Protecting data privacy in publicly verifiable delegation of matrix and polynomial functions


Outsourcing computation has gained significant attention in recent years in particular due to the prevalence of cloud computing. There are two main security concerns in outsourcing computation: guaranteeing that the server performs the computation correctly, and protecting the privacy of the client’s data. The verifiable computation of Gennaro, Gentry and Parno addresses both concerns for outsourcing the computation of a function f on an input x to the cloud. The GGP scheme is privately delegatable, privately verifiable, and based on the expensive cryptographic primitives such as fully homomorphic encryption (FHE). In this paper we consider the problem of outsourcing matrix-vector multiplications of the form \(F{\mathbf{x}}\), where F is a matrix and \(\mathbf{x}\) is a column vector, and construct publicly delegatable and publicly verifiable schemes. Our schemes are either input private or function private, highly efficient, and provably secure under the well-established assumptions such as the discrete-logarithm assumption. We decompose a polynomial computation, such as computing a univariate polynomial of arbitrary degree, a bivariate polynomial of arbitrary degree, a quadratic multivariate polynomial, and in general any multivariate polynomial, into a two-step computation in which the computaionally expensive step is a matrix-vector multiplication. We use the matrix schemes to outsource the computation of high-degree polynomials and obtain the first high-degree polynomial outsourcing schemes that simultaneously have public delegation, public verification and input privacy/function privacy.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10


  1. 1.

  2. 2.


  1. 1.

    Ananth P., Chandran N., Goyal V., Kanukurthi B., Ostrovsky R.: Achieving privacy in verifiable computation with multiple servers-without FHE and without pre-processing. In: Krawczyk H. (ed.) PKC 2014, vol. 8383, pp. 149–166. LNCSSpringer, Heidelberg (2014).

  2. 2.

    Applebaum B., Ishai Y., Kushilevitz E.: From secrecy to soundness: efficient verification via secure computation. In: Abramsky S., Gavoille C., Kirchner C., Meyer auf der Heide F., Spirakis P.G. (eds.) ICALP 2010. LNCS, vol. 6198, pp. 152–163. Springer, Heidelberg (2010)

  3. 3.

    Babai L.: Trading group theory for randomness. In: STOC 1985, pp. 421–429.

  4. 4.

    Barbosa M., Farshim P.: Delegatable homomorphic encryption with applications to secure outsourcing of computation. In: Dunkelman O. (ed.) CT-RSA 2012, vol. 7178, pp. 296–312. LNCSSpringer, Heidelberg (2012).

  5. 5.

    Beimel A., Ishai Y., Malkin T.G.: Reducing the servers computation in private information retrieval: PIR with preprocessing. In: Bellare M. (ed.) CRYPTO 2000, vol. 1880, pp. 55–73. LNCSSpringer, Heidelberg (2000).

  6. 6.

    Benabbas S., Gennaro R., Vahlis Y.: Verifiable delegation of computation over large datasets. In: Rogaway P. (ed.) CRYPTO 2011, vol. 6841, pp. 111–131. LNCSSpringer, Heidelberg (2011).

  7. 7.

    Brakerski Z., Vaikuntanathan V.: Fully homomorphic encryption from ring-LWE and security for key dependent messages. In: Rogaway P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505?24. Springer, Heidelberg (2011)

  8. 8.

    Blum M., Luby M., Rubinfeld R.: Self-testing/correcting with applications to numerical problems. STOC pp. 73–83 (1990).

  9. 9.

    Blum M., Wasserman H.: Program result-checking: a theory of testing meets a test of theory. FOCS pp. 382–392 (1994).

  10. 10.

    Catalano D., Fiore D., Gennaro R., Vamvourellis K.: Algebraic (trapdoor) one way functions and their applications. In: Sahai A. (ed.) TCC 2013, vol. 7785, pp. 680–699. LNCSSpringer, Heidelberg (2013).

  11. 11.

    Chor B., Goldreich O., Kushilevitz E., Sudan M.: Private information retrieval. In: FOCS 1995, pp. 41–50.

  12. 12.

    Chung K.-M., Kalai Y.T., Liu F.-H., Raz R.: Memory delegation. In: Rogaway P. (ed.) CRYPTO 2011, vol. 6841, pp. 151–168. LNCSSpringer, Heidelberg (2011).

  13. 13.

    Chung K.-M., Kalai Y., Vadhan S.: Improved delegation of computation using fully homomorphic encryption. In: Rabin T. (ed.) CRYPTO 2010, vol. 6223, pp. 483–501. LNCSSpringer, Heidelberg (2010).

  14. 14.

    Elkhiyaoui, K., Önen, M., Azraoui, M., Molva, R.: Efficient techniques for publicly verifiable delegation of computation. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2016, pp. 119–128. ACM, New York (2016).

  15. 15.

    Fiore D., Gennaro R.: Publicly verifiable delegation of large polynomials and matrix computations, with applications. In: CCS 2012, pp. 501–512. ACM (2012)

  16. 16.

