Verifiable Outsourcing of Computation Ron Rothblum.

Slides:

Advertisements

Similar presentations

Perfect Non-interactive Zero-Knowledge for NP

Advertisements

Short Pairing-based Non-interactive Zero-Knowledge Arguments Jens Groth University College London TexPoint fonts used in EMF. Read the TexPoint manual.

On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.

Efficient Multiparty Protocols via Log-Depth Threshold Formulae Ron Rothblum Weizmann Institute Joint work with Gil Cohen, Ivan Damgard, Yuval Ishai, Jonas.

Are PCPs Inherent in Efficient Arguments? Guy Rothblum, MIT ) MSR-SVC ) IAS Salil Vadhan, Harvard University.

Quantum Money from Hidden Subspaces Scott Aaronson and Paul Christiano.

Statistical Zero-Knowledge Arguments for NP from Any One-Way Function Salil Vadhan Minh Nguyen Shien Jin Ong Harvard University.

On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.

New Publicly Verifiable Databases with Efficient Updates

Efficient Non-Interactive Zero Knowledge Arguments for Set Operations Prastudy Fauzi, Helger Lipmaa, Bingsheng Zhang University of Tartu, University of.

The Complexity of Zero-Knowledge Proofs Salil Vadhan Harvard University.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.

Gillat Kol joint work with Ran Raz Competing Provers Protocols for Circuit Evaluation.

How to Delegate Computations: The Power of No-Signaling Proofs Ron Rothblum Weizmann Institute Joint work with Yael Kalai and Ran Raz.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London FOSAD 2014.

GARBLED CIRCUITS & SECURE TWO-PARTY COMPUTATION

Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups Masayuki Abe, NTT Jens Groth, University College London Kristiyan Haralambiev, NYU.

Fall 2004COMP 3351 Undecidable problems for Recursively enumerable languages continued…

1 Adapted from Oded Goldreich’s course lecture notes.

Fall 2004COMP 3351 Recursively Enumerable and Recursive Languages.

Recursively Enumerable and Recursive Languages

Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases Brian Thompson 1, Stuart Haber 2, William G. Horne 2, Tomas.

Zero Knowledge Proofs. Interactive proof An Interactive Proof System for a language L is a two-party game between a verifier and a prover that interact.

The Power of Randomness in Computation 呂及人中研院資訊所.

Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.

Multi-Client Non-Interactive Verifiable Computation Seung Geol Choi (Columbia U.) Jonathan Katz (U. Maryland) Ranjit Kumaresan (Technion) Carlos Cid (Royal.

1 Sublinear Algorithms Lecture 1 Sofya Raskhodnikova Penn State University TexPoint fonts used in EMF. Read the TexPoint manual before you delete this.

Cryptography Lecture 9 Stefan Dziembowski

Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.

Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.

2012/1/25 Complete Problem for Perfect Zero-Knowledge Quantum Interactive Proof Jun Yan State Key Laboratory of Computer Science, Institute.

CSCI 3160 Design and Analysis of Algorithms Tutorial 10 Chengyu Lin.

Major Disciplines in Computer Science Ken Nguyen Department of Information Technology Clayton State University.

Succinct Functional Encryption: d Reusable Garbled Circuits and Beyond

Client-Server Concurrent Zero Knowledge with Constant Rounds and Guaranteed Complexity Ran Canetti, Abhishek Jain and Omer Paneth 1.

Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.

New Techniques for NIZK Jens Groth Rafail Ostrovsky Amit Sahai University of California Los Angeles.

Beauty and Joy of Computing Limits of Computing Ivona Bezáková CS10: UC Berkeley, April 14, 2014 (Slides inspired by Dan Garcia’s slides.)

Copyright (c) 2012 NTT Secure Platform Labs. Group to Group Commitments Do Not Shrink Masayuki ABE Kristiyan Haralambiev Miyako Ohkubo 1.

Verifiable Cloud Computing KANG Yu. Verifiable Computation Weak clients Computationally powerful cloud Goal: – Verify the computing result.

Public Non-interactive Verifiable Computation Model 公共非交互性可验证计算模型.

Based on work with: Sergey Gorbunov and Vinod Vaikuntanathan Homomorphic Commitments & Signatures Daniel Wichs Northeastern University.

NIR BITANSKY, OMER PANETH, ALON ROSEN ON THE CRYPTOGRAPHIC HARDNESS OF FINDING A NASH EQUILIBRIUM.

狄彥吾 (Yen-Wu Ti) 華夏技術學院資訊工程系 Property Testing on Combinatorial Objects.

CRYPTOGRAPHIC HARDNESS OTHER FUNCTIONALITIES Andrej Bogdanov Chinese University of Hong Kong MACS Foundations of Cryptography| January 2016.

NP ⊆ PCP(n 3, 1) Theory of Computation. NP ⊆ PCP(n 3,1) What is that? NP ⊆ PCP(n 3,1) What is that?

 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.

Verifiable Threshold Secret Sharing and Full Fair Secure Two-party Computation YE Jian-wei March 7, 2009.

Zero-Knowledge Proofs Ben Hosp. Classical Proofs A proof is an argument for the truth or correctness of an assertion. A classical proof is an unambiguous.

Introductory Lecture. What is Discrete Mathematics? Discrete mathematics is the part of mathematics devoted to the study of discrete (as opposed to continuous)

Great Theoretical Ideas in Computer Science.

Secret Sharing Schemes: A Short Survey Secret Sharing 2.

Topic 36: Zero-Knowledge Proofs

Introduction to Randomized Algorithms and the Probabilistic Method

MPC and Verifiable Computation on Committed Data

Zero Knowledge Anupam Datta CMU Fall 2017

Laconic Oblivious Transfer and its Applications

Verifiable Oblivious Storage

Cryptography for Quantum Computers

Cynthia Dwork Moni Naor Guy Rothblum

Introduction to PCP and Hardness of Approximation

Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.

Fiat-Shamir for Highly Sound Protocols is Instantiable

Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.

Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.

Short Pairing-based Non-interactive Zero-Knowledge Arguments

In the name of God.

Cryptography Lecture 15.

Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.

Presentation transcript:

Verifiable Outsourcing of Computation Ron Rothblum

Outsourcing Computation A new paradigm of computation. Motivation: allow a computationally weak client to outsource its computation to the cloud.

Outsourcing Computation We do not want to blindly trust the cloud.

Secure Outsourcing of Computation

Verifiable Outsourcing of Computation Goal: allow the client to verify the correctness of the result. Doubly efficiency requirement: 1.The client should be super efficient. 2.The cloud should be relatively efficient. Also want to minimize the interaction. Proving should not be much harder than computing

(Almost) Linear-time Verification Prior Work Statistical Soundness Computational Soundness Interactive Non-interactive

(Almost) Linear-time Verification Prior Work Statistical Soundness Computational Soundness Interactive Non-interactive

(Almost) Linear-time Verification Prior Work Statistical Soundness Computational Soundness Interactive Non-interactive?

(Almost) Linear-time Verification Prior Work Statistical Soundness Computational Soundness Interactive Non-interactive?

(Almost) Linear-time Verification Prior Work Statistical Soundness Computational Soundness Interactive Non-interactive? * Lots of additional works in other models [M94,GGP10,CKV10, AIK10] or under strong assumptions [G10,GW11,GLR11,L12,BCCT12a,DFH12,BCCT12b,GGPR12,BGT14,PR14,…]

(Almost) Linear-time Verification Prior Work Statistical Soundness Computational Soundness Interactive Non-interactive? * Lots of additional works in other models [M94,GGP10,CKV10, AIK10] or under strong assumptions [G10,GW11,GLR11,L12,BCCT12a,DFH12,BCCT12b,GGPR12,BGT14,PR14,…]

(Almost) Linear-time Verification Prior Work Statistical Soundness Computational Soundness Interactive Non-interactive? * Lots of additional works in other models [M94,GGP10,CKV10, AIK10] or under strong assumptions [G10,GW11,GLR11,L12,BCCT12a,DFH12,BCCT12b,GGPR12,BGT14,PR14,…]

Sublinear-time Verification [EKR04,RVW13] Huge Database Motivation: statistical analysis of vast amounts of data. Huge Database

Sublinear-time Verification [EKR04,RVW13] Can we verify without even reading the input? Yes! If we allow for an approximate answer. Following property testing, only required to reject inputs that are far from the language. YES instance NO instance

Sublinear-time Verification [EKR04,RVW13] Can we verify without even reading the input? Yes! If we allow for an approximate answer. Following property testing, only required to reject inputs that are far from the language. Proof of Proximity: New type of proof-system, verifier is convinced that input is close to an accepting input.

Example [FGL14]

Sublinear-time Verification – State of the Art Statistical SoundnessComputational Soundness Non- interactive Interactive

Sublinear-time Verification – State of the Art Statistical SoundnessComputational Soundness Non- interactive Interactive

Sublinear-time Verification – State of the Art Statistical SoundnessComputational Soundness Non- interactive Interactive

Sublinear-time Verification – State of the Art Statistical SoundnessComputational Soundness Non- interactive Interactive

Sublinear-time Verification – State of the Art Statistical SoundnessComputational Soundness Non- interactive Interactive

Additional Interests Cryptography: – homomorphic encryption [R11]. – trapdoor permutations [GR13]. – MPC [CDIKMRR13]. – circular security [R13]. Psuedorandomness: – explicit constructions [CDIKMRR13]. – connections to data structures [MRRR14,RRU14].

Thanks!