International Association for Cryptologic Research

International Association
for Cryptologic Research


How to Make Rational Arguments Practical and Extractable

Matteo Campanelli , Protocol Labs
Chaya Ganesh , Indian Institute of Science
Rosario Gennaro , The City University of New York
DOI: 10.62056/a63zl86bm
Search ePrint
Search Google

We investigate proof systems where security holds against rational parties instead of malicious ones. Our starting point is the notion of rational arguments, a variant of rational proofs (Azar and Micali, STOC 2012) where security holds against rational adversaries that are also computationally bounded.

Rational arguments are an interesting primitive because they generally allow for very efficient protocols, and in particular sublinear verification (i.e. where the Verifier does not have to read the entire input). In this paper we aim at narrowing the gap between literature on rational schemes and real world applications. Our contribution is two-fold.

We provide the first construction of rational arguments for the class of polynomial computations that is practical (i.e., it can be applied to real-world computations on reasonably common hardware) and with logarithmic communication. Techniques-wise, we obtain this result through a compiler from information-theoretic protocols and rational proofs for polynomial evaluation. The latter could be of independent interest.

As a second contribution, we propose a new notion of extractability for rational arguments. Through this notion we can obtain arguments where knowledge of a witness is incentivized (rather than incentivizing mere soundness). We show how our aforementioned compiler can also be applied to obtain efficient extractable rational arguments for $\mathsf{NP}$.

  title={How to Make Rational Arguments Practical and Extractable},
  publisher={International Association for Cryptologic Research},
  volume={1, Issue 1},
  author={Matteo Campanelli and Chaya Ganesh and Rosario Gennaro},