Adaptively Secure Garbled Circuits from One-Way Functions

CRYPTO, pp. 149-178, 2016.

Cited by: 45|Views57
EI
Weibo:
We construct the first adaptively secure garbling scheme whose on-line complexity is smaller than the circuit size and which only relies on the existence of one-way functions

Abstract:

A garbling scheme is used to garble a circuit C and an input x in a way that reveals the output Cx but hides everything else. In many settings, the circuit can be garbled off-line without strict efficiency constraints, but the input must be garbled very efficiently on-line, with much lower complexity than evaluating the circuit. Yao's gar...More

Code:

Data:

0
Introduction
  • Garbled circuits have since found countless applications in diverse areas of cryptography, most notably to secure function evaluation (SFE) starting with Yao’s work, and in parallel cryptography [5,6], verifiable computation [7,16], software protection [20,22], functional encryption [19,21,30], key-dependent message security [3,9], obfuscation [4] and many others.
  • These applications rely on various efficiency/functionality properties of garbled circuits and a comprehensive study of this primitive is explored in the work of Bellare et al [12]
Highlights
  • Garbled circuits have since found countless applications in diverse areas of cryptography, most notably to secure function evaluation (SFE) starting with Yao’s work, and in parallel cryptography [5,6], verifiable computation [7,16], software protection [20,22], functional encryption [19,21,30], key-dependent message security [3,9], obfuscation [4] and many others
  • We construct the first adaptively secure garbling scheme whose on-line complexity is smaller than the circuit size and which only relies on the existence of one-way functions
  • If we think of the circuit as representing a Turing Machine or RAM computation, the width w of the circuit corresponds to the maximum of the input size n, output size m, and space complexity s of the computation, meaning that our on-line complexity is (n + m + s) · poly(λ), but otherwise independent of the run-time of the computation
  • We have shown how to achieve adaptively secure garbling schemes under oneway functions by augmenting Yao’s construction with an additional layer of somewhere-equivocal encryption
  • The on-line complexity only scales with the width w of the circuit, which corresponds to the space complexity of the computation
Results
  • The authors construct the first adaptively secure garbling scheme whose on-line complexity is smaller than the circuit size and which only relies on the existence of one-way functions.
  • The authors get a garbling scheme whose on-line complexity is w · poly(λ) where w is the width of the circuit and λ is the security parameter, but is otherwise independent of the depth d of the circuit.6.
  • The authors get a garbling scheme whose on-line complexity is w · poly(λ) where w is the width of the circuit and λ is the security parameter, but is otherwise independent of the depth d of the circuit.6 Note that, if the authors think of the circuit as representing a Turing Machine or RAM computation, the width w of the circuit corresponds to the maximum of the input size n, output size m, and space complexity s of the computation, meaning that the on-line complexity is (n + m + s) · poly(λ), but otherwise independent of the run-time of the computation
Conclusion
  • The authors have shown how to achieve adaptively secure garbling schemes under oneway functions by augmenting Yao’s construction with an additional layer of somewhere-equivocal encryption.
  • It remains as an open problem to get the optimal on-line complexity (n + m)poly(λ) which does not depend on the circuit depth or width
  • This is only known assuming the existence of indistinguishability obfuscation and it remains open to achieve the above under one-way functions or even stronger assumptions such as DDH or LWE.
  • It would be interesting to see if there is some simple-to-state standard-model security assumption that one could make on the encryption scheme used to create the garbled gates in Yao’s construction, under which one could prove that the resulting garbling scheme is adaptively secure
Summary
  • Introduction:

    Garbled circuits have since found countless applications in diverse areas of cryptography, most notably to secure function evaluation (SFE) starting with Yao’s work, and in parallel cryptography [5,6], verifiable computation [7,16], software protection [20,22], functional encryption [19,21,30], key-dependent message security [3,9], obfuscation [4] and many others.
  • These applications rely on various efficiency/functionality properties of garbled circuits and a comprehensive study of this primitive is explored in the work of Bellare et al [12]
  • Results:

    The authors construct the first adaptively secure garbling scheme whose on-line complexity is smaller than the circuit size and which only relies on the existence of one-way functions.
  • The authors get a garbling scheme whose on-line complexity is w · poly(λ) where w is the width of the circuit and λ is the security parameter, but is otherwise independent of the depth d of the circuit.6.
  • The authors get a garbling scheme whose on-line complexity is w · poly(λ) where w is the width of the circuit and λ is the security parameter, but is otherwise independent of the depth d of the circuit.6 Note that, if the authors think of the circuit as representing a Turing Machine or RAM computation, the width w of the circuit corresponds to the maximum of the input size n, output size m, and space complexity s of the computation, meaning that the on-line complexity is (n + m + s) · poly(λ), but otherwise independent of the run-time of the computation
  • Conclusion:

    The authors have shown how to achieve adaptively secure garbling schemes under oneway functions by augmenting Yao’s construction with an additional layer of somewhere-equivocal encryption.
  • It remains as an open problem to get the optimal on-line complexity (n + m)poly(λ) which does not depend on the circuit depth or width
  • This is only known assuming the existence of indistinguishability obfuscation and it remains open to achieve the above under one-way functions or even stronger assumptions such as DDH or LWE.
  • It would be interesting to see if there is some simple-to-state standard-model security assumption that one could make on the encryption scheme used to create the garbled gates in Yao’s construction, under which one could prove that the resulting garbling scheme is adaptively secure
Reference
  • Ananth, P., Brakerski, Z., Segev, G., Vaikuntanathan, V.: From selective to adaptive security in functional encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 657–677. Springer, Heidelberg (2015)
    Google ScholarLocate open access versionFindings
  • Ananth, P., Sahai, A.: Functional encryption for turing machines. Cryptology ePrint Archive, Report 2015/776 (2015). http://eprint.iacr.org/
    Findings
  • Applebaum, B.: Key-dependent message security: generic amplification and completeness. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 527– 546. Springer, Heidelberg (2011)
    Google ScholarFindings
  • Applebaum, B.: Bootstrapping obfuscators via fast pseudorandom functions. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 162– 172. Springer, Heidelberg (2014)
    Google ScholarLocate open access versionFindings
  • Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC0. In: 45th FOCS, pp. 166–175. IEEE Computer Society Press, October 2004
    Google ScholarLocate open access versionFindings
  • Applebaum, B., Ishai, Y., Kushilevitz, E.: Computationally private randomizing polynomials and their applications. In: 20th Annual IEEE Conference on Computational Complexity (CCC 2005), San Jose, CA, USA, 11–15 June 2005, pp. 260–274. IEEE Computer Society (2005)
    Google ScholarLocate open access versionFindings
  • Applebaum, B., Ishai, Y., Kushilevitz, E.: From secrecy to soundness: efficient verification via secure computation. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010. LNCS, vol. 6198, pp. 152–163. Springer, Heidelberg (2010)
    Google ScholarLocate open access versionFindings
  • Applebaum, B., Ishai, Y., Kushilevitz, E., Waters, B.: Encoding functions with constant online rate or how to compress garbled circuits keys. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 166–184. Springer, Heidelberg (2013)
    Google ScholarLocate open access versionFindings
  • Barak, B., Haitner, I., Hofheinz, D., Ishai, Y.: Bounded key-dependent message security. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 423–444.
    Google ScholarLocate open access versionFindings
  • Bellare, M., Hoang, V.T., Keelveedhi, S.: Instantiating random oracles via UCEs. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 398–415. Springer, Heidelberg (2013)
    Google ScholarLocate open access versionFindings
  • Bellare, M., Hoang, V.T., Rogaway, P.: Adaptively secure garbling with applications to one-time programs and secure outsourcing. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 134–153. Springer, Heidelberg (2012)
    Google ScholarLocate open access versionFindings
  • Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. In: ACM CCS 2012, pp. 784–796. ACM Press, October 2012
