Program Result Checking against Adaptive Programs and in Cryptographic Settings

The theory of program result checking introduced in Blum] allows one to check that a program P correctly computes the function f on input x. The checker may use P 's outputs on other inputs to help it check that P (x) = f(x). In this setting, P is always assumed to be a xed program, whose output on input x is a function P (x). We extend the theory to check a program P which returns a result on input x that may depend on previous questions asked of P. We call a checker that works for such a program an adaptive checker. We consider the case where there is an adaptive program that supposedly computes f running on each of several noninteracting machines. We design adaptive checkers that work for a constant number of independent and noninteracting programs. We also consider the following cryptographic scenario: A user wants to evaluate function f on input x using program P running on another machine. As in checking, the user does not trust the program to be correct. The additional requirement is that the user wants to let the other machine know as little information as possible about x from the questions asked of the program P (for example, the user may want the program to be able to learn at most the input size) as in Abadi Feigenbaum Kilian] Beaver Feigenbaum]. We call a program that satisses the above constraints a private checker. As is the case for adaptive checking, we consider the case where there is a program that supposedly computes f on each of several noninteracting machines. We design private checkers that work for a constant number of independent and noninteracting programs. The adaptive and private checkers given are general techniques that work for a variety of numerical problems, including integer multiplication, modular multiplication, matrix multiplication , the mod function, integer division, modular exponentiation and polynomial multiplication.