Results 1  10
of
28
Verifying computations with state
"... When outsourcing computations to the cloud or other thirdparties, a key issue for clients is the ability to verify the results. Recent work in proofbased verifiable computation, building on deep results in complexity theory and cryptography, has made significant progress on this problem. However, ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
(Show Context)
When outsourcing computations to the cloud or other thirdparties, a key issue for clients is the ability to verify the results. Recent work in proofbased verifiable computation, building on deep results in complexity theory and cryptography, has made significant progress on this problem. However, all existing systems require computational models that do not incorporate state. This limits these systems to simplistic programming idioms and rules out computations where the client cannot materialize all of the input (e.g., very large MapReduce instances or database queries). This paper describes Pantry, the first built system that incorporates state. Pantry composes the machinery of proofbased verifiable computation with ideas from untrusted storage: the client expresses its computation in terms of digests that attests to state, and verifiably outsources that computation. Besides the boon to expressiveness, the client can gain from outsourcing even when the computation is sublinear in the input size. We describe a verifiable MapReduce application and a queriable database, among other simple applications. Although the resulting applications result in server overhead that is higher than we would like, Pantry is the first system to provide verifiability for realistic applications in a realistic programming model. 1
Research Perspectives and Challenges for Bitcoin and
"... Abstract—Bitcoin has emerged as the most successful cryptographic currency in history. Within two years of its quiet launch in 2009, Bitcoin grew to comprise billions of dollars of economic value, even while the body of published research and security analysis justifying the system’s design was neg ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
(Show Context)
Abstract—Bitcoin has emerged as the most successful cryptographic currency in history. Within two years of its quiet launch in 2009, Bitcoin grew to comprise billions of dollars of economic value, even while the body of published research and security analysis justifying the system’s design was negligible. In the ensuing years, a growing literature has identified hiddenbutimportant properties of the system, discovered attacks, proposed promising alternatives, and singled out difficult future challenges. This interest has been complemented by a large and vibrant community of opensource developers who steward the system, while proposing and deploying numerous modifications and extensions. We provide the first systematic exposition of the second generation of cryptocurrencies, including Bitcoin and the many alternatives that have been implemented as alternate protocols
Verifiable set operations over outsourced databases
, 2013
"... We study the problem of verifiable delegation of computation over outsourced data, whereby a powerful worker maintains a large data structure for a weak client in a verifiable way. Compared to the wellstudied problem of verifiable computation, this setting imposes additional difficulties since the ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
We study the problem of verifiable delegation of computation over outsourced data, whereby a powerful worker maintains a large data structure for a weak client in a verifiable way. Compared to the wellstudied problem of verifiable computation, this setting imposes additional difficulties since the verifier needs to verify consistency of updates succinctly and without maintaining large state. In particular, existing general solutions are far from practical in this setting. We present a scheme for verifiable evaluation of hierarchical set operations (unions, intersections and setdifferences) applied to a collection of dynamically changing sets of elements from a given domain. That is, we consider two types of queries issued by the client: updates (insertions and deletions) and data queries, which consist of “circuits” of unions, intersections, and setdifferences on the current collection of sets. This type of queries comes up in database queries, keyword search and numerous other applications, and indeed our scheme can be effectively used in such scenarios. The computational cost incurred is proportional only to the size of the final outcome set and to the size of the query, and is independent of the cardinalities of the involved sets. The cost of updates is optimal (O(1) modular operations per update). Our construction extends that of [Papamanthou et al., Crypto 2011] and relies on a modified version of the extractable collisionresistant hash function (ECRH) construction, introduced in [Bitansky et al., ITCS 2012] that can be used to succinctly hash univariate polynomials.
