Incrementally Verifiable Computation via Rate-1 Batch Arguments
Omer Paneth, Tel Aviv University
Rafael Pass, Tel Aviv University, Cornell Tech
Abstract
Non-interactive delegation schemes enable producing succinct proofs (that can be efficiently verified) that a machine transitions from to in a certain number of deterministic steps. We here consider the problem of efficiently \emph{merging} such proofs: given a proof that transitions from to , and a proof that transitions from to , can these proofs be efficiently merged into a single short proof (of roughly the same size as the original proofs) that transitions from to ? To date, the only known constructions of such a mergeable delegation scheme rely on strong non-falsifiable ``knowledge extraction" assumptions.
In this work, we present a provably secure construction based on the standard LWE assumption.
As an application of mergeable delegation, we obtain a construction of incrementally verifiable computation (IVC) (with polylogarithmic length proofs) for any (unbounded) polynomial number of steps based on LWE; as far as we know, this is the first such construction based on any falsifiable (as opposed to knowledge-extraction) assumption. The central building block that we rely on, and construct based on LWE, is a rate-1 batch argument (BARG): this is a non-interactive argument for NP that enables proving NP statements with communication/verifier complexity , where is the length of one witness. Rate-1 BARGs are particularly useful as they can be recursively composed a super-constant number of times.