Pinocchio: Nearly practical verifiable computation

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2013, Pages 238-252

  Parno, Bryan ^a   Howell, Jon ^a   Gentry, Craig ^b   Raykova, Mariana ^b  

^a MICROSOFT RESEARCH   (United States)

^b IBM RESEARCH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BASE PROTOCOLS; COMPUTATION PROTOCOLS; CRYPTOGRAPHIC ASSUMPTIONS; GENERAL-PURPOSE SYSTEMS; ORDERS OF MAGNITUDE; PROOF OF CORRECTNESS; PUBLIC VERIFICATIONS; ZERO KNOWLEDGE PROOF;

C (PROGRAMMING LANGUAGE);

EID: 84881259359     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2013.47     Document Type: Conference Paper

References (69)

1. D. P. Anderson, J. Cobb, E. Korpela, M. Lebofsky, and D. Werthimer, "SETI@Home: An experiment in public-resource computing," Communications of the ACM, vol. 45, no. 11, 2002.
2. F. Monrose, P. Wyckoff, and A. Rubin, "Distributed execution with remote audit," in Proc. of ISOC NDSS, 1999.
3. P. Golle and S. G. Stubblebine, "Secure distributed computing in a commercial environment," in Proc. of Financial Cryptography, 2002.
4. W. Du and M. T. Goodrich, "Searching for high-value rare events with uncheatable grid computing," in ACNS, 2005.
5. P. Golle and I. Mironov, "Uncheatable distributed computations," in Proc. of CT-RSA, 2001.
6. R. Sion, "Query execution assurance for outsourced databases," in The Very Large Databases Conference (VLDB), 2005.
7. M. Castro and B. Liskov, "Practical Byzantine fault tolerance and proactive recovery," ACM Trans. on Comp. Sys., vol. 20, no. 4, 2002.
8. B. Carbunar and R. Sion, "Uncheatable reputation for distributed computation markets," in Financial Cryptography, 2006.
9. R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn, "Design and implementation of a TCG-based integrity measurement architecture," in Proc. of the USENIX Security, 2004.
10. L. Chen, R. Landfermann, H. Löhr, M. Rohe, A.-R. Sadeghi, and C. Stüble, "A protocol for property-based attestation," in Proc. of the ACM Workshop on Scalable Trusted Computing (STC), 2006.
11. B. Parno, J. M. McCune, and A. Perrig, Bootstrapping Trust in Modern Computers. Springer, 2011.
12. A. Seshadri, M. Luk, E. Shi, A. Perrig, L. VanDoorn, and P. Khosla, "Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms," in Proc. of the ACM SOSP, 2005.
13. R. B. Lee, P. Kwan, J. P. McGregor, J. Dwoskin, and Z. Wang, "Architecture for protecting critical secrets in microprocessors," in Proc. of the International Symposium on Computer Architecture (ISCA), 2005.
14. D. Lie, C. A. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. C. Mitchell, and M. Horowitz, "Architectural support for copy and tamper resistant software," in Proc. of the ACM ASPLOS, 2000.
15. A.-R. Sadeghi, T. Schneider, and M. Winandy, "Token-based cloud computing: secure outsourcing of data and arbitrary computations with lower latency," in TRUST, 2010.
16. S. Goldwasser, S. Micali, and C. Rackoff, "The knowledge complexity of interactive proof systems," SIAM J. Comput., vol. 18, no. 1, 1989.
17. S. Arora and S. Safra, "Probabilistic checking of proofs: A new characterization of NP," J. ACM, vol. 45, no. 1, pp. 70-122, 1998. (Pubitemid 128615465)
18. J. Kilian, "A note on efficient zero-knowledge proofs and arguments (extended abstract)," in STOC, 1992.
19. S. Micali, "Computationally sound proofs," SIAM J. Comput., vol. 30, no. 4, pp. 1253-1298, 2000. Extended abstract in FOCS '94.
