Multi-User Non-Interactive Verifiable Computation

Gennaro et al. (Crypto 2010) introduced the notion of verifiable computation, which allows a computationally weak client to outsource the computation of a function F on dynamically chosen inputs x1, . . . , x` to a more powerful but untrusted server. Following a pre-processing phase (that is only carried out once), the client can send some representation of its input xi to the server; the server returns an answer that allows the client to recover the correct result yi = F (xi), accompanied by a proof of correctness that prevents the server from convincing the client to accept an incorrect result. The crucial property of the scheme is that the work done by the client in preparing its input and verifying the server’s proof is less than the time required for the client to compute F on its own. In this paper we extend the notion of verifiable computation to the multi-client setting, where N computationally weak clients wish to outsource to an untrusted server the computation of a function F over their joint inputs x1, . . . , xN without communicating with each other. We present the first construction for (noninteractive) multi-client verifiable computation based on fully homomorphic encryption, Yao’s garbled-circuit construction, and any identity-based encryption scheme. Potential applications for the proposed functionality include secure outsourcing of computation in heterogenous military networks, which may require secure and verifiable computation on input jointly provided by several resource-constrained nodes.