Paper 2022/542

On Valiant's Conjecture: Impossibility of Incrementally Verifiable Computation from Random Oracles

Mathias Hall-Andersen and Jesper Buus Nielsen

Abstract

In his landmark paper at TCC 2008 Paul Valiant introduced the notion of ``incrementally verifiable computation'' which enables a prover to incrementally compute a succinct proof of correct execution of a (potentially) long running process. The paper later won the 2019 TCC test of time award. The construction was proven secure in the random oracle model without any further computational assumptions. However, the overall proof was given using a non-standard version of the random-oracle methodology where sometimes the hash function is a random oracle and sometimes it has a short description as a circuit. Valiant clearly noted that this model is non-standard, but conjectured that the standard random oracle methodology would not suffice. This conjecture has been open for 14 years. We prove that under some mild extra assumptions on the proof system the conjecture is true: the standard random-oracle model does not allow incrementally verifiable computation without making computational assumptions. Two extra assumptions under which we can prove the conjecture are 1) the proof system is also zero-knowledge or 2) when the proof system makes a query to its random oracle it can know with non-negligible probability whether the query is fresh or was made by the proof system earlier in the construction of the proof.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint. MINOR revision.
Keywords
random oraclesPCPSNARKproof carrying data
Contact author(s)
jbn @ cs au dk
mathias @ hall-andersen dk
History
2022-05-10: received
Short URL
https://ia.cr/2022/542
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/542,
      author = {Mathias Hall-Andersen and Jesper Buus Nielsen},
      title = {On Valiant's Conjecture: Impossibility of Incrementally Verifiable Computation from Random Oracles},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/542},
      year = {2022},
      url = {https://eprint.iacr.org/2022/542}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.