Skip to main content
SpringerLink
Log in

Three Halves Make a Whole? Beating the Half-Gates Lower Bound for Garbled Circuits

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2021 (CRYPTO 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12825))

Included in the following conference series:

Abstract

We describe a garbling scheme for boolean circuits, in which XOR gates are free and AND gates require communication of \(1.5\kappa + 5\) bits. This improves over the state-of-the-art “half-gates” scheme of Zahur, Rosulek, and Evans (Eurocrypt 2015), in which XOR gates are free and AND gates cost \(2\kappa \) bits. The half-gates paper proved a lower bound of \(2\kappa \) bits per AND gate, in a model that captured all known garbling techniques at the time. We bypass this lower bound with a novel technique that we call slicing and dicing, which involves slicing wire labels in half and operating separately on those halves. Ours is the first to bypass the lower bound while being fully compatible with free-XOR, making it a drop-in replacement for half-gates. Our construction is proven secure from a similar assumption to prior free-XOR garbling (circular correlation-robust hash), and uses only slightly more computation than half-gates.

First author partially supported by NSF award #1617197. Second author supported by a DoE CSGF Fellowship.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    These constructions require the input labels to have a certain correlation that they do not guarantee for the gate’s output labels.

  2. 2.

    We assume that all gates take two inputs. NOT gates can be merged into downstream gates—e.g. if x goes into a NOT gate, and then into an AND gate with another input y, this is equivalent to a single \(\overline{x} \wedge y\) gate.

  3. 3.

    Most garbling schemes actually do not have perfect correctness. If an output wire has labels \(W_0, W_1\), then d will contain both \(H(W_0)\) and \(H(W_1)\). Correctness is violated if \(H(W_0) = H(W_1)\).

  4. 4.

    Equivalently, \(\mathcal {U}\) is \(2^{-\kappa }\)-almost-XOR-universal (AXU).

  5. 5.

    For now, assume H is a random oracle. We ignore including the gate ID as an additional argument to H.

  6. 6.

    More generally, multiplying by a left-inverse of the matrix on the left-hand side “just works,” as in the case where the matrix on the left-hand side is invertible.

  7. 7.

    Hence the title: “Three Halves Make a Whole”.

  8. 8.

    Note also that the calls to H have globally distinct tweaks.

  9. 9.

    Circuits were obtained from https://homes.esat.kuleuven.be/~nsmart/MPC/.

  10. 10.

    This can happen, e.g., when for every \(a \wedge b\) gate there is a corresponding \(a \vee b = \overline{ \overline{a} \wedge \overline{b}}\) gate.

References

  1. Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM CCS 2012, pp. 784–796. ACM Press, October 2012

    Google Scholar 

  2. Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols (extended abstract). In: 22nd ACM STOC, pp. 503–513. ACM Press, May 1990

    Google Scholar 

  3. Ball, M., Malkin, T., Rosulek, M.: Garbling gadgets for Boolean and arithmetic circuits. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, pp. 565–577. ACM Press, October 2016

    Google Scholar 

  4. Choi, S.G., Katz, J., Kumaresan, R., Zhou, H.-S.: On the security of the “Free-XOR’’ technique. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 39–53. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28914-9_3

    Chapter  MATH  Google Scholar 

  5. Carmer, B., Rosulek, M.: Linicrypt: a model for practical cryptography. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 416–445. Springer, Heidelberg (2016)

    Chapter  Google Scholar 

  6. Frederiksen, T.K., Nielsen, J.B., Orlandi, C.: Privacy-free garbled circuits with applications to efficient zero-knowledge. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 191–219. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  7. Guo, C., Katz, J., Wang, X., Yu, Y.: Efficient and secure multiparty computation from fixed-key block ciphers. In: 2020 IEEE Symposium on Security and Privacy, pp. 825–841. IEEE Computer Society Press, May 2020

    Google Scholar 

  8. Gueron, S., Lindell, Y., Nof, A., Pinkas, B.: Fast garbling of circuits under standard assumptions. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 567–578. ACM Press, October 2015

    Google Scholar 

  9. Kempka, C., Kikuchi, R., Suzuki, K.: How to circumvent the two-ciphertext lower bound for linear garbling schemes. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 967–997. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_32

    Chapter  Google Scholar 

  10. Kolesnikov, V., Mohassel, P., Rosulek, M.: FleXOR: flexible garbling for XOR gates that beats free-XOR. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 440–457. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  11. Kolesnikov, V., Schneider, T.: Improved garbled circuit: free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70583-3_40

    Chapter  MATH  Google Scholar 

  12. Lindell, Y., Pinkas, B.: A proof of security of Yao’s protocol for two-party computation. J. Cryptol. 22(2), 161–188 (2009)

    Article  MathSciNet  Google Scholar 

  13. Mohassel, P., Rindal, P.: ABY\(^3\): a mixed protocol framework for machine learning. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 35–52. ACM Press, October 2018

    Google Scholar 

  14. Naor, M., Pinkas, B., Sumner, R.: Privacy preserving auctions and mechanism design. In: Proceedings of the 1st ACM Conference on Electronic Commerce, New York, NY, USA, pp. 129–139. ACM (1999)

    Google Scholar 

  15. Pinkas, B., Schneider, T., Smart, N.P., Williams, S.C.: Secure two-party computation is practical. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 250–267. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  16. Rosulek, M.: Improvements for gate-hiding garbled circuits. In: Patra, A., Smart, N.P. (eds.) INDOCRYPT 2017. LNCS, vol. 10698, pp. 325–345. Springer, Heidelberg (2017)

    Chapter  Google Scholar 

  17. Wang, Y., Malluhi, Q.M.: Reducing garbled circuit size while preserving circuit gate privacy. Cryptology ePrint Archive, Report 2017/041 (2017). https://eprint.iacr.org/2017/041

  18. Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: 23rd FOCS, pp. 160–164. IEEE Computer Society Press, November 1982

    Google Scholar 

  19. Zahur, S., Rosulek, M., Evans, D.: Two halves make a whole-reducing data transfer in garbled circuits using half gates. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. Part II, LNCS, vol. 9057, pp. 220–250. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Oregon State University, Corvallis, USA

    Mike Rosulek & Lawrence Roy

Authors
  1. Mike Rosulek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lawrence Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mike Rosulek .

Editor information

Editors and Affiliations

  1. Columbia University, New York City, NY, USA

    Tal Malkin

  2. University of Michigan, Ann Arbor, MI, USA

    Chris Peikert

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rosulek, M., Roy, L. (2021). Three Halves Make a Whole? Beating the Half-Gates Lower Bound for Garbled Circuits. In: Malkin, T., Peikert, C. (eds) Advances in Cryptology – CRYPTO 2021. CRYPTO 2021. Lecture Notes in Computer Science(), vol 12825. Springer, Cham. https://doi.org/10.1007/978-3-030-84242-0_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-84242-0_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-84241-3

  • Online ISBN: 978-3-030-84242-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation