Results 1  10
of
28
Algebraic Methods for Interactive Proof Systems
, 1990
"... We present a new algebraic technique for the construction of interactive proof systems. We use our technique to prove that every language in the polynomialtime hierarchy has an interactive proof system. This technique played a pivotal role in the recent proofs that IP=PSPACE (Shamir) and that MIP ..."
Abstract

Cited by 305 (29 self)
 Add to MetaCart
We present a new algebraic technique for the construction of interactive proof systems. We use our technique to prove that every language in the polynomialtime hierarchy has an interactive proof system. This technique played a pivotal role in the recent proofs that IP=PSPACE (Shamir) and that MIP=NEXP (Babai, Fortnow and Lund).
The NPcompleteness column: an ongoing guide
 Journal of Algorithms
, 1985
"... This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book ‘‘Computers and Intractability: A Guide to the Theory of NPCompleteness,’ ’ W. H. Freeman & Co ..."
Abstract

Cited by 188 (0 self)
 Add to MetaCart
This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book ‘‘Computers and Intractability: A Guide to the Theory of NPCompleteness,’ ’ W. H. Freeman & Co., New York, 1979 (hereinafter referred to as ‘‘[G&J]’’; previous columns will be referred to by their dates). A background equivalent to that provided by [G&J] is assumed, and, when appropriate, crossreferences will be given to that book and the list of problems (NPcomplete and harder) presented there. Readers who have results they would like mentioned (NPhardness, PSPACEhardness, polynomialtimesolvability, etc.) or open problems they would like publicized, should
A UniformComplexity Treatment of Encryption and ZeroKnowledge
, 1993
"... We provide a treatment of encryption and zeroknowledge in terms of uniform complexity measures. This treatment is appropriate for cryptographic settings modeled by probabilistic polynomialtime machines. Our uniform treatment allows to construct secure encryption schemes and zeroknowledge proof s ..."
Abstract

Cited by 73 (10 self)
 Add to MetaCart
We provide a treatment of encryption and zeroknowledge in terms of uniform complexity measures. This treatment is appropriate for cryptographic settings modeled by probabilistic polynomialtime machines. Our uniform treatment allows to construct secure encryption schemes and zeroknowledge proof systems (for all INP) using only uniform complexity assumptions. We show that uniform variants of the two definitions of security, presented in the pioneering work of Goldwasser and Micali, are in fact equivalent. Such a result was known before only for the nonuniform formalization.
Delegating computation: interactive proofs for muggles
 In Proceedings of the ACM Symposium on the Theory of Computing (STOC
, 2008
"... In this work we study interactive proofs for tractable languages. The (honest) prover should be efficient and run in polynomial time, or in other words a “muggle”. 1 The verifier should be superefficient and run in nearlylinear time. These proof systems can be used for delegating computation: a se ..."
Abstract

Cited by 57 (4 self)
 Add to MetaCart
In this work we study interactive proofs for tractable languages. The (honest) prover should be efficient and run in polynomial time, or in other words a “muggle”. 1 The verifier should be superefficient and run in nearlylinear time. These proof systems can be used for delegating computation: a server can run a computation for a client and interactively prove the correctness of the result. The client can verify the result’s correctness in nearlylinear time (instead of running the entire computation itself). Previously, related questions were considered in the Holographic Proof setting by Babai, Fortnow, Levin and Szegedy, in the argument setting under computational assumptions by Kilian, and in the random oracle model by Micali. Our focus, however, is on the original interactive proof model where no assumptions are made on the computational power or adaptiveness of dishonest provers. Our main technical theorem gives a public coin interactive proof for any language computable by a logspace uniform boolean circuit with depth d and input length n. The verifier runs in time (n+d)·polylog(n) and space O(log(n)), the communication complexity is d · polylog(n), and the prover runs in time poly(n). In particular, for languages computable by logspace uniform N C (circuits of polylog(n) depth), the prover is efficient, the verifier runs in time n · polylog(n) and space O(log(n)), and the communication complexity is polylog(n).
Comparing Entropies in Statistical Zero Knowledge with Applications to the Structure of SZK
 In Proceedings of the Fourteenth Annual IEEE Conference on Computational Complexity
, 1998
"... We consider the following (promise) problem, denoted ED (for Entropy Difference): The input is a pairs of circuits, and yes instances (resp., no instances) are such pairs in which the first (resp., second) circuit generates a distribution with noticeably higher entropy. On one hand we show that a ..."
Abstract

