Privacy in the Internet of ThingsView this Special Issue
Research Article | Open Access
Scalable and Soundness Verifiable Outsourcing Computation in Marine Mobile Computing
Outsourcing computation with verifiability is a merging notion in cloud computing, which enables lightweight clients to outsource costly computation tasks to the cloud and efficiently check the correctness of the result in the end. This advanced notion is more important in marine mobile computing since the oceangoing vessels are usually constrained with less storage and computation resources. In such a scenario, vessels always firstly outsource data set and perform a function computing over them or at first outsource computing functions and input data set into them. However, vessels may choose which delegation computation type to outsource, which generally depends on the actual circumstances. Hence, we propose a scalable verifiable outsourcing computation protocol () in marine cloud computing at first and extract a single-mode version of it (), where both protocols allow anyone who holds verification tokens to efficiently verify the computed result returned from cloud. In this way, the introduced “scalable” property lets vessels adjust the protocol to cope with different delegation situations in practice. We additionally prove both and achieving selective soundness in the random oracle model and evaluate their performance in the end.
Cloud computing , a shared pool of massive configurable computing resources, provides resource-constrained clients with various capabilities to access computation resources in an on-demand way. The merging development of hardware (e.g., sensor, wearable-device unit) makes it possible for mobile devices [2, 3] feeling free to use and enjoy the cloud service in mobile computing category [4, 5].
This is especially important for the marine mobile computing filed since marine ecosystems should be exploited and treated seriously from both environmental side and economic side. In order to monitor the changes of marine ecosystems, scientific vessels need to perform a series of mathematical or statical analysis over collected data . This includes calculating the average temperature of ocean in an instantaneous moment or during a time period and reporting the variance of the dissolved oxygen during 24 hours, 72 hours, 6 months, or more [7, 8].
However, the vessels are usually not supported by powerful data collection devices and large-scale computation processers. As a result, marine sensor units should collect marine data at first and send the collected data to vessels or base stations. Also, they may outsource some expensive computations to the cloud server and expect to use the result enjoyably after an efficient verification phase (since the cloud may return an incorrect answer for some profits). Moreover, a public verification method is preferable; namely, anyone holding the verification token can run the verification procedure in public.
Moreover, we notice that the vessel’s usual outsourcing computation in marine mobile computing comes from the following two types (as in Table 1).
Type I. A client outsources a combined input tuple containing data set and function together as inputs at first and then types into an importing function over the outsourced data and an importing data set towards the outsourced function in a combined way.
Type II. A client outsources a function as an input at first and then types into an importing data set towards the outsourced function. (Here, we do not consider a delegation type where a client outsources a data set at first and takes inputs on it. A detailed analysis on this can be found in Section 5.)
Maybe, clients should flexibly switch Type I and Type II due to their actual demands in reality. If we design and deploy two respective outsourcing computation protocol systems for respective delegation type, there is no doubt that this will cause a big waste of resources, which is even not feasible in marine WSNs. Hence, a “scalable” property for an outsourcing computation protocol should be highlighted. Apart from this, some desirable features for verifiable outsourcing computation protocols in marine WSNs should also be considered seriously.
Therefore, we may have the following doubt: whether an efficient scalable outsourcing computation protocol with public verifiability towards Type I or/and Type II delegation in marine mobile computing field exists or not?
Our Results. To give an affirmative answer to this expectation, we manage to design a public verifiable outsourcing computation protocol for Type I outsourcing and moreover extend it to support Type II outsourcing as well, which are inspired by [9–11]. Specifically, our contributions in this work can be summarized as the following four parts:(i)Aiming for securely performing Type I computation outsourcing, we put forward a scalable public verifiable outsourcing computation protocol in marine mobile computing, namely, . This protocol allows anyone to use a granted verification token to verify the result originated from any vessel’s Type I computation request.(ii)By treating the outsourced data set as an “on-the-fly” input of , we extract a single-mode version (i.e., for Type II computation) with adding a slight additional cost. As a result, vessels can just use a protocol enough for both Type I and Type II computation as they like, which shows the “scalable property’s” flexibility at a maximum extent.(iii)Both our and protocols are proven to achieve perfect correctness and selective soundness in the random oracle model. Furthermore, the efficiency analysis and concrete performance evaluations on both two protocols are provided.(iv)We motivate an intuition that the protocol can be viewed as a hierarchical public VC protocol towards only outsourced function (Type II), where the subjective function accepts the outsourced data which can be viewed as a hierarchical access control procedure.