TrueSet: Faster Verifiable Set Computations∗
"... Verifiable computation (VC) enables thin clients to efficiently verify the computational results produced by a powerful server. Although VC was initially considered to be mainly of theoretical interest, over the last two years, impressive progress has been made on implementing VC. Specifically, we ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
Verifiable computation (VC) enables thin clients to efficiently verify the computational results produced by a powerful server. Although VC was initially considered to be mainly of theoretical interest, over the last two years, impressive progress has been made on implementing VC. Specifically, we now have opensource implementations of VC systems that can handle all classes of computations expressed either as circuits or in the RAM model. However, despite this very encouraging progress, new enhancements in the design and implementation of VC protocols are required in order to achieve truly practical VC for realworld applications. In this work, we show that for functionalities that can be expressed efficiently in terms of set operations (e.g., a subset of SQL queries) VC can be enhanced to become drastically more practical: We present the design and prototype implementation of a novel VC scheme that achieves orders of magnitude speedup in comparison with the state of the art. Specifically, we build and evaluate TrueSet, a system that can verifiably compute any polynomialtime function expressed as a circuit consisting of “set gates ” such as union, intersection, difference and set cardinality. Moreover, TrueSet supports hybrid circuits consisting of both set gates and traditional arithmetic gates. Therefore, it does not lose any of the expressiveness of the previous schemes—this also allows the user to choose the most efficient way to represent different parts of a computation. By expressing set computations as polynomial operations and introducing a novel Quadratic Polynomial Program technique, TrueSet achieves prover performance speedup ranging from 30x to 150x and yields up to 97 % evaluation key size reduction. 1
Nearly Practical and PrivacyPreserving Proofs on Authenticated Data
"... Abstract. We study the problem of privacypreserving proofs on authenticated data in which a party receives data from a trusted source and is requested to prove statements over the data to third parties in a correct and private way, i.e., the third party learns no information on the data but is stil ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Abstract. We study the problem of privacypreserving proofs on authenticated data in which a party receives data from a trusted source and is requested to prove statements over the data to third parties in a correct and private way, i.e., the third party learns no information on the data but is still assured that the claimed proof is valid. Our work particularly focuses on the challenging requirement that the third party should be able to verify the validity with respect to the specific data authenticated by the source — even without having access to that source. This problem is motivated by various scenarios emerging from several application areas such as wearable computing, smart metering, or general businesstobusiness interactions. Furthermore, these applications also demand any meaningful solution to satisfy additional properties related to usability and scalability. First, third parties should be able to check proofs very efficiently. Second, the trusted source should be independent of the data processor: it simply (and possibly continuously) provides data, e.g., without knowing which statements will be proven. This paper formalizes the above threeparty model, discusses concrete application scenarios, and introduces a new cryptographic primitive for proving NP relations where statements are authenticated by trusted sources. After discussing a generic approach to construct this primitive, we present a more direct and efficient realization that supports generalpurpose NP relations. Our realization significantly
Hawk: the blockchain model of cryptography and privacypreserving smart contracts. IACR: 2015/675
"... Emerging smart contract systems over decentralized cryptocurrencies allow mutually distrustful parties to transact safely with each other without trusting a thirdparty intermediary. In the event of contractual breaches or aborts, the decentralized blockchain ensures that other honest parties obta ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
Emerging smart contract systems over decentralized cryptocurrencies allow mutually distrustful parties to transact safely with each other without trusting a thirdparty intermediary. In the event of contractual breaches or aborts, the decentralized blockchain ensures that other honest parties obtain commesurate remuneration. Existing systems, however, lack transactional privacy. All transactions, including flow of money between pseudonyms and amount trasacted, are exposed in the clear on the blockchain. We present Hawk, a decentralized smart contract system that does not store financial transactions in the clear on the blockchain, thus retaining transactional privacy from the public’s view. A Hawk programmer can write a private smart contract in an intuitive manner without having to implement cryptography, and our compiler automatically generates an efficient cryptographic protocol where contractual parties interact with the blockchain, using cryptographic primitives such as succint zeroknowledge proofs. To formally define and reason about the security of our protocols, we are the first to formalize the blockchain model of secure computation. The formal modeling is of independent interest. We advocate the community to adopt such a formal model when designing interesting applications atop decentralized blockchains. 1.
