Actively secure garbled circuits with constant communication overhead in the plain model

Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

11 Scopus citations

Abstract

We consider the problem of constant-round secure two-party computation in the presence of active(malicious) adversaries. We present the first protocol that has only a constant multiplicative communication overhead compared to Yao’s protocol for passive adversaries and can be implemented in the plain model by only making a black-box use of(parallel) oblivious transfer and a pseudo-random generator. This improves over the polylogarithmic overhead of the previous best protocol. A similar result could previously be obtained only in an amortized setting, using preprocessing, or by assuming bit-oblivious-transfer as an ideal primitive that has a constant cost. We present two variants of this result, one which is aimed at minimizing the number of oblivious transfers and another which is aimed at optimizing concrete efficiency. Our protocols are based on a novel combination of previous techniques together with a new efficient protocol to certify that pairs of strings transmitted via oblivious transfer satisfy a global relation. The communication complexity of the second variant of our protocol can beat the best previous protocols even for realistic values of the circuit size and the security parameter. This variant is particularly attractive in the offline-online setting, where the online cost is dominated by a single evaluation of an authenticated garbled circuit, and can also be made non-interactive using the Fiat-Shamir heuristic.

Original languageEnglish
Title of host publicationTheory of Cryptography - 15th International Conference, TCC 2017, Proceedings
EditorsYael Kalai, Leonid Reyzin
PublisherSpringer Verlag
Pages3-39
Number of pages37
ISBN (Print)9783319705026
DOIs
StatePublished - 2017
Event15th International Conference on Theory of Cryptography, TCC 2017 - Baltimore, United States
Duration: 12 Nov 201715 Nov 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10678 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference15th International Conference on Theory of Cryptography, TCC 2017
Country/TerritoryUnited States
CityBaltimore
Period12/11/1715/11/17

Bibliographical note

Funding Information:
The first author was supported by the European Research Council under the ERC consolidators grant agreement n. 615172 (HIPS), and by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel 11As discussed in [20], the multiple evaluation setting is subject to selective failure attacks when the sender can learn the receiver’s output in each evaluation.

Funding Information:
National Cyber Bureau in the Prime Minister’s Office. The second author was supported by a DARPA/ARL SAFEWARE award, DARPA Brandeis program under Contract N66001-15-C-4065, NSF Frontier Award 1413955, NSF grants 1619348, 1228984, 1136174, and 1065276, ERC grant 742754, NSF-BSF grant 2015782, ISF grant 1709/14, BSF grant 2012378, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through the ARL under Contract W911NF-15-C-0205. The views expressed are those of the authors and do not reflect the official policy or position of Google, the Department of Defense, the National Science Foundation, or the U.S. Government. The third author was supported by Google Faculty Research Grant and NSF Awards CNS-1526377 and CNS-1618884.

Publisher Copyright:
© 2017, International Association for Cryptologic Research.

Fingerprint

Dive into the research topics of 'Actively secure garbled circuits with constant communication overhead in the plain model'. Together they form a unique fingerprint.

Cite this