Paper 2022/281

Succinct Interactive Oracle Proofs: Applications and Limitations

Shafik Nassar, Technion – Israel Institute of Technology
Ron D. Rothblum, Technion – Israel Institute of Technology
Abstract

\textit{Interactive Oracle Proofs} (IOPs) are a new type of proof-system that combines key properties of interactive proofs and PCPs: IOPs enable a verifier to be convinced of the correctness of a statement by interacting with an untrusted prover while reading just a few bits of the messages sent by the prover. IOPs have become very prominent in the design of efficient proof-systems in recent years. In this work we study \textit{succinct IOPs}, which are IOPs in which the communication complexity is polynomial (or even linear) in the original witness. While there are strong impossibility results for the existence of succinct PCPs (i.e., PCPs whose length is polynomial in the witness), it is known that the rich class of NP relations that are decidable in small space have succinct IOPs. In this work we show both new applications, and limitations, for succinct IOPs: \begin{itemize} \item First, using one-way functions, we show how to compile IOPs into zero-knowledge \textit{proofs}, while nearly preserving the proof length. This complements a recent line of work, initiated by Ben~Sasson~\etal{}~(TCC, 2016B), who compile IOPs into super-succinct zero-knowledge \textit{arguments}. Applying the compiler to the state-of-the-art succinct IOPs yields zero-knowledge proofs for bounded-space NP relations, with communication that is nearly equal to the original witness length. This yields the shortest known zero-knowledge proofs from the minimal assumption of one-way functions. \item Second, we give a barrier for obtaining succinct IOPs for more general NP relations. In particular, we show that if a language has a succinct IOP, then it can be decided in \textit{space} that is proportionate only to the witness length, after a bounded-time probabilistic preprocessing. We use this result to show that under a simple and plausible (but to the best of our knowledge, new) complexity-theoretic conjecture, there is no succinct IOP for CSAT. \end{itemize}

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A minor revision of an IACR publication in CRYPTO 2022
Keywords
zero knowledge proofs interactive oracle proofs
Contact author(s)
nassarshafik @ gmail com
History
2022-08-23: revised
2022-03-02: received
See all versions
Short URL
https://ia.cr/2022/281
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/281,
      author = {Shafik Nassar and Ron D.  Rothblum},
      title = {Succinct Interactive Oracle Proofs: Applications and Limitations},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/281},
      year = {2022},
      url = {https://eprint.iacr.org/2022/281}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.