TY - GEN
T1 - Full accounting for verifiable outsourcing
AU - Wahby, Riad S.
AU - Ji, Ye
AU - Blumberg, Andrew J.
AU - Shelat, Abhi
AU - Thaler, Justin
AU - Walfish, Michael
AU - Wies, Thomas
N1 - Funding Information:
The authors were supported by NSF grants CNS-1423249, CNS-1514422, and CNS-1646671; AFOSR grant FA9550-15-1-0302.
PY - 2017/10/30
Y1 - 2017/10/30
N2 - Systems for verifiable outsourcing incur costs for a prover, a verifier, and precomputation; outsourcing makes sense when the combination of these costs is cheaper than not outsourcing. Yet, when prior works impose quantitative thresholds to analyze whether outsourcing is justified, they generally ignore prover costs. Verifiable ASICs (VA)-in which the prover is a custom chip-is the other way around: Its cost calculations ignore precomputation. This paper describes a new VA system, called Giraffe; charges Giraffe for all three costs; and identifies regimes where outsourcing is worthwhile. Giraffe's base is an interactive proof geared to dataparallel computation. Giraffe makes this protocol asymptotically optimal for the prover and improves the verifier's main bottleneck by almost 3×, both of which are of independent interest. Giraffe also develops a design template that produces hardware designs automatically for a wide range of parameters, introduces hardware primitives molded to the protocol's data flows, and incorporates program analyses that expand applicability. Giraffe wins even when outsourcing several tens of sub-computations, scales to 500× larger computations than prior work, and can profitably outsource parts of programs that are not worthwhile to outsource in full.
AB - Systems for verifiable outsourcing incur costs for a prover, a verifier, and precomputation; outsourcing makes sense when the combination of these costs is cheaper than not outsourcing. Yet, when prior works impose quantitative thresholds to analyze whether outsourcing is justified, they generally ignore prover costs. Verifiable ASICs (VA)-in which the prover is a custom chip-is the other way around: Its cost calculations ignore precomputation. This paper describes a new VA system, called Giraffe; charges Giraffe for all three costs; and identifies regimes where outsourcing is worthwhile. Giraffe's base is an interactive proof geared to dataparallel computation. Giraffe makes this protocol asymptotically optimal for the prover and improves the verifier's main bottleneck by almost 3×, both of which are of independent interest. Giraffe also develops a design template that produces hardware designs automatically for a wide range of parameters, introduces hardware primitives molded to the protocol's data flows, and incorporates program analyses that expand applicability. Giraffe wins even when outsourcing several tens of sub-computations, scales to 500× larger computations than prior work, and can profitably outsource parts of programs that are not worthwhile to outsource in full.
UR - http://www.scopus.com/inward/record.url?scp=85041436790&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85041436790&partnerID=8YFLogxK
U2 - 10.1145/3133956.3133984
DO - 10.1145/3133956.3133984
M3 - Conference contribution
AN - SCOPUS:85041436790
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 2071
EP - 2086
BT - CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017
Y2 - 30 October 2017 through 3 November 2017
ER -