research-article

Fast Garbling of Circuits Under Standard Assumptions

Authors:

Yehuda Lindell,

Benny PinkasAuthors Info & Claims

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Pages 567 - 578

https://doi.org/10.1145/2810103.2813619

Published: 12 October 2015 Publication History

Abstract

Protocols for secure computation enable mutually distrustful parties to jointly compute on their private inputs without revealing anything but the result. Over recent years, secure computation has become practical and considerable effort has been made to make it more and more efficient. A highly important tool in the design of two-party protocols is Yao's garbled circuit construction (Yao 1986), and multiple optimizations on this primitive have led to performance improvements of orders of magnitude over the last years. However, many of these improvements come at the price of making very strong assumptions on the underlying cryptographic primitives being used (e.g., that AES is secure for related keys, that it is circular secure, and even that it behaves like a random permutation when keyed with a public fixed key). The justification behind making these strong assumptions has been that otherwise it is not possible to achieve fast garbling and thus fast secure computation. In this paper, we take a step back and examine whether it is really the case that such strong assumptions are needed. We provide new methods for garbling that are secure solely under the assumption that the primitive used (e.g., AES) is a pseudorandom function. Our results show that in many cases, the penalty incurred is not significant, and so a more conservative approach to the assumptions being used can be adopted.

References

[1]

Circuits of Basic Functions Suitable For MPC and FHE, http://www.cs.bris.ac.uk/Research/CryptographySecurity/MPC.

[2]

G. Asharov, Y. Lindell, T. Schneier and M. Zohner. More Efficient Oblivious Transfer and Extensions for Faster Secure Computation.In the 20th ACM Conference on Computer and Communications Security (ACM CCS), pages 535--548, 2013.

Digital Library

[3]

M. Bellare, V.T. Hoang and P. Rogaway. Foundations of garbled circuits.In the 19th ACM Conference on Computer and Communications Security (ACM CCS0, pages 784--796, 2012.

Digital Library

[4]

J. Black. The Ideal-Cipher Model, Revisited: An Uninstantiable Blockcipher-Based Hash Function.In FSE 2006, Springer (LNCS 4047), pages 328--340, 2006.

Digital Library

[5]

M. Bellare, V.T. Hoang, S. Keelveedhi and P. Rogaway. Efficient Garbling from a Fixed-Key Blockcipher. In the IEEE Symposium on Security and Privacy 2013, pages 478--492, 2013.

Digital Library

[6]

A. Biryukov, D. Khovratovich and I. Nikolic. Distinguisher and Related-Key Attack on the Full AES-256.In CRYPTO 2009, Springer (LNCS 5677), pages 231--249, 2009.

Digital Library

[7]

S.G. Choi, J. Katz, R. Kumaresan and H. Zhou.On the Security of the "Free-XOR" Technique. In the 9th TCC, Springer (LNCS 7194), pages 39--53, 2012.

Digital Library

[8]

S. Gueron. Intel Advanced Encryption Standard (AES) Instructions Set, Rev 3.01.(2012) https://software.intel.com/en-us/articles/intel-advanced-encryption- standard-aes-instructions-set

[9]

S. Gueron. Intel's New AES Instructions for Enhanced Performance and Security.In the 16th FSE (FSE 2009), Springer (LNCS 5665), pages 51--66, 2009.

Digital Library

[10]

S. Gueron. Optimized implementation of AES 128/192/256 key expansion. Software patch in https://bugzilla.mozilla.org/show_bug.cgi?id=1122903(2015).

[11]

S. Gueron, Y. Lindell, A. Nof and B. Pinkas. Fast Garbling of Circuits Under Standard Assumptions (full version of this paper). Cryptology ePrint Archive, Report 2015/751, 2015.

[12]

Y. Huang, D. Evans, J. Katz and L. Malka. Faster Secure Two-Party Computation Using Garbled Circuits. In the 20th USENIX Security Symposium, 2011.

Digital Library

[13]

Y. Ishai, J. Kilian, K. Nissim and E. Petrank. Extending Oblivious Transfer Efficiently.In CRYPTO 2003, Springer (LNCS 2729), pages 145--161, 2003.

[14]

L.R. Knudsen and V. Rijmen.Known-Key Distinguishers for Some Block Ciphers. In ASIACRYPT 2007, Springer (LNCS 4833), pages 315--324, 2007.

Digital Library

[15]

V. Kolesnikov, P. Mohassel and M. Rosulek. FleXOR: Flexible Garbling for XOR Gates That Beats Free-XOR.In CRYPTO 2014, Springer (LNCS 8617), pages 440--457, 2014.

[16]

V. Kolesnikov and T. Schneider.Improved Garbled Circuit: Free XOR Gates and Applications.In the 35th ICALP, Springer (LNCS 5126), pages 486--498, 2008.

Digital Library

[17]

V. Kolesnikov and T. Schneider.Secure Function Evaluation Techniques For Circuits Containing XOR Gates With Applications To Universal Circuits.Patent No. US 8,443,205 B2, 2013.

[18]

B. Kreuter, A.Shelat, and C. Shen. Billion-Gate Secure Computation with Malicious Adversaries. In the 21st USENIX Security Symposium, 2012.

Digital Library

[19]

Y. Lindell and B. Pinkas. A Proof of Yao's Protocol for Secure Two-Party Computation. In the Journal of Cryptology, 22(2):161--188, 2009.

Digital Library

[20]

Y. Lindell, B. Pinkas and N. Smart. Implementing Two-Party Computation Efficiently with Security Against Malicious Adversaries.In the 6th Conference on Security and Cryptography for Networks, Springer (LNCS 5229), pages 2--20, 2008.

Digital Library

[21]

M. Naor, B. Pinkas and R. Sumner. Privacy Preserving Auctions and Mechanism Design.In the ACM Conference on Electronic Commerce, pages 129--139, 1999.

Digital Library

[22]

B. Pinkas, T. Schneider, N.P. Smart and S.C. Williams. Secure Two-Party Computation Is Practical.In ASIACRYPT 2009, Springer (LNCS 5912), pages 250--267, 2009.

Digital Library

[23]

A. Yao. How to Generate and Exchange Secrets. In the 27th FOCS, pages 162--167, 1986.

Digital Library

[24]

S. Zahur, M. Rosulek and D. Evans. Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates. In EUROCRYPT 2015, Springer (LNCS 9057), pages 220--250, 2015.pages 220--250, 2015.

Cited By

Hazay CVenkitasubramaniam MWeiss M(2024)The Price of Active Security in Cryptographic ProtocolsJournal of Cryptology10.1007/s00145-024-09509-237:3Online publication date: 10-Jul-2024
https://doi.org/10.1007/s00145-024-09509-2
Hashemi MForte DGanji F(2024)Time Is Money, Friend! Timing Side-Channel Attack Against Garbled Circuit ConstructionsApplied Cryptography and Network Security10.1007/978-3-031-54776-8_13(325-354)Online publication date: 29-Feb-2024
https://doi.org/10.1007/978-3-031-54776-8_13
Mo JGopinath JReagen BSolihin YHeinrich M(2023)HAAC: A Hardware-Software Co-Design to Accelerate Garbled CircuitsProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589045(1-13)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3579371.3589045
Show More Cited By

Index Terms

Fast Garbling of Circuits Under Standard Assumptions
1. Security and privacy
  1. Cryptography
  2. Systems security
    1. Operating systems security

Recommendations

Fast and Secure Three-party Computation: The Garbled Circuit Approach
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Many deployments of secure multi-party computation (MPC) in practice have used information-theoretic three-party protocols that tolerate a single, semi-honest corrupt party, since these protocols enjoy very high efficiency. We propose a new approach for ...
Fast Garbling of Circuits Under Standard Assumptions

Protocols for secure computation enable mutually distrustful parties to jointly compute on their private inputs without revealing anything, but the result. Over recent years, secure computation has become practical and considerable effort has been made ...
Two-round Multiparty Secure Computation from Minimal Assumptions
We provide new two-round multiparty secure computation (MPC) protocols in the dishonest majority setting assuming the minimal assumption that two-round oblivious transfer (OT) exists. If the assumed two-round OT protocol is secure against semi-honest ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

October 2015

1750 pages

ISBN:9781450338325

DOI:10.1145/2810103

General Chair:
Indrajit Ray
Colorado State University, USA
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Christopher Kruegel
University of California, Santa Barbara, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau
Horizon 2020
EU FP7
ERC

Conference

CCS'15

Sponsor:

SIGSAC

CCS'15: The 22nd ACM Conference on Computer and Communications Security

October 12 - 16, 2015

Colorado, Denver, USA

Acceptance Rates

CCS '15 Paper Acceptance Rate 128 of 660 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

39
Total Citations
View Citations
477
Total Downloads

Downloads (Last 12 months)37
Downloads (Last 6 weeks)7

Reflects downloads up to 30 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hazay CVenkitasubramaniam MWeiss M(2024)The Price of Active Security in Cryptographic ProtocolsJournal of Cryptology10.1007/s00145-024-09509-237:3Online publication date: 10-Jul-2024
https://doi.org/10.1007/s00145-024-09509-2
Hashemi MForte DGanji F(2024)Time Is Money, Friend! Timing Side-Channel Attack Against Garbled Circuit ConstructionsApplied Cryptography and Network Security10.1007/978-3-031-54776-8_13(325-354)Online publication date: 29-Feb-2024
https://doi.org/10.1007/978-3-031-54776-8_13
Mo JGopinath JReagen BSolihin YHeinrich M(2023)HAAC: A Hardware-Software Co-Design to Accelerate Garbled CircuitsProceedings of the 50th Annual International Symposium on Computer Architecture10.1145/3579371.3589045(1-13)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3579371.3589045
Nieminen RSchneider T(2023)Breaking and Fixing Garbled Circuits When a Gate has Duplicate Input WiresJournal of Cryptology10.1007/s00145-023-09472-436:4Online publication date: 3-Aug-2023
https://dl.acm.org/doi/10.1007/s00145-023-09472-4
Furukawa JLindell YNof AWeinstein O(2023)High-Throughput Secure Three-Party Computation with an Honest MajorityJournal of Cryptology10.1007/s00145-023-09461-736:3Online publication date: 22-May-2023
https://dl.acm.org/doi/10.1007/s00145-023-09461-7
Feng DYang K(2022)Concretely efficient secure multi-party computation protocols: survey and moreSecurity and Safety10.1051/sands/20210011(2021001)Online publication date: 14-Jun-2022
https://doi.org/10.1051/sands/2021001
Lu SZheng JCao ZWang YGu C(2022)A survey on cryptographic techniques for protecting big data security: present and forthcomingScience China Information Sciences10.1007/s11432-021-3393-x65:10Online publication date: 23-Sep-2022
https://doi.org/10.1007/s11432-021-3393-x
Hazay CLilintal M(2021)Gradual GRAM and secure computation for RAM programsJournal of Computer Security10.3233/JCS-200107(1-33)Online publication date: 29-Oct-2021
https://doi.org/10.3233/JCS-200107
Garillot FKondi YMohassel PNikolaenko V(2021)Threshold Schnorr with Stateless Deterministic Signing from Standard AssumptionsAdvances in Cryptology – CRYPTO 202110.1007/978-3-030-84242-0_6(127-156)Online publication date: 11-Aug-2021
https://doi.org/10.1007/978-3-030-84242-0_6
Rosulek MRoy L(2021)Three Halves Make a Whole? Beating the Half-Gates Lower Bound for Garbled CircuitsAdvances in Cryptology – CRYPTO 202110.1007/978-3-030-84242-0_5(94-124)Online publication date: 11-Aug-2021
https://doi.org/10.1007/978-3-030-84242-0_5
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents