FleXOR: Flexible garbling for XOR gates that beats free-XOR

Most implementations of Yao’s garbled circuit approach for 2-party secure computation use the free-XOR optimization of Kolesnikov & Schneider (ICALP 2008). We introduce an alternative technique called flexible-XOR (fleXOR) that generalizes free-XOR and offers several advantages. First, fleXOR can be instantiated under a weaker hardness assumption on the underlying cipher/hash function (related-key security only, compared to related-key and circular security required for free-XOR) while maintaining most of the performance improvements that free-XOR offers. Alternatively, even though XOR gates are not always “free” in our approach, we show that the other (non-XOR) gates can be optimized more heavily than what is possible when using free-XOR. For many circuits of cryptographic interest, this can yield a significantly (over 30%) smaller garbled circuit than any other known techniques (including free-XOR) or their combinations.

[1]  Abhi Shelat,et al.  Two-Output Secure Computation with Malicious Adversaries , 2011, EUROCRYPT.

[2]  Vladimir Kolesnikov,et al.  Improved Secure Two-Party Computation via Information-Theoretic Garbled Circuits , 2012, SCN.

[3]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[4]  Ben Riva,et al.  Garbled Circuits Checking Garbled Circuits: More Efficient and Secure Two-Party Computation , 2013, IACR Cryptol. ePrint Arch..

[5]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[6]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[7]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[8]  Jonathan Katz,et al.  On the Security of the Free-XOR Technique , 2012, IACR Cryptol. ePrint Arch..

[9]  Jonathan Katz,et al.  Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose , 2013, CRYPTO.

[10]  Ueli Maurer,et al.  A Dynamic Tradeoff Between Active and Passive Corruptions in Secure Multi-Party Computation , 2013, IACR Cryptol. ePrint Arch..

[11]  Benny Applebaum Garbling XOR Gates "For Free" in the Standard Model , 2013, TCC.

[12]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[13]  Martin Hirt,et al.  Efficient General-Adversary Multi-Party Computation , 2013, ASIACRYPT.

[14]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[15]  Vladimir Kolesnikov Gate Evaluation Secret Sharing and Secure One-Round Two-Party Computation , 2005, ASIACRYPT.

[16]  Silvio Micali,et al.  The round complexity of secure protocols , 1990, STOC '90.

[17]  Mihir Bellare,et al.  Foundations of garbled circuits , 2012, CCS.

[18]  Yuval Ishai,et al.  Scalable Multiparty Computation with Nearly Optimal Work and Resilience , 2008, CRYPTO.

[19]  Yehuda Lindell Fast Cut-and-Choose Based Protocols for Malicious and Covert Adversaries , 2013, CRYPTO.

[20]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[21]  Vladimir Kolesnikov,et al.  Improved OT Extension for Transferring Short Secrets , 2013, CRYPTO.