Cited by 31 (11 self)
 Add to MetaCart
We consider the following (promise) problem, denoted ED (for Entropy Difference): The input is a pairs of circuits, and yes instances (resp., no instances) are such pairs in which the first (resp., second) circuit generates a distribution with noticeably higher entropy. On one hand we show that any language having a (honestverifier) statistical zeroknowledge proof is Karpreducible to ED. On the other hand, we present a publiccoin (honestverifier) statistical zeroknowledge proof for ED. Thus, we obtain an alternative proof of Okamoto's result by which HVSZK (i.e., HonestVerifier Statistical ZeroKnowledge) equals publiccoin HVSZK. The new proof is much simpler than the original one. The above also yields a trivial proof that HVSZK is closed under complementation (since ED easily reduces to its complement). Among the new results obtained is an equivalence of a weak notion of statistical zeroknowledge to the standard one. Keywords: Complexity and Cryptography, Universa...
An unconditional study of computational zero knowledge
 SIAM Journal on Computing
, 2004
"... We prove a number of general theorems about ZK, the class of problems possessing (computational) zeroknowledge proofs. Our results are unconditional, in contrast to most previous works on ZK, which rely on the assumption that oneway functions exist. We establish several new characterizations of ZK ..."
Abstract

Cited by 27 (7 self)
 Add to MetaCart
We prove a number of general theorems about ZK, the class of problems possessing (computational) zeroknowledge proofs. Our results are unconditional, in contrast to most previous works on ZK, which rely on the assumption that oneway functions exist. We establish several new characterizations of ZK, and use these characterizations to prove results such as: 1. Honestverifier ZK equals general ZK. 2. Publiccoin ZK equals privatecoin ZK. 3. ZK is closed under union. 4. ZK with imperfect completeness equals ZK with perfect completeness. 5. Any problem in ZK ∩ NP can be proven in computational zero knowledge by a BPP NP prover. 6. ZK with blackbox simulators equals ZK with general, nonblackbox simulators. The above equalities refer to the resulting class of problems (and do not necessarily preserve other efficiency measures such as round complexity). Our approach is to combine the conditional techniques previously used in the study of ZK with the unconditional techniques developed in the study of SZK, the class of problems possessing statistical zeroknowledge proofs. To enable this combination, we prove that every problem in ZK can be decomposed into a problem in SZK together with a set of instances from which a oneway function can be constructed.
On the Knowledge Complexity of ...
 In 37th FOCS
, 1996
"... We show that if a language has an interactive proof of logarithmic statistical knowledgecomplexity, then it belongs to the class AM \ co AM. Thus, if the polynomial time hierarchy does not collapse, then NPcomplete languages do not have logarithmic knowledge complexity. Prior to this work, ther ..."
Abstract