1.1. Problem Statement
In this subsection, we present design goals and system overview for our introduced protocols.
Design Goals. To achieve both functionalities and privacy-preserving requirements for an outsourcing computation protocol in marine mobile computing, the design goals can be thought from the following five parts.
(1) Scalability. The protocol should be able to flexibly vary its shapes depending on the type of outsourcing computation.
(2) Public Verifiability. Anyone with verification tokens can check the correctness of the result.
(3) Public Delegation. Any client can outsource a computation assignment to the cloud once the system is set up.
(4) Correctness. A dishonest cloud cannot return an incorrect output that passes verification.
(5) Soundness. A public (verifiable) outsourcing computation protocol should be secure and sound (cf. Section 2.3).
System Description. Our or protocol consists of the following three entities.
(i) Cloud Server. It receives the outsourcing computation request from any vessel and returns a result.
(ii) Vessels (consisting of a pilot one and a number of nonpilot ones). They delegate outsourcing computation tasks to the cloud and expect to receive the correct computational outcome.
(iii) Satellite. It provides a wireless communication channel between cloud server and vessels.
High-Level Roadmap. Figure 1 gives a high-level system overview on a group verifiable outsourcing computation protocol, namely, both protocol and protocol. To be specific, the cloud server provides a verifiable outsourcing computation service for group vessels through the wireless channel supplied by the satellite. Note that a pilot vessel in a group of vessels initializes the public verifiable outsourcing computation service by outsourcing the delegation computing function (and accompanied outsourced data set), as well as sending the generated public system information to the whole system and the generated evaluation key information about computing function (and accompanied data set) to the cloud. In this way, any vessel in this group can delegate computations by directly typing inputs into the computing function (and accompanied data set). Then the cloud server performs a computation for the outsourcing request from a vessel. Finally, anyone who possesses a legal verification token (granted from the delegating vessel) is able to verify the result. We note that the above procedure path is highly similar to Type II (and Type I) outsourcing computation, that is, or protocol, respectively, where the only difference is the clients’ outsourcing type and importing type.
1.2. Related Work
The studied problem is usually solved through a verification computation (VC) [12, 13] method, which starts with outsourcing a computing function to the cloud at first and then takes inputs on it. However, current VC protocols do not satisfy the listed design goals simultaneously in specific marine cloud computing. The other way to consider the verifiable outsourcing computation field is designed for running some verifiable delegations on outsourced data sets [14, 15], which is a little different from the formal VC concept where it differs in outsourcing whether it is a computing function or a data set at first. Also some works focused on performing computations towards outsourced functions (outsourcing at first) have been proposed [9, 13, 16–18]. For the public delegation and the public verifiable property, Applebaum et al.’s works did not satisfy them, as well as the work presented in [13, 14, 19]. Reference  presented protocol supported Type I computation outsourcing but neglected Type II one, so was the hybrid [20, 21] notion for verifiable computation failing the scalable property.
We note that all approaches to construct VC protocols except for functional encryption-based method failed to provide public delegation property for a verifiable outsourcing protocol towards a group of clients. From this point of view, our proposed solution is more enjoyable for such a scenario. More importantly, current works fail to achieve all the mentioned design goals simultaneously.
Organization. In Section 2, we introduce the system model and security definition for our protocol. Section 3 gives the protocol and its security analysis is provided in Section 4. An extracted version for single-mode public verifiable outsourcing computation protocol towards just outsourced function is shown in Section 5. Section 6 evaluates the performance and Section 7 gives a conclusion.
2. Background Knowledge
Notations 1. We denote by the fact that is picked uniformly at random from a finite set . We denote PPT as a probabilistic polynomial-time algorithm. We use to denote multiplication (or group operation) as well as component-wise multiplication.
