Cryptology ePrint Archive: Report 2012/564

Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing

Mihir Bellare and Viet Tung Hoang and Phillip Rogaway

Abstract: Standard constructions of garbled circuits provide only static security, meaning the input x is not allowed to depend on the garbled circuit F. But some applications—notably one-time programs (Goldwasser, Kalai, and Rothblum 2008) and secure outsourcing (Gennaro, Gentry, Parno 2010)—need adaptive security, where x may depend on F. We identify gaps in proofs from these papers with regard to adaptive security and suggest the need of a better abstraction boundary. To this end we investigate the adaptive security of garbling schemes, an abstraction of Yao’s garbled-circuit technique that we recently introduced (Bellare, Hoang, Rogaway 2012). Building on that framework, we give definitions encompassing privacy, authenticity, and obliviousness, with either coarse-grained or fine-grained adaptivity. We show how adaptively secure garbling schemes support simple solutions for one-time programs and secure outsourcing, with privacy being the goal in the first case and obliviousness and authenticity the goal in the second. We give transforms that promote static-secure garbling schemes to adaptive-secure ones. Our work advances the thesis that conceptualizing garbling schemes as a first-class cryptographic primitive can simplify, unify, or improve treatments for higher-level protocols.

Category / Keywords: adaptive adversaries, adaptive security, garbled circuits, garbling schemes, one-time programs, secure outsourcing, verifiable computing, Yao’s protocol

Date: received 2 Oct 2012, last revised 30 Jun 2013

Contact author: tvhoang at ucdavis edu

Available format(s): PDF | BibTeX Citation

Version: 20130630:181902 (All versions of this report)

Short URL: ia.cr/2012/564

Discussion forum: Show discussion | Start new discussion