Skip to main content

Garbling XOR Gates “For Free” in the Standard Model

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7785)

Abstract

Yao’s Garbled Circuit (GC) technique is a powerful cryptographic tool which allows to “encrypt” a circuit C by another circuit \({\hat C}\) in a way that hides all information except for the final output. Yao’s original construction incurs a constant overhead in both computation and communication per gate of the circuit C (proportional to the complexity of symmetric encryption). Kolesnikov and Schneider (ICALP 2008) introduced an optimized variant that garbles XOR gates “for free” in a way that involves no cryptographic operations and no communication. This variant has become very popular and has lead to notable performance improvements.

The security of the free-XOR optimization was originally proven in the random oracle model. Despite some partial progress (Choi et al., TCC 2012), the question of replacing the random oracle with a standard cryptographic assumption has remained open.

We resolve this question by showing that the free-XOR approach can be realized in the standard model under the learning parity with noise (LPN) assumption. Our result is obtained in two steps:

–We show that the random oracle can be replaced with a symmetric encryption which remains secure under a combined form of related-key (RK) and key-dependent message (KDM) attacks; and

–We show that such a symmetric encryption can be constructed based on the LPN assumption.

As an additional contribution, we prove that the combination of RK and KDM security is non-trivial: There exists an encryption scheme which achieves both RK security and KDM security but breaks completely at the presence of combined RK-KDM attacks.

Keywords

  • Hash Function
  • Random Oracle
  • Oblivious Transfer
  • Symmetric Encryption
  • Cryptology ePrint Archive

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. Applebaum, B.: Randomly Encoding Functions: A New Cryptographic Paradigm (Invited Talk). In: Fehr, S. (ed.) ICITS 2011. LNCS, vol. 6673, pp. 25–31. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  2. Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595–618. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  3. Applebaum, B., Harnik, D., Ishai, Y.: Semantic security under related-key attacks and applications. In: ICS, pp. 45–60 (2011)

    Google Scholar 

  4. Applebaum, B., Ishai, Y., Kushilevitz, E.: Computationally private randomizing polynomials and their applications. Computional Complexity 15(2), 115–162 (2006); Preliminary version in Proc. 20th CCC (2005)

    MathSciNet  CrossRef  MATH  Google Scholar 

  5. Applebaum, B., Ishai, Y., Kushilevitz, E.: How to garble arithmetic circuits. In: FOCS, pp. 120–129 (2011)

    Google Scholar 

  6. Bellare, M., Cash, D.: Pseudorandom Functions and Permutations Provably Secure against Related-Key Attacks. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 666–684. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  7. Bellare, M., Hoang, V.T., Rogaway, P.: Garbling schemes. Cryptology ePrint Archive, Report 2012/265 (2012), http://eprint.iacr.org/

  8. Bellare, M., Kohno, T.: A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491–506. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  9. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: First ACM Conference on Computer and Communications Security, pp. 62–73. ACM, Fairfax (1993)

    Google Scholar 

  10. Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 62–75. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  11. Blum, A., Furst, M., Kearns, M., Lipton, R.J.: Cryptographic Primitives Based on Hard Learning Problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994), citeseer.nj.nec.com/blum94cryptographic.html

    CrossRef  Google Scholar 

  12. Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13, 850–864 (1984); preliminary version in Proc. 23rd FOCS (1982)

    MathSciNet  CrossRef  MATH  Google Scholar 

  13. Boneh, D., Halevi, S., Hamburg, M., Ostrovsky, R.: Circular-Secure Encryption from Decision Diffie-Hellman. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 108–125. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  14. Camenisch, J.L., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  15. Canetti, Goldreich, Halevi: The random oracle methodology, revisited. JACM: Journal of the ACM 51 (2004)

    Google Scholar 

  16. Choi, S.G., Katz, J., Kumaresan, R., Zhou, H.-S.: On the Security of the “Free-XOR” Technique. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 39–53. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  17. Gilbert, H., Robshaw, M.J.B., Seurin, Y.: How to Encrypt with the LPN Problem. In: Aceto, L., Damgård, I.B., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 679–690. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  18. Goldreich, O., Krawczyk, H., Luby, M.: On the existence of pseudorandom generators. SIAM J. Comput. 22(6), 1163–1175 (1993); preliminary version in Proc. 29th FOCS (1988)

    MathSciNet  CrossRef  MATH  Google Scholar 

  19. Goldreich, O., Micali, S., Wigderson, A.: How to play ANY mental game. In: STOC, pp. 218–229 (1987)

    Google Scholar 

  20. Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)

    MathSciNet  CrossRef  MATH  Google Scholar 

  21. Henecka, W., Kögl, S., Sadeghi, A.R., Schneider, T., Wehrenberg, I.: TASTY: tool for automating secure two-party computations. In: CCS, pp. 451–462 (2010)

    Google Scholar 

  22. Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: USENIX Security Symposium (2011)

    Google Scholar 

  23. Huang, Y., Shen, C.-H., Evans, D., Katz, J., Shelat, A.: Efficient Secure Computation with Garbled Circuits. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 28–48. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  24. Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending Oblivious Transfers Efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  25. Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: Proc. 41st FOCS, pp. 294–304 (2000), citeseer.nj.nec.com/ishai00randomizing.html

  26. Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 1–20. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  27. Kolesnikov, V., Schneider, T.: Improved Garbled Circuit: Free XOR Gates and Applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  28. Kreuter, B., Shelat, A., Shen, C.H.: Towards billion-gate secure computation with malicious adversaries. IACR Cryptology ePrint Archive 2012, 179 (2012)

    Google Scholar 

  29. Lindell, Y., Pinkas, B., Smart, N.P.: Implementing Two-Party Computation Efficiently with Security Against Malicious Adversaries. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 2–20. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  30. Lindell, Y., Pinkas, B.: An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 52–78. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  31. Lindell, Y., Pinkas, B.: A proof of security of yao’s protocol for two-party computation. J. Cryptology 22(2), 161–188 (2009)

    MathSciNet  CrossRef  MATH  Google Scholar 

  32. Malka, L., Katz, J.: Vmcrypt - modular software architecture for scalable secure computation. Cryptology ePrint Archive, Report 2010/584 (2010), http://eprint.iacr.org/

  33. Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay — A secure two-party computation system. In: Proc. of 13th USENIX Security Symposium (2004)

    Google Scholar 

  34. Maurer, U.M.: Indistinguishability of Random Systems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 110–132. Springer, Heidelberg (2002)

    CrossRef  Google Scholar 

  35. Naor, M., Pinkas, B.: Oblivious Transfer with Adaptive Queries. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 573–590. Springer, Heidelberg (1999)

    CrossRef  Google Scholar 

  36. Naor, M., Pinkas, B., Sumner, R.: Privacy preserving auctions and mechanism design. In: Proc. 1st ACM Conference on Electronic Commerce, pp. 129–139 (1999)

    Google Scholar 

  37. Nielsen, J.B., Orlandi, C.: LEGO for Two-Party Secure Computation. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 368–386. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  38. Pinkas, B., Schneider, T., Smart, N.P., Williams, S.C.: Secure Two-Party Computation Is Practical. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 250–267. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  39. Rogaway, P.: The Round Complexity of Secure Protocols. Ph.D. thesis, MIT (June 1991)

    Google Scholar 

  40. Shelat, A., Shen, C.-H.: Two-Output Secure Computation with Malicious Adversaries. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 386–405. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  41. Yao, A.C.: Theory and application of trapdoor functions. In: Proc. 23rd FOCS, pp. 80–91 (1982)

    Google Scholar 

  42. Yao, A.C.: How to generate and exchange secrets. In: Proc. 27th FOCS, pp. 162–167 (1986)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 International Association for Cryptologic Research

About this paper

Cite this paper

Applebaum, B. (2013). Garbling XOR Gates “For Free” in the Standard Model. In: Sahai, A. (eds) Theory of Cryptography. TCC 2013. Lecture Notes in Computer Science, vol 7785. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36594-2_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-36594-2_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-36593-5

  • Online ISBN: 978-3-642-36594-2

  • eBook Packages: Computer ScienceComputer Science (R0)