ALITHEIA: Towards practical verifiable graph processing
 In CCS
, 2014
"... We consider a scenario in which a data owner outsources storage of a large graph to an untrusted server; the server performs computations on this graph in response to queries from a client (whether the data owner or others), and the goal is to ensure verifiability of the returned results. Existing ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
We consider a scenario in which a data owner outsources storage of a large graph to an untrusted server; the server performs computations on this graph in response to queries from a client (whether the data owner or others), and the goal is to ensure verifiability of the returned results. Existing work on verifiable computation (VC) would compile each graph computation to a circuit or a RAM program and then use generic techniques to produce a cryptographic proof of correctness for the result. Such an approach will incur large overhead, especially in the proofcomputation time. In this work we address the above by designing, building, and evaluating ALITHEIA, a nearly practical VC system tailored for graph queries such as computing shortest paths, longest paths, and maximum flow. The underlying principle of ALITHEIA is to minimize the use of generic VC systems by leveraging various algorithmic techniques specific for graphs. This leads to both theoretical and practical improvements. Asymptotically, it improves the complexity of proof computation by at least a logarithmic factor. On the practical side, we show that ALITHEIA achieves significant performance improvements over current stateoftheart (up to a 108 × improvement in proofcomputation time, and a 99.9 % reduction in server storage), while scaling to 200,000node graphs.
Efficiently Verifiable Computation on Encrypted Data
"... Abstract. We study the task of efficient verifiable delegation of computation on encrypted data. First, we improve previous definitions in order to tolerate adversaries that learn whether or not clients accept the result of a delegated computation. Then, in this strong model, we show a scheme for ar ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We study the task of efficient verifiable delegation of computation on encrypted data. First, we improve previous definitions in order to tolerate adversaries that learn whether or not clients accept the result of a delegated computation. Then, in this strong model, we show a scheme for arbitrary computations, and we propose highly efficient schemes for delegation of various classes of functions, such as linear combinations, highdegree univariate polynomials, and multivariate quadratic polynomials. Notably, the latter class includes many useful statistics. Using our solution, a client can store a large encrypted dataset with a server, query statistics over this data, and receive encrypted results that can be efficiently verified and decrypted. As a key contribution for the efficiency of our schemes, we develop a novel homomorphic hashing technique that allows us to efficiently authenticate computations, at the same cost as if the data were in the clear, avoiding a 104 overhead, which would occur with a naive approach. We confirm our theoretical analysis with extensive implementation tests that show the practical feasibility of our
Efficient NonInteractive Zero Knowledge Arguments for Set Operations ⋆
"... Abstract. We propose a noninteractive zero knowledge pairwise multiset sum equality test (PMSET) argument in the common reference string (CRS) model that allows a prover to show that the given committed multisets Aj for j ∈ {1, 2, 3, 4} satisfy A1 ⊎ A2 = A3 ⊎ A4, i.e., every element is contained in ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a noninteractive zero knowledge pairwise multiset sum equality test (PMSET) argument in the common reference string (CRS) model that allows a prover to show that the given committed multisets Aj for j ∈ {1, 2, 3, 4} satisfy A1 ⊎ A2 = A3 ⊎ A4, i.e., every element is contained in A1 and A2 exactly as many times as in A3 and A4. As a corollary to the PMSET argument, we present arguments that enable to efficiently verify the correctness of various (multi)set operations, for example, that one committed set is the intersection or union of two other committed sets. The new arguments have constant communication and verification complexity (in group elements and group operations, respectively), whereas the CRS length and the prover’s computational complexity are both proportional to the cardinality of the (multi)sets. We show that one can shorten the CRS length at the cost of a small increase of the communication and the verifier’s computation.
Enforcing Language Semantics Using ProofCarrying Data (extended version)
, 2013
"... The soundness of languagelevel reasoning about programs relies on program execution adhering to the language semantics. However, in a distributed computation, when a value is sent from one party to another, the receiver faces the question of whether the value is welltraced, i.e., could it have pro ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
The soundness of languagelevel reasoning about programs relies on program execution adhering to the language semantics. However, in a distributed computation, when a value is sent from one party to another, the receiver faces the question of whether the value is welltraced, i.e., could it have produced by a computation that respects the language semantics? Otherwise, accepting the value may lead to bugs or vulnerabilities. ProofCarrying Data (PCD) is a recentlyintroduced cryptographic mechanism that allows messages in a distributed computation to be accompanied by proof that the message and the history leading to it complies with a specified predicate. Using PCD, a verifier can be convinced that the predicate held throughout the distributed computation, even in the presence of malicious parties, and at a verification cost that is independent of the size of the computation producing the value. With a suitable choice of predicate, a program may use PCD to check that values received from the network are welltraced. Unfortunately, previous approaches to using PCD required tailoring a specialized predicate for each application, using an inconvenient formalism and with little methodological support. This work introduces a novel, PCDbased approach to enforcing language semantics in a distributed