Doubly Efficient Interactive Proofs over Infinite and Non-commutative Rings

We introduce the first proof system for layered arithmetic circuits over an arbitrary ring R that is (possibly) non-commutative and (possibly) infinite, while only requiring black-box access to its arithmetic and a subset $A\subseteq R$. Our construction only requires limited commutativity and regularity properties from A, similar to recent work on efficient information theoretic multi-party computation over non-commutative rings by Escudero and Soria-Vazquez (CRYPTO 2021), but furthermore covering infinite rings.

We achieve our results through a generalization of GKR-style interactive proofs (Goldwasser, Kalai and Rothblum, Journal of the ACM, 2015). When A is a subset of the center of R, generalizations of the sum-check protocol and other building blocks are not too problematic. The case when the elements of A only commute with each other, on the other hand, introduces a series of challenges. In order to overcome those, we need to introduce a new definition of polynomial ring over a non-commutative ring, the notion of left (and right) multi-linear extensions, modify the layer consistency equation and adapt the sum-check protocol.

Despite these changes, our results are compatible with recent developments such as linear time provers. Moreover, for certain rings our construction achieves provers that run in sublinear time in the circuit size. We obtain such result both for known cases, such as matrix and polynomial rings, as well as new ones, such as for some rings resulting from Clifford algebras. Besides efficiency improvements in computation and/or round complexity for several instantiations, the core conclusion of our results is that state of the art doubly efficient interactive proofs do not require much algebraic structure. This enables exact rather than approximate computation over infinite rings as well as “agile” proof systems, where the black-box choice of the underlying ring can be easily switched through the software life cycle.