Skip to main content
SpringerLink
Log in

On Treewidth, Separators and Yao’s Garbling

  • Conference paper
  • First Online:
Theory of Cryptography (TCC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13043))

Included in the following conference series:

Abstract

We show that Yao’s garbling scheme is adaptively indistinguishable for the class of Boolean circuits of size \(S\) and treewidth \(w\) with only a \({S^{O({w})}}\) loss in security. For instance, circuits with constant treewidth are as a result adaptively indistinguishable with only a polynomial loss. This (partially) complements a negative result of Applebaum et al. (Crypto 2013), which showed (assuming one-way functions) that Yao’s garbling scheme cannot be adaptively simulatable. As main technical contributions, we introduce a new pebble game that abstracts out our security reduction and then present a pebbling strategy for this game where the number of pebbles used is roughly \({O{(\delta w\log (S))}}\), \(\delta \) being the fan-out of the circuit. The design of the strategy relies on separators, a graph-theoretic notion with connections to circuit complexity.

Chethan, K—Supported by Azrieli International Postdoctoral Fellowship. Most of the work was done while the author was at Northeastern University and Charles University, funded by the IARPA grant IARPA/2019-19-020700009 and project PRIMUS/17/SCI/9, respectively.

Karen, K—Supported in part by ERC CoG grant 724307. Most of the work was done while the author was at IST Austria funded by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (682815 - TOCNeT).

Krzysztof, P—Funded by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (682815 - TOCNeT).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    According to [7], the idea was first presented by Yao in oral presentations on secure function-evaluation [42, 43] but formally described only in [21].

  2. 2.

    This is an equivalent formulation of the definition in [33] and is taken from [27]. Our overview of the proof in [33] to be discussed in Sect. 1.2 has been adapted accordingly.

  3. 3.

    Since treewidth is defined for undirected graphs, whenever we refer to the treewidth of a directed graph (or a circuit) we refer to the treewidth of the graph obtained by ignoring the direction of its edges.

  4. 4.

    See this question (48504) posted on CSTheory, Stack Exchange.

  5. 5.

    This is one of the earliest applications of the piecewise-guessing framework [24].

  6. 6.

    Since pseudo-random generators (of arbitrary stretch) exist in \(\mathbf{NC} ^1\) [15, 23], the result in [4] rules out reductions with polynomial loss for offline Yao. This is in stark contrast to the aforementioned positive result from [27] for online Yao for \(\mathbf{NC} ^1\) circuits.

  7. 7.

    We use the piecewise-guessing framework [24] instead of a direct argument as in [27].

  8. 8.

    The width-based BG strategy from [22, 27] can be modified to obtain a comparable BGR strategy for levelled circuits. However, the resulting security bounds do not yield any advantage over simply guessing the input (which we want to avoid).

  9. 9.

    To be precise, such a pebbling strategy is said to be persistent [38] since the final configuration consists of the sinks pebbled. In this paper, we only deal with persistent strategies.

  10. 10.

    To be precise, such a separator is called “balanced” [19]. In this paper, we only consider balanced separators.

  11. 11.

    Recall from the proof of Lemma 1 that for pebbling configurations \(\mathcal {P} _i\) and \(\mathcal {P} _{i+1}\) that differ by a pebbling move \(\texttt {B} \leftrightarrow \texttt {G} \), the corresponding hybrids \(\mathsf {H} _{\mathcal {P} _{1}}\) and \(\mathsf {H} _{\mathcal {P} _{i+1}}\) are identically distributed.

  12. 12.

    It is possible to bound the space-complexity of RB pebbling on DAGs of treewidth \(w\) using existing results. First, use the fact that the RB pebbling number of a graph of size \(S\) is upper bounded by the plain black pebbling [39] number with a multiplicative \(\log (S)\) factor [32]. Second, use the fact that the black pebbling number is upper bounded by treewidth \(w\) (via so-called pathwidth) with another multiplicative \(\log (S)\) factor [11, Theorem 2, Corollary 24]. Consequently, we get that the RB pebbling number is at most \(w\log ^2(S)\). But this is a worse bound compared to what we show directly in Lemma 2.

References

  1. Alekhnovich, M., Razborov, A.: Satisfiability, branch-width and tseitin tautologies. Comput. Complex. 20(4), 649–678 (2011)

    Google Scholar 

  2. Allender, E., Chen, S., Lou, T., Papakonstantinou, P.A., Tang, B.: Width-parametrized SAT: time-space tradeoffs. Theory Comput. 10, 297–339 (2014)

    Google Scholar 

  3. Ananth, P., Lombardi, A.: Succinct garbling schemes from functional encryption through a local simulation paradigm. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 455–472. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_17

    Chapter  Google Scholar 

  4. Applebaum, B., Ishai, Y., Kushilevitz, E., Waters, B.: Encoding functions with constant online rate or how to compress garbled circuits keys. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 166–184. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_10

