Information and Computation ( IF 0.8 ) Pub Date : 2021-03-08 , DOI: 10.1016/j.ic.2021.104740 Liang Feng Zhang
Outsourcing computation has gained significant popularity in recent years due to the prevalence of cloud computing. There are two main security concerns in outsourcing computation: how to guarantee the cloud server performs the computation correctly and how to keep the client's data secret. The single-server verifiable computation (SSVC) of Gennaro, Gentry and Parno (Crypto'10) enables a client to delegate the computation of a function f on any input x with both concerns highly relieved, but only results in computationally secure schemes that lack practical efficiency.
While the SSVC schemes use a single server, in this paper we develop a multi-server verifiable computation (MSVC) model where the client shares both f and x among multiple servers, each server performs a set of computations on its shares, and finally the client reconstructs from all servers' results. In this MSVC model we propose a generic construction for outsourcing computations of the form , where F is a matrix and x is a vector. Our generic construction achieves information-theoretic security, input privacy and function privacy. By optimizing the parameters, we obtain both a 3-server scheme, which uses the least number of servers, and a 4-server scheme, which incurs the least workload. By decomposing many polynomial computations as a two-stage computation, where the first-stage has the form and the second-stage is fast, and delegating the first-stage computation, we obtain MSVC schemes for these polynomials. We implement our MSVC schemes and show that they are among the most practical ones to date.
中文翻译:
多服务器可验证计算委托:无条件安全和实用效率
近年来,由于云计算的盛行,外包计算变得非常流行。外包计算有两个主要的安全问题:如何保证云服务器正确执行计算以及如何对客户端的数据保密。Gennaro、Gentry 和 Parno (Crypto'10)的单服务器可验证计算(SSVC) 使客户端能够在任何输入x上委托函数f的计算,这两个问题都得到了极大的缓解,但只会导致计算安全的方案缺乏实用效率。
虽然 SSVC 方案使用单个服务器,但在本文中,我们开发了一个多服务器可验证计算(MSVC) 模型,其中客户端在多个服务器之间共享f和x,每个服务器对其共享执行一组计算,最后客户重建从所有服务器的结果。在这个 MSVC 模型中,我们提出了一种用于外包计算的通用结构,其中F是矩阵,x是向量。我们的通用结构实现了信息论安全、输入隐私和功能隐私。通过优化参数,我们得到了使用最少服务器数量的 3 台服务器方案和产生最少工作量的 4 台服务器方案。通过将许多多项式计算分解为两阶段计算,其中第一阶段的形式为第二阶段很快,委托第一阶段的计算,我们得到这些多项式的 MSVC 方案。我们实施了我们的 MSVC 方案,并表明它们是迄今为止最实用的方案之一。