## Cryptology ePrint Archive: Report 2022/557

Honest Majority Multi-Prover Interactive Arguments

Alexander R. Block and Christina Garman

Abstract: Interactive arguments, and their (succinct) non-interactive and zero-knowledge counterparts, have seen growing deployment in real world applications in recent years. Unfortunately, for large and complex statements, concrete proof generation costs can still be quite expensive. While recent work has sought to solve this problem by outsourcing proof computation to a group of workers in a privacy preserving manner, current solutions still require each worker to do work on roughly the same order as a single-prover solution.

We introduce the Honest Majority Multi-Prover (HMMP) model for interactive arguments. In these arguments, we distribute prover computation among $M$ collaborating, but distrusting, provers. All provers receive the same inputs and have no private inputs, and we allow any $t < M/2$ provers to be statically corrupted before generation of public parameters, and all communication is done via an authenticated broadcast channel. In contrast with the recent works of Ozdemir and Boneh (USENIX '22) and Dayama et al. (PETS '22), our model targets prover efficiency over privacy.

We show that: (1) any interactive argument where the prover computation is suitably divisible into $M$ sub-computations can be transformed into an interactive argument in the HMMP model; and (2) arguments that are obtained via compiling polynomial interactive oracle proofs with polynomial commitment schemes admit HMMP model constructions that experience a (roughly) $1/M$ speedup over a single-prover solution. The transformation of (1) preserves computational (knowledge) soundness, zero-knowledge, and can be made non-interactive via the Fiat-Shamir transformation. The constructions of (2) showcase that there are efficiency gains in proof distribution when privacy is not a concern.

Category / Keywords: cryptographic protocols / Interactive Arguments, Zero-Knowledge