Paper 2014/846

Verifiable computation using multiple provers

Andrew J. Blumberg, Justin Thaler, Victor Vu, and Michael Walfish


The increasing ubiquity of the cloud computing paradigm has renewed focus on the classical problem of allowing weak clients to check the results of computation delegated to powerful servers. Recent advances in proof-based verifiable computation have led to several near-practical protocols. Protocols based on interactive proofs (IPs) work with highly restrictive models of computation and are thus efficient only for a limited class of computations. In contrast, protocols based on argument systems apply to a much larger class of computations, but efficiency requires amortization of very expensive setup costs. This paper initiates the study of the practical efficiency of multiprover interactive proofs (MIPs). We present a new MIP for delegating computation that extends insights from a powerful IP protocol (Goldwasser et al., STOC, 2008). Without reductions or amplification, our protocol uses only two provers (departing from prior work on MIPs), and achieves both the efficiency of interactive proof-based protocols and the generality of argument system-based protocols. Also, this result, together with recently developed machinery, creates a potential avenue toward concretely efficient arguments without setup costs. We describe Clover, a built system for verifiable computation, based on our protocol. Although Clover does not implement the full theory (it has setup costs), it applies to problems that existing IPs cannot efficiently handle, and achieves performance comparable to, or better than, the best argument systems.

Note: Author order corrected to be alphabetical.

Available format(s)
Publication info
Preprint. MINOR revision.
interactive proofsverifiable computationcircuit evaluation
Contact author(s)
jthaler @ fas harvard edu
2014-10-22: revised
2014-10-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Andrew J.  Blumberg and Justin Thaler and Victor Vu and Michael Walfish},
      title = {Verifiable computation using multiple provers},
      howpublished = {Cryptology ePrint Archive, Paper 2014/846},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.