Cryptology ePrint Archive: Report 2014/460

FleXOR: Flexible garbling for XOR gates that beats free-XOR

Vladimir Kolesnikov and Payman Mohassel and Mike Rosulek

Abstract: Most implementations of Yao's garbled circuit approach for 2-party secure computation use the {\em free-XOR} optimization of Kolesnikov \& Schneider (ICALP 2008). We introduce an alternative technique called {\em flexible-XOR} (fleXOR) that generalizes free-XOR and offers several advantages. First, fleXOR can be instantiated under a weaker hardness assumption on the underlying cipher/hash function (related-key security only, compared to related-key and circular security required for free-XOR) while maintaining most of the performance improvements that free-XOR offers. Alternatively, even though XOR gates are not always ``free'' in our approach, we show that the other (non-XOR) gates can be optimized more heavily than what is possible when using free-XOR. For many circuits of cryptographic interest, this can yield a significantly (over 30\%) smaller garbled circuit than any other known techniques (including free-XOR) or their combinations.

Category / Keywords: cryptographic protocols / garbled circuits

Original Publication (with major differences): IACR-CRYPTO-2014

Date: received 14 Jun 2014

Contact author: rosulekm at eecs oregonstate edu

Available format(s): PDF | BibTeX Citation

Version: 20140615:112607 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]