Valiant’s Universal Circuit is Practical

  • Ágnes KissEmail author
  • Thomas Schneider
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9665)


Universal circuits (UCs) can be programmed to evaluate any circuit of a given size k. They provide elegant solutions in various application scenarios, e.g. for private function evaluation (PFE) and for improving the flexibility of attribute-based encryption (ABE) schemes. The optimal size of a universal circuit is proven to be \(\varOmega (k\log k)\). Valiant (STOC’76) proposed a size-optimized UC construction, which has not been put in practice ever since. The only implementation of universal circuits was provided by Kolesnikov and Schneider (FC’08), with size \(\mathcal {O}(k\log ^2 k)\).

In this paper, we refine the size of Valiant’s UC and further improve the construction by (at least) 2k. We show that due to recent optimizations and our improvements, it is the best solution to apply in the case for circuits with a constant number of inputs and outputs. When the number of inputs or outputs is linear in the number of gates, we propose a more efficient hybrid solution based on the two existing constructions. We validate the practicality of Valiant’s UC, by giving an example implementation for PFE using these size-optimized UCs.


Universal circuit Size-optimization Private function evaluation 



This work has been co-funded by the European Union’s 7th Framework Program (FP7/2007–2013) under grant agreement n. 609611 (PRACTICE), by the German Federal Ministry of Education and Research (BMBF) within CRISP, by the DFG as part of project E3 within the CRC 1119 CROSSING, and by the Hessian LOEWE excellence initiative within CASED. We thank Michael Zohner and Daniel Demmler for helping with the implementation in ABY, and the anonymous reviewers of Eurocrypt 2016 for their helpful comments on our paper.


  1. [AF90]
    Abadi, M., Feigenbaum, J.: Secure circuit evaluation. J. Cryptol. 2(1), 1–12 (1990)MathSciNetCrossRefzbMATHGoogle Scholar
  2. [ALSZ13]
    Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer and extensions for faster secure computation. In: ACM CCS 2013, pp. 535–548. ACM (2013)Google Scholar
  3. [Att14]
    Attrapadung, N.: Fully secure and succinct attribute based encryption for circuits from multi-linear maps. IACR Cryptology ePrint Archive 2014:772 (2014)Google Scholar
  4. [BFK+09]
    Barni, M., Failla, P., Kolesnikov, V., Lazzeretti, R., Sadeghi, A.-R., Schneider, T.: Secure evaluation of private linear branching programs with medical applications. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 424–439. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. [BNP08]
    Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: a system for secure multi-party computation. In: ACM CCS 2008, pp. 257–266. ACM (2008)Google Scholar
  6. [BPSW07]
    Brickell, J., Porter, D.E., Shmatikov, V., Witchel, E.: Privacy-preserving remote diagnostics. In: ACM CCS 2007, pp. 498–507. ACM (2007)Google Scholar
  7. [CCKM00]
    Cachin, C., Camenisch, J.L., Kilian, J., Müller, J.: One-round secure computation and secure autonomous mobile agents. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, p. 512. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. [CDN01]
    Cramer, R., Damgård, I.B., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. [CH85]
    Cook, S.A., Hoover, H.J.: A depth-universal circuit. SIAM J. Comput. 14(4), 833–839 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  10. [DDKZ13]
    Durnoga, K., Dziembowski, S., Kazana, T., Zajac, M.: One-time programs with limited memory. In: Lin, D., Xu, S., Yung, M. (eds.) Inscrypt 2013. LNCS, vol. 8567, pp. 377–394. Springer, Heidelberg (2013)Google Scholar
  11. [DSZ15]
    Demmler, D., Schneider, T., Zohner, M.: ABY - a framework for efficient mixed-protocol secure two-party computation. In: Network and Distributed System Security (NDSS 2015). The Internet Society (2015).
  12. [FAL06]
    Frikken, K.B., Atallah, M.J., Li, J.: Attribute-based access control with hidden policies and hidden credentials. IEEE Trans. Comput. 55(10), 1259–1270 (2006)CrossRefGoogle Scholar
  13. [FAZ05]
    Frikken, K.B., Atallah, M.J., Zhang, C.: Privacy-preserving credit checking. In: ACM Electronic Commerce (EC 2005), pp. 147–154. ACM (2005)Google Scholar
  14. [FGP14]
    Fiore, D., Gennaro, R., Pastro, V.: Efficiently verifiable computation on encrypted data. In: ACM CCS 2014, pp. 844–855. ACM (2014)Google Scholar
  15. [FLA06]
    Frikken, K.B., Li, J., Atallah, M.J., Trust negotiation with hidden credentials, hidden policies, and policy cycles. In: Network and Distributed System Security (NDSS 2006), pp. 157–172. The Internet Society (2006)Google Scholar
  16. [FVK+15]
    Fisch, B., Vo, B., Krell, F., Kumarasubramanian, A., Kolesnikov, V., Malkin, T., Bellovin, S.M.: Malicious-client security in Blind Seer: a scalable private DBMS. In: IEEE Symposium on Security and Privacy (S&P 2015), pp. 395–410. IEEE (2015)Google Scholar
  17. [GGHZ14]
    Garg, S., Gentry, C., Halevi, S., Zhandry, M.: Fully secure attribute based encryption from multilinear maps. IACR Cryptology ePrint Archive 2014:622 (2014)Google Scholar
  18. [GGPR13]
    Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  19. [GHV10]
    Gentry, C., Halevi, S., Vaikuntanathan, V.: i-hop homomorphic encryption and rerandomizable Yao circuits. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 155–172. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. [GMW87]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: ACM Symposium on Theory of Computing (STOC 1987), pp. 218–229. ACM (1987)Google Scholar
  21. [IKNP03]
    Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. [KM11]
    Katz, J., Malka, L.: Constant-round private function evaluation with linear complexity. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 556–571. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  23. [KS08a]
    Kolesnikov, V., Schneider, T.: Improved garbled circuit: free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  24. [KS08b]
    Kolesnikov, V., Schneider, T.: A practical universal circuit construction and secure evaluation of private functions. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 83–97. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  25. [KS16]
    Kiss, Á., Schneider, T.: Valiant’s universal circuit is practical. Cryptology ePrint Archive, Report 2016/093 (2016).
  26. [LMS16]
    Lipmaa, H., Mohassel, P., Sadeghian, S.: Valiant’s universal circuit: improvements, implementation, and applications. Cryptology ePrint Archive, Report 2016/017 (2016).
  27. [LP09a]
    Lindell, Y., Pinkas, B.: A proof of security of Yao’s protocol for two-party computation. J. Cryptol. 22(2), 161–188 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  28. [LP09b]
    Lovász, L., Plummer, M.D.: Matching Theory. AMS Chelsea Publishing Series. American Mathematical Soc., Providence (2009)zbMATHGoogle Scholar
  29. [MNPS04]
    Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - secure two-party computation system. In: USENIX Security Symposium, USENIX 2004, pp. 287–302 (2004)Google Scholar
  30. [MS13]
    Mohassel, P., Sadeghian, S.: How to hide circuits in MPC an efficient framework for private function evaluation. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 557–574. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  31. [MSS14]
    Mohassel, P., Sadeghian, S., Smart, N.P.: Actively secure private function evaluation. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 486–505. Springer, Heidelberg (2014)Google Scholar
  32. [NPS99]
    Naor, M., Pinkas, B., Sumner, R.: Privacy preserving auctions and mechanism design. In: ACM Electronic Commerce (EC 1999), pp. 129–139 (1999)Google Scholar
  33. [OI05]
    Ostrovsky, R., Skeith III, W.E.: Private searching on streaming data. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 223–240. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  34. [Pin02]
    Pinkas, B.: Cryptographic techniques for privacy-preserving data mining. SIGKDD Explor. 4(2), 12–19 (2002)MathSciNetCrossRefGoogle Scholar
  35. [PKV+14]
    Pappas, V., Krell, F., Vo, B., Kolesnikov, V., Malkin, T., Choi, S.G., George, W., Keromytis, A.D., Bellovin, S., Seer, B.: A scalable private DBMS. In: IEEE Symposium on Security and Privacy (S&P 2014), pp. 359–374. IEEE (2014)Google Scholar
  36. [PSS09]
    Paus, A., Sadeghi, A.-R., Schneider, T.: Practical secure evaluation of semi-private functions. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 89–106. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  37. [Sch08]
    Schneider, T.: Practical secure function evaluation. Master’s thesis, University Erlangen-Nürnberg, Germany, 27 February 2008Google Scholar
  38. [SS08]
    Sadeghi, A.-R., Schneider, T.: Generalized universal circuits for secure evaluation of private functions with application to data classification. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 336–353. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  39. [SYY99]
    Sander, T., Young, A.L., Yung, M.: Non-interactive cryptocomputing for \({\rm NC}^1\). In: Foundations of Computer Science (FOCS 1999), pp. 554–567. IEEE (1999)Google Scholar
  40. [TS15]
    Tillich, S., Smart, N.: Circuits of basic functions suitable for MPC and FHE (2015).
  41. [Val76]
    Valiant, L.G.: Universal circuits (preliminary report). In: ACM Symposium on Theory of Computing (STOC 1976), pp. 196–203. ACM (1976)Google Scholar
  42. [Weg87]
    Wegener, I.: The Complexity of Boolean Functions. Wiley, New York (1987)zbMATHGoogle Scholar
  43. [Yao86]
    Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: Foundations of Computer Science (FOCS 1986), pp. 162–167. IEEE (1986)Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.TU DarmstadtDarmstadtGermany

Personalised recommendations