Cryptology ePrint Archive: Report 2014/674

Efficient RAM and control flow in verifiable outsourced computation

Riad S. Wahby and Srinath Setty and Max Howald and Zuocheng Ren and Andrew J. Blumberg and Michael Walfish

Abstract: Recent work on proof-based verifiable computation has resulted in built systems that employ tools from complexity theory and cryptography to address a basic problem in systems security: allowing a local computer to outsource the execution of a program while providing the local computer with a guarantee of integrity and the remote computer with a guarantee of privacy. However, support for programs that use RAM and control flow has been problematic. State of the art systems either restrict the use of these constructs (e.g., requiring static loop bounds), incur sizeable overhead on every step, or pay tremendous costs when the constructs are invoked.

This paper describes Buffet, a built system that solves these problems by providing inexpensive "a la carte" RAM and dynamic control flow. Buffet composes an elegant prior approach to RAM with a novel adaptation of techniques from the compilers literature. Buffet allows the programmer to express programs in an expansive subset of C (disallowing only "goto" and function pointers), can handle essentially any example in the verifiable computation literature, and achieves the best performance in the area by multiple orders of magnitude.

Category / Keywords: cryptographic protocols / implementation, applications of PCPs, zero knowledge, verifiable computation with state, zero-knowledge, succinct arguments, computationally-sound proofs

Original Publication (with major differences): NDSS 2015
DOI:
10.14722/ndss.2015.23097

Date: received 28 Aug 2014, last revised 14 Dec 2014

Contact author: rsw at cs nyu edu

Available format(s): PDF | BibTeX Citation

Note: This version reflects a major update to our experimental apparatus as well as text revision throughout.

Version: 20141214:195506 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]