[Resource Topic] 2018/789: Free IF: How to Omit Inactive Branches and Implement S-Universal Garbled Circuit (Almost) for Free

Resource No category
#1

Welcome to the resource topic for 2018/789

Title:
Free IF: How to Omit Inactive Branches and Implement S-Universal Garbled Circuit (Almost) for Free

Authors: Vladimir Kolesnikov

Abstract:

Two-party Secure Function Evaluation (SFE) allows two parties to evaluate a function known to both parties on their private inputs. In some settings, the input of one of the parties is the definition of the computed function, and requires protection as well. The standard solution for SFE of private functions (PF-SFE) is to rely on Universal Circuits (UC), which can be programmed to implement any circuit of size s. Recent UC optimizations report the cost of UC for s-gate Boolean circuits is \approx 5s log s. Instead, we consider garbling that allows evaluating one of a given set S of circuits. We show how to evaluate one of the circuits in S at the communication cost comparable to that of evaluating the largest circuit in S. In other words, we show how to omit generating and sending inactive GC branches. Our main insight is that a garbled circuit is just a collection of garbled tables, and as such can be reused to emulate the throw-away computation of an inactive execution branch without revealing to the Evaluator whether it evaluates active or inactive branch. This cannot be proven within the standard BHR garbled circuits framework because the function description is inseparable from the garbling by denition. We carefully extend BHR in a general way, introducing topology-decoupling circuit garbling. We preserve all existing constructions and proofs of the BHR framework, while allowing this and other future constructions which may treat garbled tables separately from function description. Our construction is presented in the semi-honest model.

ePrint: https://eprint.iacr.org/2018/789

Slides: https://asiacrypt.iacr.org/2018/files/SLIDES/WEDNESDAY/P514/1315-1520/kolesnikov.pdf

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .