Computational integrity with a public random string from quasi-linear PCPs.

A party executing a computation on behalf of others may benefit from misreporting its output. Cryptographic protocols that detect this can facilitate decentralized systems with stringent computational integrity requirements. For the computation's result to be publicly trustworthy, it is moreover imperative to usepublicly verifiable protocols that have no "backdoors" or secret keys that enable forgery. Probabilistically Checkable Proof (PCP) systems can be used to construct such protocols, but some of the main components of such systems-proof composition and low-degree testing via PCPs of Proximity (PCPPs) - have been considered efficiently only asymptotically, for unrealistically large computations. Recent cryptographic alternatives suffer from a non-public setup phase, or require large verification time. This work introduces SCI, the first implementation of a scalable PCP system (that uses both PCPPs and proof composition). We used SCI to prove correctness of executions of up to 2(20) cycles of a simple processor, and calculated its break-even point: the minimal input size for which naive verification via re-execution becomes more costly than PCP-based verification. This marks the transition of core PCP techniques (like proof composition and PCPs of Proximity) from mathematical theory to practical system engineering. The thresholds obtained are nearly achievable and hence show that PCP-supported computational integrity is closer to reality than previously assumed.