2.1. Outsourcing Functions’ Description Using Access Structures
Definition 2. A (monotone) access structure for set universe . One may hold the fact for an attribute set : accepts Here, is a row vector; as represents the th row vector of matrix , a linear span is a collection of vectors over .
Remark 3. In this paper, we mainly focus on giving a verifiable outsourcing computation protocol for Boolean formula delegating functions. When we manage to enable our protocol to be usable for multibits rather than one bit (Boolean formula), we usually take the following steps to realize: (1)Split the computing function in to some subfunctions , where is the th output bit of the computing function .(2)Now we can run the and (for Boolean formula function) with conducting each subfunction .
Therefore, we can obtain a scalable outsourcing computation protocol for (polynomial many) multibits output for , where can be implemented by a polynomial-size Boolean formula’s circuit. In this case, any outsourcing function can be computed by a polynomial-size Boolean formula and can thus be described by a (monotone) access structure . We therefore use the access structures to symbolize the aiming outsourced (Boolean) functions throughout this paper.
2.2. Underlying Security Guarantee
The security of our protocol relies on the decisional -BDHE assumption. Let , be two cyclic groups of prime order and a generator of group along with an efficient computable map . Randomly choose generators and and a tuple , and an adversary should distinguish a computed value from a random element in . Finally, outputs having an advantage in solving the decisional -BDHE problem if
Definition 4. One says that the decisional -BDHE assumption holds in if, for any PPT adversary , its advantage in above game is negligible in security parameter .
2.3. Definition for Scalable Verifiable Outsourcing Computation
In this subsection, we present the system definition, correctness definition, security definition, and privacy definition for a scalable verifiable outsourcing computation protocol.
System Definition. A scalable verifiable outsourcing computation protocol is composed of the following four PPT algorithms:(i): given a security parameter , on input a function and an accompanied outsourced data set , the pilot vessel outputs a public key and an evaluation key .(ii): on input , any (pilot or nonpilot) vessel can use it to encode an input into a problem description , as well as outputting a verification key .(iii): on input and a problem description , the data center (cloud) computes an outcome .(iv): with input of the cloud’s output , anyone returns an output or (rejects the cloud’s answer using ).
Correctness Definition. Given a security parameter , for any outsourced data set and outsourced function and any subjective function and for any objective data set , , , then
Security Definition. We define a security experiment against adaptive (adaptively chosen outsourced function and data sets) adversaries, which is played by a challenger and a stateful adversary .
A protocol achieves selective soundness if for all PPT adversaries and for any and , ’s winning advantage under the following condition, ; ; ; ; outputs “1”,
is negligible in security parameter , where means that the adversary can submit pairs that make the experiment always output “1.”
Privacy Definition. The clients’ outsourced/input computing function and data set are altogether kept hidden from the adversary’s view. Moreover, the cloud’s output for the problem solution does also not leak any information on the problem description. In this paper, we consider these as outsourcing privacy, input privacy, and output privacy.
3. Our Scalable Verifiable Outsourcing Computation Protocol:
Inspired by the dual-policy attribute-based encryption (ABE) scheme [10, 23], we present the first publicly verifiable outsourcing computation protocol towards both (Boolean formula) outsourced functions and outsourced data sets altogether, which also relies on our introduced variant transformation  of the general relationship between ABE and public VC .
Specifically specifying the example in Section 1, the pilot vessel first initializes the service by inputting an outsourced function and an accompanied data set to generate a public key and an evaluation key and sends them to the cloud and other vessels. Thus, any vessel in this fleet can directly input the objective input for and an accompanied computation function over data set along with randomly chosen messages , altogether, to generate a problem description and a verification key . Once receiving and , the cloud computes the problem result on the problem . Finally the vessel (or a legal granted anyone) can use the verification key to efficiently check the result ’s correctness.
3.1. System Initialization Phase
Given an outsourced function with input size as inputs, define two hash functions , . The pilot vessel randomly chooses and . Then it generates and outputs two master public/secret key pairs of information pieces:
3.2. Evaluation Key Generation Phase
For an encoded objective outsourced function ’s access structure , as well as a subjective outsourced data set , pick a random vector such that for and set . Output
Similarly, we obtain the corresponding secret key using uniformly and randomly chosen independent “”-type variables. (Here, we omit the descriptions on the sampling process on “”, since it is almost same as that for ) Then, where denotes the complement function of the outsourced function . Hence, output the public key and the evaluation key information as
3.3. Problem Generation Phase
Given an objective data set and the access structure of an encoded subjective function altogether as inputs, randomly choose a random vector such that for and set , . Pick two messages , and output and similarly we generate (by introducing new “”-type parameters to generate by using ):Hence, output the problem description and the verification key information as where is a one-way function.
3.4. Compute Phase
Upon the problem description and the evaluation key , compute Output the problem solution .
Here, we note that this compute process can be realized efficiently (reducing the number of pairing operations) but just add a few exponentiation operations as a tradeoff.
3.5. Verification Phase
Input and . Output
Remark 5. The verifiability of is mainly against the outsourced function since the concept of the complement data sets of does not make sense in practice compared to . Hence, our can be served as a hierarchical public VC protocol towards just outsourced function, which regards the subjective function accepting outsourced data set as a hierarchical (fine-grained) access control condition.
4. Security Analysis
In this section, we give correctness and efficiency analysis on our protocol at first and sketch a security analysis and privacy analysis on it as well.
4.1. Correctness Analysis
Based on the correctness of  dual-policy attribute-based encryption along with our modified transformation  between ABE and public VC in terms of , the correctness follows straightforwardly when both the following two conditions hold: (1) the outsourced function accepts the data set ; (2) the outsourced data set satisfies the function .
In the compute phase, the recovery process of is parallel to that of . Here, we just show the correctness of the case: where the fourth equation follows the linear reconstruction property of Definition 2, and we have
Remark 6. The correctness of the above compute phase is similar to that of the decryption process in .
4.2. Efficiency Analysis
In this part, we give a time and a size efficiency analysis for . Concretely, Table 3 lists the dominant time operations (i.e., pairing, exponentiation, and multiplication) in group that belongs to each step of , and moreover Table 2 gives the size calculations.
Remark 7. The compute phase’s overhead can be optimized up to .
In the protocol, Step and Step are altogether done by the pilot vessel, any vessel can perform Step , and the data center (e.g., cloud) completes Step along with the fact that anyone can carry out Step .
As the bandwidth between each entity across this marine WSNs is low [5, 24], the low parameter size is highly demanded. From Table 3, we find that most operations that need high cost reside in the data center side. Consequently, the pilot vessel can certainly afford the VC service initialization computation overhead. In this way, the overhead of the problem description paid by any vessel is short, and anyone’s verification cost on the result is very little as well. Therefore, the efficiency of the obtained is enjoyably applicable to the marine wireless sensor networks.
4.3. Security Analysis
Theorem 8 (main theorem). Let be a class of Boolean functions (implemented by a family of circuits ), and let be a class of the complement function of each function and the class of the outsourced data set and be any one-way function. Suppose Definition 4 holds; then the protocol in Section 3 achieves selective soundness property according to the security definition in Section 2.3.
We can easily reduce the security of with adaptive soundness to the adaptive security of the dual-policy ABE  and the general transformation between them, since one can obtain the protocol by running the ABE scheme twice along with other techniques. More technical details can be found in Section of  and Appendix of .
4.4. Privacy Analysis
During the protocol’s process carried out, the specific contents of the outsourced part and the input part are encoded as another form. Specifically, the clients’ outsourced computing function and accompanied data set are encoded as an evaluation key and any client’s input , and is encoded as a problem generation , in such a way that the cloud cannot obtain any knowledge about the outsourcing privacy and input privacy. For the output privacy, the random message is also hidden by a owe-way function ; thus the cloud can just get and is unable to recover from it (except a negligible advantage) which is considered to achieve output privacy as well.
5. Extracted Single-Mode Version of Protocol
In some cases, the clients (e.g., vessels) may just outsource either data sets or computing function to the cloud; therefore we have to ask the following question: Can we transform the dual-mode verifiable outsourcing computation into a single-mode one?
