Skipping Scheme for Gate-hiding Garbled Circuits

Ke Lin
2023-12-05
Abstract:In classic settings of garbled circuits, each gate type is leaked to improve both space and speed optimization. Zahur et al. have shown in EUROCRYPT 2015 that a typical linear garbling scheme requires at least two $\lambda$-bit elements per gate with a security parameter of $\lambda$, which limits their efficiency. In contrast to typical garbled circuits, gate-hiding garbled circuits have the potential to drastically reduce time costs, although they have been underappreciated. We propose the first skipping scheme for gate-hiding garbled circuits to enhance the efficiency of evaluation by observing prime implicants. Our scheme introduces skip gates to eliminate the need to calculate the entire circuit, enabling unnecessary execution paths to be avoided. We also introduce two variants of our scheme that balance security with parallelism. A proof of hybrid security that combines simulation-based and symmetry-based security in semi-honest scenarios is presented to demonstrate its security under gate-hiding conditions. Our scheme will inspire new directions to improve the general garbling scheme and lead to more practical ones.
Cryptography and Security
What problem does this paper attempt to address?
The main focus of this paper is the efficiency improvement of gate-hiding garbled circuits. Traditional garbled circuits leak information for each gate type to optimize space and speed, but gate-hiding garbled circuits can keep the gate functionality secret, potentially reducing the evaluation time cost significantly. Despite their potential, gate-hiding garbled circuits are not well-developed in practical applications. The authors propose a novel jumping scheme specifically for gate-hiding garbled circuits, which eliminates unnecessary computation paths by observing prime implicants and promotes runtime parallelism. This approach introduces skip gates, which can be activated or triggered under specific conditions to avoid the computation of the complete circuit, thereby improving evaluation speed. The paper also presents two variants to balance security and parallelism. The contributions mentioned in the paper include: 1. Introducing an efficient runtime jumping scheme for semi-honest gate-hiding garbled circuits, improving evaluation speed. 2. Providing two jumping schemes: Planar Skipping Scheme (PSS) and Chain Skipping Scheme (CSS), allowing adjustment of security and parallelism based on requirements. 3. Offering a proof of mixed security, demonstrating security under the gate-hiding condition. 4. This method is applicable not only to the entire circuit but also to sub-circuits, optimizing computation of unused gates and utilizing parallel computing. The paper reviews related work such as classic garbled circuits, gate-aware garbled circuits, and existing optimization techniques, highlighting the untapped potential of gate-hiding garbled circuits. The authors also propose an algorithm based on a heuristic approach to find skippable wire pairs and jumping schemes suitable for 2- and n-ary implication components. In terms of security, the paper proves the simulation-based security of the jumping schemes in non-triggered and triggered scenarios. The security advantage of the non-triggered scenario is that as the number of skip gates increases, the security loss becomes negligible. Security in the triggered scenario relies on the proof of mixed privacy. In conclusion, this paper aims to push the efficiency boundaries of gate-hiding garbled circuits through improved jumping strategies, providing new insights for more practical garbled circuit schemes.