TY - GEN
T1 - Delegating computations with (almost) minimal time and space overhead
AU - Holmgren, Justin
AU - Rothblum, Ron D.
N1 - Publisher Copyright: © 2018 IEEE.
PY - 2018/11/30
Y1 - 2018/11/30
N2 - The problem of verifiable delegation of computation considers a setting in which a client wishes to outsource an expensive computation to a powerful, but untrusted, server. Since the client does not trust the server, we would like the server to certify the correctness of the result. Delegation has emerged as a central problem in cryptography, with a flurry of recent activity in both theory and practice. In all of these works, the main bottleneck is the overhead incurred by the server, both in time and in space. Assuming (sub-exponential) LWE, we construct a one-round argument-system for proving the correctness of any time T and space S RAM computation, in which both the verifier and prover are highly efficient. The verifier runs in time n · polylog(T) and space polylog(T), where n is the input length. The prover runs in time Õ(T) and space S + o(S), and in some cases even S + polylog(T). Our solution uses somewhat homomorphic encryption but, surprisingly, only requires homomorphic evaluation of arithmetic circuits having multiplicative depth (which is the main bottleneck in such schemes) log 2 log(T) + O(1). Prior works based on standard assumptions had a T c time prover, where c ≥ 3 (at the very least). As for the space usage, we are unaware of any work, even based on non-standard assumptions, that has space usage S + polylog(T). Along the way to constructing our delegation scheme, we introduce several technical tools that we hope will be useful for future work.
AB - The problem of verifiable delegation of computation considers a setting in which a client wishes to outsource an expensive computation to a powerful, but untrusted, server. Since the client does not trust the server, we would like the server to certify the correctness of the result. Delegation has emerged as a central problem in cryptography, with a flurry of recent activity in both theory and practice. In all of these works, the main bottleneck is the overhead incurred by the server, both in time and in space. Assuming (sub-exponential) LWE, we construct a one-round argument-system for proving the correctness of any time T and space S RAM computation, in which both the verifier and prover are highly efficient. The verifier runs in time n · polylog(T) and space polylog(T), where n is the input length. The prover runs in time Õ(T) and space S + o(S), and in some cases even S + polylog(T). Our solution uses somewhat homomorphic encryption but, surprisingly, only requires homomorphic evaluation of arithmetic circuits having multiplicative depth (which is the main bottleneck in such schemes) log 2 log(T) + O(1). Prior works based on standard assumptions had a T c time prover, where c ≥ 3 (at the very least). As for the space usage, we are unaware of any work, even based on non-standard assumptions, that has space usage S + polylog(T). Along the way to constructing our delegation scheme, we introduce several technical tools that we hope will be useful for future work.
UR - http://www.scopus.com/inward/record.url?scp=85059815287&partnerID=8YFLogxK
U2 - https://doi.org/10.1109/FOCS.2018.00021
DO - https://doi.org/10.1109/FOCS.2018.00021
M3 - منشور من مؤتمر
T3 - Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS
SP - 124
EP - 135
BT - Proceedings - 59th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2018
A2 - Thorup, Mikkel
T2 - 59th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2018
Y2 - 7 October 2018 through 9 October 2018
ER -