Abstract
To instill greater confidence in computations outsourced to the cloud, clients should be able to verify the correctness of the results returned. To this end, we introduce Pinocchio, a built system for efficiently verifying general computations while relying only on cryptographic assumptions. With Pinocchio, the client creates a public evaluation key to describe her computation; this setup is proportional to evaluating the computation once. The worker then evaluates the computation on a particular input and uses the evaluation key to produce a proof of correctness. The proof is only 288 bytes, regardless of the computation performed or the size of the IO. Anyone can check the proof using a public verification key.
Crucially, our evaluation on seven applications demonstrates that Pinocchio is efficient in practice too. Pinocchio's verification time is a fixed 10 ms plus 0.4--15 μs per IO element: 5--7 orders of magnitude less than previous work; indeed Pinocchio is the first general-purpose system to demonstrate verification cheaper than native execution (for some apps). The worker's proof effort is still expensive, but Pinocchio reduces it by 19×--60× relative to prior work. As an additional feature, Pinocchio allows the worker to include private inputs in the computation and prove that she performed the computation correctly without revealing any information about the private inputs to the client. Finally, to aid development, Pinocchio provides an end-to-end toolchain that compiles a subset of C into programs that implement the verifiable computation protocol.<!-- END_PAGE_1 -->
- Arora, S., Lund, C., Motwani, R., Sudan, M., Szegedy, M. Proof verification and the hardness of approximation problems. J. ACM 45, 3 (1998). Google ScholarDigital Library
- Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M. Zerocash: Decentralized anonymous payments from Bitcoin. In Proceedings of the IEEE Symposium on Security and Privacy (2014). Google ScholarDigital Library
- Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M. Succinct non-interactive zero knowledge for a von Neumann architecture. In Proceedings of USENIX Security (2014). Google ScholarDigital Library
- Braun, B., Feldman, A.J., Ren, Z., Setty, S., Blumberg, A.J., Walfish, M. Verifying computations with state. In Proceedings of the ACM SOSP (2013). Google ScholarDigital Library
- Castro, M., Liskov, B. Practical Byzantine fault tolerance and proactive recovery. ACM Trans. Comp. Syst. 20, 4 (2002). Google ScholarDigital Library
- Chen, Y., Sion, R. To cloud or not to cloud? Musings on costs and viability. In Proceedings of the ACM Symposium on Cloud Computing (2011). Google ScholarDigital Library
- Cormode, G., Mitzenmacher, M., Thaler, J. Practical verified computation with streaming interactive proofs. In ITCS (2012). Google ScholarDigital Library
- Danezis, G., Fournet, C., Kohlweiss, M., Parno, B. Pinocchio coin: Building Zerocoin from a succinct pairingbased proof system. In ACM Workshop on Language Support for Privacy Enhancing Technologies (2013). Google ScholarDigital Library
- Gennaro, R., Gentry, C., Parno. B. Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In Proceedings of IACR CRYPTO (2010). Google ScholarDigital Library
- Gennaro, R., Gentry, C., Parno, B., Raykova, M. Quadratic span programs and succinct NIZKs without PCPs. In EUROCRYPT (2013). Originally published as Cryptology ePrint Archive, Report 2012/215.Google Scholar
- Gentry, C. A fully homomorphic encryption scheme. PhD thesis, Stanford University (2009). Google ScholarDigital Library
- Goldwasser, S., Kalai, Y.T., Rothblum, G.N. Delegating computation: Interactive proofs for muggles. In STOC (2008). Google ScholarDigital Library
- Golle, P., Mironov, I. Uncheatable distributed computations. In Proceedings of CT-RSA (2001). Google ScholarDigital Library
- Ishai, Y., Kushilevitz, E., Ostrovsky, R. Efficient arguments without short PCPs. In IEEE Conference on Computational Complexity (2007). Google ScholarDigital Library
- Kilian, J. A note on efficient zero-knowledge proofs and arguments (extended abstract). In STOC (1992). Google ScholarDigital Library
- Lee, R.B., Kwan, P., McGregor, J.P., Dwoskin, J., Wang, Z. Architecture for protecting critical secrets in microprocessors. In Proceedings of the International Symposium on Computer Architecture (ISCA) (2005). Google ScholarDigital Library
- Meiklejohn, S., Erway, C.C., Küpçü, A., Hinkle, T., Lysyanskaya, A. ZKPDL: A language-based system for efficient zero-knowledge proofs and electronic cash. In Proceedings of USENIX Security (2010). Google ScholarDigital Library
- Naehrig, M., Niederhagen, R., Schwabe, P. New software speed records for cryptographic pairings. In Proceedings of LATINCRYPT (2010). Google ScholarDigital Library
- Parno, B., McCune, J.M., Perrig, A. Bootstrapping Trust in Modern Computers. Springer, New York/Dordrecht/Heidelberg/London, 2011. DOI: 10.1007/978-1-4614-1460-5. Google Scholar
- Parno, B., Raykova, M., Vaikuntanathan, V. How to delegate and verify in public: Verifiable computation from attribute-based encryption. In IACR Theory of Cryptography Conference (TCC) (2012). Google ScholarDigital Library
- Setty, S., Braun, B., Vu, V., Blumberg, A.J., Parno, B., Walfish, M. Resolving the conflict between generality and plausibility in verified computation. In Proceedings of the ACM European Conference on Computer Systems (EuroSys) (Apr. 2013). Google ScholarDigital Library
- Setty, S., McPherson, R., Blumberg, A.J., Walfish, M. Making argument systems for outsourced computation practical (sometimes). In Proceedings of the ISOC NDSS (2012).Google Scholar
- Setty, S., Vu, V., Panpalia, N., Braun, B., Blumberg, A.J., Walfish, M. Taking proof-based verified computation a few steps closer to practicality. In Proceedings of USENIX Security (2012). Google ScholarDigital Library
- Sion, R. Query execution assurance for outsourced databases. In The Very Large Databases Conference (VLDB) (2005). Google ScholarDigital Library
- Thaler, J. Time-optimal interactive proofs for circuit evaluation. In Proceedings of CRYPTO (2013).Google ScholarCross Ref
Index Terms
- Pinocchio: nearly practical verifiable computation
Recommendations
Pinocchio: Nearly Practical Verifiable Computation
SP '13: Proceedings of the 2013 IEEE Symposium on Security and PrivacyTo instill greater confidence in computations outsourced to the cloud, clients should be able to verify the correctness of the results returned. To this end, we introduce Pinocchio, a built system for efficiently verifying general computations while ...
Grumpy & Pinocchio: Answering Human-Agent Negotiation Questions through Realistic Agent Design
AAMAS '17: Proceedings of the 16th Conference on Autonomous Agents and MultiAgent SystemsWe present the Interactive Arbitration Guide Online (IAGO) platform, a tool for designing human-aware agents for use in negotiation. Current state-of-the-art research platforms are ideally suited for agent-agent interaction. While helpful, these often ...
Efficient Verification of Sequential and Concurrent C Programs
There has been considerable progress in the domain of software verification over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques such as predicate abstraction. ...
Comments