research-article

Resolving the conflict between generality and plausibility in verified computation

Authors:

Benjamin Braun,

Andrew J. Blumberg,

Michael WalfishAuthors Info & Claims

EuroSys '13: Proceedings of the 8th ACM European Conference on Computer Systems

Pages 71 - 84

https://doi.org/10.1145/2465351.2465359

Published: 15 April 2013 Publication History

Abstract

The area of proof-based verified computation (outsourced computation built atop probabilistically checkable proofs and cryptographic machinery) has lately seen renewed interest. Although recent work has made great strides in reducing the overhead of naive applications of the theory, these schemes still cannot be considered practical. A core issue is that the work for the server is immense, in general; it is practical only for hand-compiled computations that can be expressed in special forms.

This paper addresses that problem. Provided one is willing to batch verification, we develop a protocol that achieves the efficiency of the best manually constructed protocols in the literature yet applies to most computations. We show that Quadratic Arithmetic Programs, a new formalism for representing computations efficiently, can yield a particularly efficient PCP that integrates easily into the core protocols, resulting in a server whose work is roughly linear in the running time of the computation. We implement this protocol in the context of a system, called Zaatar, that includes a compiler and a GPU implementation. Zaatar is almost usable for real problems---without special-purpose tailoring. We argue that many (but not all) of the next research questions in verified computation are questions in secure systems.

References

[1]

CUDA (http://developer.nvidia.com/what-cuda).

[2]

The GNU MP bignum library. http://gmplib.org/.

[3]

Shootout/Fannkuch. http://www.haskell.org/haskellwiki/Shootout/Fannkuch.

[4]

D. P. Anderson, J. Cobb, E. Korpela, M. Lebofsky, and D. Werthimer. SETI@home: An experiment in public-resource computing. CACM, 45(11):56--61, Nov. 2002.

Digital Library

[5]

S. Arora and B. Barak. Computational Complexity: A modern approach. Cambridge University Press, 2009.

Digital Library

[6]

S. Arora, C. Lund, R. Motwani, M. Sudan, and M. Szegedy. Proof verification and the hardness of approximation problems. J. of the ACM, 45(3):501--555, May 1998.

Digital Library

[7]

S. Arora and S. Safra. Probabilistic checking of proofs: a new characterization of NP. J. of the ACM, 45(1):70--122, Jan. 1998.

Digital Library

[8]

L. Babai, L. Fortnow, L. A. Levin, and M. Szegedy. Checking computations in polylogarithmic time. In STOC, 1991.

Digital Library

[9]

E. Ben-Sasson, A. Chiesa, D. Genkin, and E. Tromer. Fast reductions from RAMs to delegatable succinct constraint satisfaction problems. In ITCS, 2013.

Digital Library

[10]

E. Ben-Sasson, A. Chiesa, D. Genkin, and E. Tromer. On the concrete-efficiency threshold of probabilistically-checkable proofs. In STOC, 2013. To appear.

[11]

E. Ben-Sasson, O. Goldreich, P. Harsha, M. Sudan, and S. Vadhan. Short PCPs verifiable in polylogarithmic time. In Conference on Computational Complexity (CCC), 2005.

Digital Library

[12]

E. Ben-Sasson and M. Sudan. Short PCPs with polylog query complexity. SIAM J. on Comp., 38(2):551--607, May 2008.

Digital Library

[13]

D. J. Bernstein. ChaCha, a variant of Salsa20. http://cr.yp.to/chacha.html.

[14]

J.-P. Berrut and L. N. Trefethen. Barycentric Lagrange interpolation. SIAM Review, 46(3):501--517, 2004.

Digital Library

[15]

N. Bitansky, A. Chiesa, Y. Ishai, R. Ostrovsky, and O. Paneth. Succinct non-interactive arguments via linear interactive proofs. In IACR TCC, Mar. 2013.

Digital Library

[16]

B. Braun. Compiling computations to constraints for verified computation. UT Austin Honors thesis HR-12-10, Dec. 2012.

[17]

C. Cachin. Integrity and consistency for untrusted services. In Conference on Current Trends in Theory and Practice of Computer Science, 2011.

Digital Library

[18]

C. Cachin, I. Keidar, and A. Shraer. Fail-aware untrusted storage. SIAM J. on Comp., 40(2):493--533, Apr. 2011.

Digital Library

[19]

M. Castro and B. Liskov. Practical Byzantine fault tolerance and proactive recovery. ACM Trans. on Comp. Sys., 20(4):398--461, Nov. 2002.

Digital Library

[20]

K.-M. Chung, Y. Kalai, and S. Vadhan. Improved delegation of computation using fully homomorphic encryption. In CRYPTO 2010.

Digital Library

[21]

J. W. Cooley and J. W. Tukey. An algorithm for the machine calculation of complex fourier series. Mathematics of Computation, 19(90):297--301, 1965.

[22]

T. H. Cormen, C. E. Leiserson, and R. L. Rivest. Introduction to Algorithms. The MIT Press, 1990.

Digital Library

[23]

G. Cormode, M. Mitzenmacher, and J. Thaler. Practical verified computation with streaming interactive proofs. In ITCS, 2012.

