Results 1  10
of
18
SNARKs for C: Verifying program executions succinctly and in zero knowledge
 In Proceedings of CRYPTO 2013, LNCS
"... An argument system for NP is a proof system that allows efficient verification of NP statements, given proofs produced by an untrusted yet computationallybounded prover. Such a system is noninteractive and publiclyverifiable if, after a trusted party publishes a proving key and a verification key, ..."
Abstract

Cited by 28 (2 self)
 Add to MetaCart
An argument system for NP is a proof system that allows efficient verification of NP statements, given proofs produced by an untrusted yet computationallybounded prover. Such a system is noninteractive and publiclyverifiable if, after a trusted party publishes a proving key and a verification key, anyone can use the proving key to generate noninteractive proofs for adaptivelychosen NP statements, and proofs can be verified by anyone by using the verification key. We present an implementation of a publiclyverifiable noninteractive argument system for NP. The system, moreover, is a zeroknowledge proofofknowledge. It directly proves correct executions of programs on TinyRAM, a randomaccess machine tailored for efficient verification of nondeterministic computations. Given a program P and time bound T, the system allows for proving correct execution of P, on any input x, for up to T steps, after a onetime setup requiring Õ(P  · T) cryptographic operations. An honest prover requires Õ(P  · T) cryptographic operations to generate such a proof, while proof verification can be performed with only O(x) cryptographic operations. This system can be used to prove the correct execution of C programs, using our TinyRAM port of the GCC compiler. This yields a zeroknowledge Succinct Noninteractive ARgument of Knowledge (zkSNARK) for
1A Fresh Look at Boolean Functions: Progress Report
"... The team is working on three main problems, each of which are listed below. ..."
Abstract
 Add to MetaCart
The team is working on three main problems, each of which are listed below.
Lecture 1
, 2013
"... Computing environments change: everyone has portable computing devices (in form of mobile phones) and access to large servers (in the cloud). This change presents fundamental challenge of outsourcing computation, which is motivated by the asymmetry of the available computing power. In recent computi ..."
Abstract
 Add to MetaCart
Computing environments change: everyone has portable computing devices (in form of mobile phones) and access to large servers (in the cloud). This change presents fundamental challenge of outsourcing computation, which is motivated by the asymmetry of the available computing power. In recent computing scenarios clients are trusted (but weak), while computationally strong servers are
Succinct noninteractive zeroknowledge for a von Neumann architecture
, 2014
"... We build a system that provides succinct noninteractive zeroknowledge proofs (zkSNARKs) for program executions on a von Neumann RISC architecture. The system has two components: a cryptographic proof system for verifying satisfiability of arithmetic circuits, and a circuit generator to translate ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
We build a system that provides succinct noninteractive zeroknowledge proofs (zkSNARKs) for program executions on a von Neumann RISC architecture. The system has two components: a cryptographic proof system for verifying satisfiability of arithmetic circuits, and a circuit generator to translate program executions to such circuits. Our design of both components improves in functionality and efficiency over prior work, as follows. Our circuit generator is the first to be universal: it does not need to know the program, but only a bound on its running time. Moreover, the size of the output circuit depends additively (rather than multiplicatively) on program size, allowing verification of larger programs. The cryptographic proof system improves proving and verification times, by leveraging new algorithms and a pairing library tailored to the protocol. We evaluated our system for programs with up to 10,000 instructions, running for up to 32,000 machine steps, each of which can arbitrarily access randomaccess memory; and also demonstrated it executing programs that use justintime compilation. Our proofs are 230 bytes long at 80 bits of security, or 288 bytes long at 128 bits of security. Typical verification time is 5 milliseconds, regardless of the original program’s running time.
Language Recognition by Nonconstructive Finite Automata
"... Abstract. Nonconstructive finite automata were first considered by R. Freivalds in [1]. We prove tight upper bound for amount of nonconstructivity that can be needed to recognize a language. We prove some theorems about saving amount of the nonconstructive help needed by encoding that information i ..."
