Verifiable Databases and RAM Programs

Slides:



Advertisements
Similar presentations
Models of Computation Prepared by John Reif, Ph.D. Distinguished Professor of Computer Science Duke University Analysis of Algorithms Week 1, Lecture 2.
Advertisements

Yoshiharu Ishikawa (Nagoya University) Yoji Machida (University of Tsukuba) Hiroyuki Kitagawa (University of Tsukuba) A Dynamic Mobility Histogram Construction.
Class Presentation on Binary Moment Diagrams by Krishna Chillara Base Paper: “Verification of Arithmetic Circuits using Binary Moment Diagrams” by.
Database Software File Management Systems Database Management Systems.
1 External Sorting for Query Processing Yanlei Diao UMass Amherst Feb 27, 2007 Slides Courtesy of R. Ramakrishnan and J. Gehrke.
ELI BEN-SASSON, ALESSANDRO CHIESA, ERAN TROMER AND MADARS VIRZA USENIX SECURITY SYMPOSIUM 2014 Succinct Non-Interactive Zero Knowledge for a von Neumann.
1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.
Practical Private Computation and Zero- Knowledge Tools for Privacy-Preserving Distributed Data Mining Yitao Duan and John Canny
Chapter 9 Overview  Reasons to monitor SQL Server  Performance Monitoring and Tuning  Tools for Monitoring SQL Server  Common Monitoring and Tuning.
External Sorting Chapter 13.. Why Sort? A classic problem in computer science! Data requested in sorted order  e.g., find students in increasing gpa.
3.2 Polynomials-- Properties of Division Leading to Synthetic Division.
Chapter 5 Algorithm Analysis 1CSCI 3333 Data Structures.
1 Lecture 2 : Computer System and Programming. Computer? a programmable machine that  Receives input  Stores and manipulates data  Provides output.
Efficient and Robust Private Set Intersection and multiparty multivariate polynomials Dana Dachman-Soled 1, Tal Malkin 1, Mariana Raykova 1, Moti Yung.
Wai Kit Wong 1, Ben Kao 2, David W. Cheung 2, Rongbin Li 2, Siu Ming Yiu 2 1 Hang Seng Management College, Hong Kong 2 University of Hong Kong.
Complexity of Algorithms
© 2008 Quest Software, Inc. ALL RIGHTS RESERVED. Perfmon and Profiler 101.
CS41B MACHINE David Kauchak CS 52 – Fall Admin  Assignment 3  due Monday at 11:59pm  one small error in 5b (fast division) that’s been fixed.
CS Operating System & Database Performance Tuning Xiaofang Zhou School of Computing, NUS Office: S URL:
1 Biometric Databases. 2 Overview Problems associated with Biometric databases Some practical solutions Some existing DBMS.
Non-Interactive Verifiable Computing August 5, 2009 Bryan Parno Carnegie Mellon University Rosario Gennaro, Craig Gentry IBM Research.
IntegriDB: Verifiable SQL for Outsourced Databases Yupeng Zhang, Jonathan Katz, Charalampos Papamanthou University of Maryland.
BMTS 242: Computer and Systems Lecture 2: Memory, and Software Yousef Alharbi Website
Algorithmics - Lecture 41 LECTURE 4: Analysis of Algorithms Efficiency (I)
Computer Performance. Hard Drive - HDD Stores your files, programs, and information. If it gets full, you can’t save any more. Measured in bytes (KB,
Hands-On Microsoft Windows Server 2008 Chapter 7 Configuring and Managing Data Storage.
ALITHEIA: Towards Practical Verifiable Graph Processing Yupeng Zhang, Charalampos Papamanthou and Jonathan Katz University of Maryland.
Logic Gates Dr.Ahmed Bayoumi Dr.Shady Elmashad. Objectives  Identify the basic gates and describe the behavior of each  Combine basic gates into circuits.
The purpose of a CPU is to process data Custom written software is created for a user to meet exact purpose Off the shelf software is developed by a software.
Feige-Fiat-Shamir Zero Knowledge Proof Based on difficulty of computing square roots mod a composite n Given two large primes p, q and n=p * q, computing.
Dr.Ahmed Bayoumi Dr.Shady Elmashad
David Kauchak CS 52 – Spring 2017
CPS216: Data-intensive Computing Systems
INLS 623– Database Systems II– File Structures, Indexing, and Hashing
Bryan Pano, Jon Howell, Craig Gentry, Mariana Raykova
On the Size of Pairing-based Non-interactive Arguments
SQL Server 2000 and Access 2000 limits
Introduction to Quantum Computing Lecture 1 of 2
Computer System and Programming
MPC and Verifiable Computation on Committed Data
MyRocks at Facebook and Roadmaps
Privacy Preserving Subgraph Matching on Large Graphs in Cloud
Lecture 22 Complexity and Reductions
Linear Algebra with Sub-linear Zero-Knowledge Arguments
PHP / MySQL Introduction
Database Performance Tuning and Query Optimization
Introduction to Computers
Verifiable Oblivious Storage
Database Management Systems (CS 564)
External Sorting The slides for this text are organized into chapters. This lecture covers Chapter 11. Chapter 1: Introduction to Database Systems Chapter.
Bin Fu Department of Computer Science
Building a Database on S3
Query Optimization CS 157B Ch. 14 Mien Siao.
Memory Organization.
Chapter 11 Database Performance Tuning and Query Optimization
Malicious-Secure Private Set Intersection via Dual Execution
AIMS Equipment & Automation monitoring solution
CPSC-608 Database Systems
External Sorting.
CPSC-608 Database Systems
Performance And Scalability In Oracle9i And SQL Server 2000
Database Systems (資料庫系統)
Query Processing.
(Extended Relationship Manager) “WE UNDERSTAND YOUR NEEDS”
The Gamma Operator for Big Data Summarization on an Array DBMS
Proofs of Space 徐昊 2017/5/31.
Path Oram An Extremely Simple Oblivious RAM Protocol
(Extended Relationship Manager) “WE UNDERSTAND YOUR NEEDS”
Efficient Aggregation over Objects with Extent
Jens Groth and Mary Maller University College London
Presentation transcript:

Verifiable Databases and RAM Programs Yupeng Zhang, Daniel Genkin, Jonathan Katz, Dimitrios Papadopoulos and Charalampos Papamanthou

Cloud Computing Universities Companies Individuals

Security Issue: Integrity Universities Server failure Software error Data tampering in transmission Random answer Malicious server behavior … Companies Individuals

Agenda Background on verifiable computation Our construction Applications to Verifiable Databases and RAM Programs

Verifiable Computation client function server result + proof digest δ Verification:  or  data

Efficiency Measures of Verifiable Computation setup time prover time client function server result + proof digest δ Verification:  or  proof size data verification time

Prior Work in Verifiable Computation 1. Customized Approach File read and write [Merkle87, NN00, …] Range search [Tamassia03, GPT07, …] Set operations [PTT11, CPPT14, KPP+14, …] Graph algorithms [GTTC03, ZPK14, Grob14, …] Database queries [ZKP15, …] Efficient Only support limited operations Expressiveness databse graph sets range read/write Efficiency

Prior Work in Verifiable Databases 2. Generic Approach (E.g., SNARK [PHGR13, BCGTV13, BFRS+13, BISW17, …] ) Supports all functions that can be modeled as arithmetic circuits Constant proof size, fast verification time Large setup time & prover time Function specific setup Expressiveness SNARK databse graph sets range read/write Efficiency

Our Contribution Supports arbitrary computations in NP Up to 2 orders of magnitude faster than SNARKs Comparable efficiency to customized VC for databases No function specific setup Expressiveness Our argument system SNARK databse graph sets range read/write Efficiency

