Results 1  10
of
12
A hybrid architecture for interactive verifiable computation
 In IEEE Symposium on Security and Privacy
, 2013
"... Abstract—We consider interactive, proofbased verifiable computation: how can a client machine specify a computation to a server, receive an answer, and then engage the server in an interactive protocol that convinces the client that the answer is correct, with less work for the client than executin ..."
Abstract

Cited by 25 (3 self)
 Add to MetaCart
(Show Context)
Abstract—We consider interactive, proofbased verifiable computation: how can a client machine specify a computation to a server, receive an answer, and then engage the server in an interactive protocol that convinces the client that the answer is correct, with less work for the client than executing the computation in the first place? Complexity theory and cryptography offer solutions in principle, but if implemented naively, they are ludicrously expensive. Recently, however, several strands of work have refined this theory and implemented the resulting protocols in actual systems. This work is promising but suffers from one of two problems: either it relies on expensive cryptography, or else it applies to a restricted class of computations. Worse, it is not always clear which protocol will perform better for a given problem. We describe a system that (a) extends optimized refinements of the noncryptographic protocols to a much broader class of computations, (b) uses static analysis to fail over to the cryptographic ones when the noncryptographic ones would be more expensive, and (c) incorporates this core into a built system that includes a compiler for a highlevel language, a distributed server, and GPU acceleration. Experimental results indicate that our system performs better and applies more widely than the best in the literature. 1
Verifying computations with state
"... When outsourcing computations to the cloud or other thirdparties, a key issue for clients is the ability to verify the results. Recent work in proofbased verifiable computation, building on deep results in complexity theory and cryptography, has made significant progress on this problem. However, ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
(Show Context)
When outsourcing computations to the cloud or other thirdparties, a key issue for clients is the ability to verify the results. Recent work in proofbased verifiable computation, building on deep results in complexity theory and cryptography, has made significant progress on this problem. However, all existing systems require computational models that do not incorporate state. This limits these systems to simplistic programming idioms and rules out computations where the client cannot materialize all of the input (e.g., very large MapReduce instances or database queries). This paper describes Pantry, the first built system that incorporates state. Pantry composes the machinery of proofbased verifiable computation with ideas from untrusted storage: the client expresses its computation in terms of digests that attests to state, and verifiably outsources that computation. Besides the boon to expressiveness, the client can gain from outsourcing even when the computation is sublinear in the input size. We describe a verifiable MapReduce application and a queriable database, among other simple applications. Although the resulting applications result in server overhead that is higher than we would like, Pantry is the first system to provide verifiability for realistic applications in a realistic programming model. 1
Fully homomorphic message authenticators
 IACR Cryptology ePrint Archive
"... We define and construct a new primitive called a fully homomorphic message authenticator. With such scheme, anybody can perform arbitrary computations over authenticated data and produce a short tag that authenticates the result of the computation (without knowing the secret key). This tag can be ve ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
(Show Context)
We define and construct a new primitive called a fully homomorphic message authenticator. With such scheme, anybody can perform arbitrary computations over authenticated data and produce a short tag that authenticates the result of the computation (without knowing the secret key). This tag can be verified using the secret key to ensure that the claimed result is indeed the correct output of the specified computation over previously authenticated data (without knowing the underlying data). For example, Alice can upload authenticated data to “the cloud”, which then performs some specified computations over this data and sends the output to Bob, along with a short tag that convinces Bob of correctness. Alice and Bob only share a secret key, and Bob never needs to know Alice’s underlying data. Our construction relies on fully homomorphic encryption to build fully homomorphic message authenticators. 1
MultiClient NonInteractive Verifiable Computation
"... Abstract. Gennaro et al. (Crypto 2010) introduced the notion of noninteractive verifiable computation, which allows a computationally weak client to outsource the computation of a function f on a series of inputs x (1) ,... to a more powerful but untrusted server. Following a preprocessing phase (th ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Gennaro et al. (Crypto 2010) introduced the notion of noninteractive verifiable computation, which allows a computationally weak client to outsource the computation of a function f on a series of inputs x (1) ,... to a more powerful but untrusted server. Following a preprocessing phase (that is carried out only once), the client sends some representation of its current input x (i) to the server; the server returns an answer that allows the client to recover the correct result f(x (i)), accompanied by a proof of correctness that ensures the client does not accept an incorrect result. The crucial property is that the work done by the client in preparing its input and verifying the server’s proof is less than the time required for the client to compute f on its own. We extend this notion to the multiclient setting, where n computationally weak clients wish to outsource to an untrusted server the computation of a function f over a series of joint inputs (x (1) 1,..., x(1) n),... without interacting with each other. We present a construction for this setting by combining the scheme of Gennaro et al. with a primitive called proxy oblivious transfer. 1
Verifiable Delegated Set Intersection Operations on Outsourced Encrypted Data
, 2014
"... We initiate the study of the following problem: Suppose Alice and Bob would like to outsource their encrypted private data sets to the cloud, and they also want to conduct the set intersection operation on their plaintext data sets. The straightforward solution for them is to download their outsour ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
We initiate the study of the following problem: Suppose Alice and Bob would like to outsource their encrypted private data sets to the cloud, and they also want to conduct the set intersection operation on their plaintext data sets. The straightforward solution for them is to download their outsourced ciphertexts, decrypt the ciphertexts locally, and then execute a commodity twoparty set intersection protocol. Unfortunately, this solution is not practical. We therefore motivate and introduce the novel notion of Verifiable Delegated Set Intersection on outsourced encrypted data (VDSI). The basic idea is to delegate the set intersection operation to the cloud, while (i) not giving the decryption capability to the cloud, and (ii) being able to hold the misbehaving cloud accountable. We formalize security properties of VDSI and present a construction. In our solution, the computational and communication costs on the users are linear to the size of the intersection set, meaning that the efficiency is optimal up to a constant factor.
