Unclonable Commitments and Proofs Overview

unclonable commitments and proofs n.w
1 / 32
Embed
Share

Get insights into unclonable commitments and proofs with discussions on zero-knowledge proofs, non-malleable proofs, and quantum no-cloning. Explore the results and definitions, including strong unclonability and commitments in the QROM, in this comprehensive topic overview.

  • Unclonable Commitments
  • Proofs
  • Zero-Knowledge
  • Quantum
  • Definitions
rayaanacharya
jack_3 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Unclonable Commitments and Proofs Vipul Goyal, Giulio Malavolta, and Justin Raizes

  2. Zero Knowledge Proofs I claim that ? ?. Prover Adversarial Verifier Witness: w ???

  3. Non-Malleable Proofs [DDN98] I claim that ? ?. I claim that ? ?. Prover Prover Adversarial Verifier Man-in-the-Middle Adversarial Verifier Man-in-the-Middle (MiM) (MiM) Verifier Witness: w ???

  4. Forwarding in Non-malleable Proofs I claim that ? ?. Okay, ? ?. I claim that ? ?. Prover Man-in-the-Middle (MiM) Verifier Witnesses are for losers.

  5. Quantum No-Cloning

  6. Can we construct proofs cannot be cloned? proofs that More basic question: What about commitments commitments?

  7. Our Results Definitions for unclonable commitments and proofs Same-Protocol: Right sessions use the same protocol as the left session. Commitments from various assumptions, with tradeoffs. Proofs are equivalent to public-key quantum money. Verifier/Receiver Prover/Sender Man-in-the-Middle (MiM) Verifier/Receiver

  8. Our Results Definitions for unclonable commitments and proofs Same-Protocol: Right sessions use the same protocol as the left session. Commitments from various assumptions, with tradeoffs. Proofs are equivalent to public-key quantum money. Strong Unclonability: Right sessions may use arbitrary verification procedures. Commitments in the QROM. Proofs are impossible. Verifier/Receiver Prover/Sender Man-in-the-Middle (MiM) Verifier/Receiver

  9. Our Results Definitions for unclonable commitments and proofs Same-Protocol: Right sessions use the same protocol as the left session. Commitments from various assumptions, with tradeoffs. Proofs are equivalent to public-key quantum money. Strong Unclonability: Right sessions may use arbitrary verification procedures. Commitments in the QROM. Proofs are impossible. This talk Verifier/Receiver Prover/Sender Man-in-the-Middle (MiM) Verifier/Receiver

  10. Definition: Commitments 1) Commit randomly to ?0 or ?1 ???(??) Man-in-the-Middle (MiM) Challenger

  11. Definition: Commitments 1) Commit randomly to ?0 or ?1 ???0 ???(??) Man-in-the-Middle (MiM) Challenger ???1 2) Adversary splits the commitment

  12. Definition: Commitments 3) Oracle reveals committed message 1) Commit randomly to ?0 or ?1 ?0 ???0 Oracle ???(??) Man-in-the-Middle (MiM) Challenger ?1 ???1 2) Adversary splits the commitment Oracle

  13. Definition: Commitments 3) Oracle reveals committed message I guess ? = ?1 1) Commit randomly to ?0 or ?1 ?0 ???0 Oracle ???(??) Distinguisher 1 4) Distinguishers guess b without communicating Man-in-the-Middle (MiM) Challenger ?1 ???1 I guess ? = ?2 2) Adversary splits the commitment Distinguisher 2 Oracle

  14. Definition: Commitments 3) Oracle reveals committed message I guess ? = ?1 1) Commit randomly to ?0 or ?1 ?0 ???0 Oracle ???(??) Distinguisher 1 4) Distinguishers guess b without communicating Man-in-the-Middle (MiM) Challenger ?1 ???1 I guess ? = ?2 2) Adversary splits the commitment Distinguisher 2 Oracle ?1 1 Security: |?? ? = ?0= 2| = ????(?)

  15. Definition: Commitments I guess ? = ?1 ?0 ???0 Oracle ???(??) Distinguisher 1 Man-in-the-Middle (MiM) Challenger ?1 ???1 I guess ? = ?2 Distinguisher 2 Oracle Intuitively, if session 1 is correlated to the left session, then session 2 should be independent.

  16. Unclonable Commitments vs Unclonable Encryption Unclonable Encryption: Adversary tries to split the ciphertext into two parts which it can independently decrypt when it steals the key later. Philosophically: adversary wants to collect information for later use.

  17. Unclonable Commitments vs Unclonable Encryption Unclonable Encryption: Adversary tries to split the ciphertext into two parts which it can independently decrypt when it steals the key later. Philosophically: adversary wants to collect information for later use. Unclonable Commitments: Philosophically: adversary wants to use the information before it breaks hiding.