Intuitively, setting one of the outsourced data sets and outsourced function as “on-the-fly” input of protocol, we hence assume obtaining two single-mode public VC protocols towards respective outsourced function and outsourced data sets. However, this assumption fails due to the nonexistence of a single-mode for outsourcing data sets. The reasons are as follows:(1)Firstly, we should observe that the complement class of the outsourced data sets does not make any sense in practice, which is not similar to the relation between and . It is also not easy to obtain the complement class of .(2)Secondly, one can run the key-policy ABE (KP-ABE) mode of dual-policy ABE (DP-ABE) in  twice for respective and , but the relation between ciphertext-policy ABE and public VC is not known so far. In this way, the checkability of the single-mode over outsourcing data sets cannot achieve “1.”
Hence, we can just obtain the single-mode variant of for outsourced computing function at first, namely, Type II delegation type.
5.1. Construction for Single-Mode for Just Outsourcing Functions:
Inspired by the KP-ABE mode of dual-policy ABE  and our protocol, we give the single-mode publicly verifiable outsourcing computation towards outsourcing computing functions’ construction.
(1) System Initialization Phase. This step is same as that of except for adding special data as a new input.
(2) Evaluation Key Generation Phase. This stage is same as that of except by randomly choosing and setting Hence the evaluation key behaves as
(3) Problem Generation Phase. This is almost same as that of except for sampling and setting Hence, the problem description behaves as
(4) Compute Phase. In this case, this process computes as follows: Finally, output the problem solution .
(5) Verification Phase. This step is exactly same as that of .
This concludes the construction description.
5.2. Analysis on the Single-Mode for Just Outsourcing Computing Functions
In this subsection, we still give a correctness, efficiency, and security analysis on the protocol.
5.2.1. Correctness Analysis
The correctness holds when accepts the data sets , where the secret shares’ reconstruction follows
5.2.2. Efficiency Analysis
In general, the size and time efficiency of the single-mode protocol for only outsourcing computing functions are comparable to those of one. Next, we present the time and size efficiency analysis for in concrete way; Table 4 gives the size calculations and moreover Table 5 lists the dominant time operations (i.e., pairing, exponentiation, and multiplication) in group which performed in each step of single-mode .
In concrete way, the problem generation and verification overheads enjoy better efficiency than that in , but its overhead on generating evaluation key is a little expensive (including the size of ) compared to , since “on-the-fly” data set is involved to handle the construction. A tradeoff between Steps , , and and Steps and over the above three steps does inevitably exist. Apart from this, the overall time and time overhead are almost same as that of .
As a result, the (non)pilot vessel or anyone can efficiently run the single-mode service, and moreover the cloud’s running cost on computing the problem also turns out to be short. In this way, we can directly extract a highly efficient protocol from .
5.2.3. Security Analysis
Theorem 9 (main theorem). Let be a class of Boolean functions (implemented by a family of circuits ), and let be a class of the complement function of each function and be any one-way function. Suppose Definition 4 holds; then the single-mode protocol for only outsourcing computing functions achieves selective soundness according to the security definition in Section 2.3.
The proposed single-mode verifiable outsourcing computation protocol can be seen as a special variant of in fact, whereas their functionalities are merely not the same. Based on the security analysis on Theorem 8, Theorem 9 can be proved easily as well.
5.2.4. Privacy Analysis
The privacy analysis on the protocol is same as that of the protocol in Section 4.4.
6. Performance Evaluation
In this section, we give a performance evaluation on our and its extracted single-mode outsourcing computation protocol . Applying a certain implementation technique on realizing bilinear maps, we choose using an asymmetric bilinear group to implement the symmetric bilinear group for and in the actual experiment as in .
Standing by the standard NIST recommendation  and general remarks [25, 27] based on the Python language’s realizations along with its provided Charm-crypto Benchmark, we note that the charm tool  is an extensible -based framework under Pairing-Based Cryptography (PBC) library for rapidly prototyping cryptographic schemes and protocols, which is widely used in conducting functional encryption-based primitives. We remark that this is instantiated in an Ubuntu 12.04 operating system with 1 GB RAM (established in a MACBOOK Air Intel firstname.lastname@example.org GHz and 4 GB RAM equipped with a VMWare software). Next, we decide to employ the “SS512” elliptic curve for our performance evaluation. Finally, Table 7 shows the “SS512” curve’s element length; and moreover Table 6 gives a list of the “SS512” curve’s average running-times for each protocol step.
