Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Paper 2016/324

Interactive Oracle Proofs with Constant Rate and Query Complexity

Eli Ben-Sasson, Alessandro Chiesa, Ariel Gabizon, Michael Riabzev, and Nicholas Spooner

Abstract

We study *interactive oracle proofs* (IOPs) [BCS16,RRR16], which combine aspects of probabilistically checkable proofs (PCPs) and interactive proofs (IPs). We present IOP constructions and techniques that enable us to obtain tradeoffs in proof length versus query complexity that are not known to be achievable via PCPs or IPs alone. Our main results are: 1. Circuit satisfiability has 3-round IOPs with linear proof length (counted in bits) and constant query complexity. 2. Reed--Solomon codes have 2-round IOPs of proximity with linear proof length and constant query complexity. 3. Tensor product codes have 1-round IOPs of proximity with sublinear proof length and constant query complexity. For all the above, known PCP constructions give *quasilinear* proof length and constant query complexity [BS08,Din07]. Also, for circuit satisfiability, [BKKMS13] obtain PCPs with linear proof length but *sublinear* (and super-constant) query complexity. As in [BKKMS13], we rely on algebraic-geometry codes to obtain our first result; but, unlike that work, our use of such codes is much "lighter" because we do not rely on any automorphisms of the code. We obtain our results by proving and combining "IOP-analogues" of tools underlying numerous IPs and PCPs: > Interactive proof composition. Proof composition [AS98] is used to reduce the query complexity of PCP verifiers, at the cost of increasing proof length by an additive factor that is exponential in the verifier's randomness complexity. We prove a composition theorem for IOPs where this additive factor is linear. > Sublinear sumcheck. The sumcheck protocol [LFKN92] is an IP that enables the verifier to check the sum of values of a low-degree multi-variate polynomial on an exponentially-large hypercube, but the verifier's running time depends linearly on the bound on individual degrees. We prove a sumcheck protocol for IOPs where this dependence is sublinear (e.g., polylogarithmic). Our work demonstrates that even constant-round IOPs are more efficient than known PCPs and IPs.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Published elsewhere. Major revision. ICALP 2017
Keywords
probabilistically checkable proofsinteractive proofsproof compositionsumcheck
Contact author(s)
alexch @ berkeley edu
History
2017-09-21: last of 5 revisions
2016-03-23: received
See all versions
Short URL
https://ia.cr/2016/324
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/324,
      author = {Eli Ben-Sasson and Alessandro Chiesa and Ariel Gabizon and Michael Riabzev and Nicholas Spooner},
      title = {Interactive Oracle Proofs with Constant Rate and Query Complexity},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/324},
      year = {2016},
      url = {https://eprint.iacr.org/2016/324}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.