Two protocols for delegation of computation

  • Authors:

  • Ran Canetti;Ben Riva;Guy N. Rothblum

  • Affiliations:

  • Boston University, Boston, MA, USA,Tel Aviv University, Tel Aviv, Israel;Tel Aviv University, Tel Aviv, Israel;Microsoft Research Silicon Valley, Mountain View, CA

  • Venue:
  • ICITS'12 Proceedings of the 6th international conference on Information Theoretic Security
  • Year:
  • 2012

Quantified Score

Hi-index 0.00

Visualization

Abstract

Consider a weak client that wishes to delegate computation to an untrusted server and be able to succinctly verify the correctness of the result. We present protocols in two relaxed variants of this problem. We first consider a model where the client delegates the computation to two or more servers, and is guaranteed to output the correct answer as long as even a single server is honest. In this model, we show a 1-round statistically sound protocol for any log-space uniform $\mathcal{NC}\,$ circuit. In contrast, in the single server setting all known one-round succinct delegation protocols are computationally sound. The protocol extends the arithemetization techniques of [Goldwasser-Kalai-Rothblum, STOC 08] and [Feige-Kilian, STOC 97]. Next we consider a simplified view of the protocol of [Goldwasser-Kalai-Rothblum, STOC 08] in the single-server model with a non-succinct, but public, offline stage. Using this simplification we construct two computationally sound protocols for delegation of computation of any circuit C with depth d and input length n, even a non-uniform one, such that the client runs in time n·poly(log(|C|), d). The first protocol is potentially practical and easier to implement for general computations than the full protocol of [Goldwasser-Kalai-Rothblum, STOC 08], and the second is a 1-round protocol with similar complexity, but less efficient server.