Solutions to the verifiable outsourcing problem based on Yao’s Garbled

Circuit (GC) construction have been investigated in previous works. A

major obstacle to the practicality of these solutions is the single-use

nature of the GC construction. This work introduces the novel technique *onion garbling*,

which circumvents this obstacle by using only a symmetric-key cipher as

its cryptographic machinery. This work also proposes a non-interactive

protocol for verifiable outsourcing which utilizes the onion garbling

technique. The protocol works in a 3-party setting, and consists of a

preprocessing phase and an online phase. The cost of a preprocessing

phase which can support up to *N* computations is independent of *N* for the outsourcing party. For the other two parties, the memory and communication cost of *N*-reusability is proportional to N⋅m" role="presentation">N⋅m, where *m* is the bit-length of the input. The cost of input preparation and verification is O(m+n)" role="presentation">O(m+n) symmetric-key cipher operations, where *n*

is the bit-length of the output. The overall costs associated with the

outsourcing party are low enough to allow verifiable outsourcing of

arbitrary computations by resource-constrained devices on constrained

networks. Finally, this work reports on a proof-of-concept

implementation of the proposed verifiable outsourcing protocol.

Downloadable publication This is an electronic reprint of the original article. |