How to Circumvent the Two-Ciphertext Lower Bound for Linear Garbling Schemes

Kempka, Carmen; Kikuchi, Ryo; Suzuki, Koutarou

doi:10.1007/978-3-662-53890-6_32

Cited by 10 publications

(4 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [ZRE15] it was shown how to reduce the communication in Yao's garbled circuits to 2κ bits per AND gate and it was proven that this matches the lower bound. In [KKS16] the authors utilize the fact that AND gates in Yao's garbled circuits where one party knows the plaintext input can be garbled at lower cost to reduce the communication for specific circuits. One approach to circumvent the high cost for certain operations are mixed-protocols, which mix secure computation protocols that operate on arithmetic and Boolean circuits.…”

Section: A Efficient Secure Computationmentioning

confidence: 99%

Pushing the Communication Barrier in Secure Computation using Lookup Tables

Dessouky¹,

Koushanfar²,

Sadeghi³

et al. 2017

Proceedings 2017 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Secure two-party computation has witnessed significant efficiency improvements in the recent years. Current implementations of protocols with security against passive adversaries generate and process data much faster than it can be sent over the network, even with a single thread. This paper introduces novel methods to further reduce the communication bottleneck and round complexity of semi-honest secure two-party computation. Our new methodology creates a trade-off between communication and computation, and we show that the added computing cost for each party is still feasible and practicable in light of the new communication savings. We first improve communication for Boolean circuits with 2-input gates by factor 1.9x when evaluated with the protocol of Goldreich-Micali-Wigderson (GMW). As a further step, we change the conventional Boolean circuit representation from 2-input gates to multi-input/multioutput lookup tables (LUTs) which can be programmed to realize arbitrary functions. We construct two protocols for evaluating LUTs offering a trade-off between online communication and total communication. Our most efficient LUT-based protocol reduces the communication and round complexity by a factor 2-4x for several basic and complex operations. Our proposed scheme results in a significant overall runtime decrease of up to a factor of 3x on several benchmark functions. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.

show abstract

Section: A Efficient Secure Computationmentioning

confidence: 99%

Pushing the Communication Barrier in Secure Computation using Lookup Tables

Dessouky¹,

Koushanfar²,

Sadeghi³

et al. 2017

Proceedings 2017 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Bellare, Hoang and Rogaway [10] define a security model for garbling schemes that formalizes the principle of circuit garbling as a cryptographic primitive. Many recent garbling schemes were proven secure in their model, e.g., [51,33,21]. As we will also prove our proposed scheme secure using the same model, we give a brief overview.…”

Section: Security Model By Bellare Hoang and Rogawaymentioning

confidence: 93%

Fast Evaluation of S-Boxes With Garbled Circuits

Pohle,

Abidin,

Preneel

2024

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Garbling schemes, a formalization of Yao's garbled circuit protocol, are useful cryptographic primitives both in privacy-preserving protocols and for secure two-party computation. In projective garbling schemes, n values are assigned to each wire in the circuit. Current stateof-the-art schemes project two values. More concretely, we present a projective garbling scheme that assigns 2 n values to wires in a circuit comprising XOR and unary projection gates. A generalization of FreeXOR allows the XOR of wires with 2 n values to be very efficient. We then analyze the performance of our scheme by evaluating substitution-permutation ciphers. Using our proposal, we measure high-speed evaluation of the ciphers with a moderate increased cost in garbling and bandwidth. Theoretical analysis suggests that for evaluating the nine examined ciphers, one can expect a 4-to 70-fold increase in evaluation with at most a 4-fold increase in garbling cost and, at most, an 8-fold increase in communication cost when compared to stateof-the-art garbling schemes. In an offline/online setting, such as secure function evaluation as a service, the circuit garbling and communication to the evaluator can proceed before the input phase. Thus our scheme offers a fast online phase. Furthermore, we present efficient computation formulas for the S-boxes of TWINE and Midori64 in Boolean circuits. To our knowledge, our formulas give the smallest number of AND gates for the S-boxes of these two ciphers.

show abstract

“…First proposed by Andrew Yao [Yao82,Yao86], secure two-party computation (2PC) comprises the techniques for joint evaluation of a function by two parties on their respective secret inputs. In recent years, there has been a promising progress over the original Yao's protocol [BMR90,NPS99,KS08a,PSSW09,KMR14,ZRE15,KKS16]. As a consequence of these improvements, secure computation techniques now have promising results.…”

Section: Related Workmentioning

confidence: 99%

Highly Efficient and Re-executable Private Function Evaluation with Linear Complexity

Biçer

Bingöl

Kiraz

et al. 2020

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Private function evaluation aims to securely compute a function f (x1,. .. , xn) without leaking any information other than what is revealed by the output, where f is a private input of one of the parties (say Party 1) and xi is a private input of the i-th party Party i. In this work, we propose a novel and secure two-party private function evaluation (2PFE) scheme based on the DDH assumption. Our scheme introduces a reusability feature that significantly improves the state-of-the-art. Accordingly, our scheme has two variants, one is utilized in the initial execution of the function f , and the other is utilized in its subsequent evaluations. To the best of our knowledge, this is the first and most efficient 2PFE scheme that enjoys a reusablity feature. Our protocols achieve linear communication and computation complexities and a constant number of rounds which is at most three.

show abstract

How to Circumvent the Two-Ciphertext Lower Bound for Linear Garbling Schemes

Cited by 10 publications

References 26 publications

Pushing the Communication Barrier in Secure Computation using Lookup Tables

Pushing the Communication Barrier in Secure Computation using Lookup Tables

Fast Evaluation of S-Boxes With Garbled Circuits

Highly Efficient and Re-executable Private Function Evaluation with Linear Complexity

Contact Info

Product

Resources

About