Siyao Guo, Pavel Hubácek, Alon Rosen, Margarita Vald
Rational proofs, recently introduced by Azar and Micali (STOC 2012), are a variant of interactive proofs in which the prover is neither honest nor malicious, but rather rational. The advantage of rational proofs over their classical counterparts is that they allow for extremely low communication and verification time. Azar and Micali demonstrated their potential by giving a one message rational proof for #SAT, in which the verifier runs in time O(n), where $n$ denotes the instance size. In a follow-up work (EC 2013), Azar and Micali proposed "super-efficient" and interactive versions of rational proofs and argued that they capture precisely the class TC0 of constant-depth, polynomial-size circuits with threshold gates. In this paper, we show that by considering rational arguments, in which the prover is additionally restricted to be computationally bounded, the class NC1, of search problems computable by log-space uniform circuits of O(log n)-depth, admits rational protocols that are simultaneously one-round and polylog(n) time verifiable. This demonstrates the potential of rational arguments as a way to extend the notion of "super-efficient" rational proofs beyond the class TC0. The low interaction nature of our protocols, along with their sub-linear verification time, make them well suited for delegation of computation. While they provide a weaker (yet arguably meaningful) guarantee of soundness, they compare favorably with each of the known delegation schemes in at least one aspect. They are simple, rely on standard complexity hardness assumptions, provide a correctness guarantee for all instances, and do not require preprocessing.
{"title":"Rational arguments: single round delegation with sublinear verification","authors":"Siyao Guo, Pavel Hubácek, Alon Rosen, Margarita Vald","doi":"10.1145/2554797.2554845","DOIUrl":"https://doi.org/10.1145/2554797.2554845","url":null,"abstract":"Rational proofs, recently introduced by Azar and Micali (STOC 2012), are a variant of interactive proofs in which the prover is neither honest nor malicious, but rather rational. The advantage of rational proofs over their classical counterparts is that they allow for extremely low communication and verification time. Azar and Micali demonstrated their potential by giving a one message rational proof for #SAT, in which the verifier runs in time O(n), where $n$ denotes the instance size. In a follow-up work (EC 2013), Azar and Micali proposed \"super-efficient\" and interactive versions of rational proofs and argued that they capture precisely the class TC0 of constant-depth, polynomial-size circuits with threshold gates. In this paper, we show that by considering rational arguments, in which the prover is additionally restricted to be computationally bounded, the class NC1, of search problems computable by log-space uniform circuits of O(log n)-depth, admits rational protocols that are simultaneously one-round and polylog(n) time verifiable. This demonstrates the potential of rational arguments as a way to extend the notion of \"super-efficient\" rational proofs beyond the class TC0. The low interaction nature of our protocols, along with their sub-linear verification time, make them well suited for delegation of computation. While they provide a weaker (yet arguably meaningful) guarantee of soundness, they compare favorably with each of the known delegation schemes in at least one aspect. They are simple, rely on standard complexity hardness assumptions, provide a correctness guarantee for all instances, and do not require preprocessing.","PeriodicalId":382856,"journal":{"name":"Proceedings of the 5th conference on Innovations in theoretical computer science","volume":"282 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115119492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 11: 14:00--14:10","authors":"Shubhangi Saraf","doi":"10.1145/3255063","DOIUrl":"https://doi.org/10.1145/3255063","url":null,"abstract":"","PeriodicalId":382856,"journal":{"name":"Proceedings of the 5th conference on Innovations in theoretical computer science","volume":"98 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123139342","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We show how to securely obfuscate a new class of functions: conjunctions of NC0d circuits. These are functions of the form C(→/x) = ∧mi=1 C1(→/x), where each C1 is a boolean NC0d circuits circuit, whose output bit is only a function of d = O(1) bits of the input →/x. For example, d-CNFs, where each clause is a disjunction of at most d variables, are in this class. Given such a function, we produce an obfuscated program that preserves the input-output functionality of the given function, but reveals nothing else. Our construction is based on multilinear maps, and can be instantiated using the recent candidates proposed by Garg, Gentry and Halevi (EUROCRYPT 2013) and by Coron, Lepoint and Tibouchi (CRYPTO 2013). We prove that the construction is a secure obfuscation in a generic multilinear group model, under the black-box definition of Barak et al. (CRYPTO 2001). Security is based on a new worst-case hardness assumption about exponential hardness of the NP-complete problem 3-SAT, the Bounded Speedup Hypothesis. One of the new techniques we introduce is a method for enforcing input consistency, which we call randomizing sub-assignments. We hope that this technique can find further application in constructing secure obfuscators. The family of functions we obfuscate is considerably richer than previous works that consider black-box obfuscation. As one application, we show how to achieve obfuscated functional point testing: namely, to construct a circuit that checks whether ƒ(→/x) = →/y, where ƒ is an arbitrary "public" polynomial-time computable function, but →/y is a "secret" point that is hidden in the obfuscation.
{"title":"Black-box obfuscation for d-CNFs","authors":"Zvika Brakerski, G. Rothblum","doi":"10.1145/2554797.2554820","DOIUrl":"https://doi.org/10.1145/2554797.2554820","url":null,"abstract":"We show how to securely obfuscate a new class of functions: conjunctions of NC0d circuits. These are functions of the form C(→/x) = ∧mi=1 C1(→/x), where each C1 is a boolean NC0d circuits circuit, whose output bit is only a function of d = O(1) bits of the input →/x. For example, d-CNFs, where each clause is a disjunction of at most d variables, are in this class. Given such a function, we produce an obfuscated program that preserves the input-output functionality of the given function, but reveals nothing else. Our construction is based on multilinear maps, and can be instantiated using the recent candidates proposed by Garg, Gentry and Halevi (EUROCRYPT 2013) and by Coron, Lepoint and Tibouchi (CRYPTO 2013). We prove that the construction is a secure obfuscation in a generic multilinear group model, under the black-box definition of Barak et al. (CRYPTO 2001). Security is based on a new worst-case hardness assumption about exponential hardness of the NP-complete problem 3-SAT, the Bounded Speedup Hypothesis. One of the new techniques we introduce is a method for enforcing input consistency, which we call randomizing sub-assignments. We hope that this technique can find further application in constructing secure obfuscators. The family of functions we obfuscate is considerably richer than previous works that consider black-box obfuscation. As one application, we show how to achieve obfuscated functional point testing: namely, to construct a circuit that checks whether ƒ(→/x) = →/y, where ƒ is an arbitrary \"public\" polynomial-time computable function, but →/y is a \"secret\" point that is hidden in the obfuscation.","PeriodicalId":382856,"journal":{"name":"Proceedings of the 5th conference on Innovations in theoretical computer science","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124577510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 12: 16:00--16:10","authors":"K. Etessami","doi":"10.1145/3255064","DOIUrl":"https://doi.org/10.1145/3255064","url":null,"abstract":"","PeriodicalId":382856,"journal":{"name":"Proceedings of the 5th conference on Innovations in theoretical computer science","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122500794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Given ƒ : {--1, 1}n → {-- 1, 1}, define the spectral distribution of ƒ to be the distribution on subsets of [n] in which the set S is sampled with probability ƒ(S)2. Then the Fourier Entropy-Influence (FEI) conjecture of Friedgut and Kalai [2] states that there is some absolute constant C such that H[ƒ2] ≤ C ⋅ Inf[ƒ]. Here, H[ƒ2] denotes the Shannon entropy of ƒ's spectral distribution, and Inf[ƒ] is the total influence of ƒ. This conjecture is one of the major open problems in the analysis of Boolean functions, and settling it would have several interesting consequences. Previous results on the FEI conjecture have been largely through direct calculation. In this paper we study a natural interpretation of the conjecture, which states that there exists a communication protocol which, given subset S of [n] distributed as ƒ2, can communicate the value of S using at most C⋅Inf[ƒ] bits in expectation. Using this interpretation, we are able show the following results: First, if ƒ is computable by a read-k decision tree, then H[ƒ2] ≤ 9k ⋅ Inf[ƒ]. Next, if ƒ has Inf[ƒ] ≥ 1 and is computable by a decision tree with expected depth d, then H[[ƒ2] ≤ 12d⋅ Inf[ƒ]. Finally, we give a new proof of the main theorem of O'Donnell and Tan [8], i.e. that their FEI+ conjecture composes. In addition, we show that natural improvements to our decision tree results would be sufficient to prove the FEI conjecture in its entirety. We believe that our methods give more illuminating proofs than previous results about the FEI conjecture.
