CryptoDB
Linear-Time Arguments with Sublinear Verification from Tensor Codes
| Authors: | |
|---|---|
| Download: | |
| Abstract: | Minimizing the computational cost of the prover is a central goal in the area of succinct arguments. In particular, it remains a challenging open problem to construct a succinct argument where the prover runs in linear time and the verifier runs in polylogarithmic time. We make progress towards this goal by presenting a new linear-time probabilistic proof. For any fixed ? > 0, we construct an interactive oracle proof (IOP) that, when used for the satisfiability of an N-gate arithmetic circuit, has a prover that uses O(N) field operations and a verifier that uses O(N^?) field operations. The sublinear verifier time is achieved in the holographic setting for every circuit (the verifier has oracle access to a linear-size encoding of the circuit that is computable in linear time). When combined with a linear-time collision-resistant hash function, our IOP immediately leads to an argument system where the prover performs O(N) field operations and hash computations, and the verifier performs O(N^?) field operations and hash computations (given a short digest of the N-gate circuit). |
Video from TCC 2020
BibTeX
@article{tcc-2020-30580,
title={Linear-Time Arguments with Sublinear Verification from Tensor Codes},
booktitle={Theory of Cryptography},
publisher={Springer},
author={Jonathan Bootle and Alessandro Chiesa and Jens Groth},
year=2020
}