Multi-prover interactive proofs: how to remove intractability assumptions
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
A note on efficient zero-knowledge proofs and arguments (extended abstract)
STOC '92 Proceedings of the twenty-fourth annual ACM symposium on Theory of computing
Algebraic methods for interactive proof systems
Journal of the ACM (JACM)
Making games short (extended abstract)
STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
SIAM Journal on Computing
Does Parallel Repetition Lower the Error in Computationally Sound Protocols?
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Delegating computation: interactive proofs for muggles
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Succinct NP Proofs from an Extractability Assumption
CiE '08 Proceedings of the 4th conference on Computability in Europe: Logic and Theory of Algorithms
Probabilistically Checkable Arguments
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Universal Arguments and their Applications
SIAM Journal on Computing
From secrecy to soundness: efficient verification via secure computation
ICALP'10 Proceedings of the 37th international colloquium conference on Automata, languages and programming
Non-interactive verifiable computing: outsourcing computation to untrusted workers
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Improved delegation of computation using fully homomorphic encryption
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Verifiable delegation of computation over large datasets
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Practical delegation of computation using multiple servers
Proceedings of the 18th ACM conference on Computer and communications security
Practical verified computation with streaming interactive proofs
Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
Hardness amplification of weakly verifiable puzzles
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Secure two-party computation with low communication
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
How to delegate and verify in public: verifiable computation from attribute-based encryption
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Competing provers protocols for circuit evaluation
Proceedings of the 4th conference on Innovations in Theoretical Computer Science
Multi-Client non-interactive verifiable computation
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Hi-index | 0.00 |
Consider a weak client that wishes to delegate computation to an untrusted server and be able to succinctly verify the correctness of the result. We present protocols in two relaxed variants of this problem. We first consider a model where the client delegates the computation to two or more servers, and is guaranteed to output the correct answer as long as even a single server is honest. In this model, we show a 1-round statistically sound protocol for any log-space uniform $\mathcal{NC}\,$ circuit. In contrast, in the single server setting all known one-round succinct delegation protocols are computationally sound. The protocol extends the arithemetization techniques of [Goldwasser-Kalai-Rothblum, STOC 08] and [Feige-Kilian, STOC 97]. Next we consider a simplified view of the protocol of [Goldwasser-Kalai-Rothblum, STOC 08] in the single-server model with a non-succinct, but public, offline stage. Using this simplification we construct two computationally sound protocols for delegation of computation of any circuit C with depth d and input length n, even a non-uniform one, such that the client runs in time n·poly(log(|C|), d). The first protocol is potentially practical and easier to implement for general computations than the full protocol of [Goldwasser-Kalai-Rothblum, STOC 08], and the second is a 1-round protocol with similar complexity, but less efficient server.