{"title":"Decision trees, protocols and the entropy-influence conjecture","authors":"Andrew Wan, John Wright, Chenggang Wu","doi":"10.1145/2554797.2554806","DOIUrl":"https://doi.org/10.1145/2554797.2554806","url":null,"abstract":"Given ƒ : {--1, 1}n → {-- 1, 1}, define the spectral distribution of ƒ to be the distribution on subsets of [n] in which the set S is sampled with probability ƒ(S)2. Then the Fourier Entropy-Influence (FEI) conjecture of Friedgut and Kalai [2] states that there is some absolute constant C such that H[ƒ2] ≤ C ⋅ Inf[ƒ]. Here, H[ƒ2] denotes the Shannon entropy of ƒ's spectral distribution, and Inf[ƒ] is the total influence of ƒ. This conjecture is one of the major open problems in the analysis of Boolean functions, and settling it would have several interesting consequences. Previous results on the FEI conjecture have been largely through direct calculation. In this paper we study a natural interpretation of the conjecture, which states that there exists a communication protocol which, given subset S of [n] distributed as ƒ2, can communicate the value of S using at most C⋅Inf[ƒ] bits in expectation. Using this interpretation, we are able show the following results: First, if ƒ is computable by a read-k decision tree, then H[ƒ2] ≤ 9k ⋅ Inf[ƒ]. Next, if ƒ has Inf[ƒ] ≥ 1 and is computable by a decision tree with expected depth d, then H[[ƒ2] ≤ 12d⋅ Inf[ƒ]. Finally, we give a new proof of the main theorem of O'Donnell and Tan [8], i.e. that their FEI+ conjecture composes. In addition, we show that natural improvements to our decision tree results would be sufficient to prove the FEI conjecture in its entirety. We believe that our methods give more illuminating proofs than previous results about the FEI conjecture.","PeriodicalId":382856,"journal":{"name":"Proceedings of the 5th conference on Innovations in theoretical computer science","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130683845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We study a multi-round optimization setting in which in each round a player may select one of several actions, and each action produces an outcome vector, not observable to the player until the round ends. The final payoff for the player is computed by applying some known function f to the sum of all outcome vectors (e.g., the minimum of all coordinates of the sum). We show that standard notions of performance measure (such as comparison to the best single action) used in related expert and bandit settings (in which the payoff in each round is scalar) are not useful in our vector setting. Instead, we propose a different performance measure, and design algorithms that have vanishing regret with respect to our new measure.
{"title":"Sequential decision making with vector outcomes","authors":"Y. Azar, U. Feige, M. Feldman, Moshe Tennenholtz","doi":"10.1145/2554797.2554817","DOIUrl":"https://doi.org/10.1145/2554797.2554817","url":null,"abstract":"We study a multi-round optimization setting in which in each round a player may select one of several actions, and each action produces an outcome vector, not observable to the player until the round ends. The final payoff for the player is computed by applying some known function f to the sum of all outcome vectors (e.g., the minimum of all coordinates of the sum). We show that standard notions of performance measure (such as comparison to the best single action) used in related expert and bandit settings (in which the payoff in each round is scalar) are not useful in our vector setting. Instead, we propose a different performance measure, and design algorithms that have vanishing regret with respect to our new measure.","PeriodicalId":382856,"journal":{"name":"Proceedings of the 5th conference on Innovations in theoretical computer science","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132119198","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We consider approximation schemes for the maximum constraint satisfaction problems and the maximum assignment problems. Though they are NP-Hard in general, if the instance is "dense" or "locally dense", then they are known to have approximation schemes that run in polynomial time or quasi-polynomial time. In this paper, we give a unified method of showing these approximation schemes based on the Sherali-Adams linear programming relaxation hierarchy. We also use our linear programming-based framework to show new algorithmic results on the optimization version of the hypergraph isomorphism problem.
{"title":"Approximation schemes via Sherali-Adams hierarchy for dense constraint satisfaction problems and assignment problems","authors":"Yuichi Yoshida, Yuan Zhou","doi":"10.1145/2554797.2554836","DOIUrl":"https://doi.org/10.1145/2554797.2554836","url":null,"abstract":"We consider approximation schemes for the maximum constraint satisfaction problems and the maximum assignment problems. Though they are NP-Hard in general, if the instance is \"dense\" or \"locally dense\", then they are known to have approximation schemes that run in polynomial time or quasi-polynomial time. In this paper, we give a unified method of showing these approximation schemes based on the Sherali-Adams linear programming relaxation hierarchy. We also use our linear programming-based framework to show new algorithmic results on the optimization version of the hypergraph isomorphism problem.","PeriodicalId":382856,"journal":{"name":"Proceedings of the 5th conference on Innovations in theoretical computer science","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127995689","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Adi Akavia, Andrej Bogdanov, Siyao Guo, Akshay Kamath, Alon Rosen
Pseudorandom functions (PRFs) play a fundamental role in symmetric-key cryptography. However, they are inherently complex and cannot be implemented in the class AC0 (MOD2). Weak pseudorandom functions (weak PRFs) do not suffer from this complexity limitation, yet they suffice for many cryptographic applications. We study the minimal complexity requirements for constructing weak PRFs. To this end We conjecture that the function family FA(x) = g(Ax), where A is a random square GF(2) matrix and g is a carefully chosen function of constant depth, is a weak PRF. In support of our conjecture, we show that functions in this family are inapproximable by GF(2) polynomials of low degree and do not correlate with any fixed Boolean function family of subexponential size. We study the class AC0 ○ MOD2 that captures the complexity of our construction. We conjecture that all functions in this class have a Fourier coefficient of magnitude exp(- poly log n) and prove this conjecture in the case when the MOD2 function is typical. We investigate the relation between the hardness of learning noisy parities and the existence of weak PRFs in AC0 ○ MOD2. We argue that such a complexity-driven approach can play a role in bridging the gap between the theory and practice of cryptography.
