Encoding Functions with Constant Online Rate or How to Compress Garbled Circuits Keys

  • Benny Applebaum
  • Yuval Ishai
  • Eyal Kushilevitz
  • Brent Waters
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8043)

Abstract

Randomized encodings of functions can be used to replace a “complex” function f(x) by a “simpler” randomized mapping \(\hat{f}(x;r)\) whose output distribution on an input x encodes the value of f(x) and hides any other information about x. One desirable feature of randomized encodings is low online complexity. That is, the goal is to obtain a randomized encoding \(\hat{f}\) of f in which most of the output can be precomputed and published before seeing the input x. When the input x is available, it remains to publish only a short string \(\hat{x}\), where the online complexity of computing \(\hat{x}\) is independent of (and is typically much smaller than) the complexity of computing f. Yao’s garbled circuit construction gives rise to such randomized encodings in which the online part \(\hat{x}\) consists of n encryption keys of length κ each, where n = |x| and κ is a security parameter. Thus, the online rate\(|\hat{x}|/|x|\) of this encoding is proportional to the security parameter κ.

In this paper, we show that the online rate can be dramatically improved. Specifically, we show how to encode any polynomial-time computable function f:{0,1}n → {0,1}m(n) with online rate of 1 + o(1) and with nearly linear online computation. More concretely, the online part \(\hat{x}\) consists of an n-bit string and a single encryption key. These constructions can be based on the decisional Diffie-Hellman assumption (DDH), the Learning with Errors assumption (LWE), or the RSA assumption. We also present a variant of this result which applies to arithmetic formulas, where the encoding only makes use of arithmetic operations, as well as several negative results which complement our positive results.

Our positive results can lead to efficiency improvements in most contexts where randomized encodings of functions are used. We demonstrate this by presenting several concrete applications. These include protocols for secure multiparty computation and for non-interactive verifiable computation in the preprocessing model which achieve, for the first time, an optimal online communication complexity, as well as non-interactive zero-knowledge proofs which simultaneously minimize the online communication and the prover’s online computation.

References

  1. 1.
    Applebaum, B.: Key-dependent message security: Generic amplification and completeness. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 527–546. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  2. 2.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Computationally private randomizing polynomials and their applications. Computational Complexity 15(2), 115–162 (2006)MathSciNetCrossRefMATHGoogle Scholar
  3. 3.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC0. SIAM J. Comput. 36(4), 845–888 (2006)MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: From secrecy to soundness: Efficient verification via secure computation. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010, Part I. LNCS, vol. 6198, pp. 152–163. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: How to garble arithmetic circuits. In: FOCS, pp. 120–129 (2011)Google Scholar
  6. 6.
    Applebaum, B., Ishai, Y., Kushilevitz, E., Waters, B.: Encoding functions with constant online rate or how to compress garbled circuits keys. Cryptology ePrint Archive, Report 2012/693 (2012), http://eprint.iacr.org/
  7. 7.
    Barak, B., Haitner, I., Hofheinz, D., Ishai, Y.: Bounded key-dependent message security. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 423–444. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Beaver, D.: Precomputing oblivious transfer. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 97–109. Springer, Heidelberg (1995)Google Scholar
  9. 9.
    Bellare, M., Hoang, V.T., Rogaway, P.: Adaptively secure garbling with applications to one-time programs and secure outsourcing. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 134–153. Springer, Heidelberg (2012), http://eprint.iacr.org/2012/564CrossRefGoogle Scholar
  10. 10.
    Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. In: ACM Conference on Computer and Communications Security, pp. 784–796 (2012), Full version: http://eprint.iacr.org/2012/265
  11. 11.
    Bendlin, R., Damgård, I., Orlandi, C., Zakarias, S.: Semi-homomorphic encryption and multiparty computation. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 169–188. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Boneh, D., Sahai, A., Waters, B.: Functional encryption: Definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Cachin, C., Camenisch, J., Kilian, J., Müller, J.: One-round secure computation and secure autonomous mobile agents. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 512–523. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Chung, K.-M., Kalai, Y., Vadhan, S.: Improved delegation of computation using fully homomorphic encryption. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 483–501. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Damgard, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. Cryptology ePrint Archive, Report 2011/535 (2011), http://eprint.iacr.org/
  16. 16.
    Dubrov, B., Ishai, Y.: On the randomness complexity of efficient sampling. In: STOC, pp. 711–720 (2006)Google Scholar
  17. 17.
    Even, S., Goldreich, O., Micali, S.: On-line/off-line digital signatures. J. Cryptology 9 (1996)Google Scholar
  18. 18.
    Feige, U., Kilian, J., Naor, M.: A minimal model for secure computation. In: STOC (1994)Google Scholar
  19. 19.
    Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465–482. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC, pp. 169–178 (2009)Google Scholar
  21. 21.
    Goldreich, O.: Foundations of Cryptography. Basic Applications, vol. 2. Cambridge University Press, New York (2004)CrossRefMATHGoogle Scholar
  22. 22.
    Goldreich, O., Vadhan, S.P., Wigderson, A.: On interactive proofs with a laconic prover. Computational Complexity 11(1-2), 1–53 (2002)MathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: Overcoming the worst-case curse for cryptographic constructions. IACR Cryptology ePrint Archive, 2013:229 (2013)Google Scholar
  24. 24.
    Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: Reusable garbled circuits and succinct functional encryption. In: STOC, pp. 555–564 (2013)Google Scholar
  25. 25.
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: Delegating computation: interactive proofs for muggles. In: STOC (2008)Google Scholar
  26. 26.
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption with bounded collusions via multi-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 162–179. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  27. 27.
    Goyal, V., Ishai, Y., Sahai, A., Venkatesan, R., Wadia, A.: Founding cryptography on tamper-proof hardware tokens. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 308–326. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  28. 28.
    Groth, J.: Minimizing non-interactive zero-knowledge proofs using fully homomorphic encryption. IACR Cryptology ePrint Archive, 2011:12 (2011)Google Scholar
  29. 29.
    Harnik, D., Naor, M.: On the compressibility of NP instances and cryptographic applications. SIAM J. Comput. 39(5), 1667–1713 (2010)MathSciNetCrossRefMATHGoogle Scholar
  30. 30.
    Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: FOCS, pp. 294–304 (2000)Google Scholar
  31. 31.
    Ishai, Y., Kushilevitz, E., Meldgaard, S., Orlandi, C., Paskin-Cherniavsky, A.: On the power of correlated randomness in secure computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 600–620. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  32. 32.
    Ishai, Y., Prabhakaran, M., Sahai, A.: Founding cryptography on oblivious transfer – efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  33. 33.
    Kalai, Y.T., Raz, R.: Probabilistically checkable arguments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 143–159. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  34. 34.
    Kilian, J.: Founding cryptography on oblivious transfer. In: STOC, pp. 20–31 (1988)Google Scholar
  35. 35.
    Lu, S., Ostrovsky, R.: How to garble RAM programs? In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 719–734. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  36. 36.
    Micali, S.: CS proofs (extended abstract). In: FOCS, pp. 436–453 (1994)Google Scholar
  37. 37.
    Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: The non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  38. 38.
    Sahai, A., Seyalioglu, H.: Worry-free encryption: functional encryption with public keys. In: ACM Conference on Computer and Communications Security, pp. 463–472 (2010)Google Scholar
  39. 39.
    Sander, T., Young, A., Yung, M.: Non-interactive cryptocomputing for NC1. In: FOCS, pp. 554–567 (1999)Google Scholar
  40. 40.
    Shamir, A., Tauman, Y.: Improved online/offline signature schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  41. 41.
    Sion, R., Carbunar, B.: On the practicality of private information retrieval. In: NDSS (2007)Google Scholar
  42. 42.
    Yao, A.C.: How to generate and exchange secrets. In: FOCS, pp. 162–167 (1986)Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Benny Applebaum
    • 1
  • Yuval Ishai
    • 2
  • Eyal Kushilevitz
    • 2
  • Brent Waters
    • 3
  1. 1.School of Electrical EngineeringTel-Aviv UniversityIsrael
  2. 2.Department of Computer ScienceTechnionIsrael
  3. 3.Department of Computer ScienceUniversity of TexasUSA

Personalised recommendations