Multi-Client Non-interactive Verifiable Computation

Gennaro et al. (Crypto 2010) introduced the notion of non-interactive verifiable computation, which allows a computationally weak client to outsource the computation of a function f on a series of inputs (x)(1),... to a more powerful but untrusted server. Following a preprocessing phase ( that is carried out only once), the client sends some representation of its current input x((i)) to the server; the server returns an answer that allows the client to recover the correct result f( x ((i))), accompanied by a proof of correctness that ensures the client does not accept an incorrect result. The crucial property is that the work done by the client in preparing its input and verifying the server's proof is less than the time required for the client to compute f on its own. We extend this notion to the multi-client setting, where n computationally weak clients wish to outsource to an untrusted server the computation of a function f over a series of joint inputs (x(1)((1)),..., x(n)((1))),... without interacting with each other. We present a construction for this setting by combining the scheme of Gennaro et al. with a primitive called proxy oblivious transfer.