From Secrecy to Soundness: Efficient Verification via Secure Computation

We study the problem of verifiable computation (VC) in which a computationally weak client wishes to delegate the computation of a function f on an input x to a computationally strong but untrusted server. We present new general approaches for constructing VC protocols, as well as solving the related problems of program checking and self-correcting. The new approaches reduce the task of verifiable computation to suitable variants of secure multiparty computation (MPC) protocols. In particular, we show how to efficiently convert the secrecy property of MPC protocols into soundness of a VC protocol via the use of a message authentication code (MAC). The new connections allow us to apply results from the area of MPC towards simplifying, unifying, and improving over previous results on VC and related problems. In particular, we obtain the following concrete applications: (1) The first VC protocols for arithmetic computations which only make a black-box use of the underlying field or ring; (2) a non-interactive VC protocol for boolean circuits in the preprocessing model, conceptually simplifying and improving the online complexity of a recent protocol of Gennaro et al. (Cryptology ePrint Archive: Report 2009/547); (3) NC0 self-correctors for complete languages in the complexity class NC1 and various log-space classes, strengthening previous AC0 correctors of Goldwasser et al. (STOC 2008).

[1]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[2]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[3]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[4]  Richard J. Lipton,et al.  New Directions In Testing , 1989, Distributed Computing And Cryptography.

[5]  Yael Tauman Kalai,et al.  Probabilistically Checkable Arguments , 2009, CRYPTO.

[6]  Anna Gál,et al.  On Arithmetic Branching Programs , 1999, J. Comput. Syst. Sci..

[7]  Yuval Ishai,et al.  Efficient Multi-party Computation over Rings , 2003, EUROCRYPT.

[8]  Ivan Damgård,et al.  Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption , 2003, CRYPTO.

[9]  Silvio Micali,et al.  CS proofs , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[10]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[11]  Anna Lysyanskaya,et al.  How to Securely Outsource Cryptographic Computations , 2005, TCC.

[12]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[13]  Martín Abadi,et al.  On hiding information from an oracle , 1987, STOC '87.

[14]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[15]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[16]  Joan Feigenbaum,et al.  Hiding Instances in Multioracle Queries , 1990, STACS.

[17]  Guy N. Rothblum,et al.  Verifying and decoding in constant depth , 2007, STOC '07.

[18]  Ronitt Rubinfeld,et al.  Designing checkers for programs that run in parallel , 1996, Algorithmica.

[19]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[20]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[21]  Manuel Blum,et al.  Program Result Checking against Adaptive Programs and in Cryptographic Settings , 1989, Distributed Computing And Cryptography.

[22]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[23]  Yuval Ishai,et al.  Cryptography in NC0 , 2004, SIAM J. Comput..

[24]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[25]  Meena Mahajan,et al.  Determinant: Combinatorics, Algorithms, and Complexity , 1997, Chic. J. Theor. Comput. Sci..

[26]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[27]  Christoph Meinel,et al.  Structure and Importance of Logspace-MOD-Classes , 1991, STACS.

[28]  Joan Feigenbaum,et al.  Locally Random Reductions in Interactive Complexity Theory , 1990, Advances In Computational Complexity Theory.

[29]  Yuval Ishai,et al.  Computationally Private Randomizing Polynomials and Their Applications , 2005, Computational Complexity Conference.

[30]  Manuel Blum,et al.  Self-testing/correcting with applications to numerical problems , 1990, STOC '90.

[31]  Manuel Blum,et al.  Designing programs that check their work , 1989, STOC '89.

[32]  Yuval Ishai,et al.  Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials , 2002, ICALP.

[33]  Guy N. Rothblum,et al.  A (de)constructive approach to program checking , 2008, STOC.

[34]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[35]  Silvio Micali,et al.  CS Proofs (Extended Abstracts) , 1994, FOCS 1994.