Certificate Validation in Secure Computation and Its Use in Verifiable Linear Programming

  • Sebastiaan de Hoogh
  • Berry Schoenmakers
  • Meilof VeeningenEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9646)


For many applications of secure multiparty computation it is natural to demand that the output of the protocol is verifiable. Verifiability should ensure that incorrect outputs are always rejected, even if all parties executing the secure computation collude. Since the inputs to a secure computation are private, and potentially the outputs are private as well, adding verifiability is in general hard and costly.

In this paper we focus on privacy-preserving linear programming as a typical and practically relevant case for verifiable secure multiparty computation. We introduce certificate validation as an effective technique for achieving verifiable linear programming. Rather than verifying the computation proper, which involves many iterations of the simplex algorithm, we extend the output of the secure computation with a certificate. The certificate allows for efficient and direct validation of the correctness of the output. The overhead incurred by the computation of the certificate is marginal. For the validation of a certificate we design particularly efficient distributed-prover zero-knowledge proofs, fully exploiting the fact that we can use ElGamal encryption for this purpose, hence avoiding the use of more elaborate cryptosystems such as Paillier encryption.

We also formulate appropriate security definitions for our approach, and prove security for our protocols in this model, paying special attention to ensuring properties such as input independence. By means of several experiments performed in a real multi-cloud-provider environment, we show that the overall performance for verifiable linear programming is very competitive, incurring minimal overhead compared to protocols providing no correctness guarantees at all.


Homomorphic Encryption Random Oracle Model Arithmetic Circuit Polynomial Relation Secure Multiparty Computation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We thank Dan Bernstein, Thijs Laarhoven, Peter Nordholt, and Niels de Vreede for useful discussions, and the anonymous reviewers for their suggestions. This work was supported in part by the European Commission through the ICT program under contract INFSO-ICT-284833 (PUFFIN); through the FP7 programme under grant 609611 (PRACTICE); and through the H2020 programme under grant 643964 (SUPERCLOUD).


  1. [ACG+14]
    Ananth, P., Chandran, N., Goyal, V., Kanukurthi, B., Ostrovsky, R.: Achieving privacy in verifiable computation with multiple servers – without FHE and without pre-processing. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 149–166. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  2. [AS98]
    Arora, S., Safra, S.: Probabilistic checking of proofs: a new characterization of NP. J. ACM 45(1), 70–122 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  3. [BD09]
    Bogetoft, P., et al.: Secure multiparty computation goes live. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 325–343. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. [BDO14]
    Baum, C., Damgård, I., Orlandi, C.: Publicly auditable secure multi-party computation. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 175–196. Springer, Heidelberg (2014)Google Scholar
  5. [Can98]
    Canetti, R.: Security and composition of multi-party cryptographic protocols. J. Cryptology 13, 2000 (1998)Google Scholar
  6. [CdH10]
    Catrina, O., de Hoogh, S.: Secure multiparty linear programming using fixed-point arithmetic. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 134–150. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. [CDS94]
    Cramer, R., Damgård, I., Schoenmakers, B.: Proof of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  8. [CF85]
    Cohen, J., Fischer, M.: A robust and verifiable cryptographically secure election scheme. In: Proceedings of FOCS 1985, pp. 372–382. IEEE (1985)Google Scholar
  9. [DDN+15]
    Damgård, I., Damgård, K., Nielsen, K., Nordholt, P.S., Toft, T.: Confidential benchmarking based on multiparty computation. Cryptology eprint 2015/1006 (2015)Google Scholar
  10. [DFK+92]
    Dwork, C., Feige, U., Kilian, J., Naor, M., Safra, M.: Low communication 2-prover zero-knowledge proofs for NP. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 215–227. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  11. [dH12]
    de Hoogh, S.: Design of large scale applications of secure multiparty computation: secure linear programming. Ph.D. thesis, Eindhoven University of Technology (2012)Google Scholar
  12. [dHSV15]
    de Hoogh, S., Schoenmakers, B., Veeningen, M.: Certificate validation in secure computation and its use in verifiable linear programming. Cryptology eprint 2015/339 (full version of this paper) (2015)Google Scholar
  13. [DKL+13]
    Damgård, I., Keller, M., Larraia, E., Pastro, V., Scholl, P., Smart, N.P.: Practical covertly secure MPC for dishonest majority – Or: breaking the SPDZ limits. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 1–18. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  14. [El85]
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)MathSciNetCrossRefGoogle Scholar
  15. [FGP14]
    Fiore, D., Gennaro, R., Pastro, V.: Efficiently verifiable computation on encrypted data. In: Proceedings of CCS 2014 (2014)Google Scholar
  16. [FS86]
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  17. [GKP+13]
    Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: Reusable garbled circuits and succinct functional encryption. In: Proceedings of STOC 2013 (2013)Google Scholar
  18. [GKR08]
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: interactive proofs for muggles. In: Proceedings of STOC 2008, pp. 113–122 (2008)Google Scholar
  19. [Hro01]
    Hromkovic, J.: Algorithmics for Hard Problems - Introduction to Combinatorial Optimization, Randomization, Approximation, and Heuristics. Springer, Heidelberg (2001)Google Scholar
  20. [JNO14]
    Jakobsen, T.P., Nielsen, J.B., Orlandi, C.: A framework for outsourcing of secure computation. In: Proceedings of CCSW 2014, pp. 81–92 (2014)Google Scholar
  21. [KMR11]
    Kamara, S., Mohassel, P., Raykova, M.: Outsourcing multi-party computation. Cryptology eprint 2011/272 (2011)Google Scholar
  22. [KMR12]
    Keller, M., Mikkelsen, G.L., Rupp, A.: Efficient threshold zero-knowledge with applications to user-centric protocols. In: Smith, A. (ed.) ICITS 2012. LNCS, vol. 7412, pp. 147–166. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  23. [LTV12]
    López-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Proceedings of STOC 2012, pp. 1219–1234 (2012)Google Scholar
  24. [Nat99]
    National Institute of Standards and Technology: Recommended elliptic curves for federal government use (1999).
  25. [Ped91]
    Pedersen, T.P.: A threshold cryptosystem without a trusted party (extended abstract). In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  26. [PHGR13]
    Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: Proceedings of S&P 2013 (2013)Google Scholar
  27. [SK95]
    Sako, K., Kilian, J.: Receipt-free mix-type voting scheme. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 393–403. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  28. [SV15]
    Schoenmakers, B., Veeningen, M.: Universally verifiable multiparty computation from threshold homomorphic cryptosystems. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 3–22. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-28166-7_1 CrossRefGoogle Scholar
  29. [SVdV15]
    Schoenmakers, B., Veeningen, M., de Vreede, N.: Trinocchio: privacy-friendly outsourcing by distributed verifiable computation. Cryptology eprint 2015/480 (2015)Google Scholar
  30. [TT10]
    Tamassia, R., Triandopoulos, N.: Certification and authentication of data structures. In: Proceedings of AMW 2010 (2010)Google Scholar
  31. [ZPK14]
    Zhang, Y., Papamanthou, C., Katz, J.: ALITHEIA: towards practical verifiable graph processing. In: Proceedings of CCS 2014, pp. 856–867 (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Sebastiaan de Hoogh
    • 1
  • Berry Schoenmakers
    • 2
  • Meilof Veeningen
    • 1
    Email author
  1. 1.Philips ResearchEindhovenThe Netherlands
  2. 2.Eindhoven University of TechnologyEindhovenThe Netherlands

Personalised recommendations