity of space bounded interactive proofs (extended abstract). In FOCS, pages 462--467, 1989. Google ScholarDigital Library
I. Dinur. The pcp theorem by gap amplification. Journal of the ACM, 54(3):12, 2007. Google ScholarDigital Library
C. Dwork, M. Naor, O. Reingold, and L. J. Stockmeyer. Magic functions. Journal of the ACM, 50(6):852--921, 2003. Google ScholarDigital Library
C. Dwork and L. J. Stockmeyer. Finite state verifiers i: The power of interaction. Journal of the ACM, 39(4):800--828, 1992. Google ScholarDigital Library
C. Dwork and L. J. Stockmeyer. Finite state verifiers ii: Zero knowledge. Journal of the ACM, 39(4):829--858, 1992. Google ScholarDigital Library
U. Feige, S. Goldwasser, L. Lovász, S. Safra, and M. Szegedy. Interactive proofs and the hardness of approximating cliques. Journal of the ACM, 43(2):268--292, 1996. Google ScholarDigital Library
U. Feige and J. Kilian. Making games short (extended abstract). In Proceedings of the 29th Annual ACM Symposium on Theory of Computing, pages 506--516, 1997. Google ScholarDigital Library
A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In CRYPTO, pages 186--194, 1986. Google ScholarDigital Library
L. Fortnow. Complexity-theoretic aspects of interactive proof systems. PhD thesis. Technical Report MIT/LCS/TR-447, Massachusetts Institute of Technology, 1989.Google Scholar
L. Fortnow and C. Lund. Interactive proof systems and alternating time-space complexity. Theoretical Computer Science, 113(1):55--73, 1993. Google ScholarDigital Library
O. Goldreich, S. Micali, and A. Wigderson. Proofs that yield nothing but their validity, or all languages in np have zero-knowledge proof systems. Journal of the ACM, 38(1):691--729, 1991. Google ScholarDigital Library
S. Goldwasser, D. Gutfreund, A. Healy, T. Kaufman, and G. N.Rothblum. Verifying and decoding in constant depth. In STOC, pages 440--449, 2007. Google ScholarDigital Library
S. Goldwasser and Y. T. Kalai. On the (in)security of the fiat-shamir paradigm. In FOCS, pages 102--, 2003. Google ScholarDigital Library
S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems. SIAM Journal on Computing, 18(1):186--208, 1989. Google ScholarDigital Library
J. Håstad, R. Impagliazzo, L. Levin, and M. Luby. A pseudorandom generator from any one-way function. SIAM Journal on Computing, 28(4):1364--1396, 1999. Google ScholarDigital Library
Y. Ishai, E. Kushilevitz, R. Ostrovsky, and A. Sahai. Zero-knowledge from secure multiparty computation. In STOC, pages 21--30, 2007. Google ScholarDigital Library
Y. Ishai and A. Paskin. Evaluating branching programs on encrypted data. In TCC, pages 575--594, 2007. Google ScholarDigital Library
Y. T. Kalai and R. Raz. Interactive pcp. Technical Report TR07-031, ECCC, 2007.Google Scholar
Y. T. Kalai and R. Raz. Probabilistically checkable arguments. Manuscript, 2007.Google Scholar
J. Kilian. Zero-knowledge with log-space verifiers. In FOCS, pages 25--35, 1988. Google ScholarDigital Library
J. Kilian. A note on efficient zero-knowledge proofs and arguments (extended abstract). In STOC, pages 723--732, 1992. Google ScholarDigital Library
J. Kilian. Improved efficient arguments (preliminary version). In CRYPTO, pages 311--324, 1995. Google ScholarDigital Library
E. Kushilevitz and R. Ostrovsky. Replication is not needed: Single database, computationally-private information retrieval. In FOCS, pages 364--373, 1997. Google ScholarDigital Library
N. Linial, Y. Mansour, and N. Nisan. Constant depth circuits, fourier transform, and learnability. Journal of the ACM, 40(3):607--620, 1993. Google ScholarDigital Library
H. Lipmaa. An oblivious transfer protocol with log-squared communication. In ISC, pages 314--328, 2005. Google ScholarDigital Library
C. Lund, L. Fortnow, H. Karloff, and N. Nisan. Algebraic methods for interactive proof systems. Journal of the ACM, 39(4):859--868, 1992. Google ScholarDigital Library
S. Micali. Cs proofs (extended abstract). In FOCS, pages 436--453, 1994. Google ScholarDigital Library
M. Naor. Bit commitment using pseudo randomness. In CRYPTO, pages 128--136, 1989. Google ScholarDigital Library
A. Polishchuk and D. A. Spielman. Nearly-linear size holographic proofs. In STOC, pages 194--203, 1994. Google ScholarDigital Library
A. Shamir. IP = PSPACE. Journal of the ACM, 39(4):869--877, 1992. Google ScholarDigital Library

Index Terms

Delegating computation: interactive proofs for muggles
1. Theory of computation
  1. Design and analysis of algorithms

Recommendations

Delegating Computation: Interactive Proofs for Muggles

In this work we study interactive proofs for tractable languages. The (honest) prover should be efficient and run in polynomial time or, in other words, a “muggle”.1 The verifier should be super-efficient and run in nearly linear time. These proof ...
Read More
Constant-round interactive proofs for delegating computation
STOC '16: Proceedings of the forty-eighth annual ACM symposium on Theory of Computing

The celebrated IP=PSPACE Theorem of Lund et-al. (J.ACM 1992) and Shamir (J.ACM 1992), allows an all-powerful but untrusted prover to convince a polynomial-time verifier of the validity of extremely complicated statements (as long as they can be ...
Read More
Bounded Relativization
CCC '23: Proceedings of the conference on Proceedings of the 38th Computational Complexity Conference

Relativization is one of the most fundamental concepts in complexity theory, which explains the difficulty of resolving major open problems. In this paper, we propose a weaker notion of relativization called bounded relativization. For a complexity ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
STOC '08: Proceedings of the fortieth annual ACM symposium on Theory of computing
May 2008
712 pages
ISBN:9781605580470
DOI:10.1145/1374376
General Chair:
Richard Ladner
University of Washington
,
Program Chair:
Cynthia Dwork
Microsoft Research, Silicon Valley
Copyright © 2008 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 17 May 2008
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
delegation
interactive proofs
muggles
Qualifiers
- research-article
Conference

Acceptance Rates
STOC '08 Paper Acceptance Rate80of325submissions,25%Overall Acceptance Rate1,469of4,586submissions,32%
More
Upcoming Conference
STOC '24

Sponsor:

sigact

56th Annual ACM Symposium on Theory of Computing (STOC 2024)

June 24 - 28, 2024

Vancouver , BC , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 287
  Total Citations
  View Citations
- 984
  Total Downloads
- Downloads (Last 12 months)35
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Delegating computation: interactive proofs for muggles

STOC '08: Proceedings of the fortieth annual ACM symposium on Theory of computing

ABSTRACT

References

Cited By

Index Terms

Recommendations

Delegating Computation: Interactive Proofs for Muggles

Constant-round interactive proofs for delegating computation

Bounded Relativization