ALITHEIA: Towards Practical Verifiable Graph Processing

We consider a scenario in which a data owner outsources storage of a large graph to an untrusted server; the server performs computations on this graph in response to queries from a client (whether the data owner or others), and the goal is to ensure verifiability of the returned results. Existing work on verifiable computation (VC) would compile each graph computation to a circuit or a RAM program and then use generic techniques to produce a cryptographic proof of correctness for the result. Unfortunately, such an approach will incur large overhead, especially in the proof-computation time. In this work we address the above by designing, building, and evaluating ALITHEIA, a nearly practical VC system tailored for graph queries such as computing shortest paths, longest paths, and maximum flow. The underlying principle of ALITHEIA is to minimize the use of generic VC systems by leveraging various algorithmic techniques specifically for graphs. This leads to both theoretical and practical improvements. Asymptotically, it improves the complexity of proof computation by at least a logarithmic factor. On the practical side, we show that ALITHEIA achieves significant performance improvements over current state-of-the-art (up to a 108x improvement in proof-computation time, and a 99.9% reduction in server storage), while scaling to 200,000-node graphs.

[1]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[2]  Daniele Micciancio Lattice-Based Cryptography , 2011, Encyclopedia of Cryptography and Security.

[3]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[4]  Satish Rao,et al.  Planar graphs, negative weight edges, shortest paths, and near linear time , 2006, J. Comput. Syst. Sci..

[5]  Elaine Shi,et al.  Streaming Authenticated Data Structures , 2013, EUROCRYPT.

[6]  Roberto Tamassia,et al.  Time and Space Efficient Algorithms for Two-Party Authenticated Data Structures , 2007, ICICS.

[7]  Michael T. Goodrich,et al.  Efficient Authenticated Data Structures for Graph Connectivity and Geometric Search Problems , 2009, Algorithmica.

[8]  Kurt Mehlhorn,et al.  Certifying algorithms , 2011, Comput. Sci. Rev..

[9]  Kyriakos Mouratidis,et al.  Efficient verification of shortest path search via authenticated hints , 2010, 2010 IEEE 26th International Conference on Data Engineering (ICDE 2010).

[10]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[11]  Elaine Shi,et al.  TRUESET: Faster Verifiable Set Computations , 2014, USENIX Security Symposium.

[12]  Benjamin Braun,et al.  Verifying computations with state , 2013, IACR Cryptol. ePrint Arch..

[13]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[14]  Chris Peikert,et al.  Hardness of SIS and LWE with Small Parameters , 2013, CRYPTO.

[15]  Roberto Tamassia,et al.  Certification and Authentication of Data Structures , 2010, AMW.

[16]  Eli Fox-Epstein,et al.  Short and Simple Cycle Separators in Planar Graphs , 2013, ALENEX.

[17]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[18]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[19]  Dario Fiore,et al.  Vector Commitments and Their Applications , 2013, Public Key Cryptography.

[20]  Srinath T. V. Setty,et al.  Making argument systems for outsourced computation practical (sometimes) , 2012, NDSS.

[21]  R. Tarjan,et al.  A Separator Theorem for Planar Graphs , 1977 .

[22]  Roberto Tamassia,et al.  Authenticated Data Structures , 2003, ESA.

[23]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[24]  Eli Ben-Sasson,et al.  Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture , 2014, USENIX Security Symposium.

[25]  Ronald L. Rivest,et al.  Introduction to Algorithms, third edition , 2009 .

[26]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[27]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[28]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[29]  Michael T. Goodrich,et al.  Persistent Authenticated Dictionaries and Their Applications , 2001, ISC.

[30]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[31]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[32]  Roberto Tamassia,et al.  Optimal Verification of Operations on Dynamic Sets , 2011, CRYPTO.

[33]  Benjamin Braun,et al.  Resolving the conflict between generality and plausibility in verified computation , 2013, EuroSys '13.

[34]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[35]  Srinath T. V. Setty,et al.  A Hybrid Architecture for Interactive Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[36]  Swastik Kopparty,et al.  TO PLANAR GRAPHS , 2010 .