Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers

We introduce and formalize the notion of Verifiable Computation, which enables a computationally weak client to "outsource" the computation of a function F on various dynamically-chosen inputs x1, ...,xk to one or more workers. The workers return the result of the function evaluation, e.g., yi = F(xi), as well as a proof that the computation of F was carried out correctly on the given value xi. The primary constraint is that the verification of the proof should require substantially less computational effort than computing F(i) from scratch. We present a protocol that allows the worker to return a computationally-sound, non-interactive proof that can be verified in O(mċpoly(λ)) time, where m is the bit-length of the output of F, and λ is a security parameter. The protocol requires a one-time pre-processing stage by the client which takes O(|C|ċpoly(λ)) time, where C is the smallest known Boolean circuit computing F. Unlike previous work in this area, our scheme also provides (at no additional cost) input and output privacy for the client, meaning that the workers do not learn any information about the xi or yi values.

[1]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[2]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[3]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[4]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[5]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[6]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[7]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[8]  Silvio Micali,et al.  CS proofs , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[9]  Silvio Micali,et al.  CS Proofs (Extended Abstracts) , 1994, FOCS 1994.

[10]  Joe Kilian,et al.  Improved Efficient Arguments (Preliminary Version) , 1995, CRYPTO.

[11]  Gage Js,et al.  The great Internet Mersenne prime search. , 1998 .

[12]  J. S. Gage The great Internet Mersenne prime search. , 1998, M.D. computing : computers in medical practice.

[13]  Fabian Monrose,et al.  Distributed Execution with Remote Audit , 1999, NDSS.

[14]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[15]  D. Molnar Signing electronic contracts , 2000, CROS.

[16]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[17]  Philippe Golle,et al.  Uncheatable Distributed Computations , 2001, CT-RSA.

[18]  David P. Anderson,et al.  SETI@home: an experiment in public-resource computing , 2002, CACM.

[19]  Yehuda Lindell,et al.  A Proof of Yao's Protocol for Secure Two-Party Computation , 2004, Electron. Colloquium Comput. Complex..

[20]  Anna Lysyanskaya,et al.  How to Securely Outsource Cryptographic Computations , 2005, TCC.

[21]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[22]  Alptekin Küpçü,et al.  Incentivizing outsourced computation , 2008, NetEcon '08.

[23]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[24]  Yuval Ishai,et al.  Bounded Key-Dependent Message Security , 2010, IACR Cryptol. ePrint Arch..

[25]  Guy N. Rothblum,et al.  Delegating computation reliably: paradigms and constructions , 2009 .

[26]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[27]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[28]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[29]  Guy N. Rothblum,et al.  Are PCPs Inherent in Efficient Arguments? , 2009, Computational Complexity Conference.

[30]  Yael Tauman Kalai,et al.  Probabilistically Checkable Arguments , 2009, CRYPTO.

[31]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.