Abstract
We show that Yao’s garbling scheme is adaptively indistinguishable for the class of Boolean circuits of size \(S\) and treewidth \(w\) with only a \({S^{O({w})}}\) loss in security. For instance, circuits with constant treewidth are as a result adaptively indistinguishable with only a polynomial loss. This (partially) complements a negative result of Applebaum et al. (Crypto 2013), which showed (assuming one-way functions) that Yao’s garbling scheme cannot be adaptively simulatable. As main technical contributions, we introduce a new pebble game that abstracts out our security reduction and then present a pebbling strategy for this game where the number of pebbles used is roughly \({O{(\delta w\log (S))}}\), \(\delta \) being the fan-out of the circuit. The design of the strategy relies on separators, a graph-theoretic notion with connections to circuit complexity.
Chethan, K—Supported by Azrieli International Postdoctoral Fellowship. Most of the work was done while the author was at Northeastern University and Charles University, funded by the IARPA grant IARPA/2019-19-020700009 and project PRIMUS/17/SCI/9, respectively.
Karen, K—Supported in part by ERC CoG grant 724307. Most of the work was done while the author was at IST Austria funded by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (682815 - TOCNeT).
Krzysztof, P—Funded by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (682815 - TOCNeT).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
Since treewidth is defined for undirected graphs, whenever we refer to the treewidth of a directed graph (or a circuit) we refer to the treewidth of the graph obtained by ignoring the direction of its edges.
- 4.
See this question (48504) posted on CSTheory, Stack Exchange.
- 5.
This is one of the earliest applications of the piecewise-guessing framework [24].
- 6.
- 7.
- 8.
- 9.
To be precise, such a pebbling strategy is said to be persistent [38] since the final configuration consists of the sinks pebbled. In this paper, we only deal with persistent strategies.
- 10.
To be precise, such a separator is called “balanced” [19]. In this paper, we only consider balanced separators.
- 11.
Recall from the proof of Lemma 1 that for pebbling configurations \(\mathcal {P} _i\) and \(\mathcal {P} _{i+1}\) that differ by a pebbling move \(\texttt {B} \leftrightarrow \texttt {G} \), the corresponding hybrids \(\mathsf {H} _{\mathcal {P} _{1}}\) and \(\mathsf {H} _{\mathcal {P} _{i+1}}\) are identically distributed.
- 12.
It is possible to bound the space-complexity of RB pebbling on DAGs of treewidth \(w\) using existing results. First, use the fact that the RB pebbling number of a graph of size \(S\) is upper bounded by the plain black pebbling [39] number with a multiplicative \(\log (S)\) factor [32]. Second, use the fact that the black pebbling number is upper bounded by treewidth \(w\) (via so-called pathwidth) with another multiplicative \(\log (S)\) factor [11, Theorem 2, Corollary 24]. Consequently, we get that the RB pebbling number is at most \(w\log ^2(S)\). But this is a worse bound compared to what we show directly in Lemma 2.
References
Alekhnovich, M., Razborov, A.: Satisfiability, branch-width and tseitin tautologies. Comput. Complex. 20(4), 649–678 (2011)
Allender, E., Chen, S., Lou, T., Papakonstantinou, P.A., Tang, B.: Width-parametrized SAT: time-space tradeoffs. Theory Comput. 10, 297–339 (2014)
Ananth, P., Lombardi, A.: Succinct garbling schemes from functional encryption through a local simulation paradigm. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 455–472. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_17
Applebaum, B., Ishai, Y., Kushilevitz, E., Waters, B.: Encoding functions with constant online rate or how to compress garbled circuits keys. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 166–184. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_10
Bellare, M., Hoang, V.T., Keelveedhi, S.: Instantiating random oracles via UCEs. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 398–415. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_23
Bellare, M., Hoang, V.T., Rogaway, P.: Adaptively secure garbling with applications to one-time programs and secure outsourcing. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 134–153. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_10
Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM CCS 2012: 19th Conference on Computer and Communications Security, pp. 784–796. ACM Press, Raleigh, NC, USA, Oct. 16–18 (2012)
Bennett, C.H.: Time/space trade-offs for reversible computation. SIAM J. Comput. 18(4), 766–776 (1989)
Bodlaender, H.L.: NC-algorithms for graphs with small treewidth. In: van Leeuwen, J. (ed.) WG 1988. LNCS, vol. 344, pp. 1–10. Springer, Heidelberg (1989). https://doi.org/10.1007/3-540-50728-0_32
Bodlaender, H.L.: A tourist guide through treewidth. Acta Cybern. 11(1–2), 1–21 (1993)
Bodlaender, H.L.: A partial k-arboretum of graphs with bounded treewidth. Theor. Comput. Sci. 209(1), 1–45 (1998)
Boneh, D., et al.: Fully key-homomorphic encryption, arithmetic circuit abe and compact garbled circuits. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 533–556. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_30
Brent, R.P.: The parallel evaluation of general arithmetic expressions. J. ACM 21(2), 201–206 (1974)
Bui, T.N., Jones, C.: Finding good approximate vertex and edge partitions is np-hard. Inf. Process. Lett. 42(3), 153–159 (1992)
Cryan, M., Miltersen, P.B.: On pseudorandom generators in NC0. In: Sgall, J., Pultr, A., Kolman, P. (eds.) MFCS 2001. LNCS, vol. 2136, pp. 272–284. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44683-4_24
Even, G., Naor, J.S., Rao, S., Schieber, B.: Fast approximate graph partitioning algorithms. SIAM J. Comput. 28(6), 2187–2214 (1999)
Feige, U., Hajiaghayi, M.T., Lee, J.R.: Improved approximation algorithms for minimum-weight vertex separators. In: Gabow, H.N., Fagin, R. (eds.) 37th Annual ACM Symposium on Theory of Computing, pp. 563–572. ACM Press, Baltimore, MA, USA, May 22–24 (2005)
Feige, U., Mahdian, M.: Finding small balanced separators. In: Kleinberg, J.M. (ed.) 38th Annual ACM Symposium on Theory of Computing, pp. 375–384. ACM Press, Seattle, WA, USA, May 21–23 (2006)
Gál, A., Jang, J.: A generalization of Spira’s theorem and circuits with small segregators or separators. Inf. Comput. 251, 252–262 (2016)
Garg, S., Srinivasan, A.: Adaptively secure garbling with near optimal online complexity. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 535–565. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_18
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or A completeness theorem for protocols with honest majority. In: Aho, A. (ed) 19th Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM Press, New York City, NY, USA, May 25–27 (1987)
Hemenway, B., Jafargholi, Z., Ostrovsky, R., Scafuro, A., Wichs, D.: Adaptively secure garbled circuits from one-way functions. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 149–178. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_6
Impagliazzo, R., Naor, M.: Efficient cryptographic schemes provably as secure as subset sum. J. Cryptol. 9(4), 199–216 (1996)
Jafargholi, Z., Kamath, C., Klein, K., Komargodski, I., Pietrzak, K., Wichs, D.: Be adaptive, avoid overcommitting. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 133–163. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_5
Jafargholi, Z., Oechsner, S.: Adaptive security of practical garbling schemes. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds.) INDOCRYPT 2020. LNCS, vol. 12578, pp. 741–762. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65277-7_33
Jafargholi, Z., Scafuro, A., Wichs, D.: Adaptively indistinguishable garbled circuits. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 40–71. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_2
Jafargholi, Z., Wichs, D.: Adaptive security of yao’s garbled circuits. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9985, pp. 433–458. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53641-4_17
Jansen, M.J., Sarma, J.: Balancing bounded treewidth circuits. Theory Comput. Syst. 54(2), 318–336 (2014)
Kamath, C., Klein, K., Pietrzak, K.: On treewidth, separators and yao’s garbling. Cryptology ePrint Archive, Report 2021/926 (2021)
Kamath, C., Klein, K., Pietrzak, K., Wichs, D.: Limits on the adaptive security of yao’s garbling. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 486–515. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_17
Kitagawa, F., Nishimaki, R., Tanaka, K., Yamakawa, T.: Adaptively secure and succinct functional encryption: improving security and efficiency, simultaneously. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 521–551. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_17
Levine, R.Y., Sherman, A.T.: A note on Bennett’s time-space tradeoff for reversible computation. SIAM J. Comput. 19(4), 673–677 (1990)
Lindell, Y., Pinkas, B.: A proof of security of Yao’s protocol for two-party computation. J. Cryptol. 22(2), 161–188 (2009)
Lipton, R.J., Tarjan, R.E.: A separator theorem for planar graphs. SIAM J. Appl. Math. 36(2), 177–189 (1979)
Lipton, R.J., Tarjan, R.E.: Applications of a planar separator theorem. SIAM J. Comput. 9(3), 615–627 (1980)
Lokshtanov, D., Mikhailin, I., Paturi, R., Pudlák, P.: Beating brute force for (quantified) satisfiability of circuits of bounded treewidth. In: Czumaj, A. (ed.) 29th Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 247–261. ACM-SIAM, New Orleans, LA, USA, Jan. 7–10 (2018)
Marx, D.: Parameterized graph separation problems. In: Downey, R., Fellows, M., Dehne, F. (eds.) IWPEC 2004. LNCS, vol. 3162, pp. 71–82. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28639-4_7
Nordström, J.: New Wine into Old Wineskins: A Survey of Some Pebbling Classics with Supplemental Results (2015)
Paterson, M.S., Hewitt, C.E.: Record of the project mac conference on concurrent systems and parallel computation. Chapter Comparative Schematology, pp. 119–127. ACM, New York, NY, USA (1970)
Robertson, N., Seymour, P.D.: Graph minors. II. algorithmic aspects of tree-width. J. Algorithms 7(3), 309–322 (1986)
Spira, P.: On time-hardware complexity of tradeoffs for boolean functions. In: Proceedings of the 4th Hawaii Symposium System Sciences, pp. 525–527. North Hollywood and Western Periodicals (1971)
Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, pp. 160–164. IEEE Computer Society Press, Chicago, Illinois, Nov. 3–5 (1982)
Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: 27th Annual Symposium on Foundations of Computer Science, pp. 162–167. IEEE Computer Society Press, Toronto, Ontario, Canada, Oct. 27–29 (1986)
Acknowledgements
We are grateful to Daniel Wichs for helpful discussions on the landscape of adaptive security of Yao’s garbling. We would also like to thank Crypto 2021 and TCC 2021 reviewers for their detailed review and suggestions, which helped improve presentation considerably.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Kamath, C., Klein, K., Pietrzak, K. (2021). On Treewidth, Separators and Yao’s Garbling. In: Nissim, K., Waters, B. (eds) Theory of Cryptography. TCC 2021. Lecture Notes in Computer Science(), vol 13043. Springer, Cham. https://doi.org/10.1007/978-3-030-90453-1_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-90453-1_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90452-4
Online ISBN: 978-3-030-90453-1
eBook Packages: Computer ScienceComputer Science (R0)