Algebraic methods in the theory of lower bounds for Boolean circuit complexity
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Arthur-Merlin games: a randomized proof system, and a hierarchy of complexity class
Journal of Computer and System Sciences - 17th Annual ACM Symposium in the Theory of Computing, May 6-8, 1985
Multi-prover interactive proofs: how to remove intractability assumptions
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
Journal of the ACM (JACM)
A note on efficient zero-knowledge proofs and arguments (extended abstract)
STOC '92 Proceedings of the twenty-fourth annual ACM symposium on Theory of computing
Two-prover one-round proof systems: their power and their problems (extended abstract)
STOC '92 Proceedings of the twenty-fourth annual ACM symposium on Theory of computing
Algebraic methods for interactive proof systems
Journal of the ACM (JACM)
Journal of the ACM (JACM)
Interactive proofs and the hardness of approximating cliques
Journal of the ACM (JACM)
STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
Probabilistic checking of proofs: a new characterization of NP
Journal of the ACM (JACM)
Proof verification and the hardness of approximation problems
Journal of the ACM (JACM)
PCP characterizations of NP: towards a polynomially-small error-probability
STOC '99 Proceedings of the thirty-first annual ACM symposium on Theory of computing
Quantum Information and the PCP Theorem
FOCS '05 Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science
Sub-constant error low degree test of almost-linear size
Proceedings of the thirty-eighth annual ACM symposium on Theory of computing
On the Compressibility of NP Instances and Cryptographic Applications
FOCS '06 Proceedings of the 47th Annual IEEE Symposium on Foundations of Computer Science
Succinct Non-Interactive Zero-Knowledge Proofs with Preprocessing for LOGSNP
FOCS '06 Proceedings of the 47th Annual IEEE Symposium on Foundations of Computer Science
Zero-knowledge from secure multiparty computation
Proceedings of the thirty-ninth annual ACM symposium on Theory of computing
Delegating computation: interactive proofs for muggles
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Infeasibility of instance compression and succinct PCPs for NP
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
SFCS '94 Proceedings of the 35th Annual Symposium on Foundations of Computer Science
Interactive locking, zero-knowledge PCPs, and unconditional cryptography
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Efficient zero-knowledge arguments from two-tiered homomorphic commitments
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
On efficient zero-knowledge PCPs
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Competing provers protocols for circuit evaluation
Proceedings of the 4th conference on Innovations in Theoretical Computer Science
Succinct non-interactive arguments via linear interactive proofs
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Hi-index | 0.01 |
A central line of research in the area of PCPs is devoted to constructing short PCPs. In this paper, we show that if we allow an additional interactive verification phase, with very low communication complexity, then for some NP languages, one can construct PCPs that are significantly shorter than the known PCPs (without the additional interactive phase) for these languages. We give many cryptographical applications and motivations for our results and for the study of the new model in general.More specifically, we study a new model of proofs: interactive-PCP. Roughly speaking, an interactive-PCP (say, for the membership x茂戮驴 L) is a proof-string that can be verified by reading only one of its bits, with the help of an interactive-proof with very small communication complexity. We show that for membership in some NP languages L, there are interactive-PCPs that are significantly shorter than the known (non-interactive) PCPs for these languages.Our main result is that for any constant depth Boolean formula 茂戮驴(z1,...,zk) of size n(over the gates 茂戮驴 , 茂戮驴 , 茂戮驴 , ¬), a prover, Alice, can publish a proof-string for the satisfiability of 茂戮驴, where the size of the proof-string is poly(k). Later on, any user who wishes to verify the published proof-string needs to interact with Alice via a short interactive protocol of communication complexity poly(logn), while accessing the proof-string at a single location.Note that the size of the published proof-string is poly(k), rather than poly(n), i.e., the size is polynomial in the size of the witness, rather than polynomial in the size of the instance. This compares to the known (non-interactive) PCPs that are of size polynomial in the size of the instance. By reductions, this result extends to many other central NP languages (e.g., SAT, k-clique, Vertex-Cover, etc.).More generally, we show that the satisfiability of $\bigwedge_{i=1}^n[\Phi_i(z_1,\ldots,z_k) =0]$, where each 茂戮驴i(z1,...,zk) is an arithmetic formula of size n(say, over $\mathbb{GF}[2]$) that computes a polynomial of degree d, can be proved by a published proof-string of size poly(k,d). Later on, any user who wishes to verify the published proof-string needs to interact with the prover via an interactive protocol of communication complexity poly(d,logn), while accessing the proof-string at a single location.We give many applications and motivations for our results and for the study of the notion of interactive PCP in general. In particular, we have the following applications:Succinct zero knowledge proofs:We show that any interactive PCP, with certain properties, can be converted into a zero-knowledge interactive proof. We use this to construct zero-knowledge proofs of communication complexity polynomial in the size of the witness, rather than polynomial in the size of the instance, for many NP languages.Succinct probabilistically checkable arguments:In a subsequent paper, we study the new notion of probabilistically checkable argument, and show that any interactive PCP, with certain properties, translates into a probabilistically checkable argument [18]. We use this to construct probabilistically checkable arguments of size polynomial in the size of the witness, rather than polynomial in the size of the instance, for many NP languages.Commit-Reveal schemes:We show that Alice can commit to a string wof kbits, by a message of size poly(k), and later on, for any predicate 茂戮驴of size n, whose satisfiability can be proved by an efficient enough interactive PCP with certain properties, Alice can prove the statement 茂戮驴(w) = 1, by a zero-knowledge interactive proof with communication complexity poly(logn). (Surprisingly, the communication complexity may be significantly smaller than kand n).