## Cryptology ePrint Archive: Report 2018/776

On Publicly Verifiable Delegation From Standard Assumptions

Yael Kalai and Omer Paneth and Lisa Yang

Abstract: We construct a publicly verifiable non-interactive delegation scheme for log-space uniform bounded depth computations in the common reference string (CRS) model, where the CRS is long (as long as the time it takes to do the computation).

The soundness of our scheme relies on the assumption that there exists a group with a bilinear map, such that given group elements $g,h,h^t,h^{t^2},$ it is hard to output $g^a,g^b,g^c$ and $h^a,h^b,h^c$ such that $a \cdot t^2 + b \cdot t + c = 0$, but $a,b,c$ are not all zero.

Previously, such a result was only known under knowledge assumptions (or in the Random Oracle model), or under non-standard assumptions related to obfuscation or zero-testable homomorphic encryption.

We obtain our result by converting the interactive delegation scheme of Goldwasser, Kalai and Rothblum (J. ACM 2015) into a publicly verifiable non-interactive one. As a stepping stone, we give a publicly verifiable non-interactive version of the sum-check protocol of Lund, Fortnow, Karloff, Nisan (J. ACM 1992).

Category / Keywords: