Paper 2013/426

Efficient Garbling from a Fixed-Key Blockcipher

Mihir Bellare, Viet Tung Hoang, Sriram Keelveedhi, and Phillip Rogaway


We advocate schemes based on fixed-key AES as the best route to highly efficient circuit-garbling. We provide such schemes making only one AES call per garbled-gate evaluation. On the theoretical side, we justify the security of these methods in the random-permutation model, where parties have access to a public random permutation. On the practical side, we provide the JustGarble system, which implements our schemes. JustGarble evaluates moderate-sized garbled-circuits at an amortized cost of 23.2 cycles per gate (7.25 nsec), far faster than any prior reported results.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. The proceedings version of this paper appears in IEEE Security and Privacy 2013. This is the full version.
Garbled circuitgarbling schememultiparty computationprotocol efficiencyrandom-permutation modelYao's protocol
Contact author(s)
tvhoang @ ucdavis edu
2013-07-02: received
Short URL
Creative Commons Attribution


      author = {Mihir Bellare and Viet Tung Hoang and Sriram Keelveedhi and Phillip Rogaway},
      title = {Efficient Garbling from a Fixed-Key Blockcipher},
      howpublished = {Cryptology ePrint Archive, Paper 2013/426},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.