    Chapter  Google Scholar 

  5. Bellare, M., Hoang, V.T., Keelveedhi, S.: Instantiating random oracles via UCEs. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 398–415. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_23

    Chapter  Google Scholar 

  6. Bellare, M., Hoang, V.T., Rogaway, P.: Adaptively secure garbling with applications to one-time programs and secure outsourcing. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 134–153. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_10

    Chapter  Google Scholar 

  7. Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM CCS 2012: 19th Conference on Computer and Communications Security, pp. 784–796. ACM Press, Raleigh, NC, USA, Oct. 16–18 (2012)

    Google Scholar 

  8. Bennett, C.H.: Time/space trade-offs for reversible computation. SIAM J. Comput. 18(4), 766–776 (1989)

    Article  MathSciNet  Google Scholar 

  9. Bodlaender, H.L.: NC-algorithms for graphs with small treewidth. In: van Leeuwen, J. (ed.) WG 1988. LNCS, vol. 344, pp. 1–10. Springer, Heidelberg (1989). https://doi.org/10.1007/3-540-50728-0_32

    Chapter  Google Scholar 

  10. Bodlaender, H.L.: A tourist guide through treewidth. Acta Cybern. 11(1–2), 1–21 (1993)

    MathSciNet  MATH  Google Scholar 

  11. Bodlaender, H.L.: A partial k-arboretum of graphs with bounded treewidth. Theor. Comput. Sci. 209(1), 1–45 (1998)

    Article  MathSciNet  Google Scholar 

  12. Boneh, D., et al.: Fully key-homomorphic encryption, arithmetic circuit abe and compact garbled circuits. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 533–556. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_30

    Chapter  Google Scholar 

  13. Brent, R.P.: The parallel evaluation of general arithmetic expressions. J. ACM 21(2), 201–206 (1974)

    Article  MathSciNet  Google Scholar 

  14. Bui, T.N., Jones, C.: Finding good approximate vertex and edge partitions is np-hard. Inf. Process. Lett. 42(3), 153–159 (1992)

    Article  MathSciNet  Google Scholar 

  15. Cryan, M., Miltersen, P.B.: On pseudorandom generators in NC0. In: Sgall, J., Pultr, A., Kolman, P. (eds.) MFCS 2001. LNCS, vol. 2136, pp. 272–284. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44683-4_24

  16. Even, G., Naor, J.S., Rao, S., Schieber, B.: Fast approximate graph partitioning algorithms. SIAM J. Comput. 28(6), 2187–2214 (1999)

    Article  MathSciNet  Google Scholar 

  17. Feige, U., Hajiaghayi, M.T., Lee, J.R.: Improved approximation algorithms for minimum-weight vertex separators. In: Gabow, H.N., Fagin, R. (eds.) 37th Annual ACM Symposium on Theory of Computing, pp. 563–572. ACM Press, Baltimore, MA, USA, May 22–24 (2005)

    Google Scholar 

  18. Feige, U., Mahdian, M.: Finding small balanced separators. In: Kleinberg, J.M. (ed.) 38th Annual ACM Symposium on Theory of Computing, pp. 375–384. ACM Press, Seattle, WA, USA, May 21–23 (2006)

    Google Scholar 

  19. Gál, A., Jang, J.: A generalization of Spira’s theorem and circuits with small segregators or separators. Inf. Comput. 251, 252–262 (2016)

    Article  MathSciNet  Google Scholar 

  20. Garg, S., Srinivasan, A.: Adaptively secure garbling with near optimal online complexity. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 535–565. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_18

    Chapter  Google Scholar 

  21. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or A completeness theorem for protocols with honest majority. In: Aho, A. (ed) 19th Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM Press, New York City, NY, USA, May 25–27 (1987)

    Google Scholar 

  22. Hemenway, B., Jafargholi, Z., Ostrovsky, R., Scafuro, A., Wichs, D.: Adaptively secure garbled circuits from one-way functions. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 149–178. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_6

    Chapter  Google Scholar 

  23. Impagliazzo, R., Naor, M.: Efficient cryptographic schemes provably as secure as subset sum. J. Cryptol. 9(4), 199–216 (1996)

    Article  MathSciNet  Google Scholar 

  24. Jafargholi, Z., Kamath, C., Klein, K., Komargodski, I., Pietrzak, K., Wichs, D.: Be adaptive, avoid overcommitting. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 133–163. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_5

    Chapter  Google Scholar 

  25. Jafargholi, Z., Oechsner, S.: Adaptive security of practical garbling schemes. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds.) INDOCRYPT 2020. LNCS, vol. 12578, pp. 741–762. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65277-7_33

    Chapter  Google Scholar 

  26. Jafargholi, Z., Scafuro, A., Wichs, D.: Adaptively indistinguishable garbled circuits. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 40–71. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_2

    Chapter  Google Scholar 

  27. Jafargholi, Z., Wichs, D.: Adaptive security of yao’s garbled circuits. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9985, pp. 433–458. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53641-4_17

    Chapter  MATH  Google Scholar 

  28. Jansen, M.J., Sarma, J.: Balancing bounded treewidth circuits. Theory Comput. Syst. 54(2), 318–336 (2014)

    Article  MathSciNet  Google Scholar 

  29. Kamath, C., Klein, K., Pietrzak, K.: On treewidth, separators and yao’s garbling. Cryptology ePrint Archive, Report 2021/926 (2021)

    Google Scholar 

  30. Kamath, C., Klein, K., Pietrzak, K., Wichs, D.: Limits on the adaptive security of yao’s garbling. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 486–515. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_17

    Chapter  Google Scholar 

  31. Kitagawa, F., Nishimaki, R., Tanaka, K., Yamakawa, T.: Adaptively secure and succinct functional encryption: improving security and efficiency, simultaneously. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 521–551. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_17

    Chapter  Google Scholar 

  32. Levine, R.Y., Sherman, A.T.: A note on Bennett’s time-space tradeoff for reversible computation. SIAM J. Comput. 19(4), 673–677 (1990)

    Article  MathSciNet  Google Scholar 

  33. Lindell, Y., Pinkas, B.: A proof of security of Yao’s protocol for two-party computation. J. Cryptol. 22(2), 161–188 (2009)

    Article  MathSciNet  Google Scholar 

  34. Lipton, R.J., Tarjan, R.E.: A separator theorem for planar graphs. SIAM J. Appl. Math. 36(2), 177–189 (1979)

    Article  MathSciNet  Google Scholar 

  35. Lipton, R.J., Tarjan, R.E.: Applications of a planar separator theorem. SIAM J. Comput. 9(3), 615–627 (1980)

    Article  MathSciNet  Google Scholar 

  36. Lokshtanov, D., Mikhailin, I., Paturi, R., Pudlák, P.: Beating brute force for (quantified) satisfiability of circuits of bounded treewidth. In: Czumaj, A. (ed.) 29th Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 247–261. ACM-SIAM, New Orleans, LA, USA, Jan. 7–10 (2018)

    Google Scholar 

  37. Marx, D.: Parameterized graph separation problems. In: Downey, R., Fellows, M., Dehne, F. (eds.) IWPEC 2004. LNCS, vol. 3162, pp. 71–82. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28639-4_7

    Chapter  MATH  Google Scholar 

  38. Nordström, J.: New Wine into Old Wineskins: A Survey of Some Pebbling Classics with Supplemental Results (2015)

    Google Scholar 

  39. Paterson, M.S., Hewitt, C.E.: Record of the project mac conference on concurrent systems and parallel computation. Chapter Comparative Schematology, pp. 119–127. ACM, New York, NY, USA (1970)

    Google Scholar 

  40. Robertson, N., Seymour, P.D.: Graph minors. II. algorithmic aspects of tree-width. J. Algorithms 7(3), 309–322 (1986)

    Google Scholar 

  41. Spira, P.: On time-hardware complexity of tradeoffs for boolean functions. In: Proceedings of the 4th Hawaii Symposium System Sciences, pp. 525–527. North Hollywood and Western Periodicals (1971)

    Google Scholar 

  42. Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, pp. 160–164. IEEE Computer Society Press, Chicago, Illinois, Nov. 3–5 (1982)

    Google Scholar 

  43. Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: 27th Annual Symposium on Foundations of Computer Science, pp. 162–167. IEEE Computer Society Press, Toronto, Ontario, Canada, Oct. 27–29 (1986)

    Google Scholar 

Download references

Acknowledgements

We are grateful to Daniel Wichs for helpful discussions on the landscape of adaptive security of Yao’s garbling. We would also like to thank Crypto 2021 and TCC 2021 reviewers for their detailed review and suggestions, which helped improve presentation considerably.

Author information

Authors and Affiliations

  1. Tel Aviv University, Tel Aviv-Yafo, Israel

    Chethan Kamath

  2. ETH Zurich, Zurich, Switzerland

    Karen Klein

  3. IST, Klosterneuburg, Austria

    Krzysztof Pietrzak

Authors
  1. Chethan Kamath
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Karen Klein
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Krzysztof Pietrzak
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Georgetown University, Washington, WA, USA

    Kobbi Nissim

  2. The University of Texas at Austin, Austin, TX, USA

    Brent Waters

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kamath, C., Klein, K., Pietrzak, K. (2021). On Treewidth, Separators and Yao’s Garbling. In: Nissim, K., Waters, B. (eds) Theory of Cryptography. TCC 2021. Lecture Notes in Computer Science(), vol 13043. Springer, Cham. https://doi.org/10.1007/978-3-030-90453-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90453-1_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90452-4

  • Online ISBN: 978-3-030-90453-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation