Results 1 
4 of
4
Practical authenticated pattern matching with optimal proof size
 Proceedings of the VLDB Endowment
"... We address the problem of authenticating pattern matching queries over textual data that is outsourced to an untrusted cloud server. By employing cryptographic accumulators in a novel optimal integritychecking tool built directly over a suffix tree, we design the first authenticated data structure ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
We address the problem of authenticating pattern matching queries over textual data that is outsourced to an untrusted cloud server. By employing cryptographic accumulators in a novel optimal integritychecking tool built directly over a suffix tree, we design the first authenticated data structure for verifiable answers to pattern matching queries featuring fast generation of constantsize proofs. We present two main applications of our new construction to authenticate: (i) pattern matching queries over text documents, and (ii) exact path queries over XML documents. Answers to queries are verified by proofs of size at most 500 bytes for text pattern matching, and at most 243 bytes for exact path XML search, independently of the document or answer size. By design, our authentication schemes can also be parallelized to offer extra efficiency during data outsourcing. We provide a detailed experimental evaluation of our schemes showing that for both applications the times required to compute and verify a proof are very small—e.g., it takes less than 10µs to generate a proof for a pattern (mis)match of 102 characters in a text of 106 characters, once the query has been evaluated. 1.
1Cryptoleq: A Heterogeneous Abstract Machine for Encrypted and Unencrypted Computation
"... The rapid expansion and increased popularity of cloud computing comes with no shortage of privacy concerns about outsourcing computation to semitrusted parties. Leveraging the power of encryption, in this paper we introduce Cryptoleq: an abstract machine based on the concept of One Instruction Set ..."
Abstract
 Add to MetaCart
(Show Context)
The rapid expansion and increased popularity of cloud computing comes with no shortage of privacy concerns about outsourcing computation to semitrusted parties. Leveraging the power of encryption, in this paper we introduce Cryptoleq: an abstract machine based on the concept of One Instruction Set Computer, capable of performing generalpurpose computation on encrypted programs. The program operands are protected using the Paillier partially homomorphic cryptosystem, which supports addition on the encrypted domain. Full homomorphism over addition and multiplication, which is necessary for enabling generalpurpose computation, is achieved by inventing a software reencryption module written using Cryptoleq instructions and blended into the executing program. Cryptoleq is heterogeneous, allowing mixing encrypted and unencrypted instruction operands in the same program memory space. Programming with Cryptoleq is facilitated using an enhanced assembly language that allows development of any advanced algorithm on encrypted datasets. As a case study, we implemented and evaluated the performance of a typical Private Information Retrieval problem.
How to Use SNARKs in Universally Composable Protocols
"... The past several years have seen tremendous advances in practical, generalpurpose, noninteractive proof systems called SNARKs. These building blocks are efficient and convenient, with multiple publicly available implementations, including tools to compile highlevel code (e.g., written in C) to ar ..."
Abstract
 Add to MetaCart
The past several years have seen tremendous advances in practical, generalpurpose, noninteractive proof systems called SNARKs. These building blocks are efficient and convenient, with multiple publicly available implementations, including tools to compile highlevel code (e.g., written in C) to arithmetic circuits, the native representation used by SNARK constructions. However, while we would like to use these primitives in UCsecure protocols—which are provablysecure even when composed with other arbitrary concurrentlyexecuting protocols— the SNARK definition is not directly compatible with this framework, due to its use of non blackbox knowledge extraction. We show several constructions to transform SNARKs into UCsecure NIZKs, along with benchmarks and an endtoend application example showing that the added overhead is tolerable. Our constructions rely on embedding cryptographic algorithms into the SNARK proof system. Ordinarily, cryptographic constructions are chosen and tuned for implementation on CPUs or in hardware, not as arithmetic circuits. We therefore also explore SNARKfriendly cryptography, describing several protocol parameterizations, implementations, and performance comparisons for encryption, commitments, and other tasks. This is also of independent interest for use in other SNARKbased applications. 1
ETH Zurich
, 2015
"... Large computations, when amenable to distributed parallel execution, are often executed on computer clusters, for scalability and cost reasons. Such computations are used in many applications, including, to name but a few, machine learning, webgraph mining, and statistical machine translation. Often ..."
Abstract
 Add to MetaCart
Large computations, when amenable to distributed parallel execution, are often executed on computer clusters, for scalability and cost reasons. Such computations are used in many applications, including, to name but a few, machine learning, webgraph mining, and statistical machine translation. Oftentimes, though, the input data is private and only the result of the computation can be published. Zeroknowledge proofs would allow, in such settings, to verify correctness of the output without leaking (additional) information about the input. In this work, we investigate theoretical and practical aspects of zeroknowledge proofs for cluster computations. We design, build, and evaluate zeroknowledge proof systems for which: (i) a proof attests to the correct execution of a cluster computation; and (ii) generating the proof is itself a cluster computation that is similar in structure and complexity to the original one. Concretely, we focus on MapReduce, an elegant and popular form of cluster computing. Previous zeroknowledge proof systems can in principle prove a MapReduce computation’s correctness, via a monolithic NP statement that reasons about all mappers, all reducers, and shuffling. However, it is not clear how to generate the proof for such monolithic statements via parallel execution by a distributed system. Our work demonstrates, by theory and implementation, that proof generation can be similar in structure and complexity to the original cluster computation.