research-article

Public Access

Finding a Nash equilibrium is no easier than breaking Fiat-Shamir

Authors:

Arka Rai Choudhuri,

Pavel Hubáček,

Chethan Kamath,

Krzysztof Pietrzak,

Guy N. RothblumAuthors Info & Claims

STOC 2019: Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing

Pages 1103 - 1114

https://doi.org/10.1145/3313276.3316400

Published: 23 June 2019 Publication History

Abstract

The Fiat-Shamir heuristic transforms a public-coin interactive proof into a non-interactive argument, by replacing the verifier with a cryptographic hash function that is applied to the protocol’s transcript. Constructing hash functions for which this transformation is sound is a central and long-standing open question in cryptography.

We show that solving the END−OF−METERED−LINE problem is no easier than breaking the soundness of the Fiat-Shamir transformation when applied to the sumcheck protocol. In particular, if the transformed protocol is sound, then any hard problem in #P gives rise to a hard distribution in the class CLS, which is contained in PPAD. Our result opens up the possibility of sampling moderately-sized games for which it is hard to find a Nash equilibrium, by reducing the inversion of appropriately chosen one-way functions to #SAT.

Our main technical contribution is a stateful incrementally verifiable procedure that, given a SAT instance over n variables, counts the number of satisfying assignments. This is accomplished via an exponential sequence of small steps, each computable in time poly(n). Incremental verifiability means that each intermediate state includes a sumcheck-based proof of its correctness, and the proof can be updated and verified in time poly(n).

References

[1]

Abbot, T., Kane, D., and Valiant, P. On algorithms for Nash equilibria. Unpublished manuscript, 2004. http://web.mit.edu/tabbott/Public/final.pdf.

[2]

Angel, O., Bubeck, S., Peres, Y., and Wei, F. Local max-cut in smoothed polynomial time. In 49th Annual ACM Symposium on Theory of Computing (Montreal, QC, Canada, June 19–23, 2017), H. Hatami, P. McKenzie, and V. King, Eds., ACM Press, pp. 429–437.

Digital Library

[3]

Babichenko, Y. Query complexity of approximate Nash equilibria. J. ACM 63, 4 (2016), 36:1–36:24.

Digital Library

[4]

Bennett, C. H. Time/space trade-offs for reversible computation. SIAM J. Comput. 18, 4 (1989), 766–776.

Digital Library

[5]

Bitansky, N., Canetti, R., Chiesa, A., and Tromer, E. From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In Innovations in Theoretical Computer Science 2012, Cambridge, MA, USA, January 8-10, 2012 (2012), pp. 326–349.

Digital Library

[6]

Bitansky, N., Paneth, O., and Rosen, A. On the cryptographic hardness of finding a Nash equilibrium. In 56th Annual Symposium on Foundations of Computer Science (Berkeley, CA, USA, Oct. 17–20, 2015), V. Guruswami, Ed., IEEE Computer Society Press, pp. 1480–1498.

Digital Library

[7]

Boodaghians, S., Kulkarni, R., and Mehta, R. Nash equilibrium in smoothed polynomial time for network coordination games. CoRR abs/1809.02280 (2018).

[8]

STOC ’19, June 23–26, 2019, Phoenix, AZ, USA A.R. Choudhuri, P. Hubáček, C. Kamath, K. Pietrzak, A. Rosen, G.N. Rothblum

[9]

Buhrman, H., Fortnow, L., Koucký, M., Rogers, J. D., and Vereshchagin, N. Does the polynomial hierarchy collapse if onto functions are invertible? Theory of Computing Systems 46, 1 (Dec 2008), 143.

Digital Library

[10]

Buresh-Oppenheim, J. On the TFNP complexity of factoring. Unpublished, http://www.cs.toronto.edu/~bureshop/factor.pdf, 2006.

[11]

Canetti, R., Chen, Y., Holmgren, J., Lombardi, A., Rothblum, G. N., and Rothblum, R. D. Fiat-shamir from simpler assumptions. Cryptology ePrint Archive, Report 2018/1004, 2018.

