skip to main content
10.1145/2382196.2382279acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Foundations of garbled circuits

Published: 16 October 2012 Publication History

Abstract

Garbled circuits, a classical idea rooted in the work of Yao, have long been understood as a cryptographic technique, not a cryptographic goal. Here we cull out a primitive corresponding to this technique. We call it a garbling scheme. We provide a provable-security treatment for garbling schemes, endowing them with a versatile syntax and multiple security definitions. The most basic of these, privacy, suffices for two-party secure function evaluation (SFE) and private function evaluation (PFE). Starting from a PRF, we provide an efficient garbling scheme achieving privacy and we analyze its concrete security. We next consider obliviousness and authenticity, properties needed for private and verifiable outsourcing of computation. We extend our scheme to achieve these ends. We provide highly efficient blockcipher-based instantiations of both schemes. Our treatment of garbling schemes presages more efficient garbling, more rigorous analyses, and more modularly designed higher-level protocols.

References

[1]
M. Abadi and J. Feigenbaum. Secure circuit evaluation. Journal of Cryptology, 2(1):1--12, 1990.
[2]
B. Applebaum. Key-dependent message security: Generic amplification and completeness. EUROCRYPT 2011, volume 6632 of LNCS, pages 527--546. Springer, 2011.
[3]
B. Applebaum, Y. Ishai, and E. Kushilevitz. Computationally private randomizing polynomials and their applications. Computational Complexity, 15(2):115--162, 2006.
[4]
B. Applebaum, Y. Ishai, and E. Kushilevitz. Cryptography in NC0. SIAM J. Comput., 36(4):845--888, 2006.
[5]
B. Applebaum, Y. Ishai, and E. Kushilevitz. From secrecy to soundness: Efficient verification via secure computation. ICALP 2010, Part I, volume 6198 of LNCS, pages 152--163. Springer, 2010.
[6]
B. Applebaum, Y. Ishai, and E. Kushilevitz. How to garble arithmetic circuits. 52nd FOCS, pages 120--129. IEEE Computer Society Press, 2011.
[7]
Y. Aumann and Y. Lindell. Security against covert adversaries: Efficient protocols for realistic adversaries. TCC 2007, volume 4392 of LNCS, pages 137--156. Springer, 2007.
[8]
B. Barak, I. Haitner, D. Hofheinz, and Y. Ishai. Bounded key-dependent message security. EUROCRYPT 2010, volume 6110 of LNCS, pages 423--444. Springer, 2010.
[9]
M. Barni, P. Failla, V. Kolesnikov, R. Lazzeretti, A.-R. Sadeghi, and T. Schneider. Secure evaluation of private linear branching programs with medical applications. ESORICS 2009, volume 5789 of LNCS, pages 424--439. Springer, 2009.
[10]
D. Beaver, S. Micali, and P. Rogaway. The round complexity of secure protocols. Proceedings of the twenty-second annual ACM symposium on Theory of computing, pages 503--513. ACM, 1990.
[11]
M. Bellare, V. Hoang, and P. Rogaway. Foundations of garbled circuits. Cryptology ePrint Archive, Report 2012/265, 2012.
[12]
M. Bellare and P. Rogaway. The security of triple encryption and a framework for code-based game-playing proofs. EUROCRYPT 2006, volume 4004 of LNCS, pages 409--426. Springer, 2006.
[13]
C. Cachin, J. Camenisch, J. Kilian, and J. Muller. One-round secure computation and secure autonomous mobile agents. 27th Intl. Colloquium on Automata, Languages, and Programming -- ICALP 2000, pages 512--523. Springer, 2000.
[14]
M. Chase and S. Kamara. Structured encryption and controlled disclosure. ASIACRYPT 2010, volume 6477 of LNCS, pages 577--594. Springer, 2010.
[15]
U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation (extended abstract). 26th ACM STOC, pages 554--563. ACM Press, 1994.
[16]
K. Frikken, M. Atallah, and C. Zhang. Privacy-preserving credit checking. Proceedings of the 6th ACM conference on Electronic commerce, pages 147--154. ACM, 2005.
[17]
R. Gennaro, C. Gentry, and B. Parno. Non-interactive verifiable computing: Outsourcing computation to untrusted workers. CRYPTO 2010, volume 6223 of LNCS, pages 465--482. Springer, 2010.
[18]
O. Goldreich. Cryptography and cryptographic protocols. Manuscript, 2001.
[19]
O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game, or a completeness theorem for protocols with honest majority. 19th ACM STOC, pages 218--229. ACM Press, 1987.
[20]
S. Goldwasser, Y. Kalai, and G. Rothblum. One-time programs. CRYPTO 2008, volume 5157 of LNCS, pages 39--56. Springer, 2008.
[21]
V. Goyal, P. Mohassel, and A. Smith. Efficient two party and multi party computation against covert adversaries. EUROCRYPT 2008, volume 4965 of LNCS, pages 289--306. Springer, 2008.
[22]
A. Herzberg and H. Shulman. Secure guaranteed computation. Cryptology ePrint Archive, Report 2010/449, 2010.
[23]
Y. Huang, D. Evans, J. Katz, and L. Malka. Faster secure two-party computation using garbled circuits. USENIX Security Symposium, 2011.
[24]
Y. Huang, C. Shen, D. Evans, J. Katz, and A. Shelat. Efficient secure computation with garbled circuits. ICISS, volume 7093 of Lecture Notes in Computer Science, pages 28--48. Springer, 2011.
[25]
Y. Ishai and E. Kushilevitz. Randomizing polynomials: A new representation with applications to round-efficient secure computation. 41st FOCS, pages 294--304. IEEE Computer Society Press, 2000.
[26]
Y. Ishai and E. Kushilevitz. Perfect constant-round secure computation via perfect randomizing polynomials. ICALP, volume 2380 of Lecture Notes in Computer Science, pages 244--256. Springer, 2002.
[27]
Y. Ishai, E. Kushilevitz, R. Ostrovsky, and A. Sahai. Cryptography with constant computational overhead. 40th ACM STOC, pages 433--442. ACM Press, 2008.
[28]
S. Kamara, P. Mohassel, and M. Raykova. Outsourcing multi-party computation. Cryptology ePrint report 2011/272, 2011.
[29]
S. Kamara and L. Wei. Special-purpose garbled circuits. Unpublished manuscript.
[30]
J. Katz and R. Ostrovsky. Round-optimal secure two-party computation. CRYPTO 2004, volume 3152 of LNCS, pages 335--354. Springer, 2004.
[31]
V. Kolesnikov and T. Schneider. Improved garbled circuit: Free XOR gates and applications. ICALP 2008, Part II, volume 5126 of LNCS, pages 486--498. Springer, 2008.
[32]
B. Kreuter, A. Shelat, and C. Shen. Billion-gate secure computation with malicious adversaries. Proceedings of the 21th USENIX Security Symposium (USENIX 2012), 2012.
[33]
L. Kruger, S. Jha, E. Goh, and D. Boneh. Secure function evaluation with ordered binary decision diagrams. ACM CCS 06, pages 410--420. ACM Press, 2006.
[34]
Y. Lindell and B. Pinkas. An efficient protocol for secure two-party computation in the presence of malicious adversaries. EUROCRYPT 2007, volume 4515 of LNCS, pages 52--78. Springer, 2007.
[35]
Y. Lindell and B. Pinkas. A proof of security of Yao's protocol for two-party computation. Journal of Cryptology, 22(2):161--188, 2009.
[36]
Y. Lindell and B. Pinkas. Secure two-party computation via cut-and-choose oblivious transfer. TCC 2011, volume 6597 of LNCS, pages 329--346. Springer, 2011.
[37]
D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella. Fairplay -- a secure two-party computation system. Proceedings of the 13th conference on USENIX Security Symposium-Volume 13, pages 20--20. USENIX Association, 2004.
[38]
P. Mohassel and M. Franklin. Efficiency tradeoffs for malicious two-party computation. PKC 2006, volume 3958 of LNCS, pages 458--473. Springer, 2006.
[39]
M. Naor and K. Nissim. Communication preserving protocols for secure function evaluation. 33rd ACM STOC, pages 590--599. ACM Press, 2001.
[40]
M. Naor, B. Pinkas, and R. Sumner. Privacy preserving auctions and mechanism design. Proceedings of the 1st ACM conference on Electronic commerce, pages 129--139. ACM, 1999.
[41]
A. Paus, A. Sadeghi, and T. Schneider. Practical secure evaluation of semi-private functions. ACNS 09, volume 5536 of LNCS, pages 89--106. Springer, 2009.
[42]
K. Pietrzak. A leakage-resilient mode of operation. EUROCRYPT 2009, volume 5479 of LNCS, pages 462--482. Springer, 2009.
[43]
B. Pinkas. Cryptographic techniques for privacy-preserving data mining. ACM SIGKDD Explorations Newsletter, 4(2):12--19, 2002.
[44]
B. Pinkas, T. Schneider, N. P. Smart, and S. C. Williams. Secure two-party computation is practical. ASIACRYPT 2009, volume 5912 of LNCS, pages 250--267. Springer, 2009.
[45]
P. Rogaway. The round complexity of secure protocols. MIT Ph.D. Thesis, 1991.
[46]
A. Sahai and H. Seyalioglu. Worry-free encryption: functional encryption with public keys. ACM CCS 10, pages 463--472. ACM Press, 2010.
[47]
T. Schneider. Engineering Secure Two-Party Computation Protocols -- Advances in Design, Optimization, and Applications of Efficient Secure Function Evaluation. PhD thesis, Ruhr-University Bochum, Germany, February 9, 2011. http://thomaschneider.de/papers/S11Thesis.pdf.
[48]
T. Schneider. Engineering Secure Two-Party Computation Protocols. Springer, Berlin Heidelberg, 2012.
[49]
J. R. Troncoso-Pastoriza, S. Katzenbeisser, and M. Celik. Privacy preserving error resilient dna searching through oblivious automata. ACM CCS 07, pages 519--528. ACM Press, 2007.
[50]
A. Yao. How to generate and exchange secrets. Foundations of Computer Science, 1986., 27th Annual Symposium on, pages 162--167. IEEE, 1986.
[51]
A. C. Yao. Protocols for secure computations. 23rd FOCS, pages 160--164. IEEE Computer Society Press, 1982.

Cited By

View all
  • (2024)Exponent-Inversion P-Signatures and Accountable Identity-Based Encryption from SXDHIACR Communications in Cryptology10.62056/ahsdkmp-3yOnline publication date: 7-Oct-2024
  • (2024)Constant-Round YOSO MPC Without SetupIACR Communications in Cryptology10.62056/ae5w4fe-3Online publication date: 7-Oct-2024
  • (2024)Ad Hoc Broadcast, Trace, and RevokeIACR Communications in Cryptology10.62056/a39qxrxqiOnline publication date: 8-Jul-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security
October 2012
1088 pages
ISBN:9781450316514
DOI:10.1145/2382196
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 October 2012

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. garbled circuits
  2. garbling schemes
  3. provable security
  4. secure function evaluation
  5. yao's protocol

Qualifiers

  • Research-article

Conference

CCS'12
Sponsor:
CCS'12: the ACM Conference on Computer and Communications Security
October 16 - 18, 2012
North Carolina, Raleigh, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)179
  • Downloads (Last 6 weeks)20
Reflects downloads up to 25 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Exponent-Inversion P-Signatures and Accountable Identity-Based Encryption from SXDHIACR Communications in Cryptology10.62056/ahsdkmp-3yOnline publication date: 7-Oct-2024
  • (2024)Constant-Round YOSO MPC Without SetupIACR Communications in Cryptology10.62056/ae5w4fe-3Online publication date: 7-Oct-2024
  • (2024)Ad Hoc Broadcast, Trace, and RevokeIACR Communications in Cryptology10.62056/a39qxrxqiOnline publication date: 8-Jul-2024
  • (2024)Effectiveness in Collaborative Framework for Non-Invasive in AI AlgorithmsInternational Journal of Soft Computing and Engineering10.35940/ijsce.F4517.1401032414:1(16-19)Online publication date: 30-Mar-2024
  • (2024)A Ciphertext Reduction Scheme for Garbling an S-Box in an AES Circuit with Minimal Online TimeSymmetry10.3390/sym1606066416:6(664)Online publication date: 28-May-2024
  • (2024)MUDGUARD: Taming Malicious Majorities in Federated Learning using Privacy-preserving Byzantine-robust ClusteringProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/37004228:3(1-41)Online publication date: 10-Dec-2024
  • (2024)Leakage-Resilient Circuit GarblingProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690204(780-794)Online publication date: 2-Dec-2024
  • (2024)PG: Byzantine Fault-Tolerant and Privacy-Preserving Sensor Fusion with Guaranteed Output DeliveryProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670343(3272-3286)Online publication date: 2-Dec-2024
  • (2024)Horizontal Federated Recommender System: A SurveyACM Computing Surveys10.1145/365616556:9(1-42)Online publication date: 3-Apr-2024
  • (2024)MOSAIC: A Prune-and-Assemble Approach for Efficient Model Pruning in Privacy-Preserving Deep LearningProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637680(1034-1048)Online publication date: 1-Jul-2024
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media