Paper 2025/245

Silent Circuit Relinearisation: Sublinear-Size (Boolean and Arithmetic) Garbled Circuits from DCR

Abstract

We introduce a general template for building garbled circuits with low communication, under the decisional composite residuosity (DCR) assumption. For the case of layered Boolean circuits, we can garble a circuit of size $s$ with communication proportional to $O(s/\log \log s)$ bits, plus an additive factor that is polynomial in the security parameter. For layered arithmetic circuits with $$-bounded integer computation, we obtain a similar result: the garbled arithmetic circuit has size $$ bits, where $$ is the security parameter. These are the first constructions of general-purpose, garbled circuits with sublinear size, without relying on heavy tools like indistinguishability obfuscation or attribute-based and fully homomorphic encryption. To achieve these results, our main technical tool is a new construction of a form of homomorphic secret sharing where some of the inputs are semi-private, that is, known to one of the evaluating parties. Through a new relinearisation technique that allows performing arbitrary additions and multiplications on semi-private shares, we build such an HSS scheme that supports evaluating any function of the form $$, where $$ is any polynomially-sized circuit applied to the semi-private input $$, and $$ is a restricted-multiplication (or, NC1) circuit applied to the private input $$. This significantly broadens the expressiveness of prior known HSS constructions.