Advertisement

How to Circumvent the Two-Ciphertext Lower Bound for Linear Garbling Schemes

  • Carmen Kempka
  • Ryo KikuchiEmail author
  • Koutarou Suzuki
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10032)

Abstract

At EUROCRYPT 2015, Zahur et al. argued that all linear, and thus, efficient, garbling schemes need at least two k-bit elements to garble an AND gate with security parameter k. We show how to circumvent this lower bound, and propose an efficient garbling scheme which requires less than two k-bit elements per AND gate for most circuit layouts. Our construction slightly deviates from the linear garbling model, and constitutes no contradiction to any claims in the lower-bound proof. With our proof of concept construction, we hope to spur new ideas for more practical garbling schemes.

Our construction can directly be applied to semi-private function evaluation by garbling XOR, XNOR, NAND, OR, NOR and AND gates in the same way, and keeping the evaluator oblivious of the gate function.

Keywords

Garbled circuits Lower bound on linear garbling schemes Semi-private function evaluation 

Notes

Acknowledgements

We thank the reviewers for their helpful and constructive comments.

References

  1. 1.
    shelat, A., Shen, C.: Two-output secure computation with malicious adversaries. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 386–405. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-20465-4_22 CrossRefGoogle Scholar
  2. 2.
    Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols (extended abstract). In: STOC, pp. 503–513 (1990)Google Scholar
  3. 3.
    Bellare, M., Hoang, V.T., Keelveedhi, S., Rogaway, P.: Efficient garbling from a fixed-key blockcipher. In: IEEE Symposium on Security and Privacy, pp. 478–492. IEEE Computer Society (2013)Google Scholar
  4. 4.
    Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. In: ACM CCS, pp. 784–796. ACM (2012)Google Scholar
  5. 5.
    Brandão, L.T.A.N.: Secure two-party computation with reusable bit-commitments, via a cut-and-choose with forge-and-lose technique. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 441–463. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42045-0_23 CrossRefGoogle Scholar
  6. 6.
    Frederiksen, T.K., Jakobsen, T.P., Nielsen, J.B., Nordholt, P.S., Orlandi, C.: MiniLEGO: efficient secure two-party computation from general assumptions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 537–556. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_32 CrossRefGoogle Scholar
  7. 7.
    Gueron, S., Lindell, Y., Nof, A., Pinkas, B.: Fast garbling of circuits under standard assumptions. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS, pp. 567–578. ACM (2015)Google Scholar
  8. 8.
    Huang, Y., Evans, D., Katz, J.: Private set intersection: Are garbled circuits better than custom protocols? In: NDSS. The Internet Society (2012)Google Scholar
  9. 9.
    Huang, Y., Katz, J., Evans, D.: Efficient Secure two-party computation using symmetric cut-and-choose. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 18–35. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40084-1_2 CrossRefGoogle Scholar
  10. 10.
    Huang, Y., Katz, J., Kolesnikov, V., Kumaresan, R., Malozemoff, A.J.: Amortizing garbled circuits. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 458–475. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44381-1_26 CrossRefGoogle Scholar
  11. 11.
    Katz, J., Malka, L.: Constant-round private function evaluation with linear complexity. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 556–571. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25385-0_30 CrossRefGoogle Scholar
  12. 12.
    Kempka, C., Kikuchi, R., Kiyoshima, S., Suzuki, K.: Garbling scheme for formulas with constant size of garbled gates. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 758–782. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48797-6_31 CrossRefGoogle Scholar
  13. 13.
    Kolesnikov, V.: Gate evaluation secret sharing and secure one-round two-party computation. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 136–155. Springer, Heidelberg (2005). doi: 10.1007/11593447_8 CrossRefGoogle Scholar
  14. 14.
    Kolesnikov, V., Mohassel, P., Rosulek, M.: FleXOR: flexible garbling for XOR gates that beats free-XOR. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 440–457. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44381-1_25 CrossRefGoogle Scholar
  15. 15.
    Kolesnikov, V., Schneider, T.: Improved garbled circuit: free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-70583-3_40 CrossRefGoogle Scholar
  16. 16.
    Kolesnikov, V., Schneider, T.: A practical universal circuit construction and secure evaluation of private functions. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 83–97. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85230-8_7 CrossRefGoogle Scholar
  17. 17.
    Lindell, Y.: Fast cut-and-choose based protocols for malicious and covert adversaries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 1–17. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40084-1_1 CrossRefGoogle Scholar
  18. 18.
    Lindell, Y., Pinkas, B.: An efficient protocol for secure two-party computation in the presence of malicious adversaries. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 52–78. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72540-4_4 CrossRefGoogle Scholar
  19. 19.
    Lindell, Y., Pinkas, B.: Secure two-party computation via cut-and-choose oblivious transfer. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 329–346. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19571-6_20 CrossRefGoogle Scholar
  20. 20.
    Lindell, Y., Riva, B.: Cut-and-choose yao-based secure computation in the online/offline and batch settings. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 476–494. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44381-1_27 CrossRefGoogle Scholar
  21. 21.
    Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - a secure two-party computation system. In: USENIX Security Symposium, pp. 287–302 (2004)Google Scholar
  22. 22.
    Naor, M., Pinkas, B., Sumner, R.: Privacy preserving auctions and mechanism design. In: ACM conference on Electronic commerce, pp. 129–139 (1999)Google Scholar
  23. 23.
    Nielsen, J.B., Orlandi, C.: LEGO for two-party secure computation. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 368–386. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00457-5_22 CrossRefGoogle Scholar
  24. 24.
    Nielsen, J.B., Ranellucci, S.: Foundations of reactive garbling schemes. Cryptology ePrint Archive, Report 2015/693 (2015). http://eprint.iacr.org/2015/693
  25. 25.
    Paus, A., Sadeghi, A.-R., Schneider, T.: Practical secure evaluation of semi-private functions. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 89–106. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-01957-9_6 CrossRefGoogle Scholar
  26. 26.
    Pinkas, B., Schneider, T., Smart, N.P., Williams, S.C.: Secure two-party computation is practical. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 250–267. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-10366-7_15 CrossRefGoogle Scholar
  27. 27.
    Valiant, L.G.: Universal circuits (preliminary report). In: STOC, pp. 196–203. ACM (1976)Google Scholar
  28. 28.
    Yao, AC.-C.: How to generate and exchange secrets (extended abstract). In: FOCS, pp. 162–167 (1986)Google Scholar
  29. 29.
    Zahur, S., Rosulek, M., Evans, D.: Two halves make a whole. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 220–250. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46803-6_8 Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.NTT Secure Platform LaboratoriesTokyoJapan

Personalised recommendations