The paper introduces the concept of Verifiable Computation, enabling a computationally weak client to outsource the computation of a function \( F \) on various inputs \( x_1, \ldots, x_t \) to one or more untrusted workers. The workers return the result of the function evaluation and a proof that the computation was correctly performed. The key requirement is that verifying the proof should be significantly less computationally expensive than computing \( F(x_i) \) from scratch. The authors present a protocol that allows the worker to return a computationally sound, non-interactive proof that can be verified in \( O(m \cdot \text{poly}(\lambda)) \) time, where \( m \) is the bit-length of the output of \( F \) and \( \lambda \) is a security parameter. The protocol requires a one-time preprocessing stage by the client, which takes \( O(|C| \cdot \text{poly}(\lambda)) \) time, where \( C \) is the smallest Boolean circuit computing \( F \). Unlike previous work, this scheme also provides input and output privacy for the client, meaning that the workers do not learn any information about the inputs or outputs. The paper discusses the background on Yao's Garbled Circuit Construction and homomorphic encryption, and defines the problem of verifiable computation. It then presents a detailed description of the proposed protocol, which combines Yao's garbling scheme with a fully homomorphic encryption system. The protocol is proven to be secure, outsourceable, and private, with efficient input and output verification. The authors also address how to handle cheating workers and provide a theorem showing that the scheme remains secure if the client terminates after detecting a malformed response. Finally, they discuss future directions, including the potential for using more efficient primitives and tolerating multiple malformed responses.The paper introduces the concept of Verifiable Computation, enabling a computationally weak client to outsource the computation of a function \( F \) on various inputs \( x_1, \ldots, x_t \) to one or more untrusted workers. The workers return the result of the function evaluation and a proof that the computation was correctly performed. The key requirement is that verifying the proof should be significantly less computationally expensive than computing \( F(x_i) \) from scratch. The authors present a protocol that allows the worker to return a computationally sound, non-interactive proof that can be verified in \( O(m \cdot \text{poly}(\lambda)) \) time, where \( m \) is the bit-length of the output of \( F \) and \( \lambda \) is a security parameter. The protocol requires a one-time preprocessing stage by the client, which takes \( O(|C| \cdot \text{poly}(\lambda)) \) time, where \( C \) is the smallest Boolean circuit computing \( F \). Unlike previous work, this scheme also provides input and output privacy for the client, meaning that the workers do not learn any information about the inputs or outputs. The paper discusses the background on Yao's Garbled Circuit Construction and homomorphic encryption, and defines the problem of verifiable computation. It then presents a detailed description of the proposed protocol, which combines Yao's garbling scheme with a fully homomorphic encryption system. The protocol is proven to be secure, outsourceable, and private, with efficient input and output verification. The authors also address how to handle cheating workers and provide a theorem showing that the scheme remains secure if the client terminates after detecting a malformed response. Finally, they discuss future directions, including the potential for using more efficient primitives and tolerating multiple malformed responses.