Refereed delegation of computation

Abstract

Consider a weak client that wishes to delegate a computation to an untrusted server, and then verify the correctness of the result. When the client uses only a single untrusted server, current techniques suffer from disadvantages such as computational inefficiency for the client or the server, limited functionality, or high round complexity.We demonstrate relatively efficient and general solutions where the client delegates the computation to several servers, and is guaranteed to determine the correct answer as long as even a single server is honest. We call such protocols Refereed Delegation of Computation (RDoC) and show:1.A computationally secure protocol for any efficiently computable function, with logarithmically many rounds, based on any collision-resistant hash family. In our description of this protocol, we model the computation as running on a Turing Machine, but the protocol can be adapted to other computation models. We present an adaptation for the X86 computation model and a prototype implementation, called Quin, for Windows executables. We describe the architecture of Quin and experiment with several parameters on live cloud servers. We show that the protocol is practical, can work with real-world cloud servers, and is efficient for both the servers and for the client.2.A 1-round statistically secure protocol for any log-space uniform NC circuit. In contrast, in the single server setting all known one-round delegation protocols are computationally sound. The protocol extends the arithemetization techniques of Goldwasser, Kalai and Rothblum (STOC 08) and Feige and Kilian (STOC 97).