Cryptology ePrint Archive: Report 2016/150

On Garbling Schemes with and without Privacy

Carsten Baum

Abstract: Garbling schemes allow to construct two-party function evaluation with security against cheating parties (SFE). To achieve this goal, one party (the Garbler) sends multiple encodings of a circuit (called Garbled Circuits) to the other party (the Evaluator) and opens a subset of these encodings, showing that they were generated honestly. For the remaining garbled circuits, the garbler sends encodings of the inputs. This allows the evaluator to compute the result of function, while the encoding ensures that no other information beyond the output is revealed. To achieve active security against a malicious adversary, the garbler in current protocols has to send O(s) circuits (where s is the statistical security parameter).

In this work we show that, for a certain class of circuits, one can reduce this overhead. We consider circuits where sub-circuits depend only on one party's input. Intuitively, one can evaluate these sub-circuits using only one circuit and privacy-free garbling. This has applications to e.g. input validation in SFE and allows to construct more efficient SFE protocols in such cases. We additionally show how to integrate our solution with the SFE protocol of Frederiksen et al. (FJN14), thus reducing the overhead even further.

Category / Keywords: Garbled Circuits, Privacy-Free Garbling

Original Publication (with minor differences): SCN 2016 (10th Conference on Security and Cryptography for Networks)

Date: received 17 Feb 2016, last revised 27 Jun 2016

Contact author: cbaum at cs au dk

Available format(s): PDF | BibTeX Citation

Note: Full version of the SCN paper.

Version: 20160627:062146 (All versions of this report)

Short URL: ia.cr/2016/150

Discussion forum: Show discussion | Start new discussion