Digital Library

[24]

I. Dinur. The PCP theorem by gap amplification. J. of the ACM, 54(3), June 2007.

Digital Library

[25]

T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. on Info. Theory, 31(4):469--472, 1985.

Digital Library

[26]

R. Gennaro, C. Gentry, and B. Parno. Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In CRYPTO, 2010.

Digital Library

[27]

R. Gennaro, C. Gentry, B. Parno, and M. Raykova. Quadratic span programs and succinct NIZKs without PCPs. Cryptology ePrint Archive, Report 2012/215, 2012. To appear in EUROCRYPT 2013.

[28]

C. Gentry. A fully homomorphic encryption scheme. PhD thesis, Stanford University, 2009.

Digital Library

[29]

C. Gentry, S. Halevi, and N. Smart. Homomorphic evaluation of the AES circuit. In CRYPTO, 2012.

Digital Library

[30]

S. Goldwasser, Y. T. Kalai, and G. N. Rothblum. Delegating computation: Interactive proofs for muggles. In STOC, 2008.

Digital Library

[31]

J. Groth. Short pairing-based non-interactive zero-knowledge arguments. In ASIACRYPT, 2010.

[32]

A. Haeberlen, P. Kouznetsov, and P. Druschel. PeerReview: Practical accountability for distributed systems. In SOSP, 2007.

Digital Library

[33]

Y. Ishai, E. Kushilevitz, and R. Ostrovsky. Efficient arguments without short PCPs. In Conference on Computational Complexity (CCC), 2007.

Digital Library

[34]

J. Kilian. A note on efficient zero-knowledge proofs and arguments (extended abstract). In STOC, 1992.

Digital Library

[35]

D. E. Knuth. Seminumerical Algorithms, volume 2 of The Art of Computer Programming. Addison-Wesley, third edition, 1997.

Digital Library

[36]

J. Li, M. N. Krohn, D. Mazières, and D. Shasha. Secure untrusted data repository (SUNDR). In OSDI, 2004.

Digital Library

[37]

H. Lipmaa. Progression-free sets and sublinear pairing-based non-interactive zero-knowledge arguments. In IACR TCC, 2011.

Digital Library

[38]

P. Mahajan, S. Setty, S. Lee, A. Clement, L. Alvisi, M. Dahlin, and M. Walfish. Depot: Cloud storage with minimal trust. ACM Trans. on Comp. Sys., 29(4), Dec. 2011.

Digital Library

[39]

L. Malka. VMCrypt: Modular software architecture for scalable secure computation. In ACM CCS, 2011.

Digital Library

[40]

D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella. Fairplay---a secure two-party computation system. In USENIX Security, 2004.

Digital Library

[41]

D. Malkhi and M. Reiter. Byzantine quorum systems. Distributed Computing, 11(4):203--213, 1998.

Digital Library

[42]

T. Mateer. Fast Fourier Transform algorithms with applications. PhD thesis, Clemson University, 2008.

Digital Library

[43]

F. Monrose, P. Wycko, and A. D. Rubin. Distributed execution with remote audit. In NDSS, 1999.

[44]

R. Motwani and P. Raghavan. Randomized Algorithms. Cambridge University Press, 1995.

Digital Library

[45]

B. Parno, C. Gentry, J. Howell, and M. Raykova. Pinocchio: Nearly practical verifiable computation. In IEEE Symposium on Security and Privacy, 2013. To appear.

Digital Library

[46]

B. Parno, J. M. McCune, and A. Perrig. Bootstrapping Trust in Modern Computers. Springer, 2011.

Digital Library

[47]

N. Pippenger and M. J. Fischer. Relations among complexity measures. J. of the ACM, 26(2):361--381, Apr. 1979.

Digital Library

[48]

A.-R. Sadeghi, T. Schneider, and M. Winandy. Token-based cloud computing: secure outsourcing of data and arbitrary computations with lower latency. In TRUST, 2010.

Digital Library

[49]

A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms. In SOSP, 2005.

[50]

S. Setty, A. J. Blumberg, and M. Walfish. Toward practical and unconditional verification of remote computations. In HotOS, 2011.

Digital Library

[51]

S. Setty, B. Braun, V. Vu, A. J. Blumberg, B. Parno, and M. Walfish. Resolving the conflict between generality and plausibility in verified computation. Cryptology ePrint Archive, Report 2012/622, 2012.

[52]

S. Setty, R. McPherson, A. J. Blumberg, and M. Walfish. Making argument systems for outsourced computation practical (sometimes). In NDSS, 2012.

[53]

S. Setty, V. Vu, N. Panpalia, B. Braun, M. Ali, A. J. Blumberg, and M. Walfish. Taking proof-based verified computation a few steps closer to practicality (extended version). Cryptology ePrint Archive, Report 2012/598, 2012.

[54]

S. Setty, V. Vu, N. Panpalia, B. Braun, A. J. Blumberg, and M. Walfish. Taking proof-based verified computation a few steps closer to practicality. In USENIX Security, 2012.

Digital Library

[55]

J. Thaler, M. Roberts, M. Mitzenmacher, and H. Pfister. Verifiable computation with massively parallel interactive proofs. In USENIX HotCloud Workshop, 2012.

Digital Library

[56]

S. Theodoridis and K. Koutroumbas. Pattern Recognition, Third Edition. Academic Press, Inc., 2006.

Digital Library

[57]

V. Vu, S. Setty, A. J. Blumberg, and M. Walfish. A hybrid architecture for interactive verifiable computation. In IEEE Symposium on Security and Privacy, 2013. To appear.

Digital Library

[58]

D. A. Wheeler. SLOCCount. http://www.dwheeler.com/sloccount/.

Cited By

Ait Messaoud ABen Mokhtar SSimonet-Boulogne A(2025)Tee-based key-value stores: a surveyThe VLDB Journal — The International Journal on Very Large Data Bases10.1007/s00778-024-00877-634:1Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1007/s00778-024-00877-6
Angel SIoannidis EMargolin ESetty SWoods JBalzarotti DXu W(2024)ReefProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699113(3801-3818)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699113
Wang PPaccagnella RWahby RBrown FBalzarotti DXu W(2024)Bending microarchitectural weird machines towards practicalityProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3698962(1099-1116)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3698962
Show More Cited By

Index Terms

Recommendations

Practical verified computation with streaming interactive proofs
ITCS '12: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference

When delegating computation to a service provider, as in the cloud computing paradigm, we seek some reassurance that the output is correct and complete. Yet recomputing the output as a check is inefficient and expensive, and it may not even be feasible ...
Practical verified computation with streaming interactive proofs
Delegating computation: interactive proofs for muggles
STOC '08: Proceedings of the fortieth annual ACM symposium on Theory of computing

In this work we study interactive proofs for tractable languages. The (honest) prover should be efficient and run in polynomial time, or in other words a "muggle". The verifier should be super-efficient and run in nearly-linear time. These proof systems ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

EuroSys '13: Proceedings of the 8th ACM European Conference on Computer Systems

April 2013

401 pages

ISBN:9781450319942

DOI:10.1145/2465351

General Chairs:
Zdenek Hanzálek
Czech Technical University Prague
,
Hermann Härtig
Technische Universität Dresden
,
Program Chairs:
Miguel Castro
Microsoft Research Cambridge
,
M. Frans Kaashoek
MIT

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 April 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Conference

EuroSys '13

Sponsor:

SIGOPS

EuroSys '13: Eighth Eurosys Conference 2013

April 15 - 17, 2013

Prague, Czech Republic

Acceptance Rates

EuroSys '13 Paper Acceptance Rate 28 of 143 submissions, 20%;

Overall Acceptance Rate 241 of 1,308 submissions, 18%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

88
Total Citations
View Citations
239
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)2

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ait Messaoud ABen Mokhtar SSimonet-Boulogne A(2025)Tee-based key-value stores: a surveyThe VLDB Journal — The International Journal on Very Large Data Bases10.1007/s00778-024-00877-634:1Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1007/s00778-024-00877-6
Angel SIoannidis EMargolin ESetty SWoods JBalzarotti DXu W(2024)ReefProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699113(3801-3818)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699113
Wang PPaccagnella RWahby RBrown FBalzarotti DXu W(2024)Bending microarchitectural weird machines towards practicalityProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3698962(1099-1116)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3698962
Zhang CDeStefano ZArun ABonneau JGrubbs PWalfish MVanbever LZhang I(2024)ZombieProceedings of the 21st USENIX Symposium on Networked Systems Design and Implementation10.5555/3691825.3691930(1917-1935)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.5555/3691825.3691930
SUN YYANG FCHEN XDU XLIN W(2024)Research progress of verifiable technologies for outsourcing servicesSCIENTIA SINICA Informationis10.1360/SSI-2022-036054:3(514)Online publication date: 6-Mar-2024
https://doi.org/10.1360/SSI-2022-0360
DeStefano ZMa JBonneau JWalfish MWitchel EArpaci-Dusseau ARossbach CKeeton K(2024)NOPE: Strengthening domain authentication with succinct proofsProceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles10.1145/3694715.3695962(673-692)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3694715.3695962
Avizheh SNabi MSafavi-Naini R(2024)Refereed Delegation of Computation Using Smart ContractsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.337284821:6(5208-5227)Online publication date: Nov-2024
https://doi.org/10.1109/TDSC.2024.3372848
Kothapalli ASetty S(2024)HyperNova: Recursive Arguments for Customizable Constraint SystemsAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68403-6_11(345-379)Online publication date: 16-Aug-2024
https://doi.org/10.1007/978-3-031-68403-6_11
Chen EZhu JOzdemir AWahby RBrown FZheng W(2023)Silph: A Framework for Scalable and Accurate Generation of Hybrid MPC Protocols2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179397(848-863)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179397
Jiang KChait-Roth DDeStefano ZWalfish MWies T(2023)Less is more: refinement proofs for probabilistic proofs2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179393(1112-1129)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179393
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents