Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers

  • Rosario Gennaro
  • Craig Gentry
  • Bryan Parno
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6223)


We introduce and formalize the notion of Verifiable Computation, which enables a computationally weak client to “outsource” the computation of a function F on various dynamically-chosen inputs x 1,...,x k to one or more workers. The workers return the result of the function evaluation, e.g., y i  = F(x i ), as well as a proof that the computation of F was carried out correctly on the given value x i . The primary constraint is that the verification of the proof should require substantially less computational effort than computing F(x i ) from scratch.

We present a protocol that allows the worker to return a computationally-sound, non-interactive proof that can be verified in O(m·polyλ) time, where m is the bit-length of the output of F, and λ is a security parameter. The protocol requires a one-time pre-processing stage by the client which takes O(|C|·polyλ) time, where C is the smallest known Boolean circuit computing F. Unlike previous work in this area, our scheme also provides (at no additional cost) input and output privacy for the client, meaning that the workers do not learn any information about the x i or y i values.


Encryption Scheme Homomorphic Encryption Oblivious Transfer Boolean Circuit Output Wire 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Amazon Elastic Compute Cloud,
  2. 2.
    The Folding@home project. Stanford University,
  3. 3.
  4. 4.
    The Great Internet Mersenne Prime Search,
  5. 5.
    Anderson, D.P., Cobb, J., Korpela, E., Lebofsky, M., Werthimer, D.: SETI@Home: An experiment in public-resource computing. Communications of the ACM 45(11), 56–61 (2002)CrossRefGoogle Scholar
  6. 6.
    Babai, L.: Trading group theory for randomness. In: Proceedings of the ACM Symposium on Theory of Computing (STOC), pp. 421–429. ACM, New York (1985)Google Scholar
  7. 7.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahay, A., Vadhan, S., Yang, K.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Barak, B., Haitner, I., Hofheinz, D., Ishai, Y.: Bounded key-dependent message security. In: Proceedings of EuroCrypt (June 2010)Google Scholar
  9. 9.
    Belenkiy, M., Chase, M., Erway, C.C., Jannotti, J., Küpçü, A., Lysyanskaya, A.: Incentivizing outsourced computation. In: Proceedings of the Workshop on Economics of Networked Systems (NetEcon), pp. 85–90. ACM, New York (2008)CrossRefGoogle Scholar
  10. 10.
    Chaum, D., Pedersen, T.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)Google Scholar
  11. 11.
    Gennaro, R., Gentry, C., Parno, B.: Non-Interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers,
  12. 12.
    Gentry, C.: A fully homomorphic encryption scheme. PhD thesis, Stanford University (2009)Google Scholar
  13. 13.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the ACM Symposium on the Theory of Computing (STOC) (2009)Google Scholar
  14. 14.
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: interactive proofs for muggles. In: Proceedings of the ACM Symposium on the Theory of Computing (2008)Google Scholar
  15. 15.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. SIAM Journal on Computing 18(1), 186–208 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Golle, P., Mironov, I.: Uncheatable distributed computations. In: Proceedings of the RSA Conference (2001)Google Scholar
  17. 17.
    Hohenberger, S., Lysyanskaya, A.: How to securely outsource cryptographic computations. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 264–282. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Kalai, Y.T., Raz, R.: Probabilistically checkable arguments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 143–159. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: Proceedings of the ACM Symposium on Theory of Computing (STOC) (1992)Google Scholar
  20. 20.
    Kilian, J.: Improved efficient arguments (preliminary version). In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 311–324. Springer, Heidelberg (1995)Google Scholar
  21. 21.
    Lindell, Y., Pinkas, B.: A proof of Yao’s protocol for secure two-party computation. Journal of Cryptology 22(2), 161–188 (2009)zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Micali, S.: CS proofs (extended abstract). In: Proceedings of the IEEE Symposium on Foundations of Computer Science (1994)Google Scholar
  23. 23.
    Molnar, D.: The SETI@Home problem. ACM Crossroads, 7.1 (2000)Google Scholar
  24. 24.
    Monrose, F., Wyckoff, P., Rubin, A.: Distributed execution with remote audit. In: Proceedings of ISOC Network and Distributed System Security Symposium (NDSS) (February 1999)Google Scholar
  25. 25.
    Rothblum, G.: Delegating Computation Reliably: Paradigms and Constructions. PhD thesis, Massachusetts Institute of Technology (2009)Google Scholar
  26. 26.
    Rothblum, G., Vadhan, S.: Are PCPs inherent in efficient arguments? In: Proceedings of Computational Complexity (CCC) (2009)Google Scholar
  27. 27.
    Smart, N.P., Vercauteren, F.: Fully homomorphic encryption with relatively small key and ciphertext sizes. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 420–443. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  28. 28.
    Smith, S., Weingart, S.: Building a high-performance, programmable secure coprocessor. Computer Networks (Special Issue on Computer Network Security) 31, 831–960 (1999)Google Scholar
  29. 29.
    Trusted Computing Group. Trusted platform module main specification. Version 1.2, Revision 103 (July 2007)Google Scholar
  30. 30.
    van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Proceedings of EuroCrypt (June 2010)Google Scholar
  31. 31.
    Yao, A.: Protocols for secure computations. In: Proceedings of the IEEE Symposium on Foundations of Computer Science (1982)Google Scholar
  32. 32.
    Yao, A.: How to generate and exchange secrets. In: Proceedings of the IEEE Symposium on Foundations of Computer Science (1986)Google Scholar
  33. 33.
    Yee, B.S.: Using Secure Coprocessors. PhD thesis, Carnegie Mellon University (1994)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Rosario Gennaro
    • 1
  • Craig Gentry
    • 1
  • Bryan Parno
    • 2
  1. 1.IBM T.J.Watson Research Center 
  2. 2.CyLab, Carnegie Mellon University 

Personalised recommendations