Weizmann Logo
ECCC
Electronic Colloquium on Computational Complexity

Under the auspices of the Computational Complexity Foundation (CCF)

Login | Register | Classic Style
icon Submit Paper


RSS-Feed
REPORTS > DETAIL:

Revision(s):

Revision #2 to TR24-114 | 30th December 2025 20:03

Dot-Product Proofs and Their Applications

Contact
Add Comment
RSS-Feed




Revision #2 Authors: Nir Bitansky, Ron D. Rothblum, Prahladh Harsha, Yuval Ishai, David Wu
Accepted on: 30th December 2025 20:03
Downloads: 15
Keywords: 


Abstract:

A {\em dot-product proof} (DPP) is a simple probabilistic proof system in which the input statement $\mathbf{x}$ and the proof $\boldsymbol{\pi}$ are vectors over a finite field $\mathbb{F}$, and the proof is verified by making a single dot-product query $\langle \mathbf{q},(\mathbf{x} \| \boldsymbol{\pi}) \rangle$ jointly to $\mathbf{x}$ and $\boldsymbol{\pi}$. A DPP can be viewed as a 1-query fully linear PCP. We study the feasibility and efficiency of DPPs, obtaining the following results:
\begin{itemize}
\item
{\bf Small-field DPP.}
For any finite field $\mathbb{F}$ and Boolean circuit $C$ of size $S$, there is a $\DPP$ for proving that there exists
$\boldsymbol{v}$ such that $C(\boldsymbol{v}, \boldsymbol{v})=1$
with a proof $\piv$ of length
$S\cdot\poly(|\mathbb{F}|)$
and soundness error $\epsilon=O(1/\sqrt{|\mathbb{F}|})$. We show this error to be asymptotically optimal.

\smallskip In particular, and in contrast to the best known PCPs, there
exist strictly linear-length DPPs over constant-size fields.

\item
{\bf Large-field DPP.}
If $|\mathbb{F}|\ge\poly(S/\epsilon)$, there is a similar
DPP with soundness error $\epsilon$ and proof length $O(S)$ (in field elements).
\end{itemize}
The above results do not rely on the PCP theorem and their proofs are considerably simpler.
We apply our DPP constructions toward two kinds of applications.
\begin{itemize}
\item {\bf Hardness of approximation.} We obtain a simple proof for the NP-hardness of approximating MAXLIN (with dense instances) over any finite field $\mathbb{F}$ up to some constant factor $c>1$, independent of $\mathbb{F}$.
Unlike previous $\PCP$-based proofs, our proof yields {\em exponential-time} hardness under the exponential time hypothesis (ETH).
\item {\bf Succinct arguments.} We
improve the concrete efficiency of succinct
interactive arguments in the generic group model using input-independent preprocessing.
In particular, the communication is comparable to sending two group elements and the verifier's computation is dominated by a single group exponentiation. We also show how to use DPPs together with linear-only encryption
to construct succinct commit-and-prove arguments.
\end{itemize}



Changes to previous version:

(1) Augmented the embedding transformation in Section 5.1 to make it more efficient and (2) Fixed the inaccuracy in our previous concrete instantiation of laconic arguments in the generic group model in Section 7.2.


Revision #1 to TR24-114 | 22nd April 2025 18:19

Dot-Product Proofs and Their Applications





Revision #1 Authors: Nir Bitansky, Ron D. Rothblum, Prahladh Harsha, Yuval Ishai, David Wu
Accepted on: 22nd April 2025 18:19
Downloads: 357
Keywords: 


Abstract:

A dot-product proof (DPP) is a simple probabilistic proof system in which the input statement $x$ and the proof ${\pi}$ are vectors over a finite field $\mathbb{F}$, and the proof is verified by making a single dot-product query $\langle {q},({x} \| {\pi})\rangle$ jointly to ${x}$ and ${\pi}$. A DPP can be viewed as a 1-query {\em fully linear} PCP. We study the feasibility and efficiency of DPPs, obtaining the following results:

* Small-field DPP: For any finite field $\mathbb{F}$ and Boolean circuit $C$ of size $S$, there is a DPP for proving that there exists ${w}$ such that $C({x}, {w})=1$ with a proof ${\pi}$ of length $S\cdot\text{poly}(|\mathbb{F}|)$ and soundness error $\epsilon=O(1/\sqrt{|\mathbb{F}|})$. We show this error to be asymptotically optimal. In particular, and in contrast to the best known PCPs, there exist strictly linear-length DPPs over constant-size fields.

