Cryptology ePrint Archive: Report 2020/161

Pushing the Limits of Valiant's Universal Circuits: Simpler, Tighter and More Compact

Hanlin Liu and Yu Yu and Shuoyao Zhao and Jiang Zhang and Wenling Liu and Zhenkai Hu

Abstract: A universal circuit (UC) is a general-purpose circuit that can simulate arbitrary circuits (up to a certain size $n$). Valiant provides a $k$-way recursive construction of universal circuits (STOC 1976), where $k$ tunes the complexity of the recursion. More concretely, Valiant gives theoretical constructions of 2-way and 4-way UCs of asymptotic (multiplicative) sizes $5n\log n$ and $4.75 n\log n$ respectively, which matches the asymptotic lower bound $\Omega(n\log n)$ up to some constant factor.

Motivated by various privacy-preserving cryptographic applications, Kiss et al. (Eurocrypt 2016) validated the practicality of 2-way universal circuits by giving example implementations for private function evaluation. G{ΓΌ}nther et al. (Asiacrypt 2017) and Alhassan et al. (J. Cryptology 2020) implemented the 2-way/4-way hybrid UCs with various optimizations in place towards making universal circuits more practical. Zhao et al. (Asiacrypt 2019) optimized Valiant's 4-way UC to asymptotic size $4.5 n\log n$ and proved a lower bound $3.64 n\log n$ for UCs under Valiant framework. As the scale of computation goes beyond 10-million-gate ($n=10^7$) or even billion-gate level ($n=10^9$), the constant factor in circuit size plays an increasingly important role in application performance. In this work, we investigate Valiant's universal circuits and present an improved framework for constructing universal circuits with the following advantages.

[*Simplicity*] Parameterization is no longer needed. In contrast to that previous implementations resort to a hybrid construction combining $k=2$ and $k=4$ for a tradeoff between fine granularity and asymptotic size-efficiency, our construction gets the best of both worlds when configured at the lowest complexity (i.e., $k=2$).

[*Compactness*] Our universal circuits have asymptotic size $3n\log n$, improving upon the best previously known $4.5n\log n$ by 33\% and beating the $3.64n\log n$ lower bound for UCs constructed under Valiant's framework (Zhao et al., Asiacrypt 2019).

[*Tightness*] We show that under our new framework the universal circuit size is lower bounded by $2.95 n\log n$, which almost matches the $3n\log n$ circuit size of our 2-way construction.

We implement the 2-way universal circuits and evaluate its performance with other implementations, which confirms our theoretical analysis.

Category / Keywords: foundations / Universal Circuits, Private Function Evaluation, Multiparty Computation

Original Publication (with minor differences): IACR-CRYPTO-2021

Date: received 12 Feb 2020, last revised 16 Jun 2021

Contact author: yuyuathk at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20210617:033945 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]