Abstract
A universal circuit (UC) is a general-purpose circuit that can simulate arbitrary circuits (up to a certain size n). Valiant provides a k-way recursive construction of UCs (STOC 1976), where k tunes the complexity of the recursion. More concretely, Valiant gives theoretical constructions of 2-way and 4-way UCs of asymptotic (multiplicative) sizes \(5n\log n\) and \(4.75 n\log n\) respectively, which matches the asymptotic lower bound \(\varOmega (n\log n)\) up to some constant factor.
Motivated by various privacy-preserving cryptographic applications, Kiss et al. (Eurocrypt 2016) validated the practicality of 2-way universal circuits by giving example implementations for private function evaluation. Günther et al. (Asiacrypt 2017) and Alhassan et al. (J. Cryptology 2020) implemented the 2-way/4-way hybrid UCs with various optimizations in place towards making universal circuits more practical. Zhao et al. (Asiacrypt 2019) optimized Valiant’s 4-way UC to asymptotic size \(4.5 n\log n\) and proved a lower bound \(3.64 n\log n\) for UCs under Valiant’s framework. As the scale of computation goes beyond 10-million-gate (\(n=10^7\)) or even billion-gate level (\(n=10^9\)), the constant factor in UC’s size plays an increasingly important role in application performance. In this work, we investigate Valiant’s universal circuits and present an improved framework for constructing universal circuits with the following advantages.
-
Simplicity. Parameterization is no longer needed. In contrast to those previous implementations that resorted to a hybrid construction combining \(k=2\) and \(k=4\) for a tradeoff between fine granularity and asymptotic size-efficiency, our construction gets the best of both worlds when configured at the lowest complexity (i.e., \(k=2\)).
-
Compactness. Our universal circuits have asymptotic size \(3n\log n\), improving upon the best previously known \(4.5n\log n\) by 33% and beating the \(3.64n\log n\) lower bound for UCs constructed under Valiant’s framework (Zhao et al., Asiacrypt 2019).
-
Tightness. We show that under our new framework the UC’s size is lower bounded by \(2.95 n\log n\), which almost matches the \(3n\log n\) circuit size of our 2-way construction.
We implement the 2-way universal circuit and evaluate its performance with other implementations, which confirms our theoretical analysis.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Let us mention that there are other alternatives to PFE without using universal circuits, of which the most efficient one to date is the work by Katz and Malka [36].
- 2.
It is typically assumed that a circuit C consists of AND gates and XOR gates. The size of C refers to the number of gates in C, and its multiplicative size is the number of AND gates. As a major performance indicator for Valiant’s (and our optimized) framework, the multiplicative size of a UC is roughly a quarter of its total size.
- 3.
The edge embedding algorithm for constructing 2-way UC is simply a bipartite matching algorithm, while in contrast, a generic algorithm for k-way UC is much more complex and less efficient. Moreover, Valiant’s construction only explicitly handles the case \(n=B k^j\) for arbitrary \(j\in \mathbb {N^+}\) (i.e., the number of recursions) and small \(B\in \mathbb {N^+}\) (i.e., \(\mathsf {EUG}(B)\) is the initial EUG built from scratch). Optimization techniques [3, 30] are helpful in adapting to arbitrary n, especially for \(k=2\).
- 4.
Note that the poles of \(\mathsf {EUG}_1(\lceil \frac{n}{k}\rceil -1)\) do not constitute the poles of the \(\mathsf {EUG}_1(n)\), but become X-switching nodes after merging with input/output nodes.
- 5.
Recall that subscript 1 in \(\mathsf {EUG}_1(n)\) refers to its capability of edge embedding arbitrary \(\mathsf {DAG}_1(n)\), instead of that \(\mathsf {EUG}_1(n)\) is of fan-in/fan-out 1. In fact, an \(\mathsf {EUG}_1\) needs fan-in/fan-out 2 to cater for control nodes such as X/Y switching nodes.
- 6.
No edge \((p_u,p_v)\in E_i\) (i.e., \(i=j\)) is considered, and the case for \(i>j\) is not possible as nodes are topologically sorted in the first place. Further, if there are multiple edges from a node in \(V_i\) to one in \(V_j\), then equally many copies of \((O_i,I_j)\) are added.