[12]

https://eprint.iacr.org/2018/1004.

[13]

Canetti, R., Chen, Y., Reyzin, L., and Rothblum, R. D. Fiat-shamir and correlation intractability from strong kdm-secure encryption. In Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tel Aviv, Israel, April 29 - May 3, 2018 Proceedings, Part I (2018), pp. 91–122.

[14]

Canetti, R., Lombardi, A., and Wichs, D. Non-interactive zero knowledge and correlation intractability from circular-secure fhe. Cryptology ePrint Archive, Report 2018/1248, 2018.

[15]

https://eprint.iacr.org/2018/1248.

[16]

Cantor, David G and Zassenhaus, Hans A new algorithm for factoring polynomials over finite fields. Mathematics of Computation, 1981.

[17]

Chen, X., Deng, X., and Teng, S. Settling the complexity of computing twoplayer Nash equilibria. J. ACM 56, 3 (2009).

Digital Library

[18]

Chung, F., Diaconis, P., and Graham, R. Combinatorics for the east model. Advances in Applied Mathematics 27, 1 (2001), 192–206.

Digital Library

[19]

Daskalakis, C., Goldberg, P. W., and Papadimitriou, C. H. The complexity of computing a Nash equilibrium. SIAM J. Comput. 39, 1 (2009), 195–259.

Digital Library

[20]

Daskalakis, C., and Papadimitriou, C. H. Continuous local search. In 22nd Annual ACM-SIAM Symposium on Discrete Algorithms (San Francisco, CA, USA, Jan. 23–25, 2011), D. Randall, Ed., ACM-SIAM, pp. 790–804.

Digital Library

[21]

Daskalakis, C., Tzamos, C., and Zampetakis, M. A converse to Banach’s fixed point theorem and its CLS-completeness. In Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2018, Los Angeles, CA, USA, June 25-29, 2018 (2018), pp. 44–50.

Digital Library

[22]

Deng, X., Edmonds, J. R., Feng, Z., Liu, Z., Qi, Q., and Xu, Z. Understanding PPA-completeness. In 31st Conference on Computational Complexity (CCC 2016) (Dagstuhl, Germany, 2016), R. Raz, Ed., vol. 50 of Leibniz International Proceedings in Informatics (LIPIcs), Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, pp. 23:1–23:25.

Digital Library

[23]

Fiat, A., and Shamir, A. How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology – CRYPTO’86 (Santa Barbara, CA, USA, Aug. 1987), A. M. Odlyzko, Ed., vol. 263 of Lecture Notes in Computer Science, Springer, Heidelberg, Germany, pp. 186–194.

[24]

Filos-Ratsikas, A., and Goldberg, P. W. Consensus halving is PPA-complete. In Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2018, Los Angeles, CA, USA, June 25-29, 2018 (2018), pp. 51–64.

Digital Library

[25]

Garg, S., Pandey, O., and Srinivasan, A. Revisiting the cryptographic hardness of finding a Nash equilibrium. In Advances in Cryptology - CRYPTO 2016 - 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part II (2016), pp. 579–604.

Digital Library

[26]

Goldreich, O. Candidate one-way functions based on expander graphs. In Studies in Complexity and Cryptography. Miscellanea on the Interplay between Randomness and Computation - In Collaboration with Lidor Avigad, Mihir Bellare, Zvika Brakerski, Shafi Goldwasser, Shai Halevi, Tali Kaufman, Leonid Levin, Noam Nisan, Dana Ron, Madhu Sudan, Luca Trevisan, Salil Vadhan, Avi Wigderson, David Zuckerman. 2011, pp. 76–87.

Digital Library

[27]

Goldwasser, S., and Kalai, Y. T. On the (in)security of the Fiat-Shamir paradigm. In 44th Annual Symposium on Foundations of Computer Science (Cambridge, MA, USA, Oct. 11–14, 2003), IEEE Computer Society Press, pp. 102–115.

[28]

Goldwasser, S., Micali, S., and Rackoff, C. The knowledge complexity of interactive proof systems. SIAM J. Comput. 18, 1 (1989), 186–208.

Digital Library

[29]

Hirsch, M. D., Papadimitriou, C. H., and Vavasis, S. A. Exponential lower bounds for finding Brouwer fix points. J. Complexity 5, 4 (1989), 379–416.

Digital Library

[30]

Hubáček, P., Naor, M., and Yogev, E. The journey from NP to TFNP hardness. In 8th Innovations in Theoretical Computer Science Conference, ITCS 2017, January 9-11, 2017, Berkeley, CA, USA (2017), pp. 60:1–60:21.

[31]

Hubáček, P., and Yogev, E. Hardness of continuous local search: Query complexity and cryptographic lower bounds. In Proceedings of the Twenty-Eighth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2017, Barcelona, Spain, Hotel Porta Fira, January 16-19 (2017), pp. 1352–1371.

Digital Library

[32]

Jeřábek, E. Integer factoring and modular square roots. J. Comput. Syst. Sci. 82, 2 (2016), 380–394.

Digital Library

[33]

Johnson, D. S., Papadimitriou, C. H., and Yannakakis, M. How easy is local search? Journal of Computer and System Sciences 37, 1 (1988), 79 – 100.

Digital Library

[34]

Kalai, Y. T., Rothblum, G. N., and Rothblum, R. D. From obfuscation to the security of fiat-shamir for proofs. In Advances in Cryptology - CRYPTO 2017 - 37th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 20-24, 2017, Proceedings, Part II (2017), pp. 224–251.

[35]

Kintali, S., Poplawski, L., Rajaraman, R., Sundaram, R., and Teng, S. Reducibility among fractional stability problems. SIAM Journal on Computing 42, 6 (2013), 2063–2113.

[36]

Komargodski, I., Naor, M., and Yogev, E. White-box vs. black-box complexity of search problems: Ramsey and graph property testing. In 58th Annual Symposium on Foundations of Computer Science (2017), IEEE Computer Society Press, pp. 622– 632.

[37]

Komargodski, I., and Segev, G. From minicrypt to obfustopia via private-key functional encryption. In Advances in Cryptology – EUROCRYPT 2017, Part I (Paris, France, Apr. 30 – May 4, 2017), J. Coron and J. B. Nielsen, Eds., vol. 10210 of Lecture Notes in Computer Science, Springer, Heidelberg, Germany, pp. 122–151.

[38]

Lund, C., Fortnow, L., Karloff, H., and Nisan, N. Algebraic methods for interactive proof systems. J. ACM 39, 4 (Oct. 1992), 859–868.

Digital Library

[39]

Mahmoody, M., and Xiao, D. On the power of randomized reductions and the checkability of SAT. In 2010 IEEE 25th Annual Conference on Computational Complexity (June 2010), pp. 64–75.

Digital Library

[40]

Megiddo, N., and Papadimitriou, C. H. On total functions, existence theorems and computational complexity. Theor. Comput. Sci. 81, 2 (1991), 317–324.

Digital Library

[41]

Micali, S. Computationally sound proofs. SIAM Journal on Computing 30, 4 (2000), 1253–1298. Preliminary version appeared in FOCS ’94.

Digital Library

[42]

Papadimitriou, C. H. On the complexity of the parity argument and other inefficient proofs of existence. J. Comput. Syst. Sci. 48, 3 (1994), 498–532.

Digital Library

[43]

Peikert, C., and Shiehian, S. Noninteractive zero knowledge for np from (plain) learning with errors. Cryptology ePrint Archive, Report 2019/158, 2019.

[44]

https://eprint.iacr.org/2019/158.

[45]

Pietrzak, K. Simple verifiable delay functions. IACR Cryptology ePrint Archive 2018 (2018), 627.

