International Workshop on Public Key Cryptography

PKC 2014: Public-Key Cryptography – PKC 2014 pp 149-166 | Cite as

Achieving Privacy in Verifiable Computation with Multiple Servers – Without FHE and without Pre-processing

  • Prabhanjan Ananth
  • Nishanth Chandran
  • Vipul Goyal
  • Bhavana Kanukurthi
  • Rafail Ostrovsky
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8383)


Cloud services provide a powerful resource to which weak clients may outsource their computation. While tremendously useful, they come with their own security challenges. One of the fundamental issues in cloud computation is: how does a client efficiently verify the correctness of computation performed on an untrusted server? Furthermore, how can the client be assured that the server learns nothing about its private inputs? In recent years, a number of proposals have been made for constructing verifiable computation protocols. Unfortunately, solutions that guarantee privacy of inputs (in addition to the correctness of computation) rely on the use of fully homomorphic encryption (FHE). An unfortunate consequence of this dependence on FHE, is that all hope of making verifiable computation implementable in practice hinges on the challenge of making FHE deployable in practice. This brings us to the following question: do we need fully homomorphic encryption to obtain privacy in verifiable computation protocol which achieves input privacy?

Another drawback of existing protocols is that they require the client to run a pre-processing stage, in which the work done by the client is proportional to the function being outsourced and hence the outsourcing benefit is obtained only in an amortized sense. This brings us to our next question: can we build verifiable computation protocols that allow the client to efficiently outsource even a computation that it wishes to execute just once?

In this paper, we consider a model in which the client outsources his computation to multiple (say n ≥ 2) servers. In this model, we construct verifiable computation protocols that do not make use of FHE and that do not have a pre-processing stage. In the two-server setting, we present an extremely practical protocol based only on one-way functions. We also present a solution, based on the DDH assumption, for the multi-server model for any arbitrary n. All these protocols are secure as long as at least one server is honest. Finally, even in the n-server model, we present a solution based solely on one-way functions. This protocol tolerates up to a constant fraction of corrupted servers.


Verifiable computation delegatable computation input/output privacy garbled circuits 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ACG+14]
    Ananth, P., Chandran, N., Goyal, V., Kanukurthi, B., Ostrovsky, R.: Achieving privacy in verifiable computation with multiple servers – without fhe and without pre-processing. IACR Cryptology ePrint Archive (2014)Google Scholar
  2. [AIK10]
    Applebaum, B., Ishai, Y., Kushilevitz, E.: From secrecy to soundness: Efficient verification via secure computation. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010, Part I. LNCS, vol. 6198, pp. 152–163. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  3. [BBS98]
    Blaze, M., Bleumer, G., Strauss, M.J.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. [BCCT12]
    Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, ITCS 2012, pp. 326–349. ACM, New York (2012)Google Scholar
  5. [BGV11]
    Benabbas, S., Gennaro, R., Vahlis, Y.: Verifiable delegation of computation over large datasets. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 111–131. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. [BHR12]
    Bellare, M., Hoang, V.T., Rogaway, P.: Adaptively secure garbling with applications to one-time programs and secure outsourcing. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 134–153. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  7. [BV13]
    Brakerski, Z., Vaikuntanathan, V.: Lattice-based fhe as secure as pke. Cryptology ePrint Archive, Report 2013/541 (2013),
  8. [CKV10]
    Chung, K.-M., Kalai, Y., Vadhan, S.: Improved delegation of computation using fully homomorphic encryption. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 483–501. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. [Cra12]
    Cramer, R. (ed.): TCC 2012. LNCS, vol. 7194. Springer, Heidelberg (2012)MATHGoogle Scholar
  10. [CRR11]
    Canetti, R., Riva, B., Rothblum, G.N.: Practical delegation of computation using multiple servers. In: Chen, Y., Danezis, G., Shmatikov, V. (eds.) ACM Conference on Computer and Communications Security, pp. 445–454. ACM (2011)Google Scholar
  11. [CRR12]
    Canetti, R., Riva, B., Rothblum, G.N.: Two protocols for delegation of computation. In: Smith, A. (ed.) ICITS 2012. LNCS, vol. 7412, pp. 37–61. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  12. [DFH12]
    Damgård, I., Faust, S., Hazay, C.: Secure two-party computation with low communication. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 54–74. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  13. [FG12]
    Fiore, D., Gennaro, R.: Publicly verifiable delegation of large polynomials and matrix computations, with applications. In: ACM Conference on Computer and Communications Security, pp. 501–512 (2012)Google Scholar
  14. [GGH+13]
    Garg, S., Gentry, C., Halevi, S., Sahai, A., Waters, B.: Attribute based encryption for circuits from multilinear maps. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 479–499. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  15. [GGP10]
    Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465–482. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. [GGPR13]
    Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct nizks without pcps. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  17. [GHV10]
    Gentry, C., Halevi, S., Vaikuntanathan, V.: i-hop homomorphic encryption and rerandomizable yao circuits. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 155–172. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. [GKP+13]
    Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: Overcoming the worst-case curse for cryptographic constructions. In: CRYPTO (2013)Google Scholar
  19. [GKR08]
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: interactive proofs for muggles. In: Dwork, C. (ed.) STOC, pp. 113–122. ACM (2008)Google Scholar
  20. [GLR11]
    Goldwasser, S., Lin, H., Rubinstein, A.: Delegation of computation without rejection problem from designated verifier cs-proofs. IACR Cryptology ePrint Archive 2011, 456 (2011)Google Scholar
  21. [GVW13]
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. In: STOC (2013)Google Scholar
  22. [KR09]
    Kalai, Y.T., Raz, R.: Probabilistically checkable arguments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 143–159. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. [KR11]
    Kama, S., Raykova, M.: Secure outsourced computation in a multi-tenant cloud. In: Workshop on Cryptography and Security in the Clouds (2011)Google Scholar
  24. [LP09]
    Lindell, Y., Pinkas, B.: A proof of security of yao’s protocol for two-party computation. J. Cryptology 22(2), 161–188 (2009)MathSciNetCrossRefMATHGoogle Scholar
  25. [MF06]
    Mohassel, P., Franklin, M.K.: Efficiency tradeoffs for malicious two-party computation. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 458–473. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. [PRV12]
    Parno, B., Raykova, M., Vaikuntanathan, V.: How to delegate and verify in public: Verifiable computation from attribute-based encryption. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 422–439. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  27. [Yao82]
    Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science (FOCS), Chicago, Illinois, USA, November 3-5, pp. 160–164 (1982)Google Scholar

Copyright information

© International Association for Cryptologic Research 2014

Authors and Affiliations

  • Prabhanjan Ananth
    • 1
  • Nishanth Chandran
    • 2
  • Vipul Goyal
    • 2
  • Bhavana Kanukurthi
    • 1
  • Rafail Ostrovsky
    • 3
  1. 1.Department of Computer ScienceUCLAUSA
  2. 2.Microsoft ResearchIndia
  3. 3.Departments of Computer Science and MathematicsUCLAUSA

Personalised recommendations