On Treewidth, Separators and Yao's Garbling

We show that Yao’s garbling scheme is adaptively indistinguishable for the class of Boolean circuits of size S and treewidth w with only a S loss in security. For instance, circuits with constant treewidth are as a result adaptively indistinguishable with only a polynomial loss. This (partially) complements a negative result of Applebaum et al. (Crypto 2013), which showed (assuming one-way functions) that Yao’s garbling scheme cannot be adaptively simulatable. As main technical contributions, we introduce a new pebble game that abstracts out our security reduction and then present a pebbling strategy for this game where the number of pebbles used is roughly O(δw log(S)), δ being the fan-out of the circuit. The design of the strategy relies on separators, a graph-theoretic notion with connections to circuit complexity.

[1]  Uriel Feige,et al.  Finding small balanced separators , 2006, STOC '06.

[2]  Mihir Bellare,et al.  Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing , 2012, ASIACRYPT.

[3]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[4]  Ilan Komargodski,et al.  Be Adaptive, Avoid Overcommitting , 2017, CRYPTO.

[5]  Charles H. Bennett Time/Space Trade-Offs for Reversible Computation , 1989, SIAM J. Comput..

[6]  Jakob Nordstr,et al.  New Wine into Old Wineskins: A Survey of Some Pebbling Classics with Supplemental Results , 2015 .

[7]  Fuyuki Kitagawa,et al.  Adaptively Secure and Succinct Functional Encryption: Improving Security and Efficiency, Simultaneously , 2019, IACR Cryptol. ePrint Arch..

[8]  Daniel Wichs,et al.  Limits on the Adaptive Security of Yao's Garbling , 2021, IACR Cryptol. ePrint Arch..

[9]  Hans L. Bodlaender,et al.  A Tourist Guide through Treewidth , 1993, Acta Cybern..

[10]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[11]  Brent Waters,et al.  Encoding Functions with Constant Online Rate or How to Compress Garbled Circuits Keys , 2013, CRYPTO.

[12]  Joseph Naor,et al.  Fast approximate graph partitioning algorithms , 1997, SODA '97.

[13]  Anna Gál,et al.  A generalization of Spira's theorem and circuits with small segregators or separators , 2013, Inf. Comput..

[14]  Alan T. Sherman,et al.  A Note on Bennett's Time-Space Tradeoff for Reversible Computation , 1990, SIAM J. Comput..

[15]  James R. Lee,et al.  Improved approximation algorithms for minimum-weight vertex separators , 2005, STOC '05.

[16]  Paul D. Seymour,et al.  Graph Minors. II. Algorithmic Aspects of Tree-Width , 1986, J. Algorithms.

[17]  Stephen A. Cook,et al.  Storage requirements for deterministic / polynomial time recognizable languages , 1974, STOC '74.

[18]  Hans L. Bodlaender,et al.  NC-Algorithms for Graphs with Small Treewidth , 1988, WG.

[19]  Sanjam Garg,et al.  Adaptively Secure Garbling with Near Optimal Online Complexity , 2018, IACR Cryptol. ePrint Arch..

[20]  Daniel Wichs,et al.  Adaptive Security of Yao's Garbled Circuits , 2016, TCC.

[21]  Robert E. Tarjan,et al.  Applications of a planar separator theorem , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[22]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[23]  Peter Bro Miltersen,et al.  On Pseudorandom Generators in NC , 2001, MFCS.

[24]  R. Tarjan,et al.  A Separator Theorem for Planar Graphs , 1977 .

[25]  Prabhanjan Vijendra Ananth,et al.  Succinct Garbling Schemes from Functional Encryption through a Local Simulation Paradigm , 2018, IACR Cryptol. ePrint Arch..

[26]  Michael Alekhnovich,et al.  Satisfiability, Branch-Width and Tseitin tautologies , 2011, computational complexity.

[27]  Moni Naor,et al.  Efficient cryptographic schemes provably as secure as subset sum , 2004, Journal of Cryptology.

[28]  Rafail Ostrovsky,et al.  Adaptively Secure Garbled Circuits from One-Way Functions , 2016, CRYPTO.

[29]  Jayalal Sarma,et al.  Balancing Bounded Treewidth Circuits , 2013, Theory of Computing Systems.

[30]  Pavel Pudlák,et al.  Beating Brute Force for (Quantified) Satisfiability of Circuits of Bounded Treewidth , 2018, SODA.

[31]  Craig Gentry,et al.  Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits , 2014, EUROCRYPT.

[32]  Daniel Wichs,et al.  Adaptively Indistinguishable Garbled Circuits , 2017, TCC.

[33]  Curt Jones,et al.  Finding Good Approximate Vertex and Edge Partitions is NP-Hard , 1992, Inf. Process. Lett..

[34]  Dániel Marx Parameterized Graph Separation Problems , 2004, IWPEC.

[35]  Rahul Santhanam,et al.  On separators, segregators and time versus space , 2001, Proceedings 16th Annual IEEE Conference on Computational Complexity.

[36]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[37]  Hans L. Bodlaender,et al.  A Partial k-Arboretum of Graphs with Bounded Treewidth , 1998, Theor. Comput. Sci..

[38]  Sabine Oechsner,et al.  Adaptive Security of Practical Garbling Schemes , 2019, IACR Cryptol. ePrint Arch..

[39]  Richard P. Brent,et al.  The Parallel Evaluation of General Arithmetic Expressions , 1974, JACM.

[40]  Mihir Bellare,et al.  Foundations of garbled circuits , 2012, CCS.

[41]  Periklis A. Papakonstantinou,et al.  Width-parameterized SAT: Time-Space Tradeoffs , 2011, ArXiv.

[42]  Jack B. Dennis Record of the Project MAC conference on concurrent systems and parallel computation , 1970 .

[43]  Mihir Bellare,et al.  Instantiating Random Oracles via UCEs , 2013, IACR Cryptol. ePrint Arch..

[44]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.