How to Garble Arithmetic Circuits

Applebaum, Benny; Ishai, Yuval; Kushilevitz, Eyal

doi:10.1137/120875193

Cited by 33 publications

(24 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, [5] show that arithmetic garbled circuits can be constructed based on a special "key-shrinking" gadget, which can be viewed as a symmetric encryption over F with some homomorphic properties. They also provide an implementation of this gadget over the integers.…”

Section: Discussionmentioning

confidence: 99%

“…The question of garbling arithmetic circuits has been open for a long time, and only recently some partial progress has been made [5]. Still, so far there has been no fully arithmetic construction in which both the encoder and the decoder make a black-box use of F. We show that this is inherently impossible answering an open problem from [35].…”

Section: Garbled Circuitsmentioning

confidence: 98%

“…Similarly, the results of [5] can be viewed as an arithmetic reduction from garbling arithmetic circuits to the design of a special symmetric encryption over F.…”

Section: Arithmetic Reductionsmentioning

confidence: 99%

See 2 more Smart Citations

Arithmetic Cryptography

Applebaum

Avron

Brzuska

2015

Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science

Self Cite

View full text Add to dashboard Cite

We study the possibility of computing cryptographic primitives in a fully-black-box arithmetic model over a finite field F. In this model, the input to a cryptographic primitive (e.g., encryption scheme) is given as a sequence of field elements, the honest parties are implemented by arithmetic circuits which make only a black-box use of the underlying field, and the adversary has a full (non-black-box) access to the field. This model captures many standard informationtheoretic constructions.We prove several positive and negative results in this model for various cryptographic tasks. On the positive side, we show that, under reasonable assumptions, computational primitives like commitment schemes, public-key encryption, oblivious transfer, and general secure two-party computation can be implemented in this model. On the negative side, we prove that garbled circuits, homomorphic encryption, and secure computation with low online complexity cannot be achieved in this model. Our results reveal a qualitative difference between the standard model and the arithmetic model, and explain, in retrospect, some of the limitations of previous constructions.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Garbled Circuitsmentioning

confidence: 98%

See 1 more Smart Citation

Arithmetic Cryptography

Applebaum

Avron

Brzuska

2015

Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…The conceptualization of garbling as involving a component that creates garbled circuits and another that evaluates them is found in all of these works, and in Schneider's [47,48]. A second line of definitions begins with Ishai and Kushilevitz [25] and continues with [2,3,5,6,26,27,46]. These works define various flavors of randomized encodings.…”

Section: Overviewmentioning

confidence: 99%

“…Scattered through the literature one finds computational objects other than boolean circuits that are being garbled; examples include arithmetic circuits [6], branching programs [9], circuits with lookup tables [39], DFAs [49], and ordered binary decision diagrams [33]. The range suggests, to us, that general-purpose definitions for garbling schemes ought not be tied to circuits.…”

Section: Obliviousness and Authenticitymentioning

confidence: 99%

Foundations of garbled circuits

Bellare

Hoang

Rogaway

2012

Proceedings of the 2012 ACM Conference on Computer and Communications Security

380

266

View full text Add to dashboard Cite

Garbled circuits, a classical idea rooted in the work of Yao, have long been understood as a cryptographic technique, not a cryptographic goal. Here we cull out a primitive corresponding to this technique. We call it a garbling scheme. We provide a provable-security treatment for garbling schemes, endowing them with a versatile syntax and multiple security definitions. The most basic of these, privacy, suffices for two-party secure function evaluation (SFE) and private function evaluation (PFE). Starting from a PRF, we provide an efficient garbling scheme achieving privacy and we analyze its concrete security. We next consider obliviousness and authenticity , properties needed for private and verifiable outsourcing of computation. We extend our scheme to achieve these ends. We provide highly efficient blockcipher-based instantiations of both schemes. Our treatment of garbling schemes presages more efficient garbling, more rigorous analyses, and more modularly designed higher-level protocols.

show abstract

FE and iO for Turing Machines from Minimal Assumptions

Agrawal

Maitra

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

How to Garble Arithmetic Circuits

Cited by 33 publications

References 37 publications

Arithmetic Cryptography

Arithmetic Cryptography

Foundations of garbled circuits

FE and iO for Turing Machines from Minimal Assumptions

Contact Info

Product

Resources

About