Fiat-Shamir Non-Interactive Proof System Basics

Fiat-Shamir Non-Interactive Proof System Basics
Slide Note
Embed
Share

Fiat-Shamir protocol overview, Sigma protocols, breaking soundness in a quantum context, fixing strict soundness, and recap of Sigma protocols in a quantum setting. Explore the transformation of sigma protocol into a non-interactive proof system, classical security features, and zero-knowledge properties.

  • Fiat-Shamir
  • Sigma protocols
  • Quantum security
  • Non-interactive proofs
  • Zero-knowledge
hnang
hnang Follow

Uploaded on Apr 28, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Fiat-Shamir and the Quantum Forking Conjecture Dominique Unruh University of Tartu Dominique Unruh

  2. Fiat-Shamir (overview) Non-interactive proof system: Prover Prover Verifier Verifier ???,? ??? ,???? Quantum Quantum secure? secure? witness statement statement Zero-knowledge proof of knowledge Verifier learns nothing Prover must know witness Signature scheme (Signer proves knowledge of sk) Fiat-Shamir 2 Dominique Unruh

  3. Understanding FS: Sigma protocols Interactive proof system Honest-verifier zero-knowledge details omitted P P V V Special soundness Given: ???? for two ? ??? (same ???) Get: Witness Fiat-Shamir 3 Dominique Unruh

  4. Understanding FS: The construction Verifier Prover ???,? ???,???? ? ??? ?(???) P P V V Prover sends simulated sigma-proto interaction Soundness of sigma-protocol carries over Fiat-Shamir 4 Dominique Unruh

  5. Breaking FS soundness (quantum) Artificial sigma-protocol [Ambainis,Rosmanis,U14] (relative to specific oracles) Can give ???? for any? ??? (using | ) Only once (| used up) FS insecure (soundness) But: sigma-protocol has special soundness | P P Fiat-Shamir 5 Dominique Unruh

  6. Breaking FS soundness (quantum) FS not secure in general For quantum attackers Relative to specific oracles Ways out: Non-relativizing proofs? Doubtful. Other protocols? Yes. [U15] Extra conditions on sigma-protocol? This talk. Fiat-Shamir 6 Dominique Unruh

  7. Fixing FS: Strict soundness Special soundness Given: ???? for two ? ??? (same ???) Get: Witness P P V V Strict soundness Given ???, ? ???, exists at most one ???? Honest-verifier zero- knowledge Fiat-Shamir 7 Dominique Unruh

  8. Recap / preview Sigma-protocol: 3-msg proof system Special soundness:???? for two ? ??? witness Strict soundness: For every ???,? ??? at most one ???? Fiat-Shamir: Transforms sigma-protocol into non-interactive proof system Classical security: Sigma-proto is honest verifier ZK FS is zero-knowledge Sigma-proto has special soundness FS has soundness (+ extractability) Quantumly? + strict soudness ( ) Fiat-Shamir 8 Dominique Unruh

  9. Quantum Forking Conjecture Let ?? denote a projective measurement ?? is circuit, makes ? queries to ? ? random function ? ?1 ???? ?? ?? |0 ?1 ?2 Then: Pr ?1= ?2 1/????(?) Fiat-Shamir 9 Dominique Unruh

  10. Proving FS soundness Assume: Adversary ? outputs valid FS proof (for simplicity: Pr = 1) ????? ??? ? valid ? ??? ???? To show: Can efficiently extract witness (with Pr 1/????) Fiat-Shamir 10 Dominique Unruh

  11. Proving FS soundness (ctd.) ????? ????? Compute witness ??? ??? ? ???1 ???? ? ? ? ? ? ??? ? ??? ???? ???? ???1,? ???1,????1 ???2,? ???2,????2 By special soundness ????= ???? To show: ?? ??????? ??????? ?/???? Fiat-Shamir 11 Dominique Unruh

