A note on efficient zero-knowledge proofs and arguments (extended abstract)
STOC '92 Proceedings of the twenty-fourth annual ACM symposium on Theory of computing
On threshold circuits and polynomial computation
SIAM Journal on Computing
SIAM Journal on Computing
On interactive proofs with a laconic prover
Computational Complexity
Number-theoretic constructions of efficient pseudo-random functions
Journal of the ACM (JACM)
Delegating computation: interactive proofs for muggles
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Probabilistically Checkable Arguments
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Computationally private information retrieval with polylogarithmic communication
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
From secrecy to soundness: efficient verification via secure computation
ICALP'10 Proceedings of the 37th international colloquium conference on Automata, languages and programming
Non-interactive verifiable computing: outsourcing computation to untrusted workers
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Improved delegation of computation using fully homomorphic encryption
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Separating succinct non-interactive arguments from all falsifiable assumptions
Proceedings of the forty-third annual ACM symposium on Theory of computing
Practical verified computation with streaming interactive proofs
Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
STOC '12 Proceedings of the forty-fourth annual ACM symposium on Theory of computing
Secure two-party computation with low communication
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
How to delegate and verify in public: verifiable computation from attribute-based encryption
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Competing provers protocols for circuit evaluation
Proceedings of the 4th conference on Innovations in Theoretical Computer Science
Succinct non-interactive arguments via linear interactive proofs
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Super-efficient rational proofs
Proceedings of the fourteenth ACM conference on Electronic commerce
Proceedings of the forty-fifth annual ACM symposium on Theory of computing
Interactive proofs of proximity: delegating computation in sublinear time
Proceedings of the forty-fifth annual ACM symposium on Theory of computing
| Hi-index | 0.00 |
Rational proofs, recently introduced by Azar and Micali (STOC 2012), are a variant of interactive proofs in which the prover is neither honest nor malicious, but rather rational. The advantage of rational proofs over their classical counterparts is that they allow for extremely low communication and verification time. Azar and Micali demonstrated their potential by giving a one message rational proof for #SAT, in which the verifier runs in time O(n), where $n$ denotes the instance size. In a follow-up work (EC 2013), Azar and Micali proposed "super-efficient" and interactive versions of rational proofs and argued that they capture precisely the class TC0 of constant-depth, polynomial-size circuits with threshold gates. In this paper, we show that by considering rational arguments, in which the prover is additionally restricted to be computationally bounded, the class NC1, of search problems computable by log-space uniform circuits of O(log n)-depth, admits rational protocols that are simultaneously one-round and polylog(n) time verifiable. This demonstrates the potential of rational arguments as a way to extend the notion of "super-efficient" rational proofs beyond the class TC0. The low interaction nature of our protocols, along with their sub-linear verification time, make them well suited for delegation of computation. While they provide a weaker (yet arguably meaningful) guarantee of soundness, they compare favorably with each of the known delegation schemes in at least one aspect. They are simple, rely on standard complexity hardness assumptions, provide a correctness guarantee for all instances, and do not require preprocessing.