{"id":340979,"date":"2016-12-24T12:38:28","date_gmt":"2016-12-24T20:38:28","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-research-item&#038;p=340979"},"modified":"2018-10-16T20:49:33","modified_gmt":"2018-10-17T03:49:33","slug":"interactive-proofs-continual-memory-leakage","status":"publish","type":"msr-research-item","link":"https:\/\/www.microsoft.com\/en-us\/research\/publication\/interactive-proofs-continual-memory-leakage\/","title":{"rendered":"Interactive Proofs under Continual Memory Leakage"},"content":{"rendered":"<p class=\"Para\">We consider the task of constructing interactive proofs for NP which can provide meaningful security for a prover even in the presence of continual memory leakage. We imagine a setting where an adversarial verifier participates in multiple sequential interactive proof executions for a fixed NP statement <em class=\"EmphasisTypeItalic \">x<\/em>. In every execution, the adversarial verifier is additionally allowed to leak a fraction of the (secret) memory of the prover. This is in contrast to the recently introduced notion of leakage-resilient zero-knowledge (Garg-Jain-Sahai\u201911) where there is only a single execution. Under multiple executions, in fact the entire prover witness might end up getting leaked thus leading to a complete compromise of prover security.<\/p>\n<p class=\"Para\">Towards that end, we define the notion of non-transferable proofs for all languages in <em class=\"EmphasisTypeItalic \">N<\/em> <em class=\"EmphasisTypeItalic \">P<\/em>. In such proofs, instead of receiving <em class=\"EmphasisTypeItalic \">w<\/em> as input, the prover will receive an \u201cencoding\u201d of the witness <em class=\"EmphasisTypeItalic \">w<\/em> such that the encoding is sufficient to prove the validity of <em class=\"EmphasisTypeItalic \">x<\/em>; further, this encoding can be \u201cupdated\u201d to a fresh new encoding for the next execution. We then require that if (<em class=\"EmphasisTypeItalic \">x<\/em>,<em class=\"EmphasisTypeItalic \">w<\/em>) are sampled from a \u201chard\u201d distribution, then no PPT adversary <em class=\"EmphasisTypeItalic \">A<\/em><sup>*<\/sup> can gain the ability to prove <em class=\"EmphasisTypeItalic \">x<\/em> (on its own) to an honest verifier, even if <em class=\"EmphasisTypeItalic \">A<\/em><sup>*<\/sup> has participated in polynomially many interactive proof executions (with leakage) with an honest prover whose input is (<em class=\"EmphasisTypeItalic \">x<\/em>,<em class=\"EmphasisTypeItalic \">w<\/em>). Non-transferability is a strong security guarantee which suffices for many cryptographic applications (and in particular, implies witness hiding).<\/p>\n<div class=\"Para\">We show how to construct non-transferable proofs for all languages in <em class=\"EmphasisTypeItalic \">N<\/em> <em class=\"EmphasisTypeItalic \">P<\/em> which can tolerate leaking a constant fraction of prover\u2019s secret-state during each execution. Our construction is in the <em class=\"EmphasisTypeItalic \">common reference string<\/em> (CRS) model. To obtain our results, we build a witness-encoding scheme which satisfies the following continual-leakage-resilient (CLR) properties:<\/p>\n<div class=\"UnorderedList\">\n<ul class=\"UnorderedListMarkBullet\">\n<li>\n<p class=\"Para\">The encodings can be randomized to yield a fresh new encoding,<\/p>\n<\/li>\n<li>\n<p class=\"Para\">There does not exist any efficient adversary, who receiving only a constant fraction of leakage on polynomially many fresh encodings of the same witness <em class=\"EmphasisTypeItalic \">w<\/em>, can output a valid encoding provided that the witness <em class=\"EmphasisTypeItalic \">w<\/em> along with its corresponding input instance <em class=\"EmphasisTypeItalic \">x<\/em> were sampled from a hard distribution.<\/p>\n<\/li>\n<\/ul>\n<\/div>\n<p>Our encoding schemes are essentially re-randomizable non-interactive zero- knowledge (NIZK) proofs for circuit satisfiability, with the aforementioned CLR properties. We believe that our CLR-encodings, as well as our techniques to build them, may be of independent interest.<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>We consider the task of constructing interactive proofs for NP which can provide meaningful security for a prover even in the presence of continual memory leakage. We imagine a setting where an adversarial verifier participates in multiple sequential interactive proof executions for a fixed NP statement x. In every execution, the adversarial verifier is additionally [&hellip;]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","msr-author-ordering":null,"msr_publishername":"Springer Berlin Heidelberg","msr_publisher_other":"","msr_booktitle":"","msr_chapter":"","msr_edition":"34th Annual Cryptology Conference","msr_editors":"","msr_how_published":"","msr_isbn":"","msr_issue":"","msr_journal":"","msr_number":"","msr_organization":"","msr_pages_string":"164-182","msr_page_range_start":"164","msr_page_range_end":"182","msr_series":"","msr_volume":"","msr_copyright":"","msr_conference_name":"34th Annual Cryptology Conference","msr_doi":"10.1007\/978-3-662-44381-1_10","msr_arxiv_id":"","msr_s2_paper_id":"","msr_mag_id":"","msr_pubmed_id":"","msr_other_authors":"","msr_other_contributors":"","msr_speaker":"","msr_award":"","msr_affiliation":"","msr_institution":"","msr_host":"","msr_version":"","msr_duration":"","msr_original_fields_of_study":"","msr_release_tracker_id":"","msr_s2_match_type":"","msr_citation_count_updated":"","msr_published_date":"2014-08-17","msr_highlight_text":"","msr_notes":"","msr_longbiography":"","msr_publicationurl":"http:\/\/link.springer.com\/chapter\/10.1007%2F978-3-662-44381-1_10","msr_external_url":"","msr_secondary_video_url":"","msr_conference_url":"","msr_journal_url":"","msr_s2_pdf_url":"","msr_year":0,"msr_citation_count":0,"msr_influential_citations":0,"msr_reference_count":0,"msr_s2_match_confidence":0,"msr_microsoftintellectualproperty":true,"msr_s2_open_access":false,"msr_s2_author_ids":[],"msr_pub_ids":[],"msr_hide_image_in_river":0,"footnotes":""},"msr-research-highlight":[],"research-area":[13561,13563],"msr-publication-type":[193716],"msr-publisher":[],"msr-focus-area":[],"msr-locale":[268875],"msr-post-option":[],"msr-field-of-study":[],"msr-conference":[],"msr-journal":[],"msr-impact-theme":[],"msr-pillar":[],"class_list":["post-340979","msr-research-item","type-msr-research-item","status-publish","hentry","msr-research-area-algorithms","msr-research-area-data-platform-analytics","msr-locale-en_us"],"msr_publishername":"Springer Berlin Heidelberg","msr_edition":"34th Annual Cryptology Conference","msr_affiliation":"","msr_published_date":"2014-08-17","msr_host":"","msr_duration":"","msr_version":"","msr_speaker":"","msr_other_contributors":"","msr_booktitle":"","msr_pages_string":"164-182","msr_chapter":"","msr_isbn":"","msr_journal":"","msr_volume":"","msr_number":"","msr_editors":"","msr_series":"","msr_issue":"","msr_organization":"","msr_how_published":"","msr_notes":"","msr_highlight_text":"","msr_release_tracker_id":"","msr_original_fields_of_study":"","msr_download_urls":"","msr_external_url":"","msr_secondary_video_url":"","msr_longbiography":"","msr_microsoftintellectualproperty":1,"msr_main_download":"","msr_publicationurl":"http:\/\/link.springer.com\/chapter\/10.1007%2F978-3-662-44381-1_10","msr_doi":"10.1007\/978-3-662-44381-1_10","msr_publication_uploader":[{"type":"url","title":"http:\/\/link.springer.com\/chapter\/10.1007%2F978-3-662-44381-1_10","viewUrl":false,"id":false,"label_id":0},{"type":"doi","title":"10.1007\/978-3-662-44381-1_10","viewUrl":false,"id":false,"label_id":0}],"msr_related_uploader":"","msr_citation_count":0,"msr_citation_count_updated":"","msr_s2_paper_id":"","msr_influential_citations":0,"msr_reference_count":0,"msr_arxiv_id":"","msr_s2_author_ids":[],"msr_s2_open_access":false,"msr_s2_pdf_url":null,"msr_attachments":[{"id":0,"url":"http:\/\/link.springer.com\/chapter\/10.1007%2F978-3-662-44381-1_10"}],"msr-author-ordering":[{"type":"text","value":"Prabhanjan Ananth","user_id":0,"rest_url":false},{"type":"user_nicename","value":"vipul","user_id":34597,"rest_url":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/microsoft-research\/v1\/researchers?person=vipul"},{"type":"text","value":"Omkant Pandey","user_id":0,"rest_url":false}],"msr_impact_theme":[],"msr_research_lab":[],"msr_event":[],"msr_group":[],"msr_project":[],"publication":[],"video":[],"msr-tool":[],"msr_publication_type":"inproceedings","related_content":[],"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item\/340979","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-research-item"}],"version-history":[{"count":2,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item\/340979\/revisions"}],"predecessor-version":[{"id":530638,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-item\/340979\/revisions\/530638"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=340979"}],"wp:term":[{"taxonomy":"msr-research-highlight","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-research-highlight?post=340979"},{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=340979"},{"taxonomy":"msr-publication-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-publication-type?post=340979"},{"taxonomy":"msr-publisher","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-publisher?post=340979"},{"taxonomy":"msr-focus-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-focus-area?post=340979"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=340979"},{"taxonomy":"msr-post-option","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-post-option?post=340979"},{"taxonomy":"msr-field-of-study","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-field-of-study?post=340979"},{"taxonomy":"msr-conference","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-conference?post=340979"},{"taxonomy":"msr-journal","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-journal?post=340979"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=340979"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=340979"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}