Abstract
 Add to MetaCart
Abstract. Nonconstructive finite automata were first considered by R. Freivalds in [1]. We prove tight upper bound for amount of nonconstructivity that can be needed to recognize a language. We prove some theorems about saving amount of the nonconstructive help needed by encoding that information in automata. We also show that nonconstructive probabilistic automata can be more concise than nonconstructive deterministic automata. 1
HapTree: A Novel Bayesian Framework for Single Individual Polyplotyping Using NGS Data
"... As the more recent nextgeneration sequencing (NGS) technologies provide longer read sequences, the use of sequencing datasets for complete haplotype phasing is fast becoming a reality, allowing haplotype reconstruction of a single sequenced genome. Nearly all previous haplotype reconstruction studi ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
As the more recent nextgeneration sequencing (NGS) technologies provide longer read sequences, the use of sequencing datasets for complete haplotype phasing is fast becoming a reality, allowing haplotype reconstruction of a single sequenced genome. Nearly all previous haplotype reconstruction studies have focused on diploid genomes and are rarely scalable to genomes with higher ploidy. Yet computational investigations into polyploid genomes carry great importance, impacting plant, yeast and fish genomics, as well as the studies of the evolution of modernday eukaryotes and (epi)genetic interactions between copies of genes. In this paper, we describe a novel maximumlikelihood estimation framework, HapTree, for polyploid haplotype assembly of an individual genome using NGS read datasets. We evaluate the performance of HapTree on simulated polyploid sequencing read data modeled after Illumina sequencing technologies. For triploid and higher ploidy genomes, we demonstrate that HapTree substantially improves haplotype assembly accuracy and efficiency over the stateoftheart; moreover, HapTree is the first scalable polyplotyping method for higher ploidy. As a proof of concept, we also test our method on real sequencing data from NA12878 (1000 Genomes Project) and evaluate the quality of assembled haplotypes with respect to triobased diplotype annotation as the ground truth. The results indicate that HapTree significantly improves the switch accuracy within phased haplotype blocks as compared to existing haplotype
Short PCPs with projection queries
, 2014
"... We construct a PCP for NTIME(2 n) with constant soundness, 2 n poly(n) proof length, and poly(n) queries where the verifier’s computation is simple: the queries are a projection of the input randomness, and the computation on the prover’s answers is a 3CNF. The previous upper bound for these two com ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We construct a PCP for NTIME(2 n) with constant soundness, 2 n poly(n) proof length, and poly(n) queries where the verifier’s computation is simple: the queries are a projection of the input randomness, and the computation on the prover’s answers is a 3CNF. The previous upper bound for these two computations was polynomialsize circuits. Composing this verifier with a proof oracle increases the circuitdepth of the latter by 2. Our PCP is a simple variant of the PCP by BenSasson, Goldreich, Harsha, Sudan, and Vadhan (CCC 2005). We also give a more modular exposition of the latter, separating the combinatorial from the algebraic arguments. If our PCP is taken as a black box, we obtain a more direct proof of the result by Williams, later with Santhanam (CCC 2013) that derandomizing circuits on n bits from a class C in time 2 n /n ω(1) yields that NEXP is not in a related circuit class C ′. Our proof yields a tighter connection: C is an AndOr of circuits from C ′. Along the way we show that the same lower bound follows if the satisfiability of the And of any 3 circuits from C ′ can be solved in time 2 n /n ω(1). ∗The research leading to these results has received funding from the European Community’s
Certified by..................................................................
, 2013
"... We present a proof system that allows efficient verification of NP statements, given proofs produced by an untrusted yet computationallybounded prover. Our system is publicly verifiable: after a trusted thirdparty has generated a proving key and a verification key, anyone can use the proving key t ..."
Abstract
 Add to MetaCart
We present a proof system that allows efficient verification of NP statements, given proofs produced by an untrusted yet computationallybounded prover. Our system is publicly verifiable: after a trusted thirdparty has generated a proving key and a verification key, anyone can use the proving key to generate noninteractive proofs for adaptivelychosen NP statements, and the proofs can be verified by anyone using the verification key. Moreover, our system is statistically zeroknowledge and the generated public parameters are reusable. The NPcomplete language we choose is the correct execution of programs on TinyRAM, a minimalistic (nondeterministic) randomaccess machine that we design. Together with
Results 1  10
of
18