How to Garble Arithmetic Circuits

Yao's garbled circuit construction transforms a boolean circuit $C:\{0,1\}^n\to\{0,1\}^m$ into a ``garbled circuit'' $\hat{C}$ along with $n$ pairs of $k$-bit keys, one for each input bit, such that $\hat{C}$ together with the $n$ keys corresponding to an input $x$ reveal $C(x)$ and no additional information about $x$. The garbled circuit construction is a central tool for constant-round secure computation and has several other applications. Motivated by these applications, we suggest an efficient arithmetic variant of Yao's original construction. Our construction transforms an arithmetic circuit $C : \Z^n\to\Z^m$ over integers from a bounded (but possibly exponential)range into a garbled circuit $\hat{C}$ along with $n$ affine functions $L_i : \Z\to \Z^k$ such that $\hat{C}$ together with the $n$ integer vectors $L_i(x_i)$ reveal $C(x)$ and no additional information about $x$. The security of our construction relies on the intractability of the learning with errors (LWE) problem.

[1]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[2]  Oded Regev,et al.  The Learning with Errors Problem (Invited Survey) , 2010, 2010 IEEE 25th Annual Conference on Computational Complexity.

[3]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[4]  Benny Applebaum,et al.  Key-Dependent Message Security: Generic Amplification and Completeness , 2011, Journal of Cryptology.

[5]  Yuval Ishai,et al.  COMPUTATIONALLY PRIVATE RANDOMIZING POLYNOMIALS AND THEIR APPLICATIONS , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[6]  Richard Cleve,et al.  Towards optimal simulations of formulas by bounded-width programs , 1990, STOC '90.

[7]  Yuval Ishai,et al.  Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials , 2002, ICALP.

[8]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[9]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[10]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[11]  Yuval Ishai,et al.  Efficient Multi-party Computation over Rings , 2003, EUROCRYPT.

[12]  Daniele Micciancio,et al.  On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem , 2009, CRYPTO.

[13]  Yuval Ishai,et al.  Randomizing polynomials: A new representation with applications to round-efficient secure computation , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[14]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.

[15]  RegevOded On lattices, learning with errors, random linear codes, and cryptography , 2009 .

[16]  Yuval Ishai,et al.  Cryptography with Constant Input Locality , 2007, Journal of Cryptology.

[17]  Rafail Ostrovsky,et al.  Round Efficiency of Multi-party Computation with a Dishonest Majority , 2003, EUROCRYPT.

[18]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[19]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[20]  Moni Naor,et al.  A Minimal Model for Secure Computation , 2002 .

[21]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[22]  Yuval Ishai,et al.  From Secrecy to Soundness: Efficient Verification via Secure Computation , 2010, ICALP.

[23]  Yuval Ishai,et al.  Secure Computation of Constant-Depth Circuits with Applications to Database Search Problems , 2005, CRYPTO.

[24]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[25]  Craig Gentry,et al.  Fully Homomorphic Encryption without Squashing Using Depth-3 Arithmetic Circuits , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[26]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[27]  Leslie G. Valiant,et al.  Completeness classes in algebra , 1979, STOC.

[28]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[29]  Yehuda Lindell,et al.  Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, Journal of Cryptology.

[30]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[31]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[32]  Yuval Ishai,et al.  Private simultaneous messages protocols with applications , 1997, Proceedings of the Fifth Israeli Symposium on Theory of Computing and Systems.

[33]  Benny Applebaum Key-Dependent Message Security: Generic Amplification and Completeness , 2011, EUROCRYPT.

[34]  Yehuda Lindell,et al.  A Proof of Yao's Protocol for Secure Two-Party Computation , 2004, Electron. Colloquium Comput. Complex..

[35]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[36]  B. V. Raghavendra Rao,et al.  Simulation of Arithmetical Circuits by Branching Programs with Preservation of Constant Width and Syntactic Multilinearity , 2009, CSR.

[37]  Yuval Ishai,et al.  Bounded Key-Dependent Message Security , 2010, IACR Cryptol. ePrint Arch..

[38]  Joe Kilian,et al.  One-Round Secure Computation and Secure Autonomous Mobile Agents , 2000, ICALP.

[39]  Yuval Ishai,et al.  Cryptography in NC0 , 2004, SIAM J. Comput..

[40]  Amit Sahai,et al.  Worry-free encryption: functional encryption with public keys , 2010, CCS '10.

[41]  Meena Mahajan,et al.  Small-Space Analogues of Valiant's Classes , 2009, FCT.

[42]  ApplebaumBenny,et al.  Cryptography in $NC^0$ , 2006 .

[43]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..