Efficient Garbling from a Fixed-Key Blockcipher

Bellare, Mihir; Hoang, Viet Tung; Keelveedhi, Sriram; Rogaway, Phillip

doi:10.1109/sp.2013.39

Cited by 252 publications

(250 citation statements)

References 31 publications

Supporting

Mentioning

250

Contrasting

Order By: Relevance

“…Therefore, the cost of the GC protocol can be measured only in terms of the number of AND gates in the circuit. We also use garbling with a fixed-key blockcipher [3] together with the half gates technique [40] for efficient evaluation of AND gates. For OT required in the initial data exchange of the GC protocol, we use the OT Extension method [2,14].…”

Section: Optimizationsmentioning

confidence: 99%

Toward Practical Secure Stable Matching

Riazi

Songhori

Sadeghi

et al. 2016

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract:The Stable Matching (SM) algorithm has been deployed in many real-world scenarios including the National Residency Matching Program (NRMP) and financial applications such as matching of suppliers and consumers in capital markets. Since these applications typically involve highly sensitive information such as the underlying preference lists, their current implementations rely on trusted third parties. This paper introduces the first provably secure and scalable implementation of SM based on Yao's garbled circuit protocol and Oblivious RAM (ORAM). Our scheme can securely compute a stable match for 8k pairs four orders of magnitude faster than the previously best known method. We achieve this by introducing a compact and efficient sub-linear size circuit. We even further decrease the computation cost by three orders of magnitude by proposing a novel technique to avoid unnecessary iterations in the SM algorithm. We evaluate our implementation for several problem sizes and plan to publish it as open-source.

show abstract

Section: Optimizationsmentioning

confidence: 99%

Toward Practical Secure Stable Matching

Riazi

Songhori

Sadeghi

et al. 2016

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

show abstract

“…Bellare, Hoang, and Keelveedhi [BHK13d] point out that the theorem can be extended to a singlequery source by applying a pseudorandom generator to the output of the hash function. This result is noteworthy as several applications only require the source to make a single query.…”

Section: The Io Attackmentioning

confidence: 99%

“…After we communicated our attack [BHK13d], BHK in the revised version of their paper [BHK13c] also independently suggested the statistical notion of unpredictability. They denote by S sup the class of all statistically unpredictable sources and recast their proofs of the above to use UCE[S sup ].…”

Section: Rka Security Of Brsmentioning

confidence: 99%

“…We thank Mihir Bellare, Viet Tung Hoang, and Sriram Keelveedhi for their personal communication [BHK13d]. …”

Section: Acknowledgmentsmentioning

confidence: 99%

“…Following our attack (that we describe next and that we communicated to BHK in August 2013 [BHK13d]), the UCE1 and UCE2 notions were revised in [BHK13c] and additional restrictions on sources were imposed. We will be discussing these shortly, after presenting our first attack.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Indistinguishability Obfuscation and UCEs: The Case of Computationally Unpredictable Sources

Brzuska

Farshim

Mittelbach

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Random oracles are powerful cryptographic objects. They facilitate the security proofs of an impressive number of practical cryptosystems ranging from KDM-secure and deterministic encryption to point-function obfuscation and many more. However, due to an uninstantiability result of Canetti, Goldreich, and Halevi (STOC 1998) random oracles have become somewhat controversial. Recently, Bellare, Hoang, and Keelveedhi (BHK; CRYPTO 2013 and ePrint 2013/424, August 2013) introduced a new abstraction called Universal Computational Extractors (UCEs), and showed that they suffice to securely replace random oracles in a number of prominent applications, including all those mentioned above, without suffering from the aforementioned uninstantiability result. This, however, leaves open the question of constructing UCEs in the standard model.We show that the existence of indistinguishability obfuscation (iO) implies (non-black-box) attacks on all the definitions that BHK proposed within their UCE framework in the original version of their paper, in the sense that no concrete hash function can satisfy them. We also show that this limitation can be overcome, to some extent, by restraining the class of admissible adversaries via a statistical notion of unpredictability. Following our attack, BHK (ePrint 2013/424, September 2013), independently adopted this approach in their work.In the updated version of their paper, BHK (ePrint 2013/424, September 2013) also introduce two other novel source classes, called bounded parallel sources and split sources, which aim at recovering the computational applications of UCEs that fall outside the statistical fix. These notions keep to a computational notion of unpredictability, but impose structural restrictions on the adversary so that our original iO attack no longer applies. We extend our attack to show that indistinguishability obfuscation is sufficient to also break the UCE security of any hash function against bounded parallel sources. Towards this goal, we use the randomized encodings paradigm of Applebaum, Ishai, and Kushilevitz (STOC 2004) to parallelize the obfuscated circuit used in our attack, so that it can be computed by a bounded parallel source whose second stage consists of constant-depth circuits. We conclude by discussing the composability and feasibility of hash functions secure against split sources.

show abstract

Universal gates on garbled circuit construction

Innocent

Sangeeta

Prakash

2019

Concurrency and Computation

View full text Add to dashboard Cite

Efficient garbled circuit construction can lead to more practical secure computation protocols.Garbled circuit construction has been considered as a separate goal for optimization as efficiency of the secure computation protocol is directly related to the efficiency of garbled circuit construction. Various optimizations such as, point-and-permute technique, free-XOR, garbled row reduction, and dual-key cipher are proved to make the garbled circuit construction efficient.In this paper, we propose garbled circuit construction with the universal gates; for demonstration purpose, we have considered NOR gates and shown optimization on circuit construction in two models. By the use of single type of gate, the gate array in the circuit representation is eliminated and a constant value is used in protocols. In addition, we have reduced the number of rows in garbled table to two rows per gate with two or zero encryption calls during garbled circuit construction and two or zero decryption calls during evaluation of garbled circuit.

show abstract

Efficient Garbling from a Fixed-Key Blockcipher

Cited by 252 publications

References 31 publications

Toward Practical Secure Stable Matching

Toward Practical Secure Stable Matching

Indistinguishability Obfuscation and UCEs: The Case of Computationally Unpredictable Sources

Universal gates on garbled circuit construction

Contact Info

Product

Resources

About