Our Construction

Interactive Proof (IP)[GKR08, CMT12, …] Example: polynomial expansion client Expand f(x) for me server g(x) = 6x3+49x2+128x+105 Polynomial f(x) = (x+3)(3x+5)(2x+7) pick a random value r, test f(r) - g(r) = 0 If f(x) - g(x) ≠ 0, but f(r) - g(r) = 0, → r is a root of f(x) - g(x), → Pr[r is a root] = 3 |random space|

Interactive Proof (IP)[GKR08, CMT12, …] Input Output (result) client server Output fout(x) fout(rout) …… × r1 × f1(x) f1(r1) + × …… × f2(x) …… rin …… fd-2(x) …… fin(rin) × × …… + fd-1(x) × + …… + fin(x) = a0+a1x+a2x2+… (Low degree extension) a0 a1 a2 a3 …… Check the relationship at a random point (Sumcheck protocol) Input (data) fin(rin)

Using IP for Verifiable Computation No setup time Fast prover time (no crypto operations) Storage of the data locally (Last step: evaluate a polynomial defined by the input at a random point)

Delegating Data to the Server Our solution: Verifiable Polynomial Delegation (VPD) [KZG10, PST13] server client evaluation point a f(a) + proof digest δf (32Bytes) Verification:  or  f(x)

Our Interactive Argument Protocol function (modeled as a circuit) server client result IP digest δfin of fin(x) for the data … Interactive proof (except last step) data … fin(rin) VPD rin fin (rin) + proof fin (rin)  or  Verification of polynomial delegation

Using IP for Verifiable Databases No setup time Fast prover time (no crypto operations) Storage of the data locally (Last step: evaluate a polynomial defined by the input at a random point)

Supporting Auxiliary Inputs from Server Some functions are hard to compute using arithmetic circuits E.g., Integer division a÷b They are easy to verify with inputs from the server: a = q × b + r Functions in NP Interactive Proof does not support auxiliary input (Last step: evaluate a polynomial defined by the input at a random point)

Supporting Auxiliary Inputs from Server Our solution: Extractable Verifiable Polynomial Delegation (VPD) digest δf client server commitment of the auxiliary inputs with extractability evaluation point a f(a) + proof Verification:  or  f(x) Result: extending IP (GKR, CMT etc.) to NP computations

Our Interactive Argument Protocol 2.0 fin(x) = f1(x) +f2(x) function (modeled as a circuit with auxiliary inputs) auxiliary inputs client server digest δf2 result IP digest δf1 of f1(x) for the data … Interactive proof (except last step) digest δf2 of f2(x) for auxiliary inputs data … fin(rin) VPD rin f1 (rin), f2 (rin) + proofs f1 (rin), f2 (rin)  or  Verification of polynomial delegation

Our Interactive Argument Protocol Setup only for the data, not for functions Faster prover time (crypto operations is only linear to the input size, does not depend on the circuit size) Supports auxiliary inputs Dynamic data (details in paper)

vSQL: Verifiable Database

Verifiable Databases client server SQL database queries result + proof digest δ Verification:  or  database

Example Query #19 of the TPC-H benchmark http://www.tpc.org/tpch 1. SELECT SUM (l_extendedprice * (1 - l_discount)) AS revenue FROM lineitem, part WHERE 2. ( p_partkey = l_partkey 3. AND p_brand = ‘Brand#41’ 4. AND p_container IN (‘SM CASE’, ‘SM BOX’, ‘SM PACK’, ‘SM PKG’) 5. AND l_quantity >= 7 AND l_quantity <= 7 + 10 6. AND p_size BETWEEN 1 AND 5 7. AND l_shipmode IN (‘AIR’, ‘AIR REG’) 8. AND l_shipinstruct = ‘DELIVER IN PERSON’ ) 9. OR 10. ( p_partkey = l_partkey 11. AND p_brand = ‘Brand#14’ 12. AND p_container IN (‘MED BAG’, ‘MED BOX’,‘MED PKG’, ‘MED PACK’) 13. AND l_quantity >= 14 AND l_quantity <= 14 + 10 14. AND p_size BETWEEN 1 AND 10 15. AND l_shipmode IN (‘AIR’, ‘AIR REG’) 16. AND l_shipinstruct = ‘DELIVER IN PERSON’ ) 17. OR 18. ( p_partkey = l_partkey 19. AND p_brand = ‘Brand#23’ 20. AND p_container IN (‘LG CASE’, ‘LG BOX’, ‘LG PACK’, ‘LG PKG’) 21. AND l_quantity >= 25 AND l_quantity <= 25 + 10 22. AND p_size BETWEEN 1 AND 15 23. AND l_shipmode IN (‘AIR’, ‘AIR REG’) 24. AND l_shipinstruct = ‘DELIVER IN PERSON’ ); Query #19 of the TPC-H benchmark http://www.tpc.org/tpch

