A Zero Knowledge Sumcheck and its Applications (1704.02086v1)

Abstract: Many seminal results in Interactive Proofs (IPs) use algebraic techniques based on low-degree polynomials, the study of which is pervasive in theoretical computer science. Unfortunately, known methods for endowing such proofs with zero knowledge guarantees do not retain this rich algebraic structure. In this work, we develop algebraic techniques for obtaining zero knowledge variants of proof protocols in a way that leverages and preserves their algebraic structure. Our constructions achieve unconditional (perfect) zero knowledge in the Interactive Probabilistically Checkable Proof (IPCP) model of Kalai and Raz KR08. Our main result is a zero knowledge variant of the sumcheck protocol [LFKN92] in the IPCP model. The sumcheck protocol is a key building block in many IPs, including the protocol for polynomial-space computation due to Shamir [Sha92], and the protocol for parallel computation due to Goldwasser, Kalai, and Rothblum [GKR15]. A core component of our result is an algebraic commitment scheme, whose hiding property is guaranteed by algebraic query complexity lower bounds [AW09,JKRS09]. This commitment scheme can then be used to considerably strengthen our previous work [BCFGRS16] that gives a sumcheck protocol with much weaker zero knowledge guarantees, itself using algebraic techniques based on algorithms for polynomial identity testing [RS05,BW04]. We demonstrate the applicability of our techniques by deriving zero knowledge variants of well-known protocols based on algebraic techniques, including the protocols of Shamir and of Goldwasser, Kalai, and Rothblum, as well as the protocol of Babai, Fortnow, and Lund [BFL91].

• The paper introduces a zero-knowledge variant of the sumcheck protocol using algebraic techniques within the IPCP model, offering unconditional zero knowledge without cryptographic assumptions.
• An algebraic commitment scheme and masking with random polynomials are key technical elements used to achieve the hiding property and reduce information leakage.
• The zero-knowledge sumcheck is applied to derive zero-knowledge versions of well-known protocols for PSPACE and NEXP, with implications for non-interactive arguments and secure computation.

Overview of "A Zero Knowledge Sumcheck and its Applications"

The paper "A Zero Knowledge Sumcheck and its Applications" presents a sophisticated approach to integrating zero knowledge guarantees into interactive proof protocols that rely on algebraic properties. The authors, Chiesa, Forbes, and Spooner, develop algebraic techniques aimed at maintaining the inherent algebraic structure of many interactive proofs (IPs) while achieving unconditional zero knowledge. This work is built upon the Interactive Probabilistically Checkable Proof (IPCP) model, where a prover first submits a PCP oracle followed by interactive proof exchanges.

Key Contributions and Results

The paper's central contribution is the formulation of a zero knowledge variant of the sumcheck protocol within the IPCP framework. The original sumcheck protocol is fundamental in verifying polynomial summations within IPs, particularly in notable protocols like Shamir's space computation and parallel computation methods by Goldwasser et al. However, the original sumcheck protocol lacks zero knowledge capabilities as it reveals intermediate computation results.

This work introduces an algebraic commitment scheme crucial in achieving zero knowledge sumcheck. This scheme leverages algebraic query complexity lower bounds to ensure the hiding property, meaning the verifier cannot glean information about the committed value beyond the final result. Furthermore, the authors demonstrate the utility of their zero knowledge sumcheck by applying it to derive zero knowledge versions of well-known protocols, including those for $NEXP$ based on Babai et al.’s multi-prover IPs and Shamir’s $PSPACE$ protocol.

Technical Exposition

The implementation of zero knowledge in this context circumvents typical reliance on cryptographic assumptions, offering an unconditional zero knowledge methodology; this results in algebraic complexity—a pathway distinct from traditional cryptographic constructs such as one-way functions. However, the IPCP model, being intermediate between IPs and MIPs, facilitates the achievement of perfect zero knowledge, albeit with adjustments to soundness and completeness for algebraic expressions.

The paper further refines recent works from Ben-Sasson et al. by enhancing previous zero knowledge guarantees through constructing oracles that are masked by random polynomials subject to algebraic commitments. This approach reduces information leakage by confirming only a single polynomial evaluation at each verifier query, even with polynomially-many verifier queries possible.

Applications and Future Directions

The zero knowledge sumcheck has profound implications for both theoretical exploration and practical applications. The possibility of non-interactive arguments in a public setting through collision-resistant functions and CS proofs are key developments extrapolated here. These outcomes hint at broader use in verifying large-scale computations while securing the underlying data’s confidentiality.

Looking forward, the methodology paves the way for expanded research in algebraic technique applications in cryptography. The intersection of algebraic complexity with zero knowledge proofs opens new pathways to explore delegate computations in secure multiparty settings or distributed computing, aiming for efficiency without forsaking privacy.

In summary, the paper's contributions enrich the understanding and capabilities surrounding sumcheck protocols in algebraic proofs, revamping how we perceive zero knowledge applicability in complex algebraic environments and laying the groundwork for more secure, efficient computational frameworks.