Towards Practical PFE: An Efficient 2-Party Private Function Evaluation Protocol Based on Half Gates

Private function evaluation (PFE) is a special case of secure multi-party computation (MPC), where the function to be computed is known by only one party. PFE is useful in several real-life applications where an algorithm or a function itself needs to remain secret for reasons such as protecting intellectual property or security classification level. In this paper, we focus on improving 2-party PFE based on symmetric cryptographic primitives. In this respect, we look back at the seminal PFE framework presented by Mohassel and Sadeghian at Eurocrypt’13. We show how to adapt and utilize the well-known half gates garbling technique (Zahur et al., Eurocrypt’15) to their constant-round 2-party PFE scheme. Compared to their scheme, our resulting optimization significantly improves the efficiency of both the underlying Oblivious Evaluation of Extended Permutation (OEP) and secure 2-party computation (2PC) protocols, and yields a more than 40% reduction in overall communication cost (the computation time is also slightly decreased and the number of rounds remains unchanged).

[1]  Jonathan Katz,et al.  On the Security of the Free-XOR Technique , 2012, IACR Cryptol. ePrint Arch..

[2]  Vladimir Kolesnikov,et al.  A Practical Universal Circuit Construction and Secure Evaluation of Private Functions , 2008, Financial Cryptography.

[3]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[4]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[5]  Mehmet Sabir Kiraz,et al.  Highly Efficient and Reusable Private Function Evaluation with Linear Complexity , 2018, IACR Cryptol. ePrint Arch..

[6]  Tal Malkin,et al.  Garbling Gadgets for Boolean and Arithmetic Circuits , 2016, IACR Cryptol. ePrint Arch..

[7]  Seyed Saeed Sadeghian New Techniques for Private Function Evaluation , 2015 .

[8]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[9]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[10]  Thomas Schneider,et al.  More Efficient Universal Circuit Constructions , 2017, ASIACRYPT.

[11]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[12]  Vladimir Kolesnikov,et al.  FleXOR: Flexible garbling for XOR gates that beats free-XOR , 2014, IACR Cryptol. ePrint Arch..

[13]  Nigel P. Smart,et al.  Actively Secure Private Function Evaluation , 2014, ASIACRYPT.

[14]  Thomas Schneider,et al.  Practical Secure Function Evaluation , 2008, Informatiktage.

[15]  Babak Sadeghiyan,et al.  ZIDS: A Privacy-Preserving Intrusion Detection System Using Secure Two-Party Computation Protocols , 2014, Comput. J..

[16]  Payman Mohassel,et al.  How to Hide Circuits in MPC: An Efficient Framework for Private Function Evaluation , 2013, IACR Cryptol. ePrint Arch..

[17]  Leslie G. Valiant,et al.  Universal circuits (Preliminary Report) , 1976, STOC '76.

[18]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[19]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[20]  Jonathan Katz,et al.  Constant-Round Private Function Evaluation with Linear Complexity , 2011, ASIACRYPT.

[21]  Yongge Wang,et al.  Reducing Garbled Circuit Size While Preserving Circuit Gate Privacy , 2017, IACR Cryptol. ePrint Arch..

[22]  Vladimir Kolesnikov,et al.  Improved OT Extension for Transferring Short Secrets , 2013, CRYPTO.

[23]  Abraham Waksman,et al.  A Permutation Network , 1968, JACM.

[24]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[25]  Mihir Bellare,et al.  Foundations of garbled circuits , 2012, CCS.

[26]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[27]  Angelos D. Keromytis,et al.  Blind Seer: A Scalable Private DBMS , 2014, 2014 IEEE Symposium on Security and Privacy.

[28]  Ahmad-Reza Sadeghi,et al.  Practical Secure Evaluation of Semi-Private Functions , 2009, IACR Cryptol. ePrint Arch..

[29]  Yehuda Lindell,et al.  More efficient oblivious transfer and extensions for faster secure computation , 2013, CCS.

[30]  Ahmad-Reza Sadeghi,et al.  Generalized Universal Circuits for Secure Evaluation of Private Functions with Application to Data Classification , 2009, IACR Cryptol. ePrint Arch..

[31]  Payman Mohassel,et al.  Valiant's Universal Circuit: Improvements, Implementation, and Applications , 2016, IACR Cryptol. ePrint Arch..

[32]  Thomas Schneider,et al.  Valiant's Universal Circuit is Practical , 2016, EUROCRYPT.

[33]  Ahmad-Reza Sadeghi,et al.  Secure Evaluation of Private Linear Branching Programs with Medical Applications , 2009, ESORICS.

[34]  David Evans,et al.  Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates , 2015, EUROCRYPT.

[35]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[36]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[37]  Mikhail J. Atallah,et al.  Privacy-preserving credit checking , 2005, EC '05.

[38]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.