Results 1  10
of
11
ALITHEIA: Towards practical verifiable graph processing
 In CCS
, 2014
"... We consider a scenario in which a data owner outsources storage of a large graph to an untrusted server; the server performs computations on this graph in response to queries from a client (whether the data owner or others), and the goal is to ensure verifiability of the returned results. Existing ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
We consider a scenario in which a data owner outsources storage of a large graph to an untrusted server; the server performs computations on this graph in response to queries from a client (whether the data owner or others), and the goal is to ensure verifiability of the returned results. Existing work on verifiable computation (VC) would compile each graph computation to a circuit or a RAM program and then use generic techniques to produce a cryptographic proof of correctness for the result. Such an approach will incur large overhead, especially in the proofcomputation time. In this work we address the above by designing, building, and evaluating ALITHEIA, a nearly practical VC system tailored for graph queries such as computing shortest paths, longest paths, and maximum flow. The underlying principle of ALITHEIA is to minimize the use of generic VC systems by leveraging various algorithmic techniques specific for graphs. This leads to both theoretical and practical improvements. Asymptotically, it improves the complexity of proof computation by at least a logarithmic factor. On the practical side, we show that ALITHEIA achieves significant performance improvements over current stateoftheart (up to a 108 × improvement in proofcomputation time, and a 99.9 % reduction in server storage), while scaling to 200,000node graphs.
Hawk: the blockchain model of cryptography and privacypreserving smart contracts. IACR: 2015/675
"... Emerging smart contract systems over decentralized cryptocurrencies allow mutually distrustful parties to transact safely with each other without trusting a thirdparty intermediary. In the event of contractual breaches or aborts, the decentralized blockchain ensures that other honest parties obta ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
Emerging smart contract systems over decentralized cryptocurrencies allow mutually distrustful parties to transact safely with each other without trusting a thirdparty intermediary. In the event of contractual breaches or aborts, the decentralized blockchain ensures that other honest parties obtain commesurate remuneration. Existing systems, however, lack transactional privacy. All transactions, including flow of money between pseudonyms and amount trasacted, are exposed in the clear on the blockchain. We present Hawk, a decentralized smart contract system that does not store financial transactions in the clear on the blockchain, thus retaining transactional privacy from the public’s view. A Hawk programmer can write a private smart contract in an intuitive manner without having to implement cryptography, and our compiler automatically generates an efficient cryptographic protocol where contractual parties interact with the blockchain, using cryptographic primitives such as succint zeroknowledge proofs. To formally define and reason about the security of our protocols, we are the first to formalize the blockchain model of secure computation. The formal modeling is of independent interest. We advocate the community to adopt such a formal model when designing interesting applications atop decentralized blockchains. 1.
Verifiable differential privacy
, 2015
"... Working with sensitive data is often a balancing act between privacy and integrity concerns. Consider, for instance, a medical researcher who has analyzed a patient database to judge the effectiveness of a new treatment and would now like to publish her findings. On the one hand, the patients may b ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Working with sensitive data is often a balancing act between privacy and integrity concerns. Consider, for instance, a medical researcher who has analyzed a patient database to judge the effectiveness of a new treatment and would now like to publish her findings. On the one hand, the patients may be concerned that the researcher’s results contain too much information and accidentally leak some private fact about themselves; on the other hand, the readers of the published study may be concerned that the results contain too little information, limiting their ability to detect errors in the calculations or flaws in the methodology. This paper presents VerDP, a system for private data analysis that provides both strong integrity and strong differential privacy guarantees. VerDP accepts queries that are written in a special query language, and it processes them only if a) it can certify them as differentially private, and if b) it can prove the integrity of the result in zero knowledge. Our experimental evaluation shows that VerDP can successfully process several different queries from the differential privacy literature, and that the cost of generating and verifying the proofs is practical: for example, a histogram query over a 63,488entry data set resulted in a 20 kB proof that took 32 EC2 instances less than two hours to generate, and that could be verified on a single machine in about one second. 1.
IntegriDB: Verifiable SQL for Outsourced Databases
"... This paper presents INTEGRIDB, a system allowing a data owner to outsource storage of a database to an untrusted server, and then enable anyone to perform verifiable SQL queries over that database. Our system handles a rich subset of SQL queries, including multidimensional range queries, JOIN, SUM ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
This paper presents INTEGRIDB, a system allowing a data owner to outsource storage of a database to an untrusted server, and then enable anyone to perform verifiable SQL queries over that database. Our system handles a rich subset of SQL queries, including multidimensional range queries, JOIN, SUM, MAX/MIN, COUNT, and AVG, as well as (limited) nestings of such queries. Even for tables with 105 entries, INTEGRIDB has small proofs (a few KB) that depend only logarithmically on the size of the database, low verification time (tens of milliseconds), and feasible server computation (under a minute). Efficient updates are also supported. We prove security of INTEGRIDB based on known cryptographic assumptions, and demonstrate its practicality and expressiveness via performance measurements and verifiable processing of SQL queries from the TPCH and TPCC benchmarks.