Suppose that the size of the data set , is and the value of , is . Based on the employed “SS512” elliptic curve , the actual size evaluation in Figure 2 and the time efficiency simulation in Figure 3 are both given. In addition, we use “+” to denote the dual-mode protocol and “⋄” to denote the extracted single-model : protocol in both Figures 2 and 3.
From Figures 2 and 3, we can deduce the fact that both and achieve high space and time efficiency. Our protocol’s efficiency is comparable to the extracted one’s efficiency. Particularly, the overload that belongs to the weak clients’ sides is actual satisfactory.
7. Concluding Remarks
This paper presented a scalable and soundness verifiable outsourcing computation protocol in marine mobile cloud computing. Our protocol enabled any client to delegate a computation task to the server and was also able to designate anyone to verify the result. In addition, an extracted single-mode outsourcing computation protocol from was presented, which led to a fact that the client can adapt based on the inputs’ option in terms of its interest or its own needs. However, we found that our protocol could just handle the outsourcing function as the single mode; hence a design of a verifiable outsourcing computation protocol towards outsourced function may be an open problem.
Conflicts of Interest
The authors declare that they have no conflicts of interest.
The authors want to acknowledge the WASA 2017 anonymous reviewers’ suggestions. This work was supported by the National Natural Science Foundation of China (61571191, 61572192, 61472249, 61472142, and 61402282), the “Dawn” Program of Shanghai Education Commission (no. 16SG21), and the Open Foundation of State Key Laboratory of Integrated Services Networks (ISN17-11).
- P. M. Mell and T. Grance, Draft nist working definition of cloud computing, vol. 15, 2009.
- C. D'Este, P. de Souza, C. Sharman, and S. Allen, “Relocatable, automated cost-benefit analysis for marine sensor network design,” Sensors, vol. 12, no. 3, pp. 2874–2898, 2012.
- L. Yu, H. Shen, K. Sapra, L. Ye, and Z. Cai, “CoRE: Cooperative End-to-End Traffic Redundancy Elimination for Reducing Cloud Bandwidth Cost,” IEEE Transactions on Parallel and Distributed Systems, vol. 28, no. 2, pp. 446–461, 2017.
- D. Huang, “Mobile cloud computing,” in Proceedings of the IEEE COMSOC Multimedia Communications Technical Committee (MMTC) E-Letter, vol. 6, pp. 27–31, 2011.
- L. Yu, L. Chen, Z. Cai, H. Shen, Y. Liang, and Y. Pan, “Stochastic Load Balancing for Virtual Resource Management in Datacenters,” IEEE Transactions on Cloud Computing, 2016.
- S. Zhang, J. Yu, A. Zhang, L. Yang, and Y. Shu, “Marine vehicle sensor network architecture and protocol designs for ocean observation,” Sensors, vol. 12, no. 1, pp. 373–390, 2012.
- P. Hu, K. Xing, X. Cheng, H. Wei, and H. Zhu, “Information leaks out: Attacks and countermeasures on compressive data gathering in wireless sensor networks,” in Proceedings of the 33rd IEEE Conference on Computer Communications, IEEE INFOCOM 2014, pp. 1258–1266, Ontario, Canada, May 2014.
- D. Huang, D. Zhao, L. Wei, Z. Wang, and Y. Du, “Modeling and analysis in marine big data: Advances and challenges,” Mathematical Problems in Engineering, vol. 2015, Article ID 384742, 2015.
- B. Parno, M. Raykova, and V. Vaikuntanathan, “How to delegate and verify in public: verifiable computation from attribute-based encryption,” in Theory of Cryptography, vol. 7194 of Lecture Notes in Computer Science, pp. 422–439, Springer, Berlin, Germany, 2012.
- N. Attrapadung and H. Imai, “Dual-policy attribute based encryption,” in Proceedings of the International Conference on Applied Cryptography and Network Security, vol. 5536, pp. 168–185, 2009.
