Resolving the conflict between generality and plausibility in verified computation

The area of proof-based verified computation (outsourced computation built atop probabilistically checkable proofs and cryptographic machinery) has lately seen renewed interest. Although recent work has made great strides in reducing the overhead of naive applications of the theory, these schemes still cannot be considered practical. A core issue is that the work for the server is immense, in general; it is practical only for hand-compiled computations that can be expressed in special forms. This paper addresses that problem. Provided one is willing to batch verification, we develop a protocol that achieves the efficiency of the best manually constructed protocols in the literature yet applies to most computations. We show that Quadratic Arithmetic Programs, a new formalism for representing computations efficiently, can yield a particularly efficient PCP that integrates easily into the core protocols, resulting in a server whose work is roughly linear in the running time of the computation. We implement this protocol in the context of a system, called Zaatar, that includes a compiler and a GPU implementation. Zaatar is almost usable for real problems---without special-purpose tailoring. We argue that many (but not all) of the next research questions in verified computation are questions in secure systems.

[1]  Andrew J. Blumberg Toward Practical and Unconditional Verification of Remote Computations , 2011, HotOS.

[2]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[3]  Eli Ben-Sasson,et al.  Short PCPs with Polylog Query Complexity , 2008, SIAM J. Comput..

[4]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[5]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[6]  Irit Dinur,et al.  The PCP theorem by gap amplification , 2006, STOC.

[7]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[8]  Sanjeev Arora,et al.  Probabilistic checking of proofs: a new characterization of NP , 1998, JACM.

[9]  Christian Cachin Integrity and Consistency for Untrusted Services - (Extended Abstract) , 2011, SOFSEM.

[10]  Benjamin Braun Compiling computations to constraints for verified computation , 2012 .

[11]  Idit Keidar,et al.  Fail-Aware Untrusted Storage , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[12]  Stefan Katzenbeisser,et al.  Semantic integrity in large-scale online simulations , 2010, TOIT.

[13]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[14]  Russ Bubley,et al.  Randomized algorithms , 1995, CSUR.

[15]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[16]  David P. Anderson,et al.  SETI@home: an experiment in public-resource computing , 2002, CACM.

[17]  D. N. Kim,et al.  Fast Fourier Transform - Algorithms and Applications , 2010 .

[18]  Mihir Bellare,et al.  Linearity testing in characteristic two , 1996, IEEE Trans. Inf. Theory.

[19]  Carsten Lund,et al.  Proof verification and hardness of approximation problems , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[20]  Manuel Blum,et al.  Self-testing/correcting with applications to numerical problems , 1990, STOC '90.

[21]  Idit Keidar,et al.  Venus: verification for untrusted cloud storage , 2010, CCSW '10.

[22]  Eli Ben-Sasson,et al.  On the Concrete-Efficiency Threshold of Probabilistically-Checkable Proofs , 2012, Electron. Colloquium Comput. Complex..

[23]  Craig Gentry,et al.  Homomorphic Evaluation of the AES Circuit , 2012, IACR Cryptol. ePrint Arch..

[24]  Ghassan O. Karame,et al.  Secure Remote Execution of Sequential Computations , 2009, ICICS.

[25]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[26]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[27]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[28]  Sanjeev Arora,et al.  Computational Complexity: A Modern Approach , 2009 .

[29]  J. Tukey,et al.  An algorithm for the machine calculation of complex Fourier series , 1965 .

[30]  Gerhard Merz Fast Fourier Transform Algorithms with Applications , 1983 .

[31]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[32]  J. Miller Numerical Analysis , 1966, Nature.

[33]  Sergios Theodoridis,et al.  Pattern Recognition, Third Edition , 2006 .

[34]  Rafail Ostrovsky,et al.  Efficient Arguments without Short PCPs , 2007, Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07).

[35]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[36]  Benjamin Braun,et al.  Taking Proof-Based Verified Computation a Few Steps Closer to Practicality , 2012, USENIX Security Symposium.

[37]  Eli Ben-Sasson,et al.  Short PCPs verifiable in polylogarithmic time , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[38]  Graham Cormode,et al.  Practical verified computation with streaming interactive proofs , 2011, ITCS '12.

[39]  Petr Kuznetsov,et al.  Zeno: Eventually Consistent Byzantine-Fault Tolerance , 2009, NSDI.

[40]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[41]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[42]  Helger Lipmaa,et al.  Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments , 2012, TCC.

[43]  Eli Ben-Sasson,et al.  Robust PCPs of Proximity, Shorter PCPs, and Applications to Coding , 2004, SIAM J. Comput..

[44]  Hanspeter Pfister,et al.  Verifiable Computation with Massively Parallel Interactive Proofs , 2012, HotCloud.

[45]  Srinath T. V. Setty,et al.  Making argument systems for outsourced computation practical (sometimes) , 2012, NDSS.

[46]  Adrian Perrig,et al.  Bootstrapping Trust in Modern Computers , 2011, Springer Briefs in Computer Science.

[47]  Stefan Katzenbeisser,et al.  Trustable outsourcing of business processes to cloud computing environments , 2011, 2011 5th International Conference on Network and System Security.

[48]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[49]  Carsten Lund,et al.  Efficient probabilistically checkable proofs and applications to approximations , 1993, STOC.

[50]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[51]  A. Sadeghi,et al.  Token-Based Cloud Computing Secure Outsourcing of Data and Arbitrary Computations with Lower Latency , 2010 .

[52]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[53]  Lior Malka,et al.  VMCrypt: modular software architecture for scalable secure computation , 2011, CCS '11.

[54]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[55]  Eran Tromer,et al.  Proof-Carrying Data and Hearsay Arguments from Signature Cards , 2010, ICS.

[56]  Srinath T. V. Setty,et al.  Depot: Cloud Storage with Minimal Trust , 2010, TOCS.

[57]  Lloyd N. Trefethen,et al.  Barycentric Lagrange Interpolation , 2004, SIAM Rev..

[58]  Eli Ben-Sasson,et al.  Fast reductions from RAMs to delegatable succinct constraint satisfaction problems: extended abstract , 2013, ITCS '13.

[59]  B. Ripley,et al.  Pattern Recognition , 1968, Nature.

[60]  Fabian Monrose,et al.  Distributed Execution with Remote Audit , 1999, NDSS.

[61]  Srinath T. V. Setty,et al.  A Hybrid Architecture for Interactive Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[62]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[63]  Michael J. Fischer,et al.  Relations Among Complexity Measures , 1979, JACM.

[64]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.