Advertisement

Garbled RAM Revisited

  • Craig Gentry
  • Shai Halevi
  • Steve Lu
  • Rafail Ostrovsky
  • Mariana Raykova
  • Daniel Wichs
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8441)

Abstract

The notion of garbled random-access machines (garbled RAMs) was introduced by Lu and Ostrovsky (Eurocrypt 2013). It can be seen as an analogue of Yao’s garbled circuits, that allows a user to garble a RAM program directly, without performing the expensive step of converting it into a circuit. In particular, the size of the garbled program and the time it takes to create and evaluate it are only proportional to its running time on a RAM rather than its circuit size. Lu and Ostrovsky gave a candidate construction of this primitive based on pseudo-random functions (PRFs).

The starting point of this work is pointing out a subtle circularity hardness assumption in the Lu-Ostrovsky construction. Specifically, the construction requires a complex “circular” security assumption on the underlying Yao garbled circuits and PRFs. We then proceed to abstract, simplify and generalize the main ideas behind the Lu-Ostrovsky construction, and show two alternatives constructions that overcome the circularity of assumptions. Our first construction breaks the circularity by replacing the PRF-based encryption in the Lu-Ostrovsky construction by identity-based encryption (IBE). The result retains the same asymptotic performance characteristics of the original Lu-Ostrovsky construction, namely overhead of O(poly(k)polylog(n)) (with k the security parameter and n the data size). Our second construction breaks the circularity assuming only the existence of one way functions, but with overhead O(poly(k)n ε ) for any constant ε > 0. This construction works by adaptively “revoking” the PRFs at selected points, and using a delicate recursion argument to get successively better performance characteristics. It remains as an interesting open problem to achieve an overhead of poly(k)polylog(n) assuming only the existence of one-way functions.

References

  1. 1.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: From secrecy to soundness: Efficient verification via secure computation. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010. LNCS, vol. 6198, pp. 152–163. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Dowsley, R., Waters, B., Yilek, S.: Standard security does not imply security against selective-opening. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 645–662. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Hoang, V.T., Rogaway, P.: Adaptively secure garbling with applications to one-time programs and secure outsourcing. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 134–153. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Hofheinz, D., Yilek, S.: Possibility and impossibility results for encryption and commitment secure under selective opening. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 1–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 62–75. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Waters, B.: Constrained pseudorandom functions and their applications. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 280–300. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    Boyle, E., Goldwasser, S., Ivan, I.: Functional signatures and pseudorandom functions. IACR Cryptology ePrint Archive, 2013:401 (2013)Google Scholar
  8. 8.
    Cook, S.A., Reckhow, R.A.: Time bounded random access machines. J. Comput. Syst. Sci. 7(4), 354–375 (1973)CrossRefzbMATHMathSciNetGoogle Scholar
  9. 9.
    Gentry, C., Halevi, S., Raykova, M., Wichs, D.: Garbled RAM revisited, part I. Cryptology ePrint Archive, Report 2014/082 (2014), http://eprint.iacr.org/
  10. 10.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions (extended abstract). In: FOCS, pp. 464–479. IEEE Computer Society (1984)Google Scholar
  11. 11.
    Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: How to run turing machines on encrypted data. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 536–553. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. 12.
    Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: Reusable garbled circuits and succinct functional encryption. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) STOC, pp. 555–564. ACM (2013)Google Scholar
  13. 13.
    Kiayias, A., Papadopoulos, S., Triandopoulos, N., Zacharias, T.: Delegatable pseudorandom functions and applications. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) ACM Conference on Computer and Communications Security, pp. 669–684. ACM (2013)Google Scholar
  14. 14.
    Lu, S., Ostrovsky, R.: How to garble RAM programs? In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 719–734. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  15. 15.
    Lu, S., Ostrovsky, R.: Garbled RAM revisited, part II. Cryptology ePrint Archive, Report 2014/083 (2014), http://eprint.iacr.org/
  16. 16.
    Pippenger, N., Fischer, M.J.: Relations among complexity measures. J. ACM 26(2), 361–381 (1979)CrossRefzbMATHMathSciNetGoogle Scholar
  17. 17.
    Rothblum, R.D.: On the circular security of bit-encryption. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 579–598. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  18. 18.
    Sahai, A., Waters, B.: How to use indistinguishability obfuscation: Deniable encryption, and more. IACR Cryptology ePrint Archive, 2013:454 (2013)Google Scholar
  19. 19.
    Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: FOCS, pp. 160–164 (1982)Google Scholar

Copyright information

© International Association for Cryptologic Research 2014

Authors and Affiliations

  • Craig Gentry
    • 1
  • Shai Halevi
    • 1
  • Steve Lu
    • 2
  • Rafail Ostrovsky
    • 2
  • Mariana Raykova
    • 3
  • Daniel Wichs
    • 4
  1. 1.IBM ResearchUSA
  2. 2.UCLAUSA
  3. 3.SRIUSA
  4. 4.Northeastern UniversityUSA

Personalised recommendations