{"id":552,"date":"2017-11-20T19:01:11","date_gmt":"2017-11-20T19:01:11","guid":{"rendered":"https:\/\/blogs.ncl.ac.uk\/security\/?p=552"},"modified":"2017-11-20T19:01:11","modified_gmt":"2017-11-20T19:01:11","slug":"smart-counter-collusion-contracts-for-verifiable-cloud-computing_prologue","status":"publish","type":"post","link":"https:\/\/blogs.ncl.ac.uk\/security\/2017\/11\/20\/smart-counter-collusion-contracts-for-verifiable-cloud-computing_prologue\/","title":{"rendered":"Smart Counter-Collusion Contracts for Verifiable Cloud Computing (Prologue)"},"content":{"rendered":"

\"\"<\/a><\/p>\n

People say smart contracts<\/a> is the next big thing in the blockchain space. In the simplest term, a smart contract is a piece of program stored and executed in the blockchain. The fancy things about a smart contract\u00a0are that its execution is (or will be) always correct (if you believe in the consensus\u00a0protocol that maintains the blockchain), it is self-enforcing (executed and enforced by peers), it is trustless (no central authority) and it is cheap to\u00a0use. It sounds so good, but what can smart contracts do? Of course, we want something more than ICOs<\/a>. And this is I will write about.<\/p>\n

A Short Summary<\/strong> in case you are impatient: we use smart contracts to implement mechanisms designed based on game theory, to enable cost-effective\u00a0verifiable cloud computing. The paper (co-authored with Yilei Wang, Amjad Aldweesh, Patrick McCorry, Aad van Moorsel) was presented early this month in CCS 2017<\/a>, and here are the full paper<\/a> and slides<\/a>.<\/p>\n

The Need for Verifiable\u00a0Cloud Computing<\/strong>\u00a0comes from distrust. Everyone using cloud computing probably knows that “the cloud” is just a bunch of computers belongs to someone else. Then when I outsource something to the cloud, how can I be sure it is done properly in the cloud? In current\u00a0practice, I cannot. You can imagine how annoying this would be when that outsourced computation is important\u00a0to me. It is not necessary that the clouds are malicious, it is simply a consequence of uncertainty: I do not know what happens exactly in the clouds, and I have no control over that either. So the best I can do, as a matter of due diligence, is not to trust the\u00a0clouds and verify all results returned by the clouds. But how? Verification can be as expensive as recomputing the task, and I might not have the resource to do that (if I have, I can avoid using the cloud in the first place by computing it by myself).<\/p>\n

The Current State<\/strong> of verifiable computing is more or less divided into two streams. Some verify by using cryptography, some verify by using replication. In the cryptography based approach<\/em><\/span>, the cloud must generate a proof that the computation is done correctly. Cryptography ensures that, unless our beloved cryptographic assumptions are wrong, the cloud cannot generate a valid proof if the computation is wrong. By checking the proof, I can be assured the correctness of the computation. In the replication based approach<\/span><\/em>, I give the same task to several clouds, and later collect results from them, and cross-check the results. If the results from all replicas match, I can assert with a high confidence that the computation was done correctly. Of course the more replicas I use, the more reliable my assertion would be. More replicas can also help me to find the correct result, should there is something wrong in some replicas.<\/p>\n

What is Missing<\/strong> in all existing verifiable computing techniques is a sense of economy. Surely they are technically sound, but with an unaffordable price. The problem is that cloud is not free<\/span>. You pay for what you compute. Generating a cryptographic proof is much more expensive than what you would think. Currently, the overhead is 3 – 6 orders of magnitude more than the computation being verified. Simple primary school math:<\/p>\n