Abstract
We construct a succinct non-interactive argument (\(\textsf{SNARG} \)) for the class of monotone policy batch \(\textsf{NP} \) languages, under the Learning with Errors (\(\textsf{LWE} \)) assumption. This class is a subclass of \(\textsf{NP} \) that is associated with a monotone function \(f:\{0,1\}^k\rightarrow \{0,1\}\) and an \(\textsf{NP} \) language \(\mathcal {L} \), and contains instances \((x_1,\ldots ,x_k)\) such that \(f(b_1,\ldots ,b_k)=1\) where \(b_j=1\) if and only if \(x_j\in \mathcal {L} \). Our \(\textsf{SNARG} \)s are arguments of knowledge in the non-adaptive setting, and satisfy a new notion of somewhere extractability against adaptive adversaries.
This is the first \(\textsf{SNARG} \) under standard hardness assumptions for a sub-class of \(\textsf{NP} \) that is not known to have a (computational) non-signaling \(\textsf{PCP} \) with parameters compatible with the standard framework for constructing \(\textsf{SNARG} \)s dating back to [Kalai-Raz-Rothblum, STOC ’13]. Indeed, our approach necessarily departs from this framework.
Our construction combines existing quasi-arguments for \(\textsf{NP} \) (based on batch arguments for \(\textsf{NP}\)) with a new type of cryptographic encoding of the instance and a new analysis going from local to global soundness. The main novel ingredient used in our encoding is a predicate-extractable hash (\(\textsf{PEHash}\)) family, which is a primitive that generalizes the notion of a somewhere extractable hash. Whereas a somewhere extractable hash allows to extract a single input coordinate, our \(\textsf{PEHash}\) extracts a global property of the input. We view this primitive to be of independent interest, and believe that it will find other applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
There are some differences in the computational assumptions required for \(\textsf{SNARG}\)s in the two settings.
- 2.
Loosely speaking, a computational non-signaling \(\textsf{PCP} \) with locality \(\ell \) consists of a distribution of answers for every set of \(\ell \) \(\textsf{PCP} \) queries \(q_1,\ldots ,q_\ell \), with the guarantee that for any two sets of queries Q and \(Q'\), each of size \(\ell \), the distributions of answers, denoted by A and \(A'\) respectively, satisfy that A restricted to \(Q\cap Q'\) is computationally indistinguishable from \(A'\) restricted to \(Q\cap Q'\).
- 3.
It is required that this local assignment is non-signaling in the sense that for any (local) set of variables I and J, the corresponding assignments \(x_I\) and \(x_J\) are computationally indistinguishable on the variables \(I\cap J\).
- 4.
For those familiar with [22], the framework builds \(\textsf{SNARG} \)s using PCPs that are sound against statistically (or even computationally) non-signaling strategies. If the PCP is sound against \(\delta \)-non-signaling strategies, the resulting \(\textsf{SNARG} \) has proof length that grows with \(\log (1/\delta )\). All prior \(\textsf{SNARG} \) constructions implicitly construct non-signaling PCPs with good enough parameters to be plugged into this transformation, while monotone policy \(\textsf{BatchNP}\) languages do not appear to have such PCPs.
- 5.
This is based on an unpublished work of Brakerski and Kalai [4] which is merged with this work.
- 6.
In fact, [22] proposed an information theoretic analog of this idea where the short hash is replaced by a few random locations in the low-degree extension of the layer.
- 7.
In what follows we use the notation \(\textsf{HT}\) to denote a hash family with local opening, where \(\textsf{HT}\) symbolizes a Hash Tree construction. We emphasize that we are not restricted to such a construction, and use this notation only to give the reader an example to have in mind.
References
Badrinarayanan, S., Kalai, Y.T., Khurana, D., Sahai, A., Wichs, D.: Succinct delegation for low-space non-deterministic computation. In: Diakonikolas, I., Kempe, D., Henzinger, M. (eds.) 50th ACM STOC, pp. 709–721. ACM Press (2018). https://doi.org/10.1145/3188745.3188924
Barak, B., et al.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_1
Brakerski, Z., Holmgren, J., Kalai, Y.T.: Non-interactive delegation and batch NP verification from standard computational assumptions. In: Hatami, H., McKenzie, P., King, V. (eds.) 49th ACM STOC, pp. 474–482. ACM Press (2017). https://doi.org/10.1145/3055399.3055497
Brakerski, Z., Kalai, Y.T.: Monotone batch np-delegation with applications to access control. IACR Cryptol. ePrint Arch. 2018, 375 (2018). https://eprint.iacr.org/archive/2018/375/20180513:062615
Canetti, R., et al.: Fiat-Shamir: from practice to theory. In: Charikar, M., Cohen, E. (eds.) 51st ACM STOC, pp. 1082–1090. ACM Press (2019). https://doi.org/10.1145/3313276.3316380
Choudhuri, A.R., Garg, S., Jain, A., Jin, Z., Zhang, J.: Correlation intractability and SNARGs from sub-exponential DDH. Cryptology ePrint Archive (2022)
Choudhuri, A.R., Jain, A., Jin, Z.: SNARGs for \(\cal{P}\) from LWE. In: 62nd IEEE Annual Symposium on Foundations of Computer Science, FOCS 2021, Denver, CO, USA, 7–10 February 2022, pp. 68–79. IEEE (2021). https://doi.org/10.1109/FOCS52979.2021.00016
Choudhuri, A.R., Jain, A., Jin, Z.: Non-interactive batch arguments for np from standard assumptions. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12828, pp. 394–423. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84259-8_14
Devadas, L., Goyal, R., Kalai, Y., Vaikuntanathan, V.: Rate-1 non-interactive arguments for batch-NP and applications. In: Proceedings of FOCS 2022 (2022)
Dwork, C., Langberg, M., Naor, M., Nissim, K., Reingold, O.: Succinct proofs for np and spooky interactions. Unpublished manuscript. http://www.cs.bgu.ac.il/~kobbi/papers/spooky_sub_crypto.pdf (2004)
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: 54th FOCS, pp. 40–49. IEEE Computer Society Press (2013). https://doi.org/10.1109/FOCS.2013.13
Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) 45th ACM STOC, pp. 467–476. ACM Press (2013). https://doi.org/10.1145/2488608.2488667
Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Fortnow, L., Vadhan, S.P. (eds.) 43rd ACM STOC, pp. 99–108. ACM Press (2011). https://doi.org/10.1145/1993636.1993651
Hubacek, P., Wichs, D.: On the communication complexity of secure function evaluation with long output. In: Roughgarden, T. (ed.) ITCS 2015, pp. 163–172. ACM (2015). https://doi.org/10.1145/2688073.2688105
Jain, A., Jin, Z.: Indistinguishability obfuscation via mathematical proofs of equivalence. In: 63rd IEEE Annual Symposium on Foundations of Computer Science, FOCS 2022, Denver, CO, USA, October 31 - November 3 2022, pp. 1023–1034 (2022)
Jawale, R., Kalai, Y.T., Khurana, D., Zhang, R.Y.: SNARGs for bounded depth computations and PPAD hardness from sub-exponential LWE. In: Khuller, S., Williams, V.V. (eds.) STOC 2021: 53rd Annual ACM SIGACT Symposium on Theory of Computing, Virtual Event, Italy, 21–25 June 2021, pp. 708–721. ACM (2021). https://doi.org/10.1145/3406325.3451055
Kalai, Y.T., Lombardi, A., Vaikuntanathan, V., Wichs, D.: Boosting batch arguments and RAM delegation. Cryptology ePrint Archive, Report 2022/1320 (2022). https://eprint.iacr.org/2022/1320
Kalai, Y., Paneth, O.: Delegating RAM computations. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 91–118. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_4
Kalai, Y.T., Paneth, O., Yang, L.: How to delegate computations publicly. In: Charikar, M., Cohen, E. (eds.) 51st ACM STOC, pp. 1115–1124. ACM Press (2019). https://doi.org/10.1145/3313276.3316411
Kalai, Y.T., Raz, R.: Probabilistically checkable arguments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 143–159. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_9
Kalai, Y.T., Raz, R., Rothblum, R.D.: Delegation for bounded space. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) 45th ACM STOC, pp. 565–574. ACM Press (2013). https://doi.org/10.1145/2488608.2488679
Kalai, Y.T., Raz, R., Rothblum, R.D.: How to delegate computations: the power of no-signaling proofs. In: Shmoys, D.B. (ed.) 46th ACM STOC, pp. 485–494. ACM Press (2014). https://doi.org/10.1145/2591796.2591809
Kalai, Y.T., Vaikuntanathan, V., Zhang, R.Y.: Somewhere statistical soundness, post-quantum security, and SNARGs. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13042, pp. 330–368. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90459-3_12
Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: 24th ACM STOC, pp. 723–732. ACM Press (1992). https://doi.org/10.1145/129712.129782
Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_32
Micali, S.: CS proofs (extended abstracts). In: 35th FOCS, pp. 436–453. IEEE Computer Society Press (1994). https://doi.org/10.1109/SFCS.1994.365746
Okamoto, T., Pietrzak, K., Waters, B., Wichs, D.: New realizations of somewhere statistically binding hashing and positional accumulators. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 121–145. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_6
Paneth, O., Pass, R.: Incrementally verifiable computation via rate-1 batch arguments. In: Proceedings of FOCS 2022 (2022)
Paneth, O., Rothblum, G.N.: On zero-testable homomorphic encryption and publicly verifiable non-interactive arguments. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 283–315. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_9
Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Shmoys, D.B. (ed.) 46th ACM STOC, pp. 475–484. ACM Press (2014). https://doi.org/10.1145/2591796.2591825
Waters, B., Wu, D.J.: Batch arguments for NP and more from standard bilinear group assumptions. In: Dodis, Y., Shrimpton, T. (eds.) Advances in Cryptology – CRYPTO 2022. CRYPTO 2022. Lecture Notes in Computer Science, vol. 13508, pp. 433–463. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15979-4_15
Acknowledgements
Zvika Brakerski is supported by the Israel Science Foundation (Grant No. 3426/21), and by the European Union Horizon 2020 Research and Innovation Program via ERC Project REACT (Grant 756482).
Maya Farber Brodsky is supported by an ISF grant 1789/19.
Yael Tauman Kalai is supported by DARPA under Agreement No. HR00112020023. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Government or DARPA.
Alex Lombardi was supported in part by a Simons-Berkeley postdoctoral fellowship, and in part by DARPA under Agreement No. HR00112020023.
Omer Paneth is a member of the Checkpoint Institute of Information Security and is supported by an Azrieli Faculty Fellowship, and ISF grant 1789/19.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Brakerski, Z., Brodsky, M.F., Kalai, Y.T., Lombardi, A., Paneth, O. (2023). SNARGs for Monotone Policy Batch NP. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14082. Springer, Cham. https://doi.org/10.1007/978-3-031-38545-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-38545-2_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-38544-5
Online ISBN: 978-3-031-38545-2
eBook Packages: Computer ScienceComputer Science (R0)