On the Adaptive Security of Free-XOR-Based Garbling Schemes in the Plain Model

Anasuya Acharya; Karen Azari; Chethan Kamath

doi:10.1007/978-3-031-91095-1_8

On the Adaptive Security of Free-XOR-Based Garbling Schemes in the Plain Model

Anasuya Acharya, Karen Azari, Chethan Kamath

Bar-Ilan University - The Alexander Kofkin Faculty of Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

A Garbling Scheme is a fundamental cryptographic primitive, with numerous theoretical and practical applications. Since its inception by Yao (FOCS’82, ’86), optimizing the communication and computation complexities of securely garbling circuits has been an area of active research. One such optimization, and perhaps the most fundamental, is the ‘Free-XOR’ technique (Kolesnikov and Schneider, ICALP’08) which allows XOR gates in a function garbling to not require representation, and therefore communication. Since then, several works have designed and analysed the security of schemes that adopt the Free-XOR optimisation. In particular: (1) Applebaum (JoC’16) proved that this can be securely instantiated assuming symmetric-key encryption satisfying a notion called RK-KDM security; and (2) Zahur, Rosulek and Evans (Eurocrypt’15) proposed the so-called ‘Half Gates’ scheme, and proved that it can be instantiated assuming hash functions satisfying a notion called CCR security. Although both schemes have been proven selectively secure, prior work leaves it open to analyze whether they satisfy a stronger security notion – adaptive security – in the plain model. In this work, we formally show that the selective security of these two schemes cannot be lifted to adaptive security under the same assumptions. To establish these barriers, we adopt techniques from the work of Kamath et al. (Crypto’21), who proved similar negative results for Yao’s garbling. We use that as a starting point and introduce new techniques tailored towards addressing Free-XOR-based schemes.

Original language	English
Title of host publication	Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2025, Proceedings
Editors	Serge Fehr, Pierre-Alain Fouque
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	214-244
Number of pages	31
ISBN (Print)	9783031910944
DOIs	https://doi.org/10.1007/978-3-031-91095-1_8
State	Published - 2025
Event	44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2025 - Madrid, Spain Duration: 4 May 2025 → 8 May 2025

Publication series

Name	Lecture Notes in Computer Science
Volume	15606 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2025
Country/Territory	Spain
City	Madrid
Period	4/05/25 → 8/05/25

Bibliographical note

Publisher Copyright:
© International Association for Cryptologic Research 2025.

Keywords

Adaptive Security
Feasibility Lower Bounds
Free-XOR
Garbling

Access to Document

10.1007/978-3-031-91095-1_8

Cite this

Acharya, A., Azari, K., & Kamath, C. (2025). On the Adaptive Security of Free-XOR-Based Garbling Schemes in the Plain Model. In S. Fehr, & P.-A. Fouque (Eds.), Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2025, Proceedings (pp. 214-244). (Lecture Notes in Computer Science; Vol. 15606 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-91095-1_8

Acharya, Anasuya ; Azari, Karen ; Kamath, Chethan. / On the Adaptive Security of Free-XOR-Based Garbling Schemes in the Plain Model. Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2025, Proceedings. editor / Serge Fehr ; Pierre-Alain Fouque. Springer Science and Business Media Deutschland GmbH, 2025. pp. 214-244 (Lecture Notes in Computer Science).

@inproceedings{9a3833049e944f5b823eac24db9ab198,

title = "On the Adaptive Security of Free-XOR-Based Garbling Schemes in the Plain Model",

abstract = "A Garbling Scheme is a fundamental cryptographic primitive, with numerous theoretical and practical applications. Since its inception by Yao (FOCS{\textquoteright}82, {\textquoteright}86), optimizing the communication and computation complexities of securely garbling circuits has been an area of active research. One such optimization, and perhaps the most fundamental, is the {\textquoteleft}Free-XOR{\textquoteright} technique (Kolesnikov and Schneider, ICALP{\textquoteright}08) which allows XOR gates in a function garbling to not require representation, and therefore communication. Since then, several works have designed and analysed the security of schemes that adopt the Free-XOR optimisation. In particular: (1) Applebaum (JoC{\textquoteright}16) proved that this can be securely instantiated assuming symmetric-key encryption satisfying a notion called RK-KDM security; and (2) Zahur, Rosulek and Evans (Eurocrypt{\textquoteright}15) proposed the so-called {\textquoteleft}Half Gates{\textquoteright} scheme, and proved that it can be instantiated assuming hash functions satisfying a notion called CCR security. Although both schemes have been proven selectively secure, prior work leaves it open to analyze whether they satisfy a stronger security notion – adaptive security – in the plain model. In this work, we formally show that the selective security of these two schemes cannot be lifted to adaptive security under the same assumptions. To establish these barriers, we adopt techniques from the work of Kamath et al. (Crypto{\textquoteright}21), who proved similar negative results for Yao{\textquoteright}s garbling. We use that as a starting point and introduce new techniques tailored towards addressing Free-XOR-based schemes.",

keywords = "Adaptive Security, Feasibility Lower Bounds, Free-XOR, Garbling",

author = "Anasuya Acharya and Karen Azari and Chethan Kamath",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2025.; 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2025 ; Conference date: 04-05-2025 Through 08-05-2025",

year = "2025",

doi = "10.1007/978-3-031-91095-1_8",

language = "אנגלית",

isbn = "9783031910944",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "214--244",

editor = "Serge Fehr and Pierre-Alain Fouque",

booktitle = "Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2025, Proceedings",

address = "גרמניה",

}

Acharya, A, Azari, K & Kamath, C 2025, On the Adaptive Security of Free-XOR-Based Garbling Schemes in the Plain Model. in S Fehr & P-A Fouque (eds), Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2025, Proceedings. Lecture Notes in Computer Science, vol. 15606 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 214-244, 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2025, Madrid, Spain, 4/05/25. https://doi.org/10.1007/978-3-031-91095-1_8

On the Adaptive Security of Free-XOR-Based Garbling Schemes in the Plain Model. / Acharya, Anasuya; Azari, Karen; Kamath, Chethan.
Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2025, Proceedings. ed. / Serge Fehr; Pierre-Alain Fouque. Springer Science and Business Media Deutschland GmbH, 2025. p. 214-244 (Lecture Notes in Computer Science; Vol. 15606 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On the Adaptive Security of Free-XOR-Based Garbling Schemes in the Plain Model

AU - Acharya, Anasuya

AU - Azari, Karen

AU - Kamath, Chethan

N1 - Publisher Copyright: © International Association for Cryptologic Research 2025.

PY - 2025

Y1 - 2025

N2 - A Garbling Scheme is a fundamental cryptographic primitive, with numerous theoretical and practical applications. Since its inception by Yao (FOCS’82, ’86), optimizing the communication and computation complexities of securely garbling circuits has been an area of active research. One such optimization, and perhaps the most fundamental, is the ‘Free-XOR’ technique (Kolesnikov and Schneider, ICALP’08) which allows XOR gates in a function garbling to not require representation, and therefore communication. Since then, several works have designed and analysed the security of schemes that adopt the Free-XOR optimisation. In particular: (1) Applebaum (JoC’16) proved that this can be securely instantiated assuming symmetric-key encryption satisfying a notion called RK-KDM security; and (2) Zahur, Rosulek and Evans (Eurocrypt’15) proposed the so-called ‘Half Gates’ scheme, and proved that it can be instantiated assuming hash functions satisfying a notion called CCR security. Although both schemes have been proven selectively secure, prior work leaves it open to analyze whether they satisfy a stronger security notion – adaptive security – in the plain model. In this work, we formally show that the selective security of these two schemes cannot be lifted to adaptive security under the same assumptions. To establish these barriers, we adopt techniques from the work of Kamath et al. (Crypto’21), who proved similar negative results for Yao’s garbling. We use that as a starting point and introduce new techniques tailored towards addressing Free-XOR-based schemes.

AB - A Garbling Scheme is a fundamental cryptographic primitive, with numerous theoretical and practical applications. Since its inception by Yao (FOCS’82, ’86), optimizing the communication and computation complexities of securely garbling circuits has been an area of active research. One such optimization, and perhaps the most fundamental, is the ‘Free-XOR’ technique (Kolesnikov and Schneider, ICALP’08) which allows XOR gates in a function garbling to not require representation, and therefore communication. Since then, several works have designed and analysed the security of schemes that adopt the Free-XOR optimisation. In particular: (1) Applebaum (JoC’16) proved that this can be securely instantiated assuming symmetric-key encryption satisfying a notion called RK-KDM security; and (2) Zahur, Rosulek and Evans (Eurocrypt’15) proposed the so-called ‘Half Gates’ scheme, and proved that it can be instantiated assuming hash functions satisfying a notion called CCR security. Although both schemes have been proven selectively secure, prior work leaves it open to analyze whether they satisfy a stronger security notion – adaptive security – in the plain model. In this work, we formally show that the selective security of these two schemes cannot be lifted to adaptive security under the same assumptions. To establish these barriers, we adopt techniques from the work of Kamath et al. (Crypto’21), who proved similar negative results for Yao’s garbling. We use that as a starting point and introduce new techniques tailored towards addressing Free-XOR-based schemes.

KW - Adaptive Security

KW - Feasibility Lower Bounds

KW - Free-XOR

KW - Garbling

UR - http://www.scopus.com/inward/record.url?scp=105004254654&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-91095-1_8

DO - 10.1007/978-3-031-91095-1_8

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:105004254654

SN - 9783031910944

T3 - Lecture Notes in Computer Science

SP - 214

EP - 244

BT - Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2025, Proceedings

A2 - Fehr, Serge

A2 - Fouque, Pierre-Alain

PB - Springer Science and Business Media Deutschland GmbH

T2 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2025

Y2 - 4 May 2025 through 8 May 2025

ER -

Acharya A, Azari K, Kamath C. On the Adaptive Security of Free-XOR-Based Garbling Schemes in the Plain Model. In Fehr S, Fouque PA, editors, Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2025, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 214-244. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-91095-1_8