Cited by 26 (7 self)
 Add to MetaCart
We show that if a language has an interactive proof of logarithmic statistical knowledgecomplexity, then it belongs to the class AM \ co AM. Thus, if the polynomial time hierarchy does not collapse, then NPcomplete languages do not have logarithmic knowledge complexity. Prior to this work, there was no indication that would contradict NP languages being proven with even one bit of knowledge. Our result is a common generalization of two previous results: The rst asserts that statistical zero knowledge is contained in AM \ co AM [F89, AH91], while the second asserts that the languages recognizable in logarithmic statistical knowledge complexity are in BPP NP [GOP94]. Next, we consider the relation between the error probability and the knowledge complexity of an interactive proof. Note that reducing the error probability via repetition is not free: it may increase the knowledge complexity. We show that if the negligible error probability (n) is less than 2 3k(n) (where k(n) is the knowledge complexity) then the language proven is in the third level of the polynomial time hierarchy (specically, it is in AM NP . In the standard setting of negligible error probability, there exist PSPACEcomplete languages which have sublinear knowledge complexity. However, if we insist, for example, that the error probability is less than 2 n 2 , then PSPACEcomplete languages do not have subquadratic knowledge complexity, unless PSPACE= P 3 . In order to prove our main result, we develop an AM protocol for checking that a samplable distribution D has a given entropy h. For any fractions ; , the verier runs in time polynomial in 1= and log(1=) and fails with probability at most to detect an additive error in the entropy. We believe that this ...
On the (im)possibility of cryptography with imperfect randomness
 In Proc. 45th IEEE FOCS
, 2004
"... We investigate the feasibility of a variety of cryptographic tasks with imperfect randomness. The kind of imperfect randomness we consider are entropy sources, such as those considered by Santha and Vazirani, Chor and Goldreich, and Zuckerman. We show the following: Certain cryptographic tasks like ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
We investigate the feasibility of a variety of cryptographic tasks with imperfect randomness. The kind of imperfect randomness we consider are entropy sources, such as those considered by Santha and Vazirani, Chor and Goldreich, and Zuckerman. We show the following: Certain cryptographic tasks like bit commitment, encryption, secret sharing, zeroknowledge, noninteractive zeroknowledge, and secure twoparty computation for any nontrivial function are impossible to realize if parties have access to entropy sources with slightly lessthanperfect entropy, i.e., sources with imperfect randomness. These results are unconditional and do not rely on any unproven assumption. On the other hand, based on stronger variants of standard assumptions, secure signature schemes are possible with imperfect entropy sources. As another positive result, we show (without any unproven assumption) that interactive proofs can be made sound with respect to imperfect entropy sources. 1.
Candidate indistinguishability obfuscation and functional encryption for all circuits
 In FOCS
, 2013
"... In this work, we study indistinguishability obfuscation and functional encryption for general circuits: Indistinguishability obfuscation requires that given any two equivalent circuits C0 and C1 of similar size, the obfuscations of C0 and C1 should be computationally indistinguishable. In functional ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
In this work, we study indistinguishability obfuscation and functional encryption for general circuits: Indistinguishability obfuscation requires that given any two equivalent circuits C0 and C1 of similar size, the obfuscations of C0 and C1 should be computationally indistinguishable. In functional encryption, ciphertexts encrypt inputs x and keys are issued for circuits C. Using the key SKC to decrypt a ciphertext CTx = Enc(x), yields the value C(x) but does not reveal anything else about x. Furthermore, no collusion of secret key holders should be able to learn anything more than the union of what they can each learn individually. We give constructions for indistinguishability obfuscation and functional encryption that supports all polynomialsize circuits. We accomplish this goal in three steps: • We describe a candidate construction for indistinguishability obfuscation for NC 1 circuits. The security of this construction is based on a new algebraic hardness assumption. The candidate and assumption use a simplified variant of multilinear maps, which we call Multilinear Jigsaw Puzzles. • We show how to use indistinguishability obfuscation for NC 1 together with Fully Homomorphic Encryption (with decryption in NC 1) to achieve indistinguishability obfuscation for all circuits.
The Power Of Interaction
, 1991
"... : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : vii Chapter 1. INTRODUCTION : : : : : : : : : : : : : : : : : : : : : : : : : 1 2. PRELIMINARIES : : : : : : : : : : : : : : : : : : : : : : : : : 4 2.1 Basic Definitions : : : : : : : : : : : : : : : : : : : : : : : 4 2.1.1 Basics : : ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : vii Chapter 1. INTRODUCTION : : : : : : : : : : : : : : : : : : : : : : : : : 1 2. PRELIMINARIES : : : : : : : : : : : : : : : : : : : : : : : : : 4 2.1 Basic Definitions : : : : : : : : : : : : : : : : : : : : : : : 4 2.1.1 Basics : : : : : : : : : : : : : : : : : : : : : : : : 4 2.1.2 Boolean Formulas : : : : : : : : : : : : : : : : : 4 2.1.3 Arithmetic Formulas and Expressions : : : : : : 5 2.2 Computational Models : : : : : : : : : : : : : : : : : : : : 9 2.2.1 Deterministic Computation : : : : : : : : : : : : 9 2.2.2 Probabilistic Computation : : : : : : : : : : : : 11 2.2.3 NonDeterministic Computation : : : : : : : : : 12 2.2.4 Alternating Computations : : : : : : : : : : : : 13 2.2.5 Interactive Proof Systems : : : : : : : : : : : : : 13 2.2.6 Multiple Prover Interactive Proof Systems : : : 15 2.2.7 Computation relative to an Oracle : : : : : : : : 15 2.3 Complexity Classes : : : : : : : : : : : : : : : : : : : : ...