TY - GEN
T1 - Succinct Interactive Oracle Proofs
T2 - 42nd Annual International Cryptology Conference, CRYPTO 2022
AU - Nassar, Shafik
AU - Rothblum, Ron D.
N1 - Publisher Copyright: © 2022, International Association for Cryptologic Research.
PY - 2022
Y1 - 2022
N2 - Interactive Oracle Proofs (IOP s) are a new type of proof-system that combines key properties of interactive proofs and PCP s: IOP s enable a verifier to be convinced of the correctness of a statement by interacting with an untrusted prover while reading just a few bits of the messages sent by the prover. IOP s have become very prominent in the design of efficient proof-systems in recent years. In this work we study succinct IOP s, which are IOP s in which the communication complexity is polynomial (or even linear) in the original witness. While there are strong impossibility results for the existence of succinct PCP s (i.e., PCP s whose length is polynomial in the witness), it is known that the rich class of NP relations that are decidable in small space have succinct IOP s. In this work we show both new applications, and limitations, for succinct IOP s: First, using one-way functions, we show how to compile IOP s into zero-knowledge proofs, while nearly preserving the proof length. This complements a recent line of work, initiated by Ben Sasson et al. (TCC, 2016B), who compile IOP s into super-succinct zero-knowledge arguments.Applying the compiler to the state-of-the-art succinct IOP s yields zero-knowledge proofs for bounded-space NP relations, with communication that is nearly equal to the original witness length. This yields the shortest known zero-knowledge proofs from the minimal assumption of one-way functions.Second, we give a barrier for obtaining succinct IOP s for more general NP relations. In particular, we show that if a language has a succinct IOP, then it can be decided in space that is proportionate only to the witness length, after a bounded-time probabilistic preprocessing. We use this result to show that under a simple and plausible (but to the best of our knowledge, new) complexity-theoretic conjecture, there is no succinct IOP for CSAT.
AB - Interactive Oracle Proofs (IOP s) are a new type of proof-system that combines key properties of interactive proofs and PCP s: IOP s enable a verifier to be convinced of the correctness of a statement by interacting with an untrusted prover while reading just a few bits of the messages sent by the prover. IOP s have become very prominent in the design of efficient proof-systems in recent years. In this work we study succinct IOP s, which are IOP s in which the communication complexity is polynomial (or even linear) in the original witness. While there are strong impossibility results for the existence of succinct PCP s (i.e., PCP s whose length is polynomial in the witness), it is known that the rich class of NP relations that are decidable in small space have succinct IOP s. In this work we show both new applications, and limitations, for succinct IOP s: First, using one-way functions, we show how to compile IOP s into zero-knowledge proofs, while nearly preserving the proof length. This complements a recent line of work, initiated by Ben Sasson et al. (TCC, 2016B), who compile IOP s into super-succinct zero-knowledge arguments.Applying the compiler to the state-of-the-art succinct IOP s yields zero-knowledge proofs for bounded-space NP relations, with communication that is nearly equal to the original witness length. This yields the shortest known zero-knowledge proofs from the minimal assumption of one-way functions.Second, we give a barrier for obtaining succinct IOP s for more general NP relations. In particular, we show that if a language has a succinct IOP, then it can be decided in space that is proportionate only to the witness length, after a bounded-time probabilistic preprocessing. We use this result to show that under a simple and plausible (but to the best of our knowledge, new) complexity-theoretic conjecture, there is no succinct IOP for CSAT.
UR - http://www.scopus.com/inward/record.url?scp=85141688592&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/978-3-031-15802-5_18
DO - https://doi.org/10.1007/978-3-031-15802-5_18
M3 - منشور من مؤتمر
SN - 9783031158018
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 504
EP - 532
BT - Advances in Cryptology – CRYPTO 2022 - 42nd Annual International Cryptology Conference, CRYPTO 2022, Proceedings
A2 - Dodis, Yevgeniy
A2 - Shrimpton, Thomas
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 15 August 2022 through 18 August 2022
ER -