-
On the Power of Interactive Proofs for Learning
Authors:
Tom Gur,
Mohammad Mahdi Jahanara,
Mohammad Mahdi Khodabandeh,
Ninad Rajgopal,
Bahar Salamatian,
Igor Shinkar
Abstract:
We continue the study of doubly-efficient proof systems for verifying agnostic PAC learning, for which we obtain the following results.
- We construct an interactive protocol for learning the $t$ largest Fourier characters of a given function $f \colon \{0,1\}^n \to \{0,1\}$ up to an arbitrarily small error, wherein the verifier uses $\mathsf{poly}(t)$ random examples. This improves upon the Int…
▽ More
We continue the study of doubly-efficient proof systems for verifying agnostic PAC learning, for which we obtain the following results.
- We construct an interactive protocol for learning the $t$ largest Fourier characters of a given function $f \colon \{0,1\}^n \to \{0,1\}$ up to an arbitrarily small error, wherein the verifier uses $\mathsf{poly}(t)$ random examples. This improves upon the Interactive Goldreich-Levin protocol of Goldwasser, Rothblum, Shafer, and Yehudayoff (ITCS 2021) whose sample complexity is $\mathsf{poly}(t,n)$.
- For agnostically learning the class $\mathsf{AC}^0[2]$ under the uniform distribution, we build on the work of Carmosino, Impagliazzo, Kabanets, and Kolokolova (APPROX/RANDOM 2017) and design an interactive protocol, where given a function $f \colon \{0,1\}^n \to \{0,1\}$, the verifier learns the closest hypothesis up to $\mathsf{polylog}(n)$ multiplicative factor, using quasi-polynomially many random examples. In contrast, this class has been notoriously resistant even for constructing realisable learners (without a prover) using random examples.
- For agnostically learning $k$-juntas under the uniform distribution, we obtain an interactive protocol, where the verifier uses $O(2^k)$ random examples to a given function $f \colon \{0,1\}^n \to \{0,1\}$. Crucially, the sample complexity of the verifier is independent of $n$.
We also show that if we do not insist on doubly-efficient proof systems, then the model becomes trivial. Specifically, we show a protocol for an arbitrary class $\mathcal{C}$ of Boolean functions in the distribution-free setting, where the verifier uses $O(1)$ labeled examples to learn $f$.
△ Less
Submitted 11 April, 2024;
originally announced April 2024.
-
SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs
Authors:
Stefanos Chaliasos,
Jens Ernstberger,
David Theodore,
David Wong,
Mohammad Jahanara,
Benjamin Livshits
Abstract:
Zero-knowledge proofs (ZKPs) have evolved from being a theoretical concept providing privacy and verifiability to having practical, real-world implementations, with SNARKs (Succinct Non-Interactive Argument of Knowledge) emerging as one of the most significant innovations. Prior work has mainly focused on designing more efficient SNARK systems and providing security proofs for them. Many think of…
▽ More
Zero-knowledge proofs (ZKPs) have evolved from being a theoretical concept providing privacy and verifiability to having practical, real-world implementations, with SNARKs (Succinct Non-Interactive Argument of Knowledge) emerging as one of the most significant innovations. Prior work has mainly focused on designing more efficient SNARK systems and providing security proofs for them. Many think of SNARKs as "just math," implying that what is proven to be correct and secure is correct in practice. In contrast, this paper focuses on assessing end-to-end security properties of real-life SNARK implementations. We start by building foundations with a system model and by establishing threat models and defining adversarial roles for systems that use SNARKs. Our study encompasses an extensive analysis of 141 actual vulnerabilities in SNARK implementations, providing a detailed taxonomy to aid developers and security researchers in understanding the security threats in systems employing SNARKs. Finally, we evaluate existing defense mechanisms and offer recommendations for enhancing the security of SNARK-based systems, paving the way for more robust and reliable implementations in the future.
△ Less
Submitted 11 July, 2024; v1 submitted 23 February, 2024;
originally announced February 2024.
-
Private Boosted Decision Trees via Smooth Re-Weighting
Authors:
Vahid R. Asadi,
Marco L. Carmosino,
Mohammadmahdi Jahanara,
Akbar Rafiey,
Bahar Salamatian
Abstract:
Protecting the privacy of people whose data is used by machine learning algorithms is important. Differential Privacy is the appropriate mathematical framework for formal guarantees of privacy, and boosted decision trees are a popular machine learning technique. So we propose and test a practical algorithm for boosting decision trees that guarantees differential privacy. Privacy is enforced becaus…
▽ More
Protecting the privacy of people whose data is used by machine learning algorithms is important. Differential Privacy is the appropriate mathematical framework for formal guarantees of privacy, and boosted decision trees are a popular machine learning technique. So we propose and test a practical algorithm for boosting decision trees that guarantees differential privacy. Privacy is enforced because our booster never puts too much weight on any one example; this ensures that each individual's data never influences a single tree "too much." Experiments show that this boosting algorithm can produce better model sparsity and accuracy than other differentially private ensemble classifiers.
△ Less
Submitted 29 January, 2022;
originally announced January 2022.
-
Toward Probabilistic Checking against Non-Signaling Strategies with Constant Locality
Authors:
Mohammad Mahdi Jahanara,
Sa** Koroth,
Igor Shinkar
Abstract:
Non-signaling strategies are a generalization of quantum strategies that have been studied in physics over the past three decades. Recently, they have found applications in theoretical computer science, including to proving inapproximability results for linear programming and to constructing protocols for delegating computation. A central tool for these applications is probabilistically checkable…
▽ More
Non-signaling strategies are a generalization of quantum strategies that have been studied in physics over the past three decades. Recently, they have found applications in theoretical computer science, including to proving inapproximability results for linear programming and to constructing protocols for delegating computation. A central tool for these applications is probabilistically checkable proof (PCPs) systems that are sound against non-signaling strategies.
In this paper we show, assuming a certain geometrical hypothesis about noise robustness of non-signaling proofs (or, equivalently, about robustness to noise of solutions to the Sherali-Adams linear program), that a slight variant of the parallel repetition of the exponential-length constant-query PCP construction due to Arora et al. (JACM 1998) is sound against non-signaling strategies with constant locality.
Our proof relies on the analysis of the linearity test and agreement test (also known as the direct product test) in the non-signaling setting.
△ Less
Submitted 10 September, 2020;
originally announced September 2020.
-
UniqueID: Decentralized Proof-of-Unique-Human
Authors:
MohammadJavad Hajialikhani,
MohammadMahdi Jahanara
Abstract:
Bitcoin and Ethereum are novel mechanisms for decentralizing the concept of money and computation. Extending decentralization to the human identity concept, we can think of using blockchain for creating a list of verified human identities with a one-person-one-ID property. UniqueID is a Decentralized Autonomous Organization(DAO) for maintaining human identities such that every physical human entit…
▽ More
Bitcoin and Ethereum are novel mechanisms for decentralizing the concept of money and computation. Extending decentralization to the human identity concept, we can think of using blockchain for creating a list of verified human identities with a one-person-one-ID property. UniqueID is a Decentralized Autonomous Organization(DAO) for maintaining human identities such that every physical human entity can have no more that one account. One part of this identity is simply the user's claim on one of his unique, permanent, and measurable characteristics -biometrics. Blockchain has proved its integrity as a platform for storing and performing computations on such claims. The biggest challenge here is to ensure that the user has submitted his own valid biometric data. Human verifiers can check if there is any inconsistency in other users' data, by peer-to-peer checks. For preventing bad behavior and centralization in the verification process, UniqueID benefits from novel governance mechanisms to choose verifiers and punish unjust ones. Also, there are incentives for honest verifiers and users by newly generated tokens. We show how the users' privacy can be preserved by using state-of-the-art cryptographic techniques, and so they can use their identity without any concerns for votings, financial and banking purposes, social media accounts, reputation systems etc.
△ Less
Submitted 20 June, 2018;
originally announced June 2018.