Pepper: Toward practical verified computation

Introduction

Our project is investigating ways of making verified computation practical. By verified computation, we mean a system that implements the following picture:

The motivation is the rise of third-party computing: increasingly, computation is provided by an entity other than the actual "consumer" of the computation. Examples include cloud computing, volunteer computing (in which a central project computer outsources to volunteers' computers, which play the role of servers in the above picture), peer-to-peer computing, and more.

In this environment, many things can go wrong; the litany includes software bugs, hardware defects, misconfigurations, operator error, malicious insiders, and far more. Thus, we don't want to assume that the server is implemented correctly, or that its failure modes are known, or that it has trusted hardware, or that it uses replication, or how many replicas it has, or whether those replicas can fail, etc.

The properties that we desire from the system are as follows:

Unconditional. As mentioned above, the client should ideally not have to make any assumptions about the server.
General-purpose. The system should not be specialized to a particular family of functions.
Practical, or at least conceivably so.

Previous work in the area of verifying remote computations has not met all three of these properties (our publications below give detail).

Our approach is to apply the theory of Probabilistically Checkable Proofs (PCPs) and two closely related constructs: argument systems and interactive proofs. PCPs have several central roles in complexity theory. In one of those roles, PCPs demonstrate that it is possible (in theory) to check a mathematical proof by investigating only a few bits of that proof. In our context, this implies that the picture above has a solution, one that is unconditional and general-purpose. However, PCPs, as described in the literature, have not been remotely practical (for instance, it would take trillions of years for the server to produce a proof). This leads to the question: can we incorporate PCPs into a built system?

So far, we have been able to come close.

Our results so far

Our line of work on Pepper, Ginger, and Zaatar has instantiated an argument system (an interactive protocol that assumes a computationally bounded prover) due to Ishai, Kushilevitz, and Ostrovsky (CCC 2007), in this paper (also available here). Through theoretical and practical refinements, we have reduced the cost of this argument system by roughly 20 orders of magnitude (a factor of 10²⁰).

In another strand of work, Allspice, we have built on an interactive proof system due to Goldwasser, Kalai, and Rothblum (STOC 2008), and refined and implemented by Cormode, Mitzenmacher, and Thaler (ITCS 2012). One of the chief advantages of this line of work is that it avoids expensive cryptographic operations.

One might wonder: which protocol is "best"? Our experience has been that it depends on the computation. Accordingly, we have built a compiler that takes as input a high-level programming language and performs static analysis to compile to the optimal verified computation protocol for that computation.

A hybrid architecture for interactive verifiable computation (PDF)
Victor Vu, Srinath Setty, Andrew J. Blumberg, and Michael Walfish
To appear in IEEE Symposium on Security and Privacy, Oakland 2013, San Francisco, CA, May 2013
Resolving the conflict between generality and plausibility in verified computation (PDF, Extended version)
Srinath Setty, Benjamin Braun, Victor Vu, Andrew J. Blumberg, Bryan Parno, and Michael Walfish
To appear in ACM European Conference on Computer Systems, EuroSys 2013, Prague, Czech Republic, April 2013
Taking proof-based verified computation a few steps closer to practicality (PDF (corrected), Extended version)
Srinath Setty, Victor Vu, Nikhil Panpalia, Benjamin Braun, Andrew J. Blumberg, and Michael Walfish
USENIX Security Symposium, Security 2012, Bellevue, WA, August 2012
Making argument systems for outsourced computation practical (sometimes) (PDF)
Srinath Setty, Richard McPherson, Andrew J. Blumberg, and Michael Walfish
Network & Distributed System Security Symposium, NDSS 2012, San Diego, CA, February 2012
Toward practical and unconditional verification of remote computations (PDF)
Srinath Setty, Andrew J. Blumberg, and Michael Walfish
Workshop on Hot Topics in Operating Systems, HotOS 2011, Napa Valley, CA, May 2011

Resolving the conflict between generality and plausibility in verified computation (pdf (182KB), key (590KB))
Taking proof-based verified computation a few steps closer to practicality (pdf (138KB), key (644KB))
Making argument systems for outsourced computation practical (sometimes) (pdf (12MB), pptx (673KB))

Andrew J. Blumberg (faculty)
Ben Braun (undergradudate student)
Ariel Feldman (collaborator; postdoc, UPenn)
Zuocheng Ren (graduate student)
Srinath Setty (graduate student)
Victor Vu (undergraduate student)
Michael Walfish (faculty)

We are grateful for the support of the AFOSR, under Young Investigator award FA9550-10-1-0073, and of the NSF, under FIA grant 1040083 and CAREER award 1055057. The opinions and findings are the researchers' alone.

PEPPER's source code is available from this page. GINGER's, Zaatar's, and Allspice's source code is available from this page. Please contact srinath at cs dot utexas dot edu for updates and bug fixes.

PEPPER: Toward practical verified computation

Description

Introduction

Our results so far

Publications

Talks

People

Support

Source code