  12. Proving FS soundness (ctd.) ????? ????? ??? ??? ? ???1 ???? ? ? ? ? ? ??? ? ??? ???? ???? ???1,? ???1,????1 ???2,? ???2,????2 By strict soundness To show: ?? ????= ???? ?/???? Fiat-Shamir 12 Dominique Unruh

  13. Proving FS soundness (ctd.) ????? ????? ??? ??? ? ???1 ???? ?? ?? ? ? ? ? ? ??? ? ??? ???? ???? ???1 ???2 Projective measurement Projective measurement To show: ?? ????= ???? ?/???? By QFC Fiat-Shamir 13 Dominique Unruh

  14. Theorem Assume: QFC holds Assume: Sigma-protocol has special soundness strict soundness honest-verifier zero-knowledge Then: Fiat-Shamir is a proof of knowledge (simulation-sound extractable) zero-knowledge Fiat-Shamir 14 Dominique Unruh

  15. Open problems Prove QFC (please help! ) Weaker condition than strict soundness? Sigma-protos with strict soundness Fiat-Shamir 15 Dominique Unruh

  16. I thank you for your attention This research was supported by European Social Fund s Doctoral Studies and Internationalisation Programme DoRa Dominique Unruh

Related


FIAT-Q-SF and FAP Assessment in Process-Based Therapy Era

FIAT-Q-SF and FAP Assessment in Process-Based Therapy Era

tobin
Hardness of Proving CCA-Security in Signed ElGamal

Hardness of Proving CCA-Security in Signed ElGamal

jore_21
Proof of Stake: Energy-Efficient Alternative to Proof of Work

Proof of Stake: Energy-Efficient Alternative to Proof of Work

ctan
Signature Schemes in Cryptography

Signature Schemes in Cryptography

eid_sby
Proof Complexity: The Basics, Achievements, and Challenges

Proof Complexity: The Basics, Achievements, and Challenges

gmcal
Mathematical Proof Methods and Divisibility Rules

Mathematical Proof Methods and Divisibility Rules

azle161
Insights into Logic and Proof: A Historical Journey

Insights into Logic and Proof: A Historical Journey

msin
Efficient Interactive Proof Systems Overview

Efficient Interactive Proof Systems Overview

jag_bed
Architecture and Challenges of Proof Assistants

Architecture and Challenges of Proof Assistants

niebuhr_a
Evolution of Proof Systems in Mathematics: From Euclid to Godel

Evolution of Proof Systems in Mathematics: From Euclid to Godel

killgore_l
The Influence of Words on Sound Recognition in Interactive and Non-interactive Models

The Influence of Words on Sound Recognition in Interactive and Non-interactive Models

mohl_abe
Probabilistic Proof Systems in Complexity Theory

Probabilistic Proof Systems in Complexity Theory

brco192
Exhaustive Proofs and Proof by Cases in Discrete Math

Exhaustive Proofs and Proof by Cases in Discrete Math

oluwase
Perspectives on Justification and Proof in Mathematics Education Research

Perspectives on Justification and Proof in Mathematics Education Research

odie_460
Genealogical Proof Arguments and SAR Standard of Proof

Genealogical Proof Arguments and SAR Standard of Proof

covington_j
Proof Techniques in Number Theory

Proof Techniques in Number Theory

dpett
Matrix Identities in Strong Proof Systems

Matrix Identities in Strong Proof Systems

eaver
Evolution of Money: From Barter to Fiat Currency

Evolution of Money: From Barter to Fiat Currency

dbis
Stablecoins and Synthetic Assets

Stablecoins and Synthetic Assets

kokoszka_k
Burden of Proof and Standards of Evidence in Legal Proceedings

Burden of Proof and Standards of Evidence in Legal Proceedings

hartline_n
Stablecoins: A Detailed Analysis by Katerina Liu

Stablecoins: A Detailed Analysis by Katerina Liu

smot
Interactive Proofs in Complexity Theory

Interactive Proofs in Complexity Theory

kiri

More Related Content