Achieving Privacy in Verifiable Computation with Multiple Servers – Without FHE and without Pre-processing
Cloud services provide a powerful resource to which weak clients may outsource their computation. While tremendously useful, they come with their own security challenges. One of the fundamental issues in cloud computation is: how does a client efficiently verify the correctness of computation performed on an untrusted server? Furthermore, how can the client be assured that the server learns nothing about its private inputs? In recent years, a number of proposals have been made for constructing verifiable computation protocols. Unfortunately, solutions that guarantee privacy of inputs (in addition to the correctness of computation) rely on the use of fully homomorphic encryption (FHE). An unfortunate consequence of this dependence on FHE, is that all hope of making verifiable computation implementable in practice hinges on the challenge of making FHE deployable in practice. This brings us to the following question: do we need fully homomorphic encryption to obtain privacy in verifiable computation protocol which achieves input privacy?
Another drawback of existing protocols is that they require the client to run a pre-processing stage, in which the work done by the client is proportional to the function being outsourced and hence the outsourcing benefit is obtained only in an amortized sense. This brings us to our next question: can we build verifiable computation protocols that allow the client to efficiently outsource even a computation that it wishes to execute just once?
In this paper, we consider a model in which the client outsources his computation to multiple (say n ≥ 2) servers. In this model, we construct verifiable computation protocols that do not make use of FHE and that do not have a pre-processing stage. In the two-server setting, we present an extremely practical protocol based only on one-way functions. We also present a solution, based on the DDH assumption, for the multi-server model for any arbitrary n. All these protocols are secure as long as at least one server is honest. Finally, even in the n-server model, we present a solution based solely on one-way functions. This protocol tolerates up to a constant fraction of corrupted servers.
KeywordsVerifiable computation delegatable computation input/output privacy garbled circuits
Unable to display preview. Download preview PDF.
- [ACG+14]Ananth, P., Chandran, N., Goyal, V., Kanukurthi, B., Ostrovsky, R.: Achieving privacy in verifiable computation with multiple servers – without fhe and without pre-processing. IACR Cryptology ePrint Archive (2014)Google Scholar
- [AIK10]Applebaum, B., Ishai, Y., Kushilevitz, E.: From secrecy to soundness: Efficient verification via secure computation. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010, Part I. LNCS, vol. 6198, pp. 152–163. Springer, Heidelberg (2010)CrossRefGoogle Scholar
- [BCCT12]Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, ITCS 2012, pp. 326–349. ACM, New York (2012)Google Scholar
- [BV13]Brakerski, Z., Vaikuntanathan, V.: Lattice-based fhe as secure as pke. Cryptology ePrint Archive, Report 2013/541 (2013), http://eprint.iacr.org/
- [CRR11]Canetti, R., Riva, B., Rothblum, G.N.: Practical delegation of computation using multiple servers. In: Chen, Y., Danezis, G., Shmatikov, V. (eds.) ACM Conference on Computer and Communications Security, pp. 445–454. ACM (2011)Google Scholar
- [FG12]Fiore, D., Gennaro, R.: Publicly verifiable delegation of large polynomials and matrix computations, with applications. In: ACM Conference on Computer and Communications Security, pp. 501–512 (2012)Google Scholar
- [GKP+13]Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: Overcoming the worst-case curse for cryptographic constructions. In: CRYPTO (2013)Google Scholar
- [GKR08]Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: interactive proofs for muggles. In: Dwork, C. (ed.) STOC, pp. 113–122. ACM (2008)Google Scholar
- [GLR11]Goldwasser, S., Lin, H., Rubinstein, A.: Delegation of computation without rejection problem from designated verifier cs-proofs. IACR Cryptology ePrint Archive 2011, 456 (2011)Google Scholar
- [GVW13]Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. In: STOC (2013)Google Scholar
- [KR11]Kama, S., Raykova, M.: Secure outsourced computation in a multi-tenant cloud. In: Workshop on Cryptography and Security in the Clouds (2011)Google Scholar
- [Yao82]Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science (FOCS), Chicago, Illinois, USA, November 3-5, pp. 160–164 (1982)Google Scholar