  18. Definition: Extraction-Unclonability for Proofs Ideal World Real World Prove(s, w) Verifier Prover MiM Verifier

  19. Definition: Extraction-Unclonability for Proofs Ideal World Real World Prove(s, w) ?1,?2 Verifier Prover MiM MiM Simulator Verifier Security: Simulator-extractor simulates the adversary s view without the left witness w. If both right sessions accept, then at least one of ?1or ?2is a valid witness for one of the right sessions.

  20. Construction Key Idea Non-malleability is very similar: ??? ??? Prover MiM Verifier If ??? Idea: unclonable tags! ???, then the right session is independent of the left.

  21. Unclonable Tag Generation Alice Bob ??? ??? At the end of the protocol, Alice and Bob output the same tag.

  22. Unclonable Tag Generation: Security ???2 Honest 2 Honest 1 Man-in-the-Middle (MiM) ???3 ???? Honest 3

  23. Unclonable Tag Generation: Security ???2 Honest 2 Honest 1 Man-in-the-Middle (MiM) ???3 ???? Honest 3 Security: At least one of the three tags output by honest parties is different.

  24. Non Non- -Interactive Interactive Unclonable Tag Generation from Public Public- -Key Quantum Money Key Quantum Money Offline phase Alice Bob

  25. Non Non- -Interactive Interactive Unclonable Tag Generation from Public Public- -Key Quantum Money Key Quantum Money Offline phase Alice Bob

  26. Non Non- -Interactive Interactive Unclonable Tag Generation from Public Public- -Key Quantum Money Key Quantum Money Offline phase Serial number: s Alice Bob

  27. Non Non- -Interactive Interactive Unclonable Tag Generation from Public Public- -Key Quantum Money Key Quantum Money Offline phase Alice Bob Does it match the serial number Alice claimed? Output: s

  28. Non Non- -Interactive Interactive Unclonable Tag Generation from Public Public- -Key Quantum Money Key Quantum Money Offline phase Alice Bob Does it match the serial number Alice claimed? Output: s Output: s

  29. Non Non- -Interactive Interactive Unclonable Tag Generation from Public Public- -Key Quantum Money Key Quantum Money Offline phase Serial number: s Alice Bob Hey, this doesn t match! Serial number: s Charlie

  30. Non-Interactive Unclonable Commitments Commitments Commitment Phase Sender Receiver Opening Phase Sender Receiver

  31. Non-Interactive Unclonable Commitments Commitments Tag is generated and used, but not checked. Commitment Phase Sender Don t need public verifiability! Receiver Reveal secret information allowing the tag to be checked. Opening Phase Sender Receiver

  32. Thanks for listening!

Related


Visual Presentation Slides from Griffin & Pustay on International Business

Visual Presentation Slides from Griffin & Pustay on International Business

langston
Tentative Timeline for Submission Process and Visual Slides

Tentative Timeline for Submission Process and Visual Slides

severin
Visual Presentation Slides for Webinar

Visual Presentation Slides for Webinar

adelheid
ARGOS Inventory by Fund Queries Presentation Slides

ARGOS Inventory by Fund Queries Presentation Slides

fionn
Slides Gallery for Presentation

Slides Gallery for Presentation

arav
Beautiful Slides Showcase

Beautiful Slides Showcase

emilie
Collection of Beautiful Slides for Presentation

Collection of Beautiful Slides for Presentation

delphi
Instructions for Using These Slides

Instructions for Using These Slides

mars
Physics Presentation Slides on Rotational Motion, Thermodynamics, and Data-Based Questions

Physics Presentation Slides on Rotational Motion, Thermodynamics, and Data-Based Questions

laila
Visual Presentation Slides Showcase

Visual Presentation Slides Showcase

luella
Collection of Slides with Descriptions

Collection of Slides with Descriptions

astraea
Visual Presentation Slides Collection

Visual Presentation Slides Collection

xochitl
Guidelines for Using UPMC PowerPoint Template

Guidelines for Using UPMC PowerPoint Template

zayd
Visual Presentation Slides Collection

Visual Presentation Slides Collection

tansy
Beautiful Presentation Slides Showcase

Beautiful Presentation Slides Showcase

asta
Visual Drill and Alphabet Presentation Slides Collection

Visual Drill and Alphabet Presentation Slides Collection

dulcie
Analysis of 'The Scholarship Jacket' by Marta Salinas

Analysis of 'The Scholarship Jacket' by Marta Salinas

absalom
Visual Presentation Slides Collection

Visual Presentation Slides Collection

talullah
Presentation Slides Showcase

Presentation Slides Showcase

aoife
Collection of Slides for Presentation

Collection of Slides for Presentation

imelda
Visual Highlights from OP-ED Slides

Visual Highlights from OP-ED Slides

numair
Efficient Method for Importing Slides into a New Presentation

Efficient Method for Importing Slides into a New Presentation

arno

More Related Content