Publicly Verifiable Computation With Result Confidentiality

Outsourcing computation has been served as a significant service with the rapid development of Cloud Computing Technology.It allows the service pur-chaser(whom we call user)with constraint computational power to delegate the complicated computational tasks to the service provider(which we call cloud server)and enjoy its unlimited computational resources in a pay-per-use manner.This technique brings a huge convenience for resource-constraint devices to reduce their computational overhead and thus has attracted sig-nificant interests in both industrial and academic communities.A number of large enterprise groups,such as Amazon,Google,Alibaba,Huawei etc.,have launched their Cloud Computing to provide computation outsourcing services.While outsourcing computation enjoys numerous benefits,it also suffers from rigorous challenges.A secure and efficient outsourcing computation scheme is supposed to achieve the following properties.I.Public verifiabilitySince the user is unable to perform the entire computation,a basic re-quirement is to assure the correctness of the computational result.And since the correctness of the computational result is equivalent to the correctness of the output from the cloud server,a cryptographic method to meet the requirement is to provide a way to verify the correctness of the output from the cloud server.It is highly preferred that this verification can be executed publicly.That is to say,the output from the cloud server is supposed to satisfy public verifiability.Public verifiability enables anyone except for the user himself to verify the output from the cloud server.With public verifi-cation,not only cannot the cloud server cheat with an incorrect output but also the user cannot claim the output from the cloud server incorrect for no reason,because now the output is witnessed and verified by everyone.?.Result confidentialityThe analyse and computation of data usually involves user's knowledge,which makes the computational result part of user's privacy.Thus it is required to maintain the confidentiality of this computational result during the whole procedure.This requirement becomes much more crucial and hard to realize when the output from the cloud server is able to be verified in a public manner.Most existing publicly verifiable computation schemes cannot achieve result confidentiality to either public verifiers or the cloud server.Thus,how to design publicly verifiable computation schemes with result confidentiality becomes a significant and challenging problem.?.User efficiencyIt is inherent that outsourcing computation schemes should realize user efficiency.That is to say,the overhead on the user side in the outsourc-ing paradigm should be much less than the overhead to perform the entire computation from scratch.An important topic here is to utilize outsourcing computation on some other cryptographic protocols such as digital signature,encryption protocols,etc.to improve user's efficiency.In this dissertation,we study publicly verifiable computation with result confidentiality and its application in other cryptographic protocols.Our main results are as follows.?.Publicly verifiable computation scheme with result confidentiality for specific functionsWe first focus on some specific functions like polynomial evaluation,matrix-vector multiplication,etc..Notice that the variety of functional struc-tures may result in various forms of efficient construction.(i)We propose a publicly verifiable computation scheme with result con-fidentiality for multivariate high degree polynomials-PVCRC poly.We use blinding functions to obfuscate the target function,which makes the evalu-ating function and the target function indistinguishable to the cloud server and realizes result confidentiality.And the value of the blinding functions on input data is regarded as the retrieval key to help with extracting the final result from the output.To realize public verifiability,we utilize the technique of closed form efficient pseudorandom function to the obfuscated evaluating function.The value of the pseudorandom function on input data is regarded as the public verification key and the public verification is conducted through several bilinear pairing operations.The security of the PVCRC Poly scheme is based on co-CDH assumption.We use a hybrid way of game hopping and security reduction to conduct the security proof.Moreover,by comparing with existing PVC scheme,we conclude that the proposed PVCpoly scheme achieves comparable efficiency while maintaining result confidentiality.