{"title":"Candidate weak pseudorandom functions in AC0 ○ MOD2","authors":"Adi Akavia, Andrej Bogdanov, Siyao Guo, Akshay Kamath, Alon Rosen","doi":"10.1145/2554797.2554821","DOIUrl":"https://doi.org/10.1145/2554797.2554821","url":null,"abstract":"Pseudorandom functions (PRFs) play a fundamental role in symmetric-key cryptography. However, they are inherently complex and cannot be implemented in the class AC0 (MOD2). Weak pseudorandom functions (weak PRFs) do not suffer from this complexity limitation, yet they suffice for many cryptographic applications. We study the minimal complexity requirements for constructing weak PRFs. To this end We conjecture that the function family FA(x) = g(Ax), where A is a random square GF(2) matrix and g is a carefully chosen function of constant depth, is a weak PRF. In support of our conjecture, we show that functions in this family are inapproximable by GF(2) polynomials of low degree and do not correlate with any fixed Boolean function family of subexponential size. We study the class AC0 ○ MOD2 that captures the complexity of our construction. We conjecture that all functions in this class have a Fourier coefficient of magnitude exp(- poly log n) and prove this conjecture in the case when the MOD2 function is typical. We investigate the relation between the hardness of learning noisy parities and the existence of weak PRFs in AC0 ○ MOD2. We argue that such a complexity-driven approach can play a role in bridging the gap between the theory and practice of cryptography.","PeriodicalId":382856,"journal":{"name":"Proceedings of the 5th conference on Innovations in theoretical computer science","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127328985","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Given an arbitrary 2-player game G that we refer to as the basic game, we propose a notion of a multiplayer invitation game that proceeds for a fixed number of rounds, where in each round some player (whose identity is determined by a scheduler) gets to invite a player of his choice to play a match of the basic game. The question that we study is how does the price of stability of the invitation game compare to that of the basic game. For a wide range of schedulers we prove a dichotomy result, showing that there are only two types of basic games, those that we call invitation resistant in which the price of stability of the invitation version is equal to that of the basic game, and those that we call asymptotically efficient in which the price of stability tends to 0 as the number of rounds grows. 1 In particular, when the basic game is the prisoners dilemma the game is asymptotically efficient if and only if the payoff when both players defect is nonzero.
{"title":"Invitation games and the price of stability","authors":"U. Feige, Moshe Tennenholtz","doi":"10.1145/2554797.2554808","DOIUrl":"https://doi.org/10.1145/2554797.2554808","url":null,"abstract":"Given an arbitrary 2-player game G that we refer to as the basic game, we propose a notion of a multiplayer invitation game that proceeds for a fixed number of rounds, where in each round some player (whose identity is determined by a scheduler) gets to invite a player of his choice to play a match of the basic game. The question that we study is how does the price of stability of the invitation game compare to that of the basic game. For a wide range of schedulers we prove a dichotomy result, showing that there are only two types of basic games, those that we call invitation resistant in which the price of stability of the invitation version is equal to that of the basic game, and those that we call asymptotically efficient in which the price of stability tends to 0 as the number of rounds grows. 1 In particular, when the basic game is the prisoners dilemma the game is asymptotically efficient if and only if the payoff when both players defect is nonzero.","PeriodicalId":382856,"journal":{"name":"Proceedings of the 5th conference on Innovations in theoretical computer science","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116537308","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 5: 08:30--08:40","authors":"Costis Daskalakis","doi":"10.1145/3255057","DOIUrl":"https://doi.org/10.1145/3255057","url":null,"abstract":"","PeriodicalId":382856,"journal":{"name":"Proceedings of the 5th conference on Innovations in theoretical computer science","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131036667","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: