Abstract
Verifiable computing (VC) uses cryptography to delegate computation to untrusted workers. But in most VC schemes, the delegated program must first be arithmetized – expressed as a circuit with multiplication and addition over a finite field. Previous work has compiled subsets of languages like C, LLVM, and bespoke assembly to arithmetic circuits. In this paper, we report on a new DSL for VC, called Snårkl (“Snorkel”), that supports encodings of language features familiar from functional programming such as products, case analysis, and inductive datatypes. We demonstrate that simple constraint-minimization techniques are an effective means of optimizing the resulting encodings, and therefore of generating small circuits.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
See Walfish and Blumberg ACM survey [22] for a summary of the recent history.
- 2.
BCGTV [3] approximates potentially nonterminating programs by first translating to assembly (for the bespoke TinyRAM architecture), then “executing” a bounded number of steps of the program by arithmetizing the transition relation of the underlying instruction set architecture (ISA).
- 3.
- 4.
The effect of GHC’s DataKinds extension is to implicitly promote datatypes like to kinds, and constructors of user-defined datatypes (, , etc.) to type constructors. Type constructors that have been promoted in this way are marked by an initial apostrophe, as in .
- 5.
The recursion bound is necessary to ensure that elaboration terminates.
- 6.
It would be unsound to rely on these constraints to learn new facts.
- 7.
libsnark was evaluated in [3].
References
Arora, S., Lund, C., Motwani, R., Sudan, M., Szegedy, M.: Proof verification and the hardness of approximation problems. JACM 45(3), 501–555 (1998)
Arora, S., Safra, S.: Probabilistic checking of proofs: a new characterization of NP. JACM 45(1), 70–122 (1998)
Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.: SNARKs for C: verifying program executions succinctly and in zero knowledge. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 90–108. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_6
Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von Neumann architecture. In: USENIX Security (2014)
Ben-Sasson, E., et al.: The libsnark library. https://github.com/scipr-lab/libsnark. Accessed 23 Sep 2015
Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)
Braun, B., Feldman, A.J., Ren, Z., Setty, S., Blumberg, A.J., Walfish, M.: Verifying computations with state. In: SOSP, pp. 341–357. ACM (2013)
Costello, C., et al.: Geppetto: versatile verifiable computation. In: Proceedings of the 36th IEEE Symposium on Security and Privacy, vol. 15. IEEE (2014)
Fournet, C., Kohlweiss, M., Danezis, G., Luo, Z.: ZQL: a compiler for privacy-preserving data processing. In: USENIX Security, pp. 163–178 (2013)
Fredrikson, M., Livshits, B.: ZØ: an optimizing distributing zero-knowledge compiler. In: USENIX Security (2014)
Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_37
GHC Team. The glorious Glasgow Haskell compilation system user’s guide (2005)
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. In: Proceedings of the Seventeenth Annual ACM Symposium on Theory of Computing, pp. 291–304. ACM (1985)
Mainland, G., Morrisett, G., Welsh, M.: Flask: staged functional programming for sensor networks. In: ICFP 2008 (2008)
O’Sullivan, B.: The Criterion library. http://www.serpentine.com/criterion. Accessed 23 Sep 2015
Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: Proceedings of the 35th IEEE Symposium on Security and Privacy, pp. 238–252. IEEE (2013)
Serrano, A., Hage, J.: Type error diagnosis for embedded DSLs by two-stage specialized type rules. In: Thiemann, P. (ed.) ESOP 2016. LNCS, vol. 9632, pp. 672–698. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49498-1_26
Setty, S.T., et al.: Taking proof-based verified computation a few steps closer to practicality. In: USENIX Security (2012)
Setty, S.T., McPherson, R., Blumberg, A.J., Walfish, M.: Making argument systems for outsourced computation practical (sometimes). In: NDSS (2012)
Taha, W., Sheard, T.: Multi-stage programming with explicit annotations. In: PEPM (1997)
Wahby, R.S., Setty, S., Ren, Z., Blumberg, A.J., Walfish, M.: Efficient RAM and control flow in verifiable outsourced computation. In: NDSS (2015)
Walfish, M., Blumberg, A.J.: Verifying computations without reexecuting them. CACM 58(2), 74–84 (2015)
Xi, H., Chen, C., Chen, G.: Guarded recursive datatype constructors. In: POPL, pp. 224–235. ACM (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Stewart, G., Merten, S., Leland, L. (2018). Snårkl: Somewhat Practical, Pretty Much Declarative Verifiable Computing in Haskell. In: Calimeri, F., Hamlen, K., Leone, N. (eds) Practical Aspects of Declarative Languages. PADL 2018. Lecture Notes in Computer Science(), vol 10702. Springer, Cham. https://doi.org/10.1007/978-3-319-73305-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-73305-0_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-73304-3
Online ISBN: 978-3-319-73305-0
eBook Packages: Computer ScienceComputer Science (R0)