* Large-field DPP: If $|\mathbb{F}|\ge\text{poly}(S/\epsilon)$, there is a similar DPP with soundness error $\epsilon$ and proof length $O(S)$ (in field elements).

The above results do not rely on the PCP theorem and their proofs are considerably simpler. We apply our DPP constructions toward two kinds of applications.

* Hardness of approximation: We obtain a simple proof for the NP-hardness of approximating MAXLIN (with dense instances) over any finite field $\mathbb{F}$ up to some constant factor $c>1$, independent of $\mathbb{F}$. Unlike previous PCP-based proofs, our proof yields exponential-time hardness under the exponential time hypothesis (ETH).

* Succinct arguments: We improve the concrete efficiency of succinct interactive arguments in the generic group model using input-independent preprocessing.In particular, the communication is comparable to sending two group elements and the verifier's computation is dominated by a single group exponentiation. We also show how to use DPPs together with linear-only encryption to construct succinct commit-and-prove arguments.



Changes to previous version:

Minor revision, fixing inaccuracy in Theorem 3.5 and slightly simplifying the small-field DPP construction.


Paper:

TR24-114 | 12th July 2024 15:03

Dot-Product Proofs and Their Applications





TR24-114 Authors: Nir Bitansky, Ron D. Rothblum, Prahladh Harsha, Yuval Ishai, David Wu
Publication: 12th July 2024 15:03
Downloads: 1282
Keywords: 


Abstract:

A dot-product proof (DPP) is a simple probabilistic proof system in which the input statement $x$ and the proof ${\pi}$ are vectors over a finite field $\mathbb{F}$, and the proof is verified by making a single dot-product query $\langle {q},({x} \| {\pi})\rangle$ jointly to ${x}$ and ${\pi}$. A DPP can be viewed as a 1-query {\em fully linear} PCP. We study the feasibility and efficiency of DPPs, obtaining the following results:

* Small-field DPP: For any finite field $\mathbb{F}$ and Boolean circuit $C$ of size $S$, there is a DPP for proving that there exists ${w}$ such that $C({x}, {w})=1$ with a proof ${\pi}$ of length $S\cdot\text{poly}(|\mathbb{F}|)$ and soundness error $\epsilon=O(1/\sqrt{|\mathbb{F}|})$. We show this error to be asymptotically optimal. In particular, and in contrast to the best known PCPs, there exist strictly linear-length DPPs over constant-size fields.

* Large-field DPP: If $|\mathbb{F}|\ge\text{poly}(S/\epsilon)$, there is a similar DPP with soundness error $\epsilon$ and proof length $O(S)$ (in field elements).

The above results do not rely on the PCP theorem and their proofs are considerably simpler. We apply our DPP constructions toward two kinds of applications.

* Hardness of approximation: We obtain a simple proof for the NP-hardness of approximating MAXLIN (with dense instances) over any finite field $\mathbb{F}$ up to some constant factor $c>1$, independent of $\mathbb{F}$. Unlike previous PCP-based proofs, our proof yields exponential-time hardness under the exponential time hypothesis (ETH).

* Succinct arguments: We improve the concrete efficiency of succinct interactive arguments in the generic group model using input-independent preprocessing.In particular, the communication is comparable to sending two group elements and the verifier's computation is dominated by a single group exponentiation. We also show how to use DPPs together with linear-only encryption to construct succinct commit-and-prove arguments.


ISSN 1433-8092 | Imprint