Delegating RAM Computations

  • Yael KalaiEmail author
  • Omer Paneth
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9986)


In the setting of cloud computing a user wishes to delegate its data, as well as computations over this data, to a cloud provider. Each computation may read and modify the data, and these modifications should persist between computations. Minding the computational resources of the cloud, delegated computations are modeled as RAM programs. In particular, the delegated computations’ running time may be sub-linear, or even exponentially smaller than the memory size.

We construct a two-message protocol for delegating RAM computations to an untrusted cloud. In our protocol, the user saves a short digest of the delegated data. For every delegated computation, the cloud returns, in addition to the computation’s output, the digest of the modified data, and a proof that the output and digest were computed correctly. When delegating a \(\mathsf {T}\)-time RAM computation \(M\) with security parameter \(k\), the cloud runs in time \(\mathrm {poly}(\mathsf {T},k)\) and the user in time \(\mathrm {poly}(\left| M\right| , \log \mathsf {T}, k)\).

Our protocol is secure assuming super-polynomial hardness of the Learning with Error (LWE) assumption. Security holds even when the delegated computations are chosen adaptively as a function of the data and output of previous computations.

We note that RAM delegation schemes are an improved variant of memory delegation schemes [Chung et al. CRYPTO 2011]. In memory delegation, computations are modeled as Turing machines, and therefore, the cloud’s work always grows with the size of the delegated data.


  1. [ACC+15]
    Ananth, P., Chen, Y.-C., Chung, K.-M., Lin, H., Lin, W.-K.: Delegating RAM computations with adaptive soundness and privacy. IACR Cryptology ePrint Archive, 2015:1082 (2015)Google Scholar
  2. [BCC+14]
    Bitansky, N., Canetti, R., Chiesa, A., Goldwasser, S., Lin, H., Rubinstein, A., Tromer, E.: The hunting of the SNARK. IACR Cryptology ePrint Archive, 2014:580 (2014)Google Scholar
  3. [BCCT13]
    Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: Recursive composition and bootstrapping for snarks and proof-carrying data. In: STOC, pp. 111–120 (2013)Google Scholar
  4. [BCI+13]
    Bitansky, N., Chiesa, A., Ishai, Y., Paneth, O., Ostrovsky, R.: Succinct non-interactive arguments via linear interactive proofs. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 315–333. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36594-2_18 CrossRefGoogle Scholar
  5. [BEG+91]
    Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: 32nd Annual Symposium on Foundations of Computer Science, San Juan, Puerto Rico, 1–4 October 1991, pp. 90–99 (1991)Google Scholar
  6. [BGL+15]
    Bitansky, N., Garg, S., Lin, H., Pass, R., Telang, S.: Succinct randomized encodings and their applications. In: Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, Portland, OR, USA, June 14–17, 2015, pp. 439–448 (2015)Google Scholar
  7. [BHK16]
    Brakerski, Z., Holmgren, J., Kalai, Y.T.: Non-interactive RAM and batch NP delegation from any PIR. Electron. Colloquium Comput. Complex. (ECCC) 23, 77 (2016)Google Scholar
  8. [CCC+15]
    Chen, Y.-C., Chow, S.S.M., Chung, K.-M., Lai, R.W.F., Lin, W.-K., Zhou, H.-S.: Computation-trace indistinguishability obfuscation and its applications. IACR Cryptology ePrint Archive,2015:406 (2015)Google Scholar
  9. [CCHR15]
    Canetti, R., Chen, Y., Holmgren, J., Raykova, M.: Succinct adaptive garbled ram. Cryptology ePrint Archive, Report 2015/1074 (2015).
  10. [CH15]
    Canetti, R., Holmgren, J.: Fully succinct garbled RAM. IACR Cryptology ePrint Archive, 2015:388 (2015)Google Scholar
  11. [CHJV15]
    Canetti, R., Holmgren, J., Jain, A., Vaikuntanathan, V.: Succinct garbling and indistinguishability obfuscation for RAM programs. In: Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, Portland, OR, USA, June 14–17, 2015, pp. 429–437 (2015)Google Scholar
  12. [CKLR11]
    Chung, K.-M., Kalai, Y.T., Liu, F.-H., Raz, R.: Memory delegation. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 151–168. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22792-9_9 CrossRefGoogle Scholar
  13. [DFH12]
    Damgård, I., Faust, S., Hazay, C.: Secure two-party computation with low communication. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 54–74. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28914-9_4 CrossRefGoogle Scholar
  14. [GGPR13]
    Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_37 CrossRefGoogle Scholar
  15. [GGR15]
    Goldreich, O., Gur, T., Rothblum, R.: Proofs of proximity for context-free languages and read-once branching programs. Electron. Colloquium Comput. Complex. (ECCC) 22, 24 (2015)MathSciNetzbMATHGoogle Scholar
  16. [GHRW14]
    Gentry, C., Halevi, S., Raykova, M., Wichs, D.: Outsourcing private RAM computation. In: 55th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2014, Philadelphia, PA, USA, October 18–21, 2014, pp. 404–413 (2014)Google Scholar
  17. [GR15]
    Gur, T., Rothblum, R.D.: Non-interactive proofs of proximity. In: Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science, ITCS 2015, Rehovot, Israel, January 11–13, 2015, pp. 133–142 (2015)Google Scholar
  18. [Gro10]
    Groth, J.: Short pairing-based non-interactive zero-knowledge arguments. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 321–340. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-17373-8_19 CrossRefGoogle Scholar
  19. [GVW15]
    Gorbunov, S., Vaikuntanathan, V., Wichs, D.: Leveled fully homomorphic signatures from standard lattices. In: Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, Portland, OR, USA, June 14–17, 2015, pp. 469–477 (2015)Google Scholar
  20. [Kil92]
    Kilian, J.: A note on efficient zero-knowledge proofs and arguments. In: Proceedings of the 24th Annual ACM Symposium on Theory of Computing, pp. 723–732 (1992)Google Scholar
  21. [KP15]
    Kalai, Y.T., Paneth, O.: Delegating RAM computations. IACR Cryptology ePrint Archive, 2015:957 (2015)Google Scholar
  22. [KR15]
    Kalai, Y.T., Rothblum, R.D.: Arguments of proximity (extended abstract). In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 422–442. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48000-7_21 CrossRefGoogle Scholar
  23. [KRR14]
    Kalai, Y.T., Raz, R., Rothblum, R.D.: How to delegate computations: the power of no-signaling proofs. In: Symposium on Theory of Computing, STOC 2014, New York, NY, USA, May 31 - June 03, 2014, pp. 485–494 (2014)Google Scholar
  24. [Lip12]
    Lipmaa, H.: Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 169–189. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28914-9_10 CrossRefGoogle Scholar
  25. [Mer87]
    Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). doi: 10.1007/3-540-48184-2_32 Google Scholar
  26. [Mic94]
    Micali, S.: CS proofs (extended abstracts). In’: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20–22 November 1994, pp. 436–453 (1994)Google Scholar
  27. [PF79]
    Pippenger, N., Fischer, M.J.: Relations among complexity measures. J. ACM 26(2), 361–381 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  28. [PR14]
    Paneth, O., Rothblum, G.N.: Publicly verifiable non-interactive arguments for delegating computation. Cryptology ePrint Archive, Report 2014/981 (2014).
  29. [RVW13]
    Rothblum, G.N., Vadhan, S.P., Wigderson, A.: Interactive proofs of proximity: delegating computation in sublinear time. In: Symposium on Theory of Computing Conference, STOC 2013, Palo Alto, CA, USA, June 1–4, 2013, pp. 793–802 (2013)Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Microsoft ResearchRedmondUSA
  2. 2.Boston UniversityBostonUSA

Personalised recommendations