A Hybrid Architecture for Interactive Verifiable Computation

We consider interactive, proof-based verifiable computation: how can a client machine specify a computation to a server, receive an answer, and then engage the server in an interactive protocol that convinces the client that the answer is correct, with less work for the client than executing the computation in the first place? Complexity theory and cryptography offer solutions in principle, but if implemented naively, they are ludicrously expensive. Recently, however, several strands of work have refined this theory and implemented the resulting protocols in actual systems. This work is promising but suffers from one of two problems: either it relies on expensive cryptography, or else it applies to a restricted class of computations. Worse, it is not always clear which protocol will perform better for a given problem.We describe a system that (a) extends optimized refinements of the non-cryptographic protocols to a much broader class of computations, (b) uses static analysis to fail over to the cryptographic ones when the non-cryptographic ones would be more expensive, and (c) incorporates this core into a built system that includes a compiler for a high-level language, a distributed server, and GPU acceleration. Experimental results indicate that our system performs better and applies more widely than the best in the literature.

[1]  Hanspeter Pfister,et al.  Verifiable Computation with Massively Parallel Interactive Proofs , 2012, HotCloud.

[2]  Rosario Gennaro,et al.  Publicly verifiable delegation of large polynomials and matrix computations, with applications , 2012, IACR Cryptol. ePrint Arch..

[3]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[4]  Srinath T. V. Setty,et al.  Making argument systems for outsourced computation practical (sometimes) , 2012, NDSS.

[5]  Carsten Lund,et al.  Proof verification and hardness of approximation problems , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[6]  Abhi Shelat,et al.  Billion-Gate Secure Computation with Malicious Adversaries , 2012, USENIX Security Symposium.

[7]  Joe Kilian,et al.  Improved Efficient Arguments (Preliminary Version) , 1995, CRYPTO.

[8]  Adi Shamir,et al.  IP = PSPACE , 1992, JACM.

[9]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[10]  Elaine Shi,et al.  Signatures of Correct Computation , 2013, TCC.

[11]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[12]  Jens Groth,et al.  Short Pairing-Based Non-interactive Zero-Knowledge Arguments , 2010, ASIACRYPT.

[13]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[14]  Fabian Monrose,et al.  Distributed Execution with Remote Audit , 1999, NDSS.

[15]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[16]  Carsten Lund,et al.  Algebraic methods for interactive proof systems , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[17]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[18]  David P. Anderson,et al.  SETI@home: an experiment in public-resource computing , 2002, CACM.

[19]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[20]  Eli Ben-Sasson,et al.  On the Concrete-Efficiency Threshold of Probabilistically-Checkable Proofs , 2012, Electron. Colloquium Comput. Complex..

[21]  Andrew J. Blumberg Toward Practical and Unconditional Verification of Remote Computations , 2011, HotOS.

[22]  Sanjeev Arora,et al.  Probabilistic checking of proofs: a new characterization of NP , 1998, JACM.

[23]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[24]  Eli Ben-Sasson,et al.  Fast reductions from RAMs to delegatable succinct constraint satisfaction problems: extended abstract , 2013, ITCS '13.

[25]  Eli Ben-Sasson,et al.  On the concrete efficiency of probabilistically-checkable proofs , 2013, STOC '13.

[26]  Benjamin Braun,et al.  Resolving the conflict between generality and plausibility in verified computation , 2013, EuroSys '13.

[27]  Russ Bubley,et al.  Randomized algorithms , 1995, CSUR.

[28]  Benjamin Braun,et al.  Taking Proof-Based Verified Computation a Few Steps Closer to Practicality , 2012, USENIX Security Symposium.

[29]  Craig Gentry,et al.  Homomorphic Evaluation of the AES Circuit , 2012, IACR Cryptol. ePrint Arch..

[30]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[31]  Graham Cormode,et al.  Practical verified computation with streaming interactive proofs , 2011, ITCS '12.

[32]  Ivan Damgård,et al.  Linear zero-knowledge—a note on efficient zero-knowledge proofs and arguments , 1997, STOC '97.

[33]  Adrian Perrig,et al.  Bootstrapping Trust in Modern Computers , 2011, Springer Briefs in Computer Science.

[34]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[35]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[36]  Rafail Ostrovsky,et al.  Efficient Arguments without Short PCPs , 2007, Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07).

[37]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[38]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[39]  A. Sadeghi,et al.  Token-Based Cloud Computing Secure Outsourcing of Data and Arbitrary Computations with Lower Latency , 2010 .

[40]  Miguel Vargas-Lombardo,et al.  Security Threats in Volunteer Computing Environments Using the Berkeley Open Infrastructure for Network Computing (BOINC) , 2012 .

[41]  Guy N. Rothblum,et al.  Delegating computation reliably: paradigms and constructions , 2009 .

[42]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[43]  Sanjeev Arora,et al.  Computational Complexity: A Modern Approach , 2009 .

[44]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[45]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[46]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[47]  Helger Lipmaa,et al.  Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments , 2012, TCC.

[48]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.