- 7.
After merging, edge (\(out_i^t\),\(in_{i+1}^t\)) becomes a self-loop which is not included in \(E'_{vert}\).
References
Abadi, M., Feigenbaum, J.: Secure circuit evaluation. J. Cryptol. 2(1), 1–12 (1990). https://doi.org/10.1007/BF02252866
Afshar, A., Mohassel, P., Pinkas, B., Riva, B.: Non-interactive secure computation based on cut-and-choose. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 387–404. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_22
Alhassan, M.Y., Günther, D., Kiss, Á., Schneider, T.: Efficient and scalable universal circuits. J. Cryptol. 33(3), 1216–1271 (2020)
Anonymous: The C++ source code of our 2-way UC implementation (2020). https://github.com/Cryptogroup/universalcircuit
Araki, T., et al.: Optimized honest-majority MPC for malicious adversaries - breaking the 1 billion-gate per second barrier. In: 2017 IEEE Symposium on Security and Privacy, pp. 843–862. IEEE Computer Society Press, San Jose (May 2017). https://doi.org/10.1109/SP.2017.15
Attrapadung, N.: Fully secure and succinct attribute based encryption for circuits from multi-linear maps. Cryptology ePrint Archive, Report 2014/772 (2014). http://eprint.iacr.org/2014/772
Banescu, S., Ochoa, M., Kunze, N., Pretschner, A.: Idea: benchmarking indistinguishability obfuscation – a candidate implementation. In: Piessens, F., Caballero, J., Bielova, N. (eds.) ESSoS 2015. LNCS, vol. 8978, pp. 149–156. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15618-7_12
Barni, M., Failla, P., Kolesnikov, V., Lazzeretti, R., Sadeghi, A.R., Schneider, T.: Secure evaluation of private linear branching programs with medical applications. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 424–439. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_26
Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: a system for secure multi-party computation. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM CCS 2008, pp. 257–266. ACM Press, Alexandria (October 2008). https://doi.org/10.1145/1455770.1455804
Bera, D., Fenner, S.A., Green, F., Homer, S.: Efficient universal quantum circuits. Quantum Inf. Comput. 10(1&2), 16–27 (2010). http://www.rintonpress.com/xxqic10/qic-10-12/0016-0027.pdf
Bicer, O., Bingol, M.A., Kiraz, M.S., Levi, A.: Towards practical PFE: an efficient 2-party private function evaluation protocol based on half gates. Cryptology ePrint Archive, Report 2017/415 (2017). http://eprint.iacr.org/2017/415
Bitansky, N., Vaikuntanathan, V.: Indistinguishability obfuscation from functional encryption. In: Guruswami, V. (ed.) 56th FOCS, pp. 171–190. IEEE Computer Society Press, Berkeley (October 2015). https://doi.org/10.1109/FOCS.2015.20
Brickell, J., Porter, D.E., Shmatikov, V., Witchel, E.: Privacy-preserving remote diagnostics. In: Ning, P., De Capitani di Vimercati, S., Syverson, P.F. (eds.) ACM CCS 2007, pp. 498–507. ACM Press, Alexandria (October 2007). https://doi.org/10.1145/1315245.1315307
Cachin, C., Camenisch, J., Kilian, J., Müller, J.: One-round secure computation and secure autonomous mobile agents. In: Montanari, U., Rolim, J.D.P., Welzl, E. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 512–523. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45022-X_43
Cook, S.A., Hoover, H.J.: A depth-universal circuit. SIAM J. Comput. 14(4), 833–839 (1985)
Dénes, K.: Gráfok és mátrixok. Matematikai és Fizikai Lapok 38, 116–119 (1931)
Fiore, D., Gennaro, R., Pastro, V.: Efficiently verifiable computation on encrypted data. In: Ahn, G.J., Yung, M., Li, N. (eds.) ACM CCS 2014, pp. 844–855. ACM Press, Scottsdale (November 2014). https://doi.org/10.1145/2660267.2660366
Fisch, B.A., et al.: Malicious-client security in blind seer: a scalable private DBMS. In: 2015 IEEE Symposium on Security and Privacy, pp. 395–410. IEEE Computer Society Press, San Jose (May 2015). https://doi.org/10.1109/SP.2015.31
Frikken, K., Atallah, M., Li, J.: Attribute-based access control with hidden policies and hidden credentials. IEEE Trans. Comput. 55(10), 1259–1270 (2006)
Frikken, K., Atallah, M., Zhang, C.: Privacy-preserving credit checking. In: Proceedings of the 6th ACM Conference on Electronic Commerce, pp. 147–154 (2005)
Frikken, K.B., Li, J., Atallah, M.J.: Trust negotiation with hidden credentials, hidden policies, and policy cycles. In: NDSS 2006. The Internet Society, San Diego (February 2006)