[46]

Reingold, O., Rothblum, G. N., and Rothblum, R. D. Constant-round interactive proofs for delegating computation. In 48th Annual ACM Symposium on Theory of Computing (Cambridge, MA, USA, June 18–21, 2016), D. Wichs and Y. Mansour, Eds., ACM Press, pp. 49–62.

Digital Library

[47]

Rosen, A., Segev, G., and Shahaf, I. Can PPAD hardness be based on standard cryptographic assumptions? In TCC 2017: 15th Theory of Cryptography Conference, Part II (Baltimore, MD, USA, Nov. 12–15, 2017), Y. Kalai and L. Reyzin, Eds., vol. 10678 of Lecture Notes in Computer Science, Springer, Heidelberg, Germany, pp. 747–776.

[48]

Savani, R., and von Stengel, B. Exponentially many steps for finding a Nash equilibrium in a bimatrix game. In 45th Annual Symposium on Foundations of Computer Science (Rome, Italy, Oct. 17–19, 2004), IEEE Computer Society Press, pp. 258–267.

Digital Library

[49]

Sotiraki, K., Zampetakis, M., and Zirdelis, G. PPP-completeness with connections to cryptography. Cryptology ePrint Archive, Report 2018/778, 2018.

[50]

https://eprint.iacr.org/2018/778.

[51]

Tovey, C. A. A simplified NP-complete satisfiability problem. Discrete Applied Mathematics 8, 1 (1984), 85–89.

Cited By

Fearnley JGoldberg PHollender ASavani RMohar BShinkar IO'Donnell R(2024)The Complexity of Computing KKT Solutions of Quadratic ProgramsProceedings of the 56th Annual ACM Symposium on Theory of Computing10.1145/3618260.3649647(892-903)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3618260.3649647
Bosshard ABootle JSprenger C(2024)Formal Verification of the Sumcheck Protocol2024 IEEE 37th Computer Security Foundations Symposium (CSF)10.1109/CSF61375.2024.00014(605-619)Online publication date: 8-Jul-2024
https://doi.org/10.1109/CSF61375.2024.00014
Choudhuri AGarg SJain AJin ZZhang J(2023)Correlation Intractability and SNARGs from Sub-exponential DDHAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38551-3_20(635-668)Online publication date: 9-Aug-2023
https://doi.org/10.1007/978-3-031-38551-3_20
Show More Cited By

Index Terms

Finding a Nash equilibrium is no easier than breaking Fiat-Shamir
1. Theory of computation
  1. Computational complexity and cryptography
    1. Complexity classes
    2. Problems, reductions and completeness

Recommendations

Inapproximability of Nash Equilibrium
STOC '15: Proceedings of the forty-seventh annual ACM symposium on Theory of Computing

We prove that finding an ε-approximate Nash equilibrium is PPAD-complete for constant ε and a particularly simple class of games: polymatrix, degree 3 graphical games, in which each player has only two actions.

As corollaries, we also prove similar ...
Pure-Circuit: Tight Inapproximability for PPAD
The current state-of-the-art methods for showing inapproximability in PPAD arise from the ɛ-Generalized-Circuit (ɛ-GCircuit) problem. Rubinstein (2018) showed that there exists a small unknown constant ɛ for which ɛ-GCircuit is PPAD-hard, and subsequent ...
Black-Box Separations on Fiat-Shamir-Type Signatures in the Non-Programmable Random Oracle Model
ISC 2015: Proceedings of the 18th International Conference on Information Security - Volume 9290

In recent years, Fischlin and Fleischhacker showed the impossibility of proving the security of specific types of FS-type signatures, the signatures constructed by the Fiat-Shamir transformation, via a single-instance reduction in the non-programmable ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

STOC 2019: Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing

June 2019

1258 pages

ISBN:9781450367059

DOI:10.1145/3313276

General Chair:
Moses Charikar
Stanford University
,
Program Chair:
Edith Cohen
Google, USA / Tel Aviv University, Israel

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGACT: ACM Special Interest Group on Algorithms and Computation Theory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 June 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

ISF
Charles University project
GACR
DARPA/ARL
Neuron Fund for the support of science
National Science Foundation

Conference

STOC '19

Sponsor:

SIGACT

STOC '19: 51st Annual ACM SIGACT Symposium on the Theory of Computing

June 23 - 26, 2019

AZ, Phoenix, USA

Acceptance Rates

Overall Acceptance Rate 1,469 of 4,586 submissions, 32%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
583
Total Downloads

Downloads (Last 12 months)146
Downloads (Last 6 weeks)24

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Fearnley JGoldberg PHollender ASavani RMohar BShinkar IO'Donnell R(2024)The Complexity of Computing KKT Solutions of Quadratic ProgramsProceedings of the 56th Annual ACM Symposium on Theory of Computing10.1145/3618260.3649647(892-903)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3618260.3649647
Bosshard ABootle JSprenger C(2024)Formal Verification of the Sumcheck Protocol2024 IEEE 37th Computer Security Foundations Symposium (CSF)10.1109/CSF61375.2024.00014(605-619)Online publication date: 8-Jul-2024
https://doi.org/10.1109/CSF61375.2024.00014
Choudhuri AGarg SJain AJin ZZhang J(2023)Correlation Intractability and SNARGs from Sub-exponential DDHAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38551-3_20(635-668)Online publication date: 9-Aug-2023
https://doi.org/10.1007/978-3-031-38551-3_20
Kalai YLombardi AVaikuntanathan V(2023)SNARGs and PPAD Hardness from the Decisional Diffie-Hellman AssumptionAdvances in Cryptology – EUROCRYPT 202310.1007/978-3-031-30617-4_16(470-498)Online publication date: 15-Apr-2023
https://doi.org/10.1007/978-3-031-30617-4_16
Bitansky NChoudhuri AHolmgren JKamath CLombardi APaneth ORothblum R(2023)PPAD is as Hard as LWE and Iterated SquaringTheory of Cryptography10.1007/978-3-031-22365-5_21(593-622)Online publication date: 1-Jan-2023
https://doi.org/10.1007/978-3-031-22365-5_21
Fearnley JGoldberg PHollender ASavani R(2022)The Complexity of Gradient Descent: CLS = PPAD ∩ PLSJournal of the ACM10.1145/356816370:1(1-74)Online publication date: 19-Dec-2022
https://dl.acm.org/doi/10.1145/3568163
Filos-Ratsikas AGoldberg P(2022)The Complexity of Necklace Splitting, Consensus-Halving, and Discrete Ham SandwichSIAM Journal on Computing10.1137/20M131267852:2(STOC19-200-STOC19-268)Online publication date: 28-Feb-2022
https://doi.org/10.1137/20M1312678
Libert BNguyen KPeters TYung M(2022)One-Shot Fiat-Shamir-Based NIZK Arguments of Composite Residuosity and Logarithmic-Size Ring Signatures in the Standard ModelAdvances in Cryptology – EUROCRYPT 202210.1007/978-3-031-07085-3_17(488-519)Online publication date: 25-May-2022
https://doi.org/10.1007/978-3-031-07085-3_17
Jain ALin HSahai AKhuller SVassilevska Williams V(2021)Indistinguishability obfuscation from well-founded assumptionsProceedings of the 53rd Annual ACM SIGACT Symposium on Theory of Computing10.1145/3406325.3451093(60-73)Online publication date: 15-Jun-2021
https://dl.acm.org/doi/10.1145/3406325.3451093
Jawale RKalai YKhurana DZhang RKhuller SVassilevska Williams V(2021)SNARGs for bounded depth computations and PPAD hardness from sub-exponential LWEProceedings of the 53rd Annual ACM SIGACT Symposium on Theory of Computing10.1145/3406325.3451055(708-721)Online publication date: 15-Jun-2021
https://dl.acm.org/doi/10.1145/3406325.3451055
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents