Paper 2011/587

Signatures of Correct Computation

Charalampos Papamanthou, Elaine Shi, and Roberto Tamassia


We introduce \textit{Signatures of Correct Computation} (SCC), a new model for verifying dynamic computations in cloud settings. In the SCC model, a trusted \emph{source} outsources a function $f$ to an untrusted \emph{server}, along with a public key for that function (to be used during verification). The server can then produce a succinct signature $\sigma$ vouching for the correctness of the computation of $f$, i.e., that some result $v$ is indeed the correct outcome of the function $f$ evaluated on some point $\vec{a}$. There are two crucial performance properties that we want to guarantee in an SCC construction: (1)~verifying the signature should take asymptotically less time than evaluating the function $f$; and (2)~the public key should be efficiently updated whenever the function changes. We construct SCC schemes (satisfying the above two properties) supporting expressive manipulations over multivariate polynomials, such as polynomial evaluation and differentiation. Our constructions are adaptively secure in the random oracle model and achieve \emph{optimal} updates, i.e., the function's public key can be updated in time proportional to the number of updated coefficients, without performing a linear-time computation (in the size of the polynomial). We also show that signatures of correct computation imply \emph{Publicly Verifiable Computation} (PVC), a model recently introduced in several concurrent and independent works. Roughly speaking, in the SCC model, \emph{any client} can verify the signature $\sigma$ and be convinced of some computation result, whereas in the PVC model only the client that issued a query (or anyone who trusts this client) can verify that the server returned a valid signature (proof) for the answer to the query. Our techniques can be readily adapted to construct PVC schemes with adaptive security, efficient updates and \textit{without the random oracle model}.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. full version of TCC 2013 paper
verifiable computation
Contact author(s)
cpap @ cs berkeley edu
2013-01-22: last of 4 revisions
2011-11-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Charalampos Papamanthou and Elaine Shi and Roberto Tamassia},
      title = {Signatures of Correct Computation},
      howpublished = {Cryptology ePrint Archive, Paper 2011/587},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.