TY - CONF
AB - It is impossible to deterministically solve wait-free consensus in an asynchronous system. The classic proof uses a valency argument, which constructs an infinite execution by repeatedly extending a finite execution. We introduce extension-based proofs, a class of impossibility proofs that are modelled as an interaction between a prover and a protocol and that include valency arguments.
Using proofs based on combinatorial topology, it has been shown that it is impossible to deterministically solve k-set agreement among n > k ≥ 2 processes in a wait-free manner. However, it was unknown whether proofs based on simpler techniques were possible. We show that this impossibility result cannot be obtained by an extension-based proof and, hence, extension-based proofs are limited in power.
AU - Alistarh, Dan-Adrian
AU - Aspnes, James
AU - Ellen, Faith
AU - Gelashvili, Rati
AU - Zhu, Leqi
ID - 6676
SN - 9781450367059
T2 - Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing
TI - Why extension-based proofs fail
ER -
TY - CONF
AB - The Fiat-Shamir heuristic transforms a public-coin interactive proof into a non-interactive argument, by replacing the verifier with a cryptographic hash function that is applied to the protocol’s transcript. Constructing hash functions for which this transformation is sound is a central and long-standing open question in cryptography.
We show that solving the END−OF−METERED−LINE problem is no easier than breaking the soundness of the Fiat-Shamir transformation when applied to the sumcheck protocol. In particular, if the transformed protocol is sound, then any hard problem in #P gives rise to a hard distribution in the class CLS, which is contained in PPAD. Our result opens up the possibility of sampling moderately-sized games for which it is hard to find a Nash equilibrium, by reducing the inversion of appropriately chosen one-way functions to #SAT.
Our main technical contribution is a stateful incrementally verifiable procedure that, given a SAT instance over n variables, counts the number of satisfying assignments. This is accomplished via an exponential sequence of small steps, each computable in time poly(n). Incremental verifiability means that each intermediate state includes a sumcheck-based proof of its correctness, and the proof can be updated and verified in time poly(n).
AU - Choudhuri, Arka Rai
AU - Hubáček, Pavel
AU - Kamath Hosdurg, Chethan
AU - Pietrzak, Krzysztof Z
AU - Rosen, Alon
AU - Rothblum, Guy N.
ID - 6677
SN - 9781450367059
T2 - Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing - STOC 2019
TI - Finding a Nash equilibrium is no easier than breaking Fiat-Shamir
ER -