ePrints@IIScePrints@IISc Home | About | Browse | Latest Additions | Advanced Search | Contact | Help

Privacy-Free Garbled Circuits for Formulas: Size Zero and Information-Theoretic

Kondi, Yashvanth and Patra, Arpita (2017) Privacy-Free Garbled Circuits for Formulas: Size Zero and Information-Theoretic. In: 37th Annual International Cryptology Conference (Crypto), AUG 20-24, 2017, Univ Calif, Santa Barbara, CA, pp. 188-222.

Full text not available from this repository. (Request a copy)
Official URL: https://dx.doi.org/10.1007/978-3-319-63688-7_7

Abstract

Garbled circuits are of central importance in cryptography, finding widespread application in secure computation, zero-knowledge (ZK) protocols, and verifiable outsourcing of computation to name a few. We are interested in a particular kind of garbling scheme, termed privacy-free in the literature. We show that Boolean formulas can be garbled information-theoretically in the privacy-free setting, producing no ciphertexts at all. Existing garbling schemes either rely on cryptographic assumptions (and thus require cryptographic operations to construct and evaluate garbled circuits), produce garbled circuits of non-zero size, or are restricted to low depth formulaic circuits. Our result has both theoretical and practical implications for garbled circuits as a primitive. On the theory front, our result breaks the known theoretical lower bound of one ciphertext for garbling an AND gate in this setting. As an interesting implication of producing size zero garbled circuits, our scheme scores adaptive security for free. On the practical side, our garbling scheme involves only cheap XOR operations and produces size zero garbled circuits. As a side result, we propose several interesting extensions of our scheme. Namely, we show how to garble threshold and high fan-in gates. An aspect of our garbling scheme that we believe is of theoretical interest is that it does not maintain the invariant that the garbled circuit evaluator must not at any point be in possession of both keys of any wire in the garbled circuit. Our scheme directly finds application in ZK protocols where the verification function of the language is representable by a formulaic circuit. Such examples include Boolean formula satisfiability. The ZK protocols obtained by plugging in our scheme in the known paradigm of building ZK protocols from garbled circuits offer better proof size, while relying on standard assumptions. Furthermore, the adaptivity of our garbling scheme allows us to cast our ZK protocols in the offline-online setting and offload circuit dependent communication and computation to the offline phase. As a result, the online phase enjoys communication and computation (in terms of number of symmetric key operations) complexity that are linearly proportional to the witness size alone.

Item Type: Conference Proceedings
Additional Information: Copyright of this article belong to SPRINGER INTERNATIONAL PUBLISHING AG, GEWERBESTRASSE 11, CHAM, CH-6330, SWITZERLAND
Department/Centre: Division of Electrical Sciences > Computer Science & Automation (Formerly, School of Automation)
Depositing User: Id for Latest eprints
Date Deposited: 14 Aug 2018 14:48
Last Modified: 14 Aug 2018 14:48
URI: http://eprints.iisc.ac.in/id/eprint/60430

Actions (login required)

View Item View Item