Interactive PCP
نویسندگان
چکیده
An interactive-PCP (say, for the membership x ∈ L) is a proof that can be verified by reading only one of its bits, with the help of a very short interactive-proof. We show that for membership in some languages L, there are interactive-PCPs that are significantly shorter than the known (non-interactive) PCPs for these languages. Our main result is that the satisfiability of a constant depth Boolean formula Φ(z1, . . . , zk) of size n (over the gates ∧,∨,⊕,¬) can be proved by an interactive-PCP of size poly(k), followed by a short interactive proof of communication complexity polylog(n). That is, we obtain interactivePCPs of size polynomial in the size of the witness. This compares to the known (non-interactive) PCPs that are of size polynomial in the size of the instance. By reductions, this result extends to many other central NP languages (e.g., SAT, k-clique, Vertex-Cover, etc.). More generally, we show that the satisfiability of ∧n i=1[Φi(z1, . . . , zk) = 0], where each Φi(z1, . . . , zk) is an arithmetic formula of size n (say, over GF[2]) that computes a polynomial of degree d, can be proved by an interactive-PCP of size poly(k, d), followed by a short interactive proof of communication complexity poly(d, log n). We give many cryptographic applications and motivations for our results. In particular, we show the following: 1. The satisfiability of a constant depth formula Φ(z1, . . . , zk) of size n (as above) has an interactive zero-knowledge proof of communication complexity poly(k) (rather than poly(n)). As before, this result extends to many other central NP languages. This zero-knowledge proof has some additional desired properties that will be elaborated on in the body of the paper. 2. Alice can commit to a Boolean formula Λ of size m, by a message of size poly(m), and later on prove to Bob any N statements of the form Λ(x1) = z1, . . . ,Λ(xN ) = zN by a zero-knowledge proof of communication complexity poly(m, logN). Moreover, if Λ is a constant depth Boolean formula then the zero-knowledge proof has communication complexity poly(logm, logN). We further motivate this application in the body of the paper.
منابع مشابه
Interactive Locking, Zero-Knowledge PCPs, and Unconditional Cryptography
Motivated by the question of basing cryptographic protocols on stateless tamper-proof hardware tokens, we revisit the question of unconditional two-prover zero-knowledge proofs for NP. We show that such protocols exist in the interactive PCP model of Kalai and Raz (ICALP ’08), where one of the provers is replaced by a PCP oracle. This strengthens the feasibility result of Ben-Or, Goldwasser, Ki...
متن کاملQuasi-Linear Size Zero Knowledge from Linear-Algebraic PCPs
The seminal result that every language having an interactive proof also has a zero-knowledge interactive proof assumes the existence of one-way functions. Ostrovsky and Wigderson (ISTCS 1993) proved that this assumption is necessary: if one-way functions do not exist, then only languages in BPP have zero-knowledge interactive proofs. Ben-Or et al. (STOC 1988) proved that, nevertheless, every la...
متن کاملCourse ”Proofs and Computers“, JASS’06 Probabilistically Checkable Proofs
Before introducing probabilistically checkable proofs, I shortly give an overview of the historical development in the field of inapproximability results which are closely related to PCPs. A foundational paper from Johnson in 1974 states approximation algorithms and inapproximability results for Max SAT, Set Cover, Independent Set, and Coloring. While the decision problems for various problems,...
متن کاملبررسی کارایی بیومس قارچ آسپرژیلوس نیجر در جذب پنتاکلروفنل (PCP) از محلول های آبی
Background and Objectives: Pentachlorophenol (PCP) is an organic compound and phenolic derivatives categorized as priority pollutants that have harmful effects on humans, animals, and plants in low concentrations. Therefore, PCP removal from water and wastewater is very important. The aim of this study was to assess the efficiency of A. niger fungus biomass in PCP absorption. Materials and Meth...
متن کاملProver Verifier
In the 1980’s two notions interactive computation were developed. One, due to Babai, originated in generalizations of NP to allow more powerful verifiers that include probabilistic verification. The other, due to Goldwasser, Micali, and Rackoff, originated in cryptography and was a means to the end of defining zero-knowledge proofs, protocols that allow a party in a cryptographic protocol to co...
متن کامل