Interactive Coding for Interactive Proofs [chapter]

Allison Bishop, Yevgeniy Dodis
2015 Lecture Notes in Computer Science  
We consider interactive proof systems over adversarial communication channels. We show that the seminal result that IP = PSPACE still holds when the communication channel is malicious, allowing even a constant fraction of the communication to be arbitrarily corrupted. Introduction Interactive proofs are fundamental objects in both cryptography and complexity theory, and come with a rich history of exciting developments, such as the surprising characterization that IP = PSPACE [20]. This
more » ... rization assumes that a prover and a verifier communicate over a perfect communication channel, and crucially relies upon the fact that the number of rounds of the interaction can be polynomially long. Recently, the study of interactive coding (pioneered by Schulman [17, 18] ) has emerged as a promising way to extend results involving lengthy interactions over perfect channels to analogous results over adversarial channels -even with a constant relative error rate. This high level of robustness cannot be achieved by simply applying an error correcting code to each message, a method which is limited to an error rate proportional to 1 r , where r is the number of rounds. There has been much success in obtaining interactive coding protocols capable of performing any two party communication tasks over a noisy or adversarial channel [17, 18, 6, 8, 4, 3, 15, 1, 11, 10, 5, 14] . However, all of these works assume that the task is described as a function of two inputs, and only correctness of the computation is required. In the case of interactive proofs, it is not enough to ensure that an honest party "eventually" learns the real message the other party was attempting to send. Instead, we must ensure that the interference of the channel cannot prevent an honest prover from convincing a verifier of a true statement, and also cannot help a malicious prover convince a verifier of a false statement. This appears to be problematic if we consider the techniques employed by interactive coding protocols, which enable parties to "replay" and "revise" their messages as the interactive coding mechanism runs. We must worry, then, that a malicious prover may use the excuse of potential channel errors to change its responses adaptively after peeking ahead at the verifier's future challenges. For this reason, it does not suffice to simply take an interactive proof system designed for an error-free channel and compile it blindly using an off-the-shelf interactive coding method. An undaunted optimist might then ask for strong interactive coding mechanism, one that could provably compose with a wide variety of security properties, such as soundness for interactive proof systems or input privacy for multiparty computation. The most general version of this would achieve a notion ensuring that the participants in the error-resilient version of the protocol
doi:10.1007/978-3-662-49099-0_13 fatcat:bkhlikgtnfdqxfzqipwld756fq