IBM and Microsoft build cloud application lie detector

Microsoft Research and IBM have developed a new project with the aim of verifying computations carried out in cloud environments to provide a higher level of validation.

Project Pinocchio for “Nearly Practical Verifiable Computation” exists to address privacy and security concerns for computations carried out in third-party cloud application environments.


More specifically, Pinocchio seeks to provide the user with confirmation that their data has been handled correctly and to verify the correctness of the results returned.

According to the Microsoft Research blog, “We introduce Pinocchio, a built system for efficiently verifying general computations while relying only on cryptographic assumptions. With Pinocchio, the client creates a public evaluation key to describe her computation; this setup is proportional to evaluating the computation once.”

EDITORIAL COMMENTARY: Why is Microsoft Research ruining a perfectly good story with an overtly politically correct use of the term “HER” when no sex needs to be mentioned ** sigh **, oh well, back to the interesting part.

Pinocchio will work as a “kind of lie detector” to check whether a cloud service carried out the workload it was supposed to — or, importantly, whether it might at any stage have been maliciously compromised and diverted or subverted.

Microsoft researcher Bryan Parno has said that the verification key “behaves like a digital signature”, in that you can provide it to any third party to check a result.

“The proof [of the cloud application validation] is only 288 bytes, regardless of the computation performed or the size of the inputs and outputs. Anyone can use a public verification key to check the proof,” says Microsoft.

The firms jointly confirm that Pinocchio’s verification time is typically 10ms: 5-7 orders of magnitude less than previous work.

Parno confirms that Pinocchio is not yet ready for real world usage and deployment.