20. S. Goldwasser, Y. T. Kalai, and G. N. Rothblum, "Delegating computation: Interactive proofs for muggles," in STOC, 2008.
21. J. Groth, "Short pairing-based non-interactive zero-knowledge arguments," in ASIACRYPT, 2010.
22. R. Gennaro, C. Gentry, and B. Parno, "Non-interactive verifiable computing: Outsourcing computation to untrusted workers," 2010.
23. K.-M. Chung, Y. T. Kalai, and S. P. Vadhan, "Improved delegation of computation using fully homomorphic encryption," in CRYPTO, 2010.
24. C. Gentry, A fully homomorphic encryption scheme. PhD thesis, Stanford University, 2009. crypto.stanford.edu/craig.
25. J. Thaler, M. Roberts, M. Mitzenmacher, and H. Pfister, "Verifiable computation with massively parallel interactive proofs," in USENIX HotCloud Workshop, 2012.
26. G. Cormode, M. Mitzenmacher, and J. Thaler, "Practical verified computation with streaming interactive proofs," in ITCS, 2012.
27. S. Setty, R. McPherson, A. J. Blumberg, and M. Walfish, "Making argument systems for outsourced computation practical (sometimes)," in Proceedings of the ISOC NDSS, 2012.
28. S. Setty, V. Vu, N. Panpalia, B. Braun, A. J. Blumberg, and M. Walfish, "Taking proof-based verified computation a few steps closer to practicality," in Proc. of USENIX Security, 2012.
29. B. Parno, M. Raykova, and V. Vaikuntanathan, "How to delegate and verify in public: Verifiable computation from attribute-based encryption," in IACR Theory of Cryptography Conference (TCC), 2012.
30. R. Gennaro, C. Gentry, B. Parno, and M. Raykova, "Quadratic span programs and succinct NIZKs without PCPs," in EUROCRYPT, 2013.
31. Originally published as Cryptology ePrint Archive, Report 2012/215.
32. M. Blum, A. D. Santis, S. Micali, and G. Persiano, "Noninteractive zero-knowledge," SIAM J. on Computing, vol. 20, no. 6, 1991.
33. A. Rial and G. Danezis, "Privacy-preserving smart metering," in Proc. of the ACM WPES, 2011.
34. N. Pippenger and M. J. Fischer, "Relations among complexity measures," J. ACM, vol. 26, no. 2, 1979.
35. D. Boneh and M. Franklin, "Identity-based encryption from the Weil pairing," Proceedings of IACR CRYPTO, 2001.
36. D. Boneh, X. Boyen, and E.-J. Goh, "Hierarchical identity based encryption with constant size ciphertext," in EUROCRYPT, 2005.
37. D. Boneh, C. Gentry, and B. Waters, "Collusion resistant broadcast encryption with short ciphertexts and private keys," in CRYPTO, 2005.
38. M. Naor, "On cryptographic assumptions and challenges," in Proceedings of IACR CRYPTO, 2003.
39. M. Bellare and A. Palacio, "The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols," in CRYPTO, 2004.
40. C. Gentry and D. Wichs, "Separating succinct non-interactive arguments from all falsifiable assumptions," in STOC, 2011.
41. "Verifiable computation: Pinocchio." http://research.microsoft. com/verifcomp/, Mar. 2013.
42. I. Damgård, "Towards practical public key systems secure against chosen ciphertext attacks," in IACR CRYPTO, 1991.
43. D. A. Wheeler, "SLOCCount." http://www.dwheeler.com/sloccount/.
44. M. Aliasgari, M. Blanton, Y. Zhang, and A. Steele, "Secure computation on floating point numbers," in Proc. of ISOC NDSS, 2013.
45. A. Holzer, M. Franz, S. Katzenbeisser, and H. Veith, "Secure two-party computations in ANSI C," in Proc. of ACM CCS, 2012.
46. M. Naehrig, R. Niederhagen, and P. Schwabe, "New software speed records for cryptographic pairings," in Proc. of LATINCRYPT, 2010.
