Multi-Client Non-interactive Verifiable Computation

Gennaro et al. (Crypto 2010) introduced the notion of non-interactive verifiable computation, which allows a computationally weak client to outsource the computation of a function f on a series of inputs x(1),... to a more powerful but untrusted server. Following a pre-processing phase (that is carried out only once), the client sends some representation of its current input x(i) to the server; the server returns an answer that allows the client to recover the correct result f(x(i)), accompanied by a proof of correctness that ensures the client does not accept an incorrect result. The crucial property is that the work done by the client in preparing its input and verifying the server's proof is less than the time required for the client to compute f on its own. We extend this notion to the multi-client setting, where n computationally weak clients wish to outsource to an untrusted server the computation of a function f over a series of joint inputs $(x_1^{(1)},...,x_1^{(1)})$,... without interacting with each other. We present a construction for this setting by combining the scheme of Gennaro et al. with a primitive called proxy oblivious transfer.

[1]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[2]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[3]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[4]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[5]  Joe Kilian,et al.  Improved Efficient Arguments (Preliminary Version) , 1995, CRYPTO.

[6]  R. Cramer,et al.  Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments , 1996 .

[7]  Ivan Damgård,et al.  Linear zero-knowledge—a note on efficient zero-knowledge proofs and arguments , 1997, STOC '97.

[8]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[9]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[10]  Philippe Golle,et al.  Uncheatable Distributed Computations , 2001, CT-RSA.

[11]  Anna Lysyanskaya,et al.  How to Securely Outsource Cryptographic Computations , 2005, TCC.

[12]  Yuval Ishai,et al.  From Secrecy to Soundness: Efficient Verification via Secure Computation , 2010, ICALP.

[13]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[14]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[15]  Mariana Raykova,et al.  Outsourcing Multi-Party Computation , 2011, IACR Cryptol. ePrint Arch..

[16]  Vinod Vaikuntanathan,et al.  How to Delegate and Verify in Public: Verifiable Computation from Attribute-based Encryption , 2012, IACR Cryptol. ePrint Arch..

[17]  Yevgeniy Vahlis,et al.  Verifiable Delegation of Computation over Large Datasets , 2011, IACR Cryptol. ePrint Arch..

[18]  Ran Canetti,et al.  Practical delegation of computation using multiple servers , 2011, CCS '11.

[19]  Ran Canetti,et al.  Two Protocols for Delegation of Computation , 2012, ICITS.

[20]  Rosario Gennaro,et al.  Publicly verifiable delegation of large polynomials and matrix computations, with applications , 2012, IACR Cryptol. ePrint Arch..

[21]  Mihir Bellare,et al.  Foundations of garbled circuits , 2012, CCS.

[22]  Graham Cormode,et al.  Practical verified computation with streaming interactive proofs , 2011, ITCS '12.

[23]  Mihir Bellare,et al.  Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing , 2012, ASIACRYPT.

[24]  Elaine Shi,et al.  Signatures of Correct Computation , 2013, TCC.

[25]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[26]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.