Valiant’s Universal Circuits Revisited: An Overall Improvement and a Lower Bound

Abstract

A universal circuit (UC) is a general-purpose circuit that can simulate arbitrary circuits (up to a certain size n). At STOC 1976 Valiant presented a graph theoretic approach to the construction of UCs, where a UC is represented by an edge universal graph (EUG) and is recursively constructed using a dedicated graph object (referred to as supernode). As a main end result, Valiant constructed a 4-way supernode of size 19 and an EUG of size \(4.75n\log n\) (omitting smaller terms), which remained the most size-efficient even to this day (after more than 4 decades).

Motivated by the emerging applications of UCs in various privacy preserving computation scenarios, we revisit Valiant’s universal circuits, and propose a 4-way supernode of size 18, and an EUG of size \(4.5n\log n\). As confirmed by our implementations, we reduce the size of universal circuits (and the number of AND gates) by more than 5% in general, and thus improve upon the efficiency of UC-based cryptographic applications accordingly. Our approach to the design of optimal supernodes is computer aided (rather than by hand as in previous works), which might be of independent interest. As a complement, we give lower bounds on the size of EUGs and UCs in Valiant’s framework, which significantly improves upon the generic lower bound on UC size and therefore reduces the gap between theory and practice of universal circuits.

A Proofs Omitted in the Main Body

1.1 A.1 Proof of Theorem 1

To prove the graph in Fig. 4 is an \(\mathsf {EUG}_1(n)\), we need to prove that any \(\mathsf {DAG}_1(n)=(V,E)\) can be edge-embedded into it. At first, we sort the nodes of a given \(\mathsf {DAG}_1(n)\) in their topological order: \(V_1,V_2,\ldots ,V_n\). And the edge-embed mapping \(\varrho \) can be defined as: \(\varrho (V_i)\) is the i-th pole of the supernodes from top to bottom, or formally, the (i mod k)-th pole of \(\mathsf {SN}(k)_{\lceil \frac{i}{k}\rceil }\). For each node \(V_i\) in the \(\mathsf {DAG}_1(n)\), it may have a precursor-node (denote by \(V_i^{pre}\)) and a successor-node (denote by \(V_i^{suc}\)). Then we assign the \([V_i]_{in}\)-th input and the \([V_i]_{out}\)-th output of \(\mathsf {SN}(k)_{\lceil \frac{i}{k}\rceil }\) (\(in^{{\lceil \frac{i}{k}\rceil }}_{[V_i]_{in}}\) and \(out^{{\lceil \frac{i}{k}\rceil }}_{[V_i]_{out}}\)) to \(V_i\) to make sure that \([V_i]_{in}=[V_i^{pre}]_{out},[V_i]_{out}=[V_i^{suc}]_{in}\) and no inputs and outputs of supernodes are reused. The method for assignment can be find in [17]. At last, for every edge \((V_i,V_j)\in E\) (\(i<j\) due to the topological sorting), we give an edge-disjoint path from \(\varrho (V_i)\) to \(\varrho (V_j)\) as follow. Due to \(V_i^{suc}=V_j\) and \(V_j^{pre}=V_i\), we know that \([V_i]_{out}=[V_j]_{in}\), which means \(out^{{\lceil \frac{i}{k}\rceil }}_{[V_i]_{out}}\) and \(in^{{\lceil \frac{j}{k}\rceil }}_{[V_j]_{in}}\) are both in the edge-universal graph: \(\mathsf {EUG}_1({\lceil \frac{n}{k}\rceil }-1)_{[V_i]_{out}}\), so there is an edge-disjoint path from \(out^{{\lceil \frac{i}{k}\rceil }}_{[V_i]_{out}}\) to \(in^{{\lceil \frac{j}{k}\rceil }}_{[V_j]_{in}}\). As \(\mathsf {SN}(k)_{\lceil \frac{i}{k}\rceil }\) is a supernode, there must be a edge-disjoint path from \(\varrho (V_i)\) to \(out^{{\lceil \frac{i}{k}\rceil }}_{[V_i]_{out}}\). Similarly, the edge-disjoint path from \(in^{{\lceil \frac{j}{k}\rceil }}_{[V_j]_{in}}\) to \(\varrho (V_i)\) can also be found. We connect these three paths to complete edge-embedding.