Fast cut-and-choose based protocols for malicious and covert adversaries

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

101 Scopus citations

Abstract

In the setting of secure two-party computation, two parties wish to securely compute a joint function of their private inputs, while revealing only the output. One of the primary techniques for achieving efficient secure two-party computation is that of Yao's garbled circuits (FOCS 1986). In the semi-honest model, where just one garbled circuit is constructed and evaluated, Yao's protocol has proven itself to be very efficient. However, a malicious adversary who constructs the garbled circuit may construct a garbling of a different circuit computing a different function, and this cannot be detected (due to the garbling). In order to solve this problem, many circuits are sent and some of them are opened to check that they are correct while the others are evaluated. This methodology, called cut-and-choose, introduces significant overhead, both in computation and in communication, and is mainly due to the number of circuits that must be used in order to prevent cheating. In this paper, we present a cut-and-choose protocol for secure computation based on garbled circuits, with security in the presence of malicious adversaries, that vastly improves on all previous protocols of this type. Concretely, for a cheating probability of at most 2-40, the best previous works send between 125 and 128 circuits. In contrast, in our protocol 40 circuits alone suffice (with some additional overhead). Asymptotically, we achieve a cheating probability of 2-s where s is the number of garbled circuits, in contrast to the previous best of 2-0.32s. We achieve this by introducing a new cut-and-choose methodology with the property that in order to cheat, all of the evaluated circuits must be incorrect, and not just the majority as in previous works.

Original languageEnglish
Title of host publicationAdvances in Cryptology, CRYPTO 2013 - 33rd Annual Cryptology Conference, Proceedings
Pages1-17
Number of pages17
EditionPART 2
DOIs
StatePublished - 2013
Event33rd Annual International Cryptology Conference, CRYPTO 2013 - Santa Barbara, CA, United States
Duration: 18 Aug 201322 Aug 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 2
Volume8043 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference33rd Annual International Cryptology Conference, CRYPTO 2013
Country/TerritoryUnited States
CitySanta Barbara, CA
Period18/08/1322/08/13

Bibliographical note

Funding Information:
This work was funded by the European Research Council under the European Union’s Seventh Framework Programme (FP/2007-2013) / ERC Grant Agreement n. 239868.

Fingerprint

Dive into the research topics of 'Fast cut-and-choose based protocols for malicious and covert adversaries'. Together they form a unique fingerprint.

Cite this