## Cryptology ePrint Archive: Report 2017/798

More Efficient Universal Circuit Constructions

Daniel Günther and Ágnes Kiss and Thomas Schneider

Abstract: A universal circuit (UC) can be programmed to simulate any circuit up to a given size $n$ by specifying its program bits. UCs have several applications, including private function evaluation (PFE). The asymptotical lower bound for the size of a UC is proven to be $\Omega(n\log n)$. In fact, Valiant (STOC'76) provided two theoretical UC constructions using so-called 2-way and 4-way constructions, with sizes $5n\log_2n$ and $4.75n\log_2n$, respectively. The 2-way UC has recently been brought into practice in concurrent and independent results by Kiss and Schneider (EUROCRYPT'16) and Lipmaa et al. (Eprint 2016/017). Moreover, the latter work generalized Valiant's construction to any $k$-way UC.

In this paper, we revisit Valiant's UC constructions and the recent results, and provide a modular and generic embedding algorithm for any $k$-way UC. Furthermore, we discuss the possibility for a more efficient UC based on a 3-way recursive strategy. We show with a counterexample that even though it is a promising approach, the 3-way UC does not yield an asymptotically better result than the 4-way UC. We propose a hybrid approach that combines the 2-way with the 4-way UC in order to minimize the size of the resulting UC. We elaborate on the concrete size and depth of all discussed UC constructions and show that our hybrid UC yields on average 3.65% improvement in size over the 2-way UC. We implement the 4-way UC in a modular manner based on our proposed embedding algorithm, and show that our methods for programming the UC can be generalized for any $k$-way construction.

Category / Keywords: cryptographic protocols / Universal circuit, private function evaluation, function hiding

Original Publication (with minor differences): IACR-ASIACRYPT-2017