Security aspects of privacypreserving biometric authentication based on ideal lattices and ringLWE
 IN: PROCEEDINGS OF THE IEEE WORKSHOP ON INFORMATION FORENSICS AND SECURITY 2014 (WIFS 2014
, 2014
"... In this paper, we study the security of two recently proposed privacypreserving biometric authentication protocols that employ packed somewhat homomorphic encryption schemes based on ideal lattices and ringLWE, respectively. These two schemes have the same structure and have distributed architect ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
In this paper, we study the security of two recently proposed privacypreserving biometric authentication protocols that employ packed somewhat homomorphic encryption schemes based on ideal lattices and ringLWE, respectively. These two schemes have the same structure and have distributed architecture consisting of three entities: a client server, a computation server, and an authentication server. We present a simple attack algorithm that enables a malicious computation server to learn the biometric templates in at most 2N ´ τ queries, where N is the bitlength of a biometric template and τ the authentication threshold. The main enabler of the attack is that a malicious computation server can send an encryption of the inner product of the target biometric template with a bitstring of his own choice, instead of the securely computed Hamming distance between the fresh and stored biometric templates. We also discuss possible countermeasures to mitigate the attack using private information retrieval and signatures of correct computation.
PrivacyPreserving Verification of Clinical Research
"... Abstract: We treat the problem of privacypreserving statistics verification in clinical research. We show that given aggregated results from statistical calculations, we can verify their correctness efficiently, without revealing any of the private inputs used for the calculation. Our construction ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract: We treat the problem of privacypreserving statistics verification in clinical research. We show that given aggregated results from statistical calculations, we can verify their correctness efficiently, without revealing any of the private inputs used for the calculation. Our construction is based on the primitive of Secure MultiParty Computation from Shamir’s Secret Sharing. Basically, our setting involves three parties: a hospital, which owns the private inputs, a clinical researcher, who lawfully processes the sensitive data to produce an aggregated statistical result, and a third party (usually several verifiers) assigned to verify this result for reliability and transparency reasons. Our solution guarantees that these verifiers only learn about the aggregated results (and what can be inferred from those about the underlying private data) and nothing more. By taking advantage of the particular scenario at hand (where certain intermediate results, e.g., the mean over the dataset, are available in the clear) and utilizing secret sharing primitives, our approach turns out to be practically efficient, which we underpin by performing several experiments on real patient data. Our results show that the privacypreserving verification of the most commonly used statistical operations in clinical research presents itself as an important use case, where the concept of secure multiparty computation becomes employable in practice. 1
GIEdition Lecture Notes
, 2006
"... GI, the Gesellschaft für Informatik, publishes this series in order • to make available to a broad public recent findings in informatics (i.e. computer science and information systems) • to document conferences that are organized in cooperation with GI and • to publish the annual GI Award dissertati ..."
Abstract
 Add to MetaCart
GI, the Gesellschaft für Informatik, publishes this series in order • to make available to a broad public recent findings in informatics (i.e. computer science and information systems) • to document conferences that are organized in cooperation with GI and • to publish the annual GI Award dissertation.
Input Verifiability in Delegation of Computation with Embedded Proofs
"... Abstract Emerging paradigm of payperuse through cloud computing has led to outsourcing of many businesscritical functions to cloud service providers. Delegation of Computation is useful concept, only until the results of computation can be verified. Such verifiability has been achieved through i ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract Emerging paradigm of payperuse through cloud computing has led to outsourcing of many businesscritical functions to cloud service providers. Delegation of Computation is useful concept, only until the results of computation can be verified. Such verifiability has been achieved through interactive proof systems, leading to high communication cost. Other methods involve cryptographic primitives which impose high computation cost, rendering it unsuitable for mobile clients. We propose here a protocol with reduced communication cost for lightweight devices, utilizing cryptographic primitives to generate proofs. The proofgenerating function is incorporated into the delegated function to make it foolproof. Index Terms verifiable delegation of computation, interactive proofs