Cryptology ePrint Archive: Report 2017/947

Actively Secure Garbled Circuits with Constant Communication Overhead in the Plain Model

Carmit Hazay and Yuval Ishai and Muthuramakrishnan Venkitasubramaniam

Abstract: We consider the problem of constant-round secure two-party computation in the presence of active (malicious) adversaries. We present the first protocol that has only a constant multiplicative communication overhead compared to Yao's protocol for passive adversaries and can be implemented in the plain model by only making a black-box use of (parallel) oblivious transfer and a pseudo-random generator. This improves over the polylogarithmic overhead of the previous best protocol. A similar result could previously be obtained only in an amortized setting, using preprocessing, or by assuming bit-oblivious-transfer as an ideal primitive that has a constant cost.

We present two variants of this result, one which is aimed at minimizing the number of oblivious transfers and another which is aimed at optimizing concrete efficiency. Our protocols are based on a novel combination of previous techniques together with a new efficient protocol to certify that pairs of strings transmitted via oblivious transfer satisfy a global relation. The communication complexity of the second variant of our protocol can beat the best previous protocols even for realistic values of the circuit size and the security parameter. This variant is particularly attractive in the offline-online setting, where the online cost is dominated by a single evaluation of an authenticated garbled circuit, and can also be made non-interactive using the Fiat-Shamir heuristic.

Category / Keywords:

Original Publication (in the same form): IACR-TCC-2017

Date: received 27 Sep 2017

Contact author: muthuv at cs rochester edu,Carmit Hazay@biu ac il, yuvali@cs technion ac il

Available format(s): PDF | BibTeX Citation

Version: 20170927:141032 (All versions of this report)

Short URL: ia.cr/2017/947

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]