research-article

On the concrete efficiency of probabilistically-checkable proofs

Authors:

Eli Ben-Sasson,

Alessandro Chiesa,

Eran TromerAuthors Info & Claims

STOC '13: Proceedings of the forty-fifth annual ACM symposium on Theory of Computing

Pages 585 - 594

https://doi.org/10.1145/2488608.2488681

Published: 01 June 2013 Publication History

Abstract

Probabilistically-Checkable Proofs (PCPs) form the algorithmic core that enables fast verification of long computations in many cryptographic constructions. Yet, despite the wonderful asymptotic savings they bring, PCPs are also the infamous computational bottleneck preventing these powerful cryptographic constructions from being used in practice. To address this problem, we present several results about the computational efficiency of PCPs. We construct the first PCP where the prover and verifier time complexities are quasi-optimal (i.e., optimal up to poly-logarithmic factors). The prover and verifier are also higly-parallelizable, and these computational guarantees hold even when proving and verifying the correctness of random-access machine computations. Our construction is explicit and has the requisite properties for being used in the cryptographic applications mentioned above.

Next, to better understand the efficiency of our PCP, we propose a new efficiency measure for PCPs (and their major components, locally-testable codes and PCPs of proximity). We define a concrete-efficiency threshold that indicates the smallest problem size beyond which the PCP becomes "useful", in the sense that using it is cheaper than performing naive verification (i.e., rerunning the computation); our definition accounts for both the prover and verifier complexity.

We then show that our PCP has a finite concrete-efficiency threshold. That such a PCP exists does not follow from existing works on PCPs with polylogarithmic-time verifiers.

As in [Ben-Sasson and Sudan, STOC '05], PCPs of proximity for Reed-Solomon (RS) codes are the main component of our PCP. We construct a PCP of proximity that reduces the concrete-efficiency threshold for testing proximity to RS codes from 2⁶⁸³ in their work to 2⁴³, which is tantalizingly close to practicality.

References

[1]

B. Applebaum, Y. Ishai, and E. Kushilevitz. From secrecy to soundness: Efficient verification via secure computation. ICALP '10.

Digital Library

[2]

S. Arora, C. Lund, R. Motwani, M. Sudan, and M. Szegedy. Proof verification and the hardness of approximation problems. JACM, 1998.

Digital Library

[3]

S. Arora and S. Safra. Probabilistic checking of proofs: a new characterization of NP. JACM, 1998.

Digital Library

[4]

L. Babai, L. Fortnow, L. A. Levin, and M. Szegedy. Checking computations in polylogarithmic time. STOC '91.

Digital Library

[5]

B. Barak and O. Goldreich. Universal arguments and their applications. SIAM JC, 2008.

Digital Library

[6]

E. Ben-Sasson, A. Chiesa, D. Genkin, and E. Tromer. Fast reductions from RAMs to delegatable succinct constraint satisfaction problems. ITCS '13.

Digital Library

[7]

E. Ben-Sasson, O. Goldreich, P. Harsha, M. Sudan, and S. Vadhan. Robust PCPs of proximity, shorter PCPs and applications to coding. STOC '04.

Digital Library

[8]

E. Ben-Sasson, O. Goldreich, P. Harsha, M. Sudan, and S. Vadhan. Short PCPs verifiable in polylogarithmic time. CCC '05.

Digital Library

[9]

E. Ben-Sasson, P. Harsha, and S. Raskhodnikova. Some 3CNF properties are hard to test. SIAM JC, 2005.

Digital Library

[10]

E. Ben-Sasson and M. Sudan. Short PCPs with polylog query complexity. SIAM JC, 2008.

Digital Library

[11]

E. Ben-Sasson, M. Sudan, S. Vadhan, and A. Wigderson. Randomness-efficient low degree tests and short pcps via epsilon-biased sets. STOC '03.

Digital Library

[12]

E. R. Berlekamp. Algebraic Coding Theory. 1968.

[13]

N. Bitansky, R. Canetti, A. Chiesa, and E. Tromer. From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. ITCS '12, 2012.

Digital Library

[14]

N. Bitansky, R. Canetti, A. Chiesa, and E. Tromer. Recursive composition and bootstrapping for SNARKs and proof-carrying data. STOC '13, 2013.

Digital Library

[15]

N. Bitansky and A. Chiesa. Succinct arguments from multi-prover interactive proofs and their efficiency benefits. CRYPTO '12.

[16]

D. Boneh, G. Segev, and B. Waters. Targeted malleability. ITCS '12.

[17]

A. Chiesa and E. Tromer. Proof-carrying data and hearsay arguments from signature cards. ICS '10.

[18]

A. Chiesa and E. Tromer. Proof-carrying data: Secure computation on untrusted platforms. The Next Wave: The NSA's review of emerging technologies, 2012.