    Fiore D., Gennaro R., Pastro V.: Efficiently verifiable computation on encrypted data. In: CCS 2014, pp. 844–855. (Official implementation is called “HAL: A Library for Homomorphic Authentication” and available at “”.

  17. 17.

    Gennaro R., Gentry C., Parno B.: Non-interactive verifiable computing: outsourcing computation to untrusted workers. In: Rabin T. (ed.) CRYPTO 2010, vol. 6223, pp. 465–482. LNCSSpringer, Heidelberg (2010).

  18. 18.

    Gentry C.: Fully homomorphic encryption using ideal lattices. STOC 169–178 (2009).

  19. 19.

    Goldwasser S., Micali S.: Probabilistic encryption. JCSS 28(2), 270–299 (1984).

    MathSciNet  MATH  Google Scholar 

  20. 20.

    Paillier P.: Public-key cryptosystems based on composite degree residuosity classes. In: Proc. of Eurocrypt’99, Springer LNCS vol. 1592, pp. 223–238 (1999)

  21. 21.

    Goldwasser S., Kalai Y.T., Rothblum G.N.: Delegating computation: interactive proofs for muggles. In: STOC 2008, pp. 113–122.

  22. 22.

    Goldwasser S., Micali S., Rackoff C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989).

    MathSciNet  Article  Google Scholar 

  23. 23.

    Huang Y., Goldberg I.: Outsourced private information retrieval. In: Workshop on Privacy in the Electronic Society, pp. 119–130.

  24. 24.

    Joo C., Yun A.: Homomorphic authenticated encryption secure against chosen-ciphertext attack. In: Sarkar P., Iwata T. (eds.) ASIACRYPT 2014, vol. 8874, pp. 173–192. LNCSSpringer, Heidelberg (2014).

  25. 25.

    Kilian J.: A note on efficient zero-knowledge proofs and arguments. In: STOC 1992, pp. 723–732.

  26. 26.

    Kilian J.: Improved efficient arguments. In: Coppersmith D. (ed.) CRYPTO 1995, vol. 963, pp. 311–324. LNCSSpringer, Heidelberg (1995).

  27. 27.

    Kushilevitz E., Ostrovsky R.: Replication is not needed: single database, computationally-private information retrieval. In: FOCS 1997.

  28. 28.

    Libert B., Peters T., Joye M., Yung M.: Linearly homomorphic structure-preserving signatures and their applications. In: Canetti R., Garay J.A. (eds.) CRYPTO 2013, Part II, vol. 8043, pp. 289–307. LNCSSpringer, Heidelberg (2013).

  29. 29.

    Mayberry T., Blass E.-O., Chan A.H.: PIRMAP: efficient private information retrieval for mapreduce. In: Sadeghi A.-R. (ed.) FC 2013, vol. 7859, pp. 371–385. LNCSSpringer, Heidelberg (2013).

  30. 30.

    Micali S.: CS proofs. In: FOCS 1994, pp. 436-453.

  31. 31.

    Mohassel P.: Efficient and secure delegation of linear algebra. IACR Cryptol. ePrint Arch. 2011, 605 (2011).

    Google Scholar 

  32. 32.

    Naor M., Pinkas B.: Oblivious polynomial evaluation. SIAM J. Comput. 35(5), 1254–1284 (2006).

    MathSciNet  Article  Google Scholar 

  33. 33.

    Papamanthou C., Shi E., Tamassia R.: Signatures of correct computation. In: Sahai A. (ed.) TCC 2013, vol. 7785, pp. 222–242. LNCSSpringer, Heidelberg (2013).

  34. 34.

    Parno B., Howell J., Gentry C., Raykova M.: Pinocchio: nearly practical verifiable computation. In: IEEE Symposium on Security and Privacy, pp. 238–252 (2013)

  35. 35.

    Parno B., Raykova M., Vaikuntanathan V.: How to delegate and verify in public: verifiable computation from attribute-based encryption. In: Cramer R. (ed.) TCC 2012, vol. 7194, pp. 422–439. LNCSSpringer, Heidelberg (2012).

Download references


The authors would like to thank the anonymous referees for the helpful comments. The research of Liang Feng Zhang was supported by the NSFC (No. 61602304) and the Pujiang Talent Program (No. 16PJ1406500). The research of Reihaneh Safavi-Naini was in part supported by the National Science and Engineering Research Council of Canada, and Alberta Innovates Technology Futures in the province of Alberta, Canada.

Author information



Corresponding author

Correspondence to Liang Feng Zhang.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Communicated by J. H. Cheon.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Zhang, L.F., Safavi-Naini, R. Protecting data privacy in publicly verifiable delegation of matrix and polynomial functions. Des. Codes Cryptogr. 88, 677–709 (2020).

Download citation


  • Verifiable computation
  • Public delegation
  • Public verification
  • Data privacy

Mathematics Subject Classification

  • 11T71