(ii)We propose another publicly verifiable computation scheme with result confidentiality for matrix-vector multiplication-PVCRC Matx The result confidentiality is also realized through blinding technique.We use a random matrix and a random vector to blind the target matrix and the input vector respectively,which results in result confidentiality and partial input privacy.The public verifiability is also realized through closed form efficient pseudorandom function and bilinear pairing technique.The security of the PVCTRCMatx scheme is also based on co-CDH assumption.And the scheme achieves a comparable efficiency compared with existing schemes.II.Publicly verifiable computation scheme with result confidentiality for general functionTheoretically speaking,one can construct outsourcing computation for arbitrary function based on Boolean circuits.We study general function and propose a publicly verifiable computation scheme with result confidential-ity for for Boolean circuits-PVCRC'BC The proposed scheme not only maintains public verifiability and result confidentiality,but also achieves del-egatability.Delegatability means that when the user would like to perform outsourcing operation for some data that is stored in somewhere else,he can delegate the outsourcing operation to a delegatee who can access this data instead of first obtaining the data and then outsourcing.Notice that the proposed scheme is suitable for the scenario where input privacy is not necessarily demanded.We use the idea that is proposed by Parno et al.to utilize key policy attribute based encryption(KP-ABE)to construct PVC scheme for Boolean circuits evaluation.In KP-ABE,a ciphertext can be successfully decrypted if and only if the attributes x satisfies the policy f,i.e.f(x)= 1.Thus whether an ABE ciphertext is successfully decrypted can be viewed as an evidence to infer the value of f(x).And a complemen-tary function f is introduced to prevent the cloud server from being "lazy".Parno et al.proposed a PVC construction based on this observation.How-ever,the verification process will expose the value of f(x)and thus their proposal is unable to realize result confidentiality.Observing that one and only one of the two secret keys corresponding to f and f respectively is able to decrypt the ciphers,we propose a novel equation to implicitly let public verifiers verify that one and only one of the two values f(x)and f(x)equals 1 without exposing which one equals 1.And this indicate that the cloud server perform the computation task honestly.As to the cloud server and delegatee who owns extra information,we use the elements in bilinear group with composite order to cover the output from these two parties.And the result confidentiality holds for both the cloud server and delegatee under the assumption that they do not collude with each other.We prove that the security of the proposed PVCRVC'BC scheme is based on the security security of the underlying KP-ABE scheme.And we prove that the cloud server,the public verifiers and the delegatee are unable to discover the final result in the scheme.In addition,the proposed scheme achieves a comparable efficiency compared with existing schemes.?.Application of outsourcing computation in other cryptographic pro-tocolsAttribute based signature(ABS)derives from identity based signature.ABS utilizes the signer's attributes to generate private keys,providing an effective way to realize anonymous authentication.We investigate the ap-plication of outsourcing computation in ABS and propose an outsourced de-centralized multi-authority attribute based signature(ODMA-ABS)scheme.In ABS,there are multiple authorities that issue different private keys for signers based on their various attributes,and a central authority is usually established to manage all these attribute authorities.However,one security concern is that if the central authority is compromised,the whole system will be broken.In this dissertation,we first utilize the decentralization technique that is proposed by Chow et al.for attribute based encryption in the sig-nature scheme to construct a decentralized multi-authority attribute based signature.Then part of the attribute private keys owned by the user are outsourced to a cloud server to generated a partial signature.This partial signature is then returned to the user.After verifying the correctness of the partial signature,the user Combines it with the other part of the signature that is corresponding to the other part of the attribute private keys and gets the final signature.The proposed ODMA-ABS scheme is existential unforgeable in the ABS model provided that the co-CDH assumption holds,and also achieves attribute privacy.The proposed ODMA-ABS scheme is secure in the outsourcing model under the condition that the existential un-forgeability holds,and also achieves verifiability.We provide specific proof-s for existential unforgeability,attribute privacy and outsourcing security.Additionally,we conduct experimental simulation for the proposed scheme.Comparing the performance with the decentralized multi-authority attribute based signature without outsourcing,our ODMA-ABS scheme achieves effi-ciency in the outsourcing computation model;And comparing with existing outsourced attribute based signature with single authority,our ODMA-ABS scheme achieves a comparable performance in efficiency while realizing de-centralization of multiple attribute authorities.