- K. Zhang, L. Wei, X. Li, and H. Qian, “Provably secure dual-mode publicly verifiable computation protocol in marine wireless sensor networks,” in Proceedings of the 12th International Conference on Wireless Algorithms, Systems, and Applications, WASA 2017, vol. 10251, pp. 210–219, Springer International Publishing, Guilin, China, 2017.
- B. Applebaum, Y. Ishai, and E. Kushilevitz, “From secrecy to soundness: Efficient verification via secure computation,” in Proceedings of the International colloquium on automata, languages and programming (ICALP), vol. 6198, pp. 152–163, 2010.
- R. Gennaro, C. Gentry, and B. Parno, “Non-interactive verifiable computing: outsourcing computation to untrusted workers,” in Advances in Cryptology-CRYPTO 2010, vol. 6223, pp. 465–482, Springer, Berlin, Germany, 2010.
- S. Benabbas, R. Gennaro, and Y. Vahlis, “Verifiable delegation of computation over large datasets,” in Advances in Cryptology-CRYPTO 2011, vol. 6841, pp. 111–131, 2011.
- M. Backes, D. Fiore, and R. M. Reischuk, “Verifiable delegation of computation on outsourced data,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 863–874, Berlin, Germany, November 2013.
- D. Fiore and R. Gennaro, “Publicly verifiable delegation of large polynomials and matrix computations, with applications,” in Proceedings of the ACM Conference on Computer and Communications Security (CCS '12), pp. 501–512, ACM, October 2012.
- K. Zhang, J. Gong, S. Tang et al., “Practical and efficient attribute-based encryption with constant-size ciphertexts in outsourced verifiable computation,” in Proceedings of the 11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016, pp. 269–279, Xi'an, China, June 2016.
- Y. Sun, Y. Yu, X. Li, K. Zhang, H. Qian, and Y. Zhou, “Batch verifiable computation with public verifiability for outsourcing polynomials and matrix computations,” in Proceedings of the Part I of Information Security and Privacy - 21st Australasian Conference, ACISP 2016, vol. 9722, pp. 293–309, Springer International Publishing, Melbourne, VIC, Australia, 2016.
- K. Chung, Y. T. Kalai, and S. P. Vadhan, “Improved delegation of computation using fully homomorphic encryption,” in in Proceedings of CRYPTO, 2010, pp. 483–501, Springer, Santa Barbara, CA, USA, 2010.
- J. Alderman, C. Janson, C. Cid, and J. Crampton, “Access control in Publicly Verifiable Outsourced Computation,” in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2015, pp. 657–662, Singapore, April 2015.
- J. Alderman, C. Janson, C. Cid, and J. Crampton, “Hybrid Publicly Verifiable Computation,” in Topics in Cryptology - CT-RSA 2016, vol. 9610 of Lecture Notes in Computer Science, pp. 147–163, Springer International Publishing, Cham, 2016.
- A. Beimel, Secure Schemes for Secret Sharing And Key Distribution [Ph.D. Thesis], Technion-Israel Institute of technology, Faculty of computer science, 1996.
- V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS '06), pp. 89–98, November 2006.
- L. Yu and Z. Cai, “Dynamic scaling of virtual clusters with bandwidth guarantee in cloud datacenters,” in Proceedings of the 35th Annual IEEE International Conference on Computer Communications, IEEE INFOCOM 2016, pp. 1–9, San Francisco, CA, USA, April 2016.
- J. A. Akinyele, C. Garman, I. Miers et al., “Charm: a framework for rapidly prototyping cryptosystems,” Journal of Cryptographic Engineering, vol. 3, no. 2, pp. 111–128, 2013.
- D. Giry, Bluekrypt, https://www.keylength.com/en/.
- F. Zhang, Tech. Rep., http://student.seas.gwu.edu/~zfwise/crypto.
- A. Miyaji, M. Nakabayashi, and S. Takano, “New explicit conditions of elliptic curve traces for FR-reduction,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. 84, pp. 1234–1243, 2001.
Copyright © 2017 Kai Zhang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.