    Google ScholarLocate open access versionFindings
  • Boneh, D., Gentry, C., Gorbunov, S., Halevi, S., Nikolaenko, V., Segev, G., Vaikuntanathan, V., Vinayagamurthy, D.: Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 533–556. Springer, Heidelberg (2014)
    Google ScholarLocate open access versionFindings
  • Boyle, E., Gilboa, N., Ishai, Y.: Function secret sharing. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 337–367. Springer, Heidelberg (2015)
    Google ScholarLocate open access versionFindings
  • Garay, J.A., Wichs, D., Zhou, H.-S.: Somewhat non-committing encryption and efficient adaptively secure oblivious transfer. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 505–523. Springer, Heidelberg (2009)
    Google ScholarLocate open access versionFindings
  • Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: outsourcing computation to untrusted workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465–482.
    Google ScholarLocate open access versionFindings
  • Gilboa, N., Ishai, Y.: Distributed point functions and their applications. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 640– 658. Springer, Heidelberg (2014)
    Google ScholarLocate open access versionFindings
  • Goldreich, O., Goldwasser, S., Micali, S.: On the cryptographic applications of random functions. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 276–288. Springer, Heidelberg (1985)
    Google ScholarLocate open access versionFindings
  • Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: Reusable garbled circuits and succinct functional encryption. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) 45th ACM STOC, pp. 555–564. ACM Press, June 2013
    Google ScholarLocate open access versionFindings
  • Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-time programs. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 39–56. Springer, Heidelberg (2008)
    Google ScholarFindings
  • Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption with bounded collusions via multi-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 162–179.
    Google ScholarLocate open access versionFindings
  • Goyal, V., Ishai, Y., Sahai, A., Venkatesan, R., Wadia, A.: Founding cryptography on tamper-proof hardware tokens. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 308–326. Springer, Heidelberg (2010)
    Google ScholarLocate open access versionFindings
  • Hemenway, B., Jafargholi, Z., Ostrovsky, R., Scafuro, A., Wichs, D.: Adaptively secure garbled circuits from one-way functions. IACR Cryptology ePrint Archive 2015:1250 (2015)
    Google ScholarLocate open access versionFindings
  • Hubacek, P., Wichs, D.: On the communication complexity of secure function evaluation with long output. In: ITCS 2015, pp. 163–172. ACM, January 2015
    Google ScholarFindings
  • Ishai, Y., Kushilevitz, E.: Randomizing polynomials: a new representation with applications to round-efficient secure computation. In: 41st Annual Symposium on Foundations of Computer Science, FOCS 2000, Redondo Beach, California, USA, 12–14 November 2000, pp. 294–304 (2000)
    Google ScholarFindings
  • Ishai, Y., Kushilevitz, E.: Perfect constant-round secure computation via perfect randomizing polynomials. In: Widmayer, P., Triguero, F., Morales, R., Hennessy, M., Eidenbenz, S., Conejo, R. (eds.) ICALP 2002. LNCS, vol. 2380, pp. 244–256. Springer, Heidelberg (2002)
    Google ScholarLocate open access versionFindings
  • Lindell, Y., Pinkas, B.: A proof of security of Yao’s protocol for two-party computation. J. Cryptology 22(2), 161–188 (2009)
    Google ScholarLocate open access versionFindings
  • Lindell, Y., Riva, B.: Cut-and-choose yao-based secure computation in the online/offline and batch settings. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 476–494. Springer, Heidelberg (2014)
    Google ScholarLocate open access versionFindings
  • Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126.
    Google ScholarLocate open access versionFindings
  • Sahai, A., Seyalioglu, H.: Worry-free encryption: functional encryption with public keys. In: ACM CCS 2010, pp. 463–472. ACM Press, October 2010
    Google ScholarLocate open access versionFindings
  • Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: 23rd FOCS, pp. 160–164. IEEE Computer Society Press, November 1982
    Google ScholarLocate open access versionFindings
  • Yao, A.C.-C: How to generate and exchange secrets (extended abstract). In: 27th FOCS, pp. 162–167. IEEE Computer Society Press, October 1986
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments