We design a highly optimized protocol in the offline/online setting that makes use of all state-of-the-art techniques, along with several new techniques that we introduce. A crucial part of our protocol is a new technique for enforcing consistency of the inputs used by the party who garbles the circuits. This technique has both theoretical and practical advantages over \mbox{previous methods.}
We present a prototype implementation of our new protocol, which is also the first implementation of the amortized cut-and-choose technique of Lindell and Riva (Crypto 2014). Our prototype achieves a speed of just \emph{$7$ ms in the online stage} and just $74$ ms in the offline stage per 2PC invoked, for securely computing AES in the presence of malicious adversaries (using 9 threads on two 2.9GHz machines located in the same Amazon region). We note that no prior work has gone below one second overall on average for the secure computation of AES for malicious adversaries (nor below 20ms in the online stage). Our implementation securely evaluates SHA-256 (which is a \emph{much bigger circuit}) with $33$ ms online time and $206$ ms offline time, per 2PC invoked.
Category / Keywords: cryptographic protocols / Yao, offline/online, consistency check, implementation Original Publication (with major differences): ACM CCS 2015 Date: received 12 Oct 2015, last revised 21 Jun 2016 Contact author: lindell at biu ac il Available format(s): PDF | BibTeX Citation Note: In previous versions, the bounds in Lemmas 2.3 and 2.4 were erroneously copied from [24]. This has been fixed in this version. Version: 20160621:070019 (All versions of this report) Short URL: ia.cr/2015/987