[19]

K.-M. Chung, Y. Kalai, and S. Vadhan. Improved delegation of computation using fully homomorphic encryption. CRYPTO '10.

Digital Library

[20]

I. Damgård, S. Faust, and C. Hazay. Secure two-party computation with low communication. TCC '12.

[21]

G. Di Crescenzo and H. Lipmaa. Succinct NP proofs from an extractability assumption. CiE '08.

Digital Library

[22]

I. Dinur. The PCP theorem by gap amplification. JACM, 2007.

Digital Library

[23]

U. Feige, S. Goldwasser, L. Lovász, S. Safra, and M. Szegedy. Interactive proofs and the hardness of approximating cliques. JACM, 1996.

Digital Library

[24]

R. Gennaro, C. Gentry, and B. Parno. Non-interactive verifiable computing: outsourcing computation to untrusted workers. CRYPTO '10.

Digital Library

[25]

O. Goldreich and M. Sudan. Locally testable codes and pcps of almost-linear length. JACM, 2006.

Digital Library

[26]

S. Goldwasser, Y. T. Kalai, and G. N. Rothblum. Delegating computation: interactive proofs for muggles. In STOC '08.

Digital Library

[27]

S. Goldwasser, H. Lin, and A. Rubinstein. Delegation of computation without rejection problem from designated verifier CS-proofs. ePrint, 2011.

[28]

P. Harsha and M. Sudan. Small PCPs with low query complexity. Comp. Compl., 2000.

[29]

W. C. Huffman and R. A. Brualdi. Handbook of Coding Theory. Elsevier Science Inc., New York, NY, USA, 1998.

Digital Library

[30]

Y. Ishai, E. Kushilevitz, and R. Ostrovsky. Efficient arguments without short PCPs. CCC '07.

Digital Library

[31]

J. Kilian. A note on efficient zero-knowledge proofs and arguments. STOC '92.

Digital Library

[32]

R. Lidl and H. Niederreiter. Finite Fields. Cambridge University Press, 2nd edition, 1997.

Digital Library

[33]

R. J. Lipton. Galactic algorithms. http://rjlipton.wordpress.com/2010/10/23/galactic-algorithms/, 2010.

[34]

T. Mateer. Fast Fourier Transform algorithms with applications. PhD thesis, Clemson University, 2008.

Digital Library

[35]

O. Meir. Combinatorial PCPs with efficient verifiers. FOCS '09.

Digital Library

[36]

O. Meir. Combinatorial pcps with short proofs. CCC '12.

Digital Library

[37]

S. Micali. Computationally sound proofs. SIAM JC, 2000.

Digital Library

[38]

T. Mie. Polylogarithmic two-round argument systems. J. Math. Crypt., 2008.

[39]

T. Mie. Short PCPPs verifiable in polylogarithmic time with o(1) queries. A. Math. and AI, 2009.

Digital Library

[40]

D. Moshkovitz and R. Raz. Two-query PCP with subconstant error. JACM, 2008.

Digital Library

[41]

A. Polishchuk and D. A. Spielman. Nearly-linear size holographic proofs. STOC '94.

Digital Library

[42]

R. Raz and S. Safra. A sub-constant error-probability low-degree test, and a sub-constant error-probability PCP characterization of NP. STOC '97.

Digital Library

[43]

S. Setty, V. Vu, N. Panpalia, B. Braun, A. J. Blumberg, and M. Walfish. Taking proof-based verified computation a few steps closer to practicality. Security '12.

Digital Library

[44]

D. Spielman. Computationally Efficient Error-Correcting Codes and Holographic Proofs. PhD thesis, MIT, Mathamatics Department, May 1995.

Digital Library

[45]

P. Valiant. Incrementally verifiable computation or proofs of knowledge imply time/space efficiency. TCC '08.

Digital Library

Cited By

Ron-Zewi NRothblum R(2024)Local Proofs Approaching the Witness LengthJournal of the ACM10.1145/366148371:3(1-42)Online publication date: 25-Apr-2024
https://dl.acm.org/doi/10.1145/3661483
Wang XYu RYang DGu HLi Z(2024)VeriEdge: Verifying and Enforcing Service Level Agreements for Pervasive Edge ComputingIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621128(2149-2158)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621128
Bitansky NHarsha PIshai YRothblum RWu D(2024)Dot-Product Proofs and Their Applications2024 IEEE 65th Annual Symposium on Foundations of Computer Science (FOCS)10.1109/FOCS61266.2024.00057(806-825)Online publication date: 27-Oct-2024
https://doi.org/10.1109/FOCS61266.2024.00057
Show More Cited By

Index Terms

On the concrete efficiency of probabilistically-checkable proofs
1. Theory of computation

Recommendations

Efficient probabilistically checkable debates
APPROX'11/RANDOM'11: Proceedings of the 14th international workshop and 15th international conference on Approximation, randomization, and combinatorial optimization: algorithms and techniques

Probabilistically checkable debate systems (PCDSs) are debates between two competing provers, in which a polynomial-time verifier inspects a constant number of bits of the debate. It was shown by Condon, Feigenbaum, Lund, and Shor that every language in ...
Fast approximate probabilistically checkable proofs

We investigate the question of when a verifier, with the aid of a proof, can reliably compute a function faster than it can without the proof. The proof system model that we use is based on a variant of the Probabilistically Checkable Proofs (PCP) model,...
Probabilistically Checkable Proofs Over the Reals

Probabilistically checkable proofs (PCPs) have turned out to be of great importance in complexity theory. On the one hand side they provide a new characterization of the complexity class NP, on the other hand they show a deep connection to approximation ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

STOC '13: Proceedings of the forty-fifth annual ACM symposium on Theory of Computing

June 2013

998 pages

ISBN:9781450320290

DOI:10.1145/2488608

General Chairs:
Dan Boneh
Stanford University, USA
,
Tim Roughgarden
Stanford University, USA
,
Program Chair:
Joan Feigenbaum
Yale University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGACT: ACM Special Interest Group on Algorithms and Computation Theory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 June 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

STOC'13

Sponsor:

SIGACT

STOC'13: Symposium on Theory of Computing

June 1 - 4, 2013

California, Palo Alto, USA

Acceptance Rates

STOC '13 Paper Acceptance Rate 100 of 360 submissions, 28%;

Overall Acceptance Rate 1,469 of 4,586 submissions, 32%

Upcoming Conference

STOC '25

Sponsor:
sigact

57th Annual ACM Symposium on Theory of Computing (STOC 2025)

June 23 - 27, 2025

Prague , Czech Republic

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

50
Total Citations
View Citations
365
Total Downloads

Downloads (Last 12 months)27
Downloads (Last 6 weeks)6

Reflects downloads up to 24 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ron-Zewi NRothblum R(2024)Local Proofs Approaching the Witness LengthJournal of the ACM10.1145/366148371:3(1-42)Online publication date: 25-Apr-2024
https://dl.acm.org/doi/10.1145/3661483
Wang XYu RYang DGu HLi Z(2024)VeriEdge: Verifying and Enforcing Service Level Agreements for Pervasive Edge ComputingIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621128(2149-2158)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621128
Bitansky NHarsha PIshai YRothblum RWu D(2024)Dot-Product Proofs and Their Applications2024 IEEE 65th Annual Symposium on Foundations of Computer Science (FOCS)10.1109/FOCS61266.2024.00057(806-825)Online publication date: 27-Oct-2024
https://doi.org/10.1109/FOCS61266.2024.00057
Tortola DLisi AMori PRicci L(2024)Tethering Layer 2 solutions to the blockchainComputer Communications10.1016/j.comcom.2024.07.017225:C(289-310)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1016/j.comcom.2024.07.017
Lipmaa HParisella RSiim J(2024)Constant-Size zk-SNARKs in ROM from Falsifiable AssumptionsAdvances in Cryptology – EUROCRYPT 202410.1007/978-3-031-58751-1_2(34-64)Online publication date: 26-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58751-1_2
Freitag CPaneth OPass R(2024)Public-Coin, Complexity-Preserving, Succinct Arguments of Knowledge for NP from Collision-ResistanceAdvances in Cryptology – EUROCRYPT 202410.1007/978-3-031-58737-5_5(112-141)Online publication date: 26-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58737-5_5
Chen LRothblum RTell RYogev E(2023)On Exponential-time Hypotheses, Derandomization, and Circuit Lower BoundsJournal of the ACM10.1145/359358170:4(1-62)Online publication date: 20-Apr-2023
https://dl.acm.org/doi/10.1145/3593581
Ames SHazay CIshai YVenkitasubramaniam M(2023)Ligero: lightweight sublinear arguments without a trusted setupDesigns, Codes and Cryptography10.1007/s10623-023-01222-891:11(3379-3424)Online publication date: 13-Jul-2023
https://doi.org/10.1007/s10623-023-01222-8
Ishai YOstrovsky RShah A(2023)Succinct Arguments for RAM Programs via Projection CodesAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38545-2_6(159-192)Online publication date: 9-Aug-2023
https://doi.org/10.1007/978-3-031-38545-2_6
Freitag CPass RSirkin N(2023)Parallelizable Delegation from LWETheory of Cryptography10.1007/978-3-031-22365-5_22(623-652)Online publication date: 1-Jan-2023
https://doi.org/10.1007/978-3-031-22365-5_22
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten