Skip to main content
European Commission logo print header

Proofs and Computation

Final Report Summary - PAC (Proofs and Computation)

The proliferation of decentralized and distributed computer systems and the growing reliance of Modern Society on such systems requires a new set of tools that can enforce and verify the integrity of computations carried at distant and unsupervised locations. The matter of verification and integrity-enforcement becomes all the more crucial when considering information and computations for which the party performing the computation may have an incentive to "cheat" and report false outputs. Examples of misreporting that results in increased profit to central parties abound in the financial sector, healthcare, law-enforcement, taxation and general government systems. Thus far, enforcement of computational integrity has relied solely on regulatory and legal foundations, which are still prone to misuse and corruption. Our project has brought closer to practice the use of theoretical cryptography to create and enforce computational integrity, while preserving privacy, in extremely distributed and decentralized systems like Bitcoin and related cryptocurrencies. More importantly, the general applicability of our techniques to any efficient computation hold great promise for the future of distributed computation with integrity.

More to the point, the main research achievements of this project have been to advance the theoretical understanding of proof systems of computational integrity that are based on additively homomorphic encryption (also known as pre-processing Succinct Noninteractive ARguements of Knowledge, or SNARKs) and on hash-based Probabilistically Checkable Proof (PCP) systems (also known as Computationally Sound (CS) proofs). We initiated the implementation in code of these systems and reported initial applications, most notably in areas related to Bitcoin and crypto-currencies. A concrete example is Zerocash, the first decentralized anonymous payment systems based on Bitcoin. Zerocash is a new protocol that works on the transaction layer of Bitcoin and hides payer, payee and payment amount. Consequently, it makes any cryptocurrency using it more fungible and better suited for use in practice. Recall that in Bitcoin (and its offspring) all financial transactions are publicly displayed, and this public display is a serious impediment to adoption because businesses and individuals prefer need their financial information to be kept private.