Theory of Cryptography

Volume 7785 of the series Lecture Notes in Computer Science pp 499-518

Multi-Client Non-interactive Verifiable Computation

  • Seung Geol ChoiAffiliated withDepartment of Computer Science, Columbia University
  • , Jonathan KatzAffiliated withDepartment of Computer Science, University of Maryland
  • , Ranjit KumaresanAffiliated withDepartment of Computer Science, Technion
  • , Carlos CidAffiliated withRoyal Holloway, University of London

* Final gross prices may vary according to local VAT.

Get Access


Gennaro et al. (Crypto 2010) introduced the notion of non-interactive verifiable computation, which allows a computationally weak client to outsource the computation of a function f on a series of inputs x(1),... to a more powerful but untrusted server. Following a pre-processing phase (that is carried out only once), the client sends some representation of its current input x(i) to the server; the server returns an answer that allows the client to recover the correct result f(x(i)), accompanied by a proof of correctness that ensures the client does not accept an incorrect result. The crucial property is that the work done by the client in preparing its input and verifying the server’s proof is less than the time required for the client to compute f on its own.

We extend this notion to the multi-client setting, where n computationally weak clients wish to outsource to an untrusted server the computation of a function f over a series of joint inputs \((x_1^{(1)},...,x_1^{(1)})\),... without interacting with each other. We present a construction for this setting by combining the scheme of Gennaro et al. with a primitive called proxy oblivious transfer.