47. P. S. L. M. Barreto and M. Naehrig, "Pairing-friendly elliptic curves of prime order," in Selected Areas in Cryptography (SAC), 2006.
48. N. Pippenger, "On the evaluation of powers and related problems (preliminary version)," in Proc. of FOCS, 1976.
49. A. Aho, J. Hopcroft, and J. Ulman, The Design and Analysis of Computer Algorithms. Addison-Wesley, 1974.
50. G. Adomavicius and A. Tuzhilin, "Toward the next generation of recommender systems: A survey of the state-of-the-art and possible extensions," Trans. Knowledge and Data Engineering, vol. 17, no. 6, 2005.
51. D. A.Wolf-Gladrow, Lattice-Gas Cellular Automata and Lattice Boltzmann Models: An Introduction. Springer, 2005.
52. R. Motwani and P. Raghavan, Randomized Algorithms. Cambridge University Press, 1995.
53. Y. Ishai, E. Kushilevitz, and R. Ostrovsky, "Efficient arguments without short PCPs," in IEEE Conference on Computational Complexity, 2007.
54. C. Gentry, S. Halevi, and N. Smart, "Homomorphic evaluation of the AES circuit," in Proceedings of CRYPTO, 2012.
55. Y. Chen and R. Sion, "To cloud or not to cloud? Musings on costs and viability," in Proc. of the ACM Symposium on Cloud Computing, 2011.
56. G. O. Karame, M. Strasser, and S. Capkun, "Secure remote execution of sequential computations," in Intl. Conf. on Information and Communications Security, 2009.
57. S. Arora, C. Lund, R. Motwani, M. Sudan, and M. Szegedy, "Proof verification and the hardness of approximation problems," J. ACM, vol. 45, no. 3, 1998.
58. D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella, "Fairplay - a secure two-party computation system," in Proc. of USENIX Security, 2004.
59. Y. Huang, D. Evans, J. Katz, and L. Malka, "Faster secure two-party computation using garbled circuits," in USENIX Security, 2011.
60. B. Kreuter, abhi shelat, and C.-H. Shen, "Billion-gate secure computation with malicious adversaries," in Proc. of USENIX Security, 2012.
61. S. Setty, B. Braun, V. Vu, A. J. Blumberg, B. Parno, and M. Walfish, "Resolving the conflict between generality and plausibility in verified computation," in Proc. of the ACM European Conference on Computer Systems (EuroSys), Apr. 2013.
62. V. Vu, S. Setty, A. J. Blumberg, and M.Walfish, "A hybrid architecture for interactive verifiable computation," in IEEE Symposium on Security and Privacy, May 2013.
63. J. B. Almeida, E. Bangerter, M. Barbosa, S. Krenn, A.-R. Sadeghi, and T. Schneider, "A certifying compiler for zero-knowledge proofs of knowledge based on s-protocols," in Proc. of ESORICS, 2010.
64. S. Meiklejohn, C. C. Erway, A. Küpçü, T. Hinkle, and A. Lysyanskaya, "ZKPDL: A language-based system for efficient zero-knowledge proofs and electronic cash," in Proc. of USENIX, 2010.
65. M. Backes, M. Maffe, and K. Pecina, "Automated synthesis of privacy-preserving distributed applications," in Proc. of ISOC NDSS, 2012.
66. R. Cramer, I. Damgård, and B. Schoenmakers, "Proofs of partial knowledge and simplified design of witness hiding protocols," in Proc. of CRYPTO, 1994.
67. J. Groth and A. Sahai, "Efficient non-interactive proof systems for bilinear groups," in Proc. of EUROCRYPT, 2008.
68. D. Boneh and X. Boyen, "Short signatures without random oracles," in EUROCRYPT, 2004.
69. R. Gennaro, "Multi-trapdoor commitments and their applications to proofs of knowledge secure under concurrent man-in-the-middle attacks," in CRYPTO, 2004.