nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

A Tight Parallel Repetition Theorem for Partially Simulatable Interactive Arguments via Smooth KL-Divergence

verfasst von : Itay Berman, Iftach Haitner, Eliad Tsfadia

Erschienen in: Advances in Cryptology – CRYPTO 2020

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Hardness amplification is a central problem in the study of interactive protocols. While “natural” parallel repetition transformation is known to reduce the soundness error of some special cases of interactive arguments: three-message protocols (Bellare, Impagliazzo, and Naor [FOCS ’97]) and public-coin protocols (Håstad, Pass, Wikström, and Pietrzak [TCC ’10], Chung and Liu [TCC ’10] and Chung and Pass [TCC ’15]), it fails to do so in the general case (the above Bellare et al.; also Pietrzak and Wikström [TCC ’07]).

The only known round-preserving approach that applies to all interactive arguments is Haitner’s random-terminating transformation [SICOMP ’13], who showed that the parallel repetition of the transformed protocol reduces the soundness error at a weak exponential rate: if the original m-round protocol has soundness error \(1-\varepsilon \), then the n-parallel repetition of its random-terminating variant has soundness error \((1-\varepsilon )^{\varepsilon n{/}m^4}\) (omitting constant factors). Håstad et al. have generalized this result to partially simulatable interactive arguments, showing that the n-fold repetition of an m-round \(\delta \)-simulatable argument of soundness error \(1-\varepsilon \) has soundness error \((1-\varepsilon )^{\varepsilon \delta ^2 n{/}m^2}\). When applied to random-terminating arguments, the Håstad et al. bound matches that of Haitner.

In this work we prove that parallel repetition of random-terminating arguments reduces the soundness error at a much stronger exponential rate: the soundness error of the n parallel repetition is \((1-\varepsilon )^{n{/}m}\), only an m factor from the optimal rate of \((1-\varepsilon )^n\) achievable in public-coin and three-message arguments. The result generalizes to \(\delta \)-simulatable arguments, for which we prove a bound of \((1-\varepsilon )^{\delta n{/}m}\). This is achieved by presenting a tight bound on a relaxed variant of the KL-divergence between the distribution induced by our reduction and its ideal variant, a result whose scope extends beyond parallel repetition proofs. We prove the tightness of the above bound for random-terminating arguments, by presenting a matching protocol.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Compressed -Protocol Theory and Practical Application to Plug & Play Secure Algorithmics

Nächstes Kapitel Interactive Proofs for Social Graphs

As in all known amplifications of computational hardness, and proven to be an inherent limitation (at least to some extent) in Dodis et al. [11], the improvement in the soundness error does not go below negligible. We ignore this subtly in the introduction. We also ignore constant factors in the exponent.

Throughout, we assume that the protocol transcript contains the verifier’s Accept/Reject decision (which is without loss of generality for random-terminating variants). We deffer the more general case for the next version.

Upward-self reductions trivially exist for interactive proof: assume the existence of a cheating prover

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-56877-1_19/503460_1_En_19_IEq254_HTML.gif

breaking the \(\alpha \) soundness error of \(\pi ^n\), then

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-56877-1_19/503460_1_En_19_IEq257_HTML.gif

, i.e., the prover using

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-56877-1_19/503460_1_En_19_IEq258_HTML.gif

in parallel for \(\ell \) times, violates the assumed \(\alpha ^\ell \) soundness error of \(\pi ^{n\ell }\). However, when considering interactive arguments, for which we cannot guarantee a soundness error below negligible (see Footnote 1), this approach breaks down when \(\alpha ^\ell \) is negligible.

\(\varDelta = \varDelta _1 \times \varDelta _2\), for \(\varDelta _1\) being a (\(\delta \)-dense) subset of the possible values for first

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-56877-1_19/503460_1_En_19_IEq475_HTML.gif

round coins, and \(\varDelta _2\) is the set of all possible values for the coins used in rounds

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-56877-1_19/503460_1_En_19_IEq477_HTML.gif

, for m being the round complexity of

https://static-content.springer.com/image/chp%3A10.1007%2F978-3-030-56877-1_19/503460_1_En_19_IEq478_HTML.gif

Note that Lemma 2 is a special case of Lemma 4 that holds when choosing \(A_1,\ldots ,A_m\) with \(P[A_{\le m}]=1\).

The constant 2 can be replaced with any other constant without changing (up to a constant factor) the decreasing rate which is promised by Lemma 6.

Bellare, M., Impagliazzo, R., Naor, M.: Does parallel repetition lower the error in computationally sound protocols? In: 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, Miami Beach, Florida, USA, 19–22 October 1997, pp. 374–383 (1997)

Berman, I., Haitner, I., Tsfadia, E.: A tight parallel repetition theorem for partially simulatable interactive arguments via smooth KL-divergence. Cryptology ePrint Archive, Report 2019/393 (2019). https://eprint.iacr.org/2019/393

Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. J. ACM 43(2), 831–871 (2014)MathSciNetMATH

Canetti, R., Halevi, S., Steiner, M.: Hardness amplification of weakly verifiable puzzles. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 17–33. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_2CrossRefMATH

Chung, F., Lu, L.: Connected components in random graphs with given expected degree sequences. Ann. Comb. 6, 125–145 (2002). https://doi.org/10.1007/PL00012580MathSciNetCrossRefMATH

Chung, K.-M., Liu, F.-H.: Parallel repetition theorems for interactive arguments. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 19–36. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11799-2_2CrossRef

Chung, K.M., Pass, R.: The randomness complexity of parallel repetition. In: Proceedings of the 52nd Annual Symposium on Foundations of Computer Science (FOCS), pp. 658–667 (2011)

Chung, K.-M., Pass, R.: Tight parallel repetition theorems for public-coin arguments Using KL-divergence. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part II. LNCS, vol. 9015, pp. 229–246. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_9CrossRef

Damgärd, I.B., Pfitzmann, B.: Sequential iteration arguments and an efficient zero-knowledge argument for NP. In: Annual International Colloquium on Automata, Languages and Programming (ICALP), pp. 772–783 (1998)

10.

Dinur, I., Steurer, D.: Analytical approach to parallel repetition. In: Symposium on Theory of Computing, STOC 2014, New York, NY, USA, 31 May–03 June 2014, pp. 624–633 (2014)

11.

Dodis, Y., Jain, A., Moran, T., Wichs, D.: Counterexamples to hardness amplification beyond negligible. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 476–493. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28914-9_27CrossRef

12.

Donsker, M.D., Varadhan, S.R.S.: Asymptotic evaluation of certain markov process expectations for large time. IV. Commun. Pure Appl. Math. 36(2), 183–212 (1983)MathSciNetCrossRef

13.

Feige, U.: On the success probability of the two provers in one-round proof systems. In: Proceedings of the Sixth Annual Structure in Complexity Theory Conference, Chicago, Illinois, USA, 30 June–3 July 1991, pp. 116–123 (1991)

14.

Feige, U., Verbitsky, O.: Error reduction by parallel repetition - a negative result. Combinatorica 22(4), 461–478 (2002)MathSciNetCrossRef

15.

Fortnow, L., Rompel, J., Sipser, M.: Errata for on the power of multi-prover interactive protocols. In: Proceedings: Fifth Annual Structure in Complexity Theory Conference, Universitat Politècnica de Catalunya, Barcelona, Spain, 8–11 July 1990, pp. 318–319 (1990)

16.

Goldreich, O.: Modern Cryptography Probabilistic Proofs and Pseudorandomness. Springer, Heidelberg (1999). https://doi.org/10.1007/978-3-662-12521-2CrossRefMATH

17.

Haitner, I.: A parallel repetition theorem for any interactive argument. SIAM J. Comput. 42(6), 2487–2501 (2013). https://doi.org/10.1137/100810630MathSciNetCrossRefMATH

18.

Håstad, J., Pass, R., Wikström, D., Pietrzak, K.: An efficient parallel repetition theorem. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 1–18. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11799-2_1CrossRef

19.

Holenstein, T.: Parallel repetition: simplification and the no-signaling case. Theory Comput. 5(1), 141–172 (2009)MathSciNetCrossRef

20.

Moshkovitz, D.: Parallel repetition from fortification. In: 55th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2014, Philadelphia, PA, USA, 18–21 October 2014, pp. 414–423 (2014)

21.

Mulzer, W.: Chernoff bounds (2018). https://page.mi.fu-berlin.de/mulzer/notes/misc/chernoff.pdf

22.

Pass, R., Venkitasubramaniam, M.: A parallel repetition theorem for constant-round Arthur-Merlin proofs. TOCT 4(4), 10:1–10:22 (2012)CrossRef

23.

Pietrzak, K., Wikström, D.: Parallel repetition of computationally sound protocols revisited. J. Cryptol. 25(1), 116–135 (2012). https://doi.org/10.1007/s00145-010-9090-xMathSciNetCrossRefMATH

24.

Rao, A.: Parallel repetition in projection games and a concentration bound. SIAM J. Comput. 40(6), 1871–1891 (2011)MathSciNetCrossRef

25.

Raz, R.: A parallel repetition theorem. SIAM J. Comput. 27(3), 763–803 (1998)MathSciNetCrossRef

Titel: A Tight Parallel Repetition Theorem for Partially Simulatable Interactive Arguments via Smooth KL-Divergence
verfasst von: Itay Berman
Iftach Haitner
Eliad Tsfadia
Verlag: Springer International Publishing
Buch: Advances in Cryptology – CRYPTO 2020
Print ISBN: 978-3-030-56876-4

Electronic ISBN: 978-3-030-56877-1

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-56877-1_19

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner