The proof includes a correctness result for the construction and evaluation of garbled circuits. This is particularly interesting since checking such an implementation by hand would be very tedious and error-prone. Although we stick to the secure two-party-computation of an n-bit AND in this paper, our approach is modular, and we explain how our techniques can be applied to other functions.
To prove the security of the protocol for an honest-but-curious sender and an honest receiver, we use the framework presented by Kuesters et al. for the cryptographic verification of Java programs. As part of our work, we add oblivious transfer to the set of cryptographic primitives supported by the framework. This is a general contribution beyond our results for concrete Java code.Category / Keywords: implementation / cryptographic protocols, interactive theorem-proving, implementation-level analysis, simulation-based security Date: received 12 Aug 2014 Contact author: florian boehl at kit edu Available format(s): PDF | BibTeX Citation Version: 20140813:234846 (All versions of this report) Short URL: ia.cr/2014/618 Discussion forum: Show discussion | Start new discussion