Privacy-Free Garbled Circuits with Applications To Efficient Zero-Knowledge

In the last few years garbled circuits (GC) have been elevated from being merely a component in Yao’s protocol for secure two-party computation, to a cryptographic primitive in its own right, following the growing number of applications that use GCs. Zero-Knowledge (ZK) protocols is one of these examples: In a recent paper Jawurek et al. [JKO13] showed that GCs can be used to construct efficient ZK proofs for unstructured languages. In this work we show that due to the property of this particular scenario (i.e., one of the parties knows all the secret input bits, and therefore all intermediate values in the computation), we can construct more efficient garbling schemes specifically tailored to this goal. As a highlight of our result, in one of our constructions only one ciphertext per gate needs to be communicated and XOR gates never require any cryptographic operations. In addition to making a step forward towards more practical ZK, we believe that our contribution is also interesting from a conceptual point of view: in the terminology of Bellare et al. [BHR12] our garbling schemes achieve authenticity, but no privacy nor obliviousness, therefore representing the first natural separation between those notions.

[1]  Vladimir Kolesnikov,et al.  FleXOR: Flexible garbling for XOR gates that beats free-XOR , 2014, IACR Cryptol. ePrint Arch..

[2]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[3]  Joan Boyar,et al.  A Small Depth-16 Circuit for the AES S-Box , 2012, SEC.

[4]  Lei Wei,et al.  Garbled Circuits via Structured Encryption , 2013, Financial Cryptography Workshops.

[5]  Claudio Orlandi,et al.  LEGO for Two-Party Secure Computation , 2009, TCC.

[6]  Yuval Ishai,et al.  Bounded Key-Dependent Message Security , 2010, IACR Cryptol. ePrint Arch..

[7]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[8]  Rafail Ostrovsky,et al.  How to Garble RAM Programs , 2013, EUROCRYPT.

[9]  Vladimir Kolesnikov Gate Evaluation Secret Sharing and Secure One-Round Two-Party Computation , 2005, ASIACRYPT.

[10]  Rafail Ostrovsky,et al.  Garbled RAM Revisited , 2014, EUROCRYPT.

[11]  Yael Tauman Kalai,et al.  Reusable garbled circuits and succinct functional encryption , 2013, STOC '13.

[12]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[13]  David Evans,et al.  Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates , 2015, EUROCRYPT.

[14]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[15]  Yuval Ishai,et al.  Partial Garbling Schemes and Their Applications , 2014, ICALP.

[16]  Amit Sahai,et al.  Worry-free encryption: functional encryption with public keys , 2010, CCS '10.

[17]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[18]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[19]  Mihir Bellare,et al.  Foundations of garbled circuits , 2012, CCS.

[20]  Brent Waters,et al.  Encoding Functions with Constant Online Rate or How to Compress Garbled Circuits Keys , 2013, CRYPTO.

[21]  Craig Gentry,et al.  How to Compress (Reusable) Garbled Circuits , 2013, IACR Cryptol. ePrint Arch..

[22]  Magnus Find On the Complexity of Computing Two Nonlinearity Measures , 2014, CSR.

[23]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[24]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[25]  Claudio Orlandi,et al.  MiniLEGO: Efficient Secure Two-Party Computation from General Assumptions , 2013, EUROCRYPT.

[26]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[27]  Mihir Bellare,et al.  Efficient Garbling from a Fixed-Key Blockcipher , 2013, 2013 IEEE Symposium on Security and Privacy.

[28]  Vladimir Kolesnikov,et al.  Improved Secure Two-Party Computation via Information-Theoretic Garbled Circuits , 2012, SCN.

[29]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System (Awarded Best Student Paper!) , 2004 .

[30]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[31]  Florian Kerschbaum,et al.  Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently , 2013, IACR Cryptol. ePrint Arch..

[32]  Yuval Ishai,et al.  Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials , 2002, ICALP.

[33]  Yuval Ishai,et al.  How to Garble Arithmetic Circuits , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.