Fall 2019

Finding a Nash Equilibrium is No Easier than Breaking Fiat-Shamir

Monday, Sep. 23, 2019 3:30 pm4:30 pm PDT

Add to Calendar


Guy Rothblum (Weizmann Institute)

The Fiat-Shamir heuristic transforms a public-coin interactive proof into a non-interactive argument, by replacing the verifier with a cryptographic hash function that is applied to the protocol's transcript. Constructing hash functions for which this transformation is sound is a central and long-standing open question in cryptography.

We show that solving problems in the complexity class PPAD is no easier than breaking the soundness of the Fiat-Shamir transformation when applied to the sumcheck protocol. In particular, if the transformed protocol is sound, then any hard problem in #P gives rise to a hard distribution in the class CLS, which is contained in PPAD.

Combining our construction with a hash family proposed by Canetti et al. [STOC 2019] gives rise to a distribution in the class CLS, which is provably hard under a strong assumption about the (opmal) security of known fully homomorphic encryption schemes.

Joint work with Arka Rai Choudhuri, Pavel Hubacek, Chethan Kamath, Krzysztof Pietrzak, and Alon Rosen.