TY - CONF AB - The Fiat-Shamir heuristic transforms a public-coin interactive proof into a non-interactive argument, by replacing the verifier with a cryptographic hash function that is applied to the protocol’s transcript. Constructing hash functions for which this transformation is sound is a central and long-standing open question in cryptography. We show that solving the END−OF−METERED−LINE problem is no easier than breaking the soundness of the Fiat-Shamir transformation when applied to the sumcheck protocol. In particular, if the transformed protocol is sound, then any hard problem in #P gives rise to a hard distribution in the class CLS, which is contained in PPAD. Our result opens up the possibility of sampling moderately-sized games for which it is hard to find a Nash equilibrium, by reducing the inversion of appropriately chosen one-way functions to #SAT. Our main technical contribution is a stateful incrementally verifiable procedure that, given a SAT instance over n variables, counts the number of satisfying assignments. This is accomplished via an exponential sequence of small steps, each computable in time poly(n). Incremental verifiability means that each intermediate state includes a sumcheck-based proof of its correctness, and the proof can be updated and verified in time poly(n). AU - Choudhuri, Arka Rai AU - Hubáček, Pavel AU - Kamath Hosdurg, Chethan AU - Pietrzak, Krzysztof Z AU - Rosen, Alon AU - Rothblum, Guy N. ID - 6677 SN - 9781450367059 T2 - Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing - STOC 2019 TI - Finding a Nash equilibrium is no easier than breaking Fiat-Shamir ER - TY - CONF AB - It is impossible to deterministically solve wait-free consensus in an asynchronous system. The classic proof uses a valency argument, which constructs an infinite execution by repeatedly extending a finite execution. We introduce extension-based proofs, a class of impossibility proofs that are modelled as an interaction between a prover and a protocol and that include valency arguments. Using proofs based on combinatorial topology, it has been shown that it is impossible to deterministically solve k-set agreement among n > k ≥ 2 processes in a wait-free manner. However, it was unknown whether proofs based on simpler techniques were possible. We show that this impossibility result cannot be obtained by an extension-based proof and, hence, extension-based proofs are limited in power. AU - Alistarh, Dan-Adrian AU - Aspnes, James AU - Ellen, Faith AU - Gelashvili, Rati AU - Zhu, Leqi ID - 6676 SN - 9781450367059 T2 - Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing TI - Why extension-based proofs fail ER -