Comparison with Prior Work Queries and database: TPC-H benchmark Database size: 6 million rows × 13 columns (2.8GB) in the largest table. Query #19 IntegriDB SNARK vSQL Setup Prover Verification Communication MySQL 0.67s 7 hours 100 hours* 0.4 hour 1.8 hours 54 hours* 1.3 hours 232 ms 6 ms 148 ms 184 KB 0.3 KB 28 KB Query #5 (5-way join) Setup Prover Verification Communication  325 hours* 0 hour  171 hours* 1.4 hours 4.16s  40 ms 398ms  0.3 KB 103 KB

Expressive SQL Update Query #15: create a new table on the fly by range and sum Old table: 2.8GB new table: 1.7MB Prover Verification Communication 0.5 hour 85ms 85.7KB

vSQL Comparable efficiency, better expressiveness compared to customized VC Up to 2 orders of magnitude faster compared to SNARKs Setup only for database, no query dependent setup

Verifiable RAM

RAM to Circuit Reduction [BCTV14] By time: state1 CPU state Time Program counter Instruction number Flag Registers ….. state2 state3 …… stateT

RAM to Circuit Reduction [BCTV14] By time: By memory: state1 state'1 CPU step E.g., Add r1, r2, r3 Sorting Network Memory consistency state2 state'2 Memory consistency CPU step state3 state'3 …… …… CPU step Memory consistency stateT state'T

Inefficiency: Preprocessing By time: state1 CPU step CPU step All possible CPU instructions: ADD, MUL, JMP, CMP, LOAD,… state2 CPU step state3 …… CPU step stateT

Our New RAM to Circuit Reduction By Instruction: By time: By Memory: state''1 state1 state'1 Add Sorting Network Sorting Network state''2 state2 state'2 # of Add Add state3 state''3 state'3 # of Load …… …… …… Load state''T stateT state'T

Our New RAM to Circuit Reduction By Instruction: By time: By Memory: state''1 state1 state'1 Add Permuta-tion protocol Permuta-tion protocol state''2 state2 state'2 # of Add Add state3 state''3 state'3 # of Load …… …… …… Load state''T stateT state'T

Our New Verifiable RAM Prover time linear in #of CPU steps T (vs T log2 T in [BCTV14]) 8× faster prover time 120× smaller memory consumption. Up to 2 million CPU steps (vs 32K in [BCTV14])

Summary Verifiable Polynomial Delegation + Interactive Proof vSQL, verifiable databases Verifiable RAM Ongoing work: Zero-knowledge with applications to crypto-currencies Thank you!!! Q&A

Memory check for every CPU state Inefficiency: Preprocessing By memory: state'1 Memory consistency state'2 Memory check for every CPU state Memory consistency state'3 …… Memory consistency state'T

Our New RAM to Circuit Reduction By Memory: Memory check only for states accessing memory state'1 state'2 state'3 …… state'T

Our New RAM to Circuit Reduction By Instruction: By time: By Memory: state''1 state1 state'1 Add Sorting Network Sorting Network state''2 state2 state'2 # of Add Add state3 state''3 # of Load …… …… Load state''T stateT

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.