Two Protocols for Delegation of Computation

  • Ran Canetti
  • Ben Riva
  • Guy N. Rothblum
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7412)


Consider a weak client that wishes to delegate computation to an untrusted server and be able to succinctly verify the correctness of the result. We present protocols in two relaxed variants of this problem.

We first consider a model where the client delegates the computation to two or more servers, and is guaranteed to output the correct answer as long as even a single server is honest. In this model, we show a 1-round statistically sound protocol for any log-space uniform \(\mathcal{NC}\,\)circuit. In contrast, in the single server setting all known one-round succinct delegation protocols are computationally sound. The protocol extends the arithemetization techniques of [Goldwasser-Kalai-Rothblum, STOC 08] and [Feige-Kilian, STOC 97].

Next we consider a simplified view of the protocol of [Goldwasser-Kalai-Rothblum, STOC 08] in the single-server model with a non-succinct, but public, offline stage. Using this simplification we construct two computationally sound protocols for delegation of computation of any circuit C with depth d and input length n, even a non-uniform one, such that the client runs in time n·poly(log(|C|), d). The first protocol is potentially practical and easier to implement for general computations than the full protocol of [Goldwasser-Kalai-Rothblum, STOC 08], and the second is a 1-round protocol with similar complexity, but less efficient server.


Interactive Proof Parallel Repetition Oracle Access Interactive Proof System Malicious Server 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AIK10]
    Applebaum, B., Ishai, Y., Kushilevitz, E.: From Secrecy to Soundness: Efficient Verification via Secure Computation. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010. LNCS, vol. 6198, pp. 152–163. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. [BCCR12]
    Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, pp. 326–349. ACM (2012)Google Scholar
  3. [BG02]
    Barak, B., Goldreich, O.: Universal arguments and their applications. SIAM J. Comput. 38, 1661–1694 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  4. [BGKW88]
    Ben-Or, M., Goldwasser, S., Kilian, J., Wigderson, A.: Multi-prover interactive proofs: how to remove intractability assumptions. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 113–131. ACM (1988)Google Scholar
  5. [BGV11]
    Benabbas, S., Gennaro, R., Vahlis, Y.: Verifiable Delegation of Computation over Large Datasets. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 111–131. Springer, Heidelberg (2011)Google Scholar
  6. [BIN97]
    Bellare, M., Impagliazzo, R., Naor, M.: Does parallel repetition lower the error in computationally sound protocols? In: Proceedings of the 38th Annual Symposium on Foundations of Computer Science, pp. 374–383. IEEE Computer Society (1997)Google Scholar
  7. [CHS05]
    Canetti, R., Halevi, S., Steiner, M.: Hardness Amplification of Weakly Verifiable Puzzles. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 17–33. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. [CKLR11]
    Chung, K.-M., Kalai, Y.T., Liu, F.-H., Raz, R.: Memory Delegation. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 151–168. Springer, Heidelberg (2011)Google Scholar
  9. [CKV10]
    Chung, K.-M., Kalai, Y., Vadhan, S.: Improved Delegation of Computation Using Fully Homomorphic Encryption. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 483–501. Springer, Heidelberg (2010)Google Scholar
  10. [CL08]
    Di Crescenzo, G., Lipmaa, H.: Succinct NP Proofs from an Extractability Assumption. In: Beckmann, A., Dimitracopoulos, C., Löwe, B. (eds.) CiE 2008. LNCS, vol. 5028, pp. 175–185. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. [CMT12]
    Cormode, G., Mitzenmacher, M., Thaler, J.: Practical verified computation with streaming interactive proofs. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, pp. 90–112. ACM (2012)Google Scholar
  12. [CRR11]
    Canetti, R., Riva, B., Rothblum, G.N.: Practical delegation of computation using multiple servers. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 445–454. ACM (2011)Google Scholar
  13. [DFH12]
    Damgård, I., Faust, S., Hazay, C.: Secure Two-Party Computation with Low Communication. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 54–74. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  14. [FK97]
    Feige, U., Kilian, J.: Making games short (extended abstract). In: Proceedings of the Twenty-Ninth Annual ACM Symposium on Theory of Computing, pp. 506–516. ACM (1997)Google Scholar
  15. [GGP10]
    Gennaro, R., Gentry, C., Parno, B.: Non-Interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465–482. Springer, Heidelberg (2010)Google Scholar
  16. [GKR08]
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: interactive proofs for muggles. In: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, pp. 113–122. ACM (2008)Google Scholar
  17. [GLR11]
    Goldwasser, S., Lin, H., Rubinstein, A.: Delegation of computation without rejection problem from designated verifier cs-proofs. Cryptology ePrint Archive, Report 2011/456 (2011),
  18. [K92]
    Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: Proceedings of the Twenty-Fourth Annual ACM Symposium on Theory of Computing, pp. 723–732. ACM (1992)Google Scholar
  19. [KR09]
    Kalai, Y.T., Raz, R.: Probabilistically Checkable Arguments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 143–159. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. [KR11]
    Kol, G., Raz, R.: Competing provers protocols for circuit evaluation. Technical Report TR11-122, Electronic Colloquium on Computational Complexity (September 14, 2011),
  21. [LFKN92]
    Lund, C., Fortnow, L., Karloff, H., Nisan, N.: Algebraic methods for interactive proof systems. J. ACM 39, 859–868 (1992)MathSciNetzbMATHCrossRefGoogle Scholar
  22. [M00]
    Micali, S.: Computationally sound proofs. SIAM J. Comput. 30, 1253–1298 (2000)MathSciNetzbMATHCrossRefGoogle Scholar
  23. [PRV12]
    Parno, B., Raykova, M., Vaikuntanathan, V.: How to Delegate and Verify in Public: Verifiable Computation from Attribute-Based Encryption. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 422–439. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  24. [R09]
    Rothblum, G.N.: Delegating computation reliably: paradigms and constructions. Ph.D. Thesis. Massachusetts Institute of Technology (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Ran Canetti
    • 1
    • 2
  • Ben Riva
    • 2
  • Guy N. Rothblum
    • 3
  1. 1.Boston UniversityBostonUSA
  2. 2.Tel Aviv UniversityTel AvivIsrael
  3. 3.Microsoft Research Silicon ValleyMountain ViewUSA

Personalised recommendations