USENIX Association 23rd USENIX Security Symposium 765 TRUESET: Faster Verifiable Set Computations∗
, 2014
"... USENIX ..."
(Show Context)
unknown title
"... Abstract—Recent work on proofbased verifiable computation has resulted in built systems that employ tools from complexity theory and cryptography to address a basic problem in systems security: allowing a local computer to outsource the execution of a program while providing the local computer wit ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—Recent work on proofbased verifiable computation has resulted in built systems that employ tools from complexity theory and cryptography to address a basic problem in systems security: allowing a local computer to outsource the execution of a program while providing the local computer with a guarantee of integrity and the remote computer with a guarantee of privacy. However, support for programs that use RAM and control flow has been problematic. State of the art systems either restrict the use of these constructs (e.g., requiring static loop bounds), incur sizeable overhead on every step, or pay tremendous costs when the constructs are invoked. This paper describes Buffet, a built system that solves these problems by providing inexpensive “a la carte ” RAM and dynamic control flow. Buffet composes an elegant prior approach to RAM with a novel adaptation of techniques from the compilers literature. Buffet allows the programmer to express programs in an expansive subset of C (disallowing only “goto ” and function pointers), can handle essentially any example in the verifiable computation literature, and achieves the best performance in the area by multiple orders of magnitude. 1
Bivariate Polynomials Modulo Composites and their Applications
, 2014
"... We investigate the hardness of finding solutions to bivariate polynomial congruences modulo RSA composites. We establish necessary conditions for a bivariate polynomial to be oneway, second preimage resistant, and collision resistant based on arithmetic properties of the polynomial. From these ..."
Abstract
 Add to MetaCart
(Show Context)
We investigate the hardness of finding solutions to bivariate polynomial congruences modulo RSA composites. We establish necessary conditions for a bivariate polynomial to be oneway, second preimage resistant, and collision resistant based on arithmetic properties of the polynomial. From these conditions we deduce a new computational assumption that implies an efficient algebraic collisionresistant hash function. We explore the assumption and relate it to known computational problems. The assumption leads to (i) a new statistically hiding commitment scheme that composes well with Pedersen commitments, (ii) a conceptually simple cryptographic accumulator, and (iii) an efficient chameleon hash function.
Microsoft Research
, 2014
"... Cloud computing sparked interest in Verifiable Computation protocols, which allow a weak client to securely outsource computations to remote parties. Recent work has dramatically reduced the client’s cost to verify the correctness of results, but the overhead to produce proofs largely remains impr ..."
Abstract
 Add to MetaCart
(Show Context)
Cloud computing sparked interest in Verifiable Computation protocols, which allow a weak client to securely outsource computations to remote parties. Recent work has dramatically reduced the client’s cost to verify the correctness of results, but the overhead to produce proofs largely remains impractical. Geppetto introduces complementary techniques for reducing prover overhead and increasing prover flexibility. With MultiQAPs, Geppetto reduces the cost of sharing state between computations (e.g., for MapReduce) or within a single computation by up to two orders of magnitude. Via a careful instantiation of cryptographic primitives, Geppetto also brings down the cost of verifying outsourced cryptographic computations (e.g., verifiably computing on signed data); together with Geppetto’s notion of bounded proof bootstrapping, Geppetto improves on prior bootstrapped systems by five orders of magnitude, albeit at some cost in universality. Geppetto also supports qualitatively new properties like verifying the correct execution of proprietary (i.e., secret) algorithms. Finally, Geppetto’s use of energysaving circuits brings the prover’s costs more in line with the program’s actual (rather than worstcase) execution time. Geppetto is implemented in a fullfledged, scalable compiler that consumes LLVM code generated from a variety of apps, as well as a large cryptographic library. 1
A Note on the Unsoundness of vnTinyRAM’s SNARK
"... Gennaro, Gentry, Parno, and Raykova (GGPR) introduced Quadratic Arithmetic Programs (QAPs) as a way of representing arithmetic circuits in a form amendable to highly efficient cryptographic protocols [11], particularly for verifiable computation and succinct noninteractive arguments [12]. Subsequ ..."
Abstract
 Add to MetaCart
(Show Context)
Gennaro, Gentry, Parno, and Raykova (GGPR) introduced Quadratic Arithmetic Programs (QAPs) as a way of representing arithmetic circuits in a form amendable to highly efficient cryptographic protocols [11], particularly for verifiable computation and succinct noninteractive arguments [12]. Subsequently, Parno, Gentry, Howell, and Raykova introduced an improved cryptographic protocol (and implementation), which they dubbed Pinocchio [13]. BenSasson et al. [5] then introduced a lightly modified version of the Pinocchio protocol and implemented it as part of their libsnark distribution. Later work by the same authors employed this protocol [2–4, 10], as did a few works by others [1, 14]. Many of these works cite the version of the paper which was published at USENIX Security [6]. How