Galil, Z., Paul, W.J.: An efficient general purpose parallel computer. In: 13th ACM STOC, pp. 247–262. ACM Press, Milwaukee (May 1981). https://doi.org/10.1145/800076.802478
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: 54th FOCS, pp. 40–49. IEEE Computer Society Press, Berkeley (October 2013). https://doi.org/10.1109/FOCS.2013.13
Garg, S., Gentry, C., Halevi, S., Sahai, A., Waters, B.: Attribute-based encryption for circuits from multilinear maps. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 479–499. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_27
Garg, S., Gentry, C., Halevi, S., Zhandry, M.: Fully secure attribute based encryption from multilinear maps. Cryptology ePrint Archive, Report 2014/622 (2014). http://eprint.iacr.org/2014/622
Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_37
Gentry, C., Halevi, S., Vaikuntanathan, V.: i-hop homomorphic encryption and rerandomizable Yao circuits. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 155–172. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_9
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A. (ed.) 19th ACM STOC, pp. 218–229. ACM Press, New York City (May 1987). https://doi.org/10.1145/28395.28420
Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) 45th ACM STOC, pp. 545–554. ACM Press, Palo Alto (June 2013). https://doi.org/10.1145/2488608.2488677
Günther, D., Kiss, Á., Schneider, T.: More efficient universal circuit constructions. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part II. LNCS, vol. 10625, pp. 443–470. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_16
Heath, D., Kolesnikov, V., Peceny, S.: MOTIF: (almost) free branching in GMW. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part III. LNCS, vol. 12493, pp. 3–30. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64840-4_1
Holz, M., Kiss, Á., Rathee, D., Schneider, T.: Linear-complexity private function evaluation is practical. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020, Part II. LNCS, vol. 12309, pp. 401–420. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59013-0_20
Huang, Y., Katz, J., Kolesnikov, V., Kumaresan, R., Malozemoff, A.J.: Amortizing garbled circuits. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 458–475. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_26
Ishai, Y., Paskin, A.: Evaluating branching programs on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 575–594. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_31
Kamara, S., Raykova, M.: Secure outsourced computation in a multi-tenant cloud. In: IBM Workshop on Cryptography and Security in Clouds, pp. 15–16 (2011)
Katz, J., Malka, L.: Constant-round private function evaluation with linear complexity. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 556–571. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_30
Kiss, Á., Schneider, T.: Valiant’s universal circuit is practical. In: Fischlin, M., Coron, J.S. (eds.) EUROCRYPT 2016, Part I. LNCS, vol. 9665, pp. 699–728. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_27
Kolesnikov, V., Schneider, T.: Improved garbled circuit: free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70583-3_40
Kolesnikov, V., Schneider, T.: A practical universal circuit construction and secure evaluation of private functions. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 83–97. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85230-8_7
Lindell, Y., Riva, B.: Blazing fast 2PC in the offline/online setting with security for malicious adversaries. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 579–590. ACM Press, Denver (October 2015). https://doi.org/10.1145/2810103.2813666
Lipmaa, H., Mohassel, P., Sadeghian, S.: Valiant’s universal circuit: improvements, implementation, and applications. Cryptology ePrint Archive, Report 2016/017 (2016). http://eprint.iacr.org/2016/017
Liu, H., Yu, Y., Zhao, S., Zhang, J., Liu, W., Hu, Z.: Pushing the limits of Valiant’s universal circuits: simpler, tighter and more compact. Cryptology ePrint Archive, Report 2020/161 (2020). https://eprint.iacr.org/2020/161
Lovász, L., Plummer, M.D.: Matching Theory, vol. 367. American Mathematical Society, Providence (2009)
Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - secure two-party computation system. In: Blaze, M. (ed.) USENIX Security 2004, pp. 287–302. USENIX Association, San Diego (August 2004)
Meyer auf der Heide, F.: Efficiency of universal parallel computers. In: Cremers, A.B., Kriegel, H.-P. (eds.) GI-TCS 1983. LNCS, vol. 145, pp. 221–229. Springer, Heidelberg (1982). https://doi.org/10.1007/BFb0036483
Mohassel, P., Rosulek, M.: Non-interactive secure 2PC in the offline/online and batch settings. In: Coron, J., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part III. LNCS, vol. 10212, pp. 425–455. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_15
Mohassel, P., Sadeghian, S.S.: How to hide circuits in MPC an efficient framework for private function evaluation. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 557–574. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_33
Niksefat, S., Sadeghiyan, B., Mohassel, P., Sadeghian, S.: Zids: a privacy-preserving intrusion detection system using secure two-party computation protocols. Comput. J. 57(4), 494–509 (2014)
Ostrovsky, R., Skeith III, W.E.: Private searching on streaming data. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 223–240. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_14
Pappas, V., et al.: Blind seer: a scalable private DBMS. In: 2014 IEEE Symposium on Security and Privacy, pp. 359–374. IEEE Computer Society Press, Berkeley (May 2014). https://doi.org/10.1109/SP.2014.30
Sadeghian, S.S.: New techniques for private function evaluation. Ph.D. thesis (2015)
Tillich, S., Smart, N.: Circuits of basic functions suitable for MPC and FHE (2015). https://homes.esat.kuleuven.be/~nsmart/MPC/
Valiant, L.G.: Universal circuits (preliminary report). In: 8th ACM STOC, pp. 196–203 (1976)
Wegener, I.: The Complexity of Boolean Functions. Wiley, Hoboken (1987)
Yao, A.C.C.: Protocols for secure computations (extended abstract). In: 23rd FOCS, pp. 160–164. IEEE Computer Society Press, Chicago (November 1982). https://doi.org/10.1109/SFCS.1982.38
Yao, A.C.C.: How to generate and exchange secrets (extended abstract). In: 27th FOCS, pp. 162–167. IEEE Computer Society Press, Toronto (October 1986). https://doi.org/10.1109/SFCS.1986.25
Zhao, S., Yu, Yu., Zhang, J., Liu, H.: Valiant’s universal circuits revisited: an overall improvement and a lower bound. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019, Part I. LNCS, vol. 11921, pp. 401–425. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_15
Zhu, R., Cassel, D., Sabry, A., Huang, Y.: NANOPI: extreme-scale actively-secure multi-party computation. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 862–879. ACM Press, Toronto (October 2018). https://doi.org/10.1145/3243734.3243850
Zimmerman, J.: How to obfuscate programs directly. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 439–467. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_15
Acknowledgments
We are grateful to the authors of [3] for pointing out the issue in a previous version that our intermediate construction yields only a weak EUG, and for many helpful suggestions. Yu Yu, the corresponding author, was supported by the National Key Research and Development Program of China (Grant Nos. 2020YFA0309705 and 2018YFA0704701) and the National Natural Science Foundation of China (Grant Nos. 61872236 and 61971192). Jiang Zhang is supported by the National Natural Science Foundation of China (Grant Nos. 62022018, 61932019), the National Key Research and Development Program of China (Grant No. 2018YFB0804105). This work is also supported by Shandong Provincial Key Research and Development Program (Major Scientific and Technological Innovation Project, Grant No. 2019JZZY010133), Shandong Key Research and Development Program (Grant No. 2020ZLYS09).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Liu, H., Yu, Y., Zhao, S., Zhang, J., Liu, W., Hu, Z. (2021). Pushing the Limits of Valiant’s Universal Circuits: Simpler, Tighter and More Compact. In: Malkin, T., Peikert, C. (eds) Advances in Cryptology – CRYPTO 2021. CRYPTO 2021. Lecture Notes in Computer Science(), vol 12826. Springer, Cham. https://doi.org/10.1007/978-3-030-84245-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-84245-1_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-84244-4
Online ISBN: 978-3-030-84245-1
eBook Packages: Computer ScienceComputer Science (R0)