TY - GEN
T1 - Faster Sounder Succinct Arguments and IOP s
AU - Holmgren, Justin
AU - Rothblum, Ron D.
N1 - Publisher Copyright: © 2022, International Association for Cryptologic Research.
PY - 2022
Y1 - 2022
N2 - Succinct arguments allow a prover to convince a verifier that a given statement is true, using an extremely short proof. A major bottleneck that has been the focus of a large body of work is in reducing the overhead incurred by the prover in order to prove correctness of the computation. By overhead we refer to the cost of proving correctness, divided by the cost of the original computation. In this work, for a large class of Boolean circuits C= C(x, w), we construct succinct arguments for the language {x:∃wC(x,w)=1}, with 2 -λ soundness error, and with prover overhead polylog (λ). This result relies on the existence of (sub-exponentially secure) linear-size computable collision-resistant hash functions. The class of Boolean circuits that we can handle includes circuits with a repeated sub-structure, which arise in natural applications such as batch computation/verification, hashing and related block chain applications. The succinct argument is obtained by constructing interactive oracle proofs for the same class of languages, with polylog (λ) prover overhead, and soundness error 2 -λ. Prior to our work, the best IOP s for Boolean circuits either had prover overhead of polylog (| C| ) based on efficient PCP s due to Ben Sasson et al. (STOC, 2013) or poly (λ) due to Rothblum and Ron-Zewi (STOC, 2022).
AB - Succinct arguments allow a prover to convince a verifier that a given statement is true, using an extremely short proof. A major bottleneck that has been the focus of a large body of work is in reducing the overhead incurred by the prover in order to prove correctness of the computation. By overhead we refer to the cost of proving correctness, divided by the cost of the original computation. In this work, for a large class of Boolean circuits C= C(x, w), we construct succinct arguments for the language {x:∃wC(x,w)=1}, with 2 -λ soundness error, and with prover overhead polylog (λ). This result relies on the existence of (sub-exponentially secure) linear-size computable collision-resistant hash functions. The class of Boolean circuits that we can handle includes circuits with a repeated sub-structure, which arise in natural applications such as batch computation/verification, hashing and related block chain applications. The succinct argument is obtained by constructing interactive oracle proofs for the same class of languages, with polylog (λ) prover overhead, and soundness error 2 -λ. Prior to our work, the best IOP s for Boolean circuits either had prover overhead of polylog (| C| ) based on efficient PCP s due to Ben Sasson et al. (STOC, 2013) or poly (λ) due to Rothblum and Ron-Zewi (STOC, 2022).
KW - Proof-Systems
KW - Succinct Arguments
KW - Zero-knowledge
UR - http://www.scopus.com/inward/record.url?scp=85141686043&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-15802-5_17
DO - 10.1007/978-3-031-15802-5_17
M3 - منشور من مؤتمر
SN - 9783031158018
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 474
EP - 503
BT - Advances in Cryptology – CRYPTO 2022 - 42nd Annual International Cryptology Conference, CRYPTO 2022, Proceedings
A2 - Dodis, Yevgeniy
A2 - Shrimpton, Thomas
PB - Springer Science and Business Media Deutschland GmbH
T2 - 42nd Annual International Cryptology Conference, CRYPTO 2022
Y2 - 15 August 2022 through 18 August 2022
ER -