STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Privacy preserving auctions and mechanism design
Proceedings of the 1st ACM conference on Electronic commerce
Encryption-Scheme Security in the Presence of Key-Dependent Messages
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
The random oracle methodology, revisited
Journal of the ACM (JACM)
Fairplay—a secure two-party computation system
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Security under key-dependent inputs
Proceedings of the 14th ACM conference on Computer and communications security
How to generate and exchange secrets
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Improved Garbled Circuit: Free XOR Gates and Applications
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Circular-Secure Encryption from Decision Diffie-Hellman
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Founding Cryptography on Oblivious Transfer --- Efficiently
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Implementing Two-Party Computation Efficiently with Security Against Malicious Adversaries
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
LEGO for Two-Party Secure Computation
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
A Proof of Security of Yao’s Protocol for Two-Party Computation
Journal of Cryptology
Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Secure Two-Party Computation Is Practical
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A theoretical treatment of related-key attacks: RKA-PRPS, RKA-PRFs, and applications
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Towards key-dependent message security in the standard model
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
OT-combiners via secure computation
TCC'08 Proceedings of the 5th conference on Theory of cryptography
TASTY: tool for automating secure two-party computations
Proceedings of the 17th ACM conference on Computer and communications security
Circular and leakage resilient public-key encryption under subgroup indistinguishability
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Pseudorandom functions and permutations provably secure against related-key attacks
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Efficient implementation of the orlandi protocol
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Correlated-input secure hash functions
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Two-output secure computation with malicious adversaries
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Faster secure two-party computation using garbled circuits
SEC'11 Proceedings of the 20th USENIX conference on Security
Secure and efficient protocols for iris and fingerprint identification
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
On related-secret pseudorandomness
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Cryptographic agility and its relation to circular encryption
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Billion-gate secure computation with malicious adversaries
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Secure two-party computation in sublinear (amortized) time
Proceedings of the 2012 ACM conference on Computer and communications security
Garbling XOR gates "for free" in the standard model
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Secure outsourced garbled circuit evaluation for mobile devices
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
Yao's garbled-circuit approach enables constant-round secure two-party computation of any function. In Yao's original construction, each gate in the circuit requires the parties to perform a constant number of encryptions/decryptions and to send/receive a constant number of ciphertexts. Kolesnikov and Schneider (ICALP 2008) proposed an improvement that allows XOR gates to be evaluated "for free," incurring no cryptographic operations and zero communication. Their "free-XOR" technique has proven very popular, and has been shown to improve performance of garbled-circuit protocols by up to a factor of 4. Kolesnikov and Schneider proved security of their approach in the random oracle model, and claimed that (an unspecified variant of) correlation robustness suffices; this claim has been repeated in subsequent work, and similar ideas have since been used in other contexts. We show that the free-XOR technique cannot be proven secure based on correlation robustness alone; somewhat surprisingly, some form of circular security is also required. We propose an appropriate definition of security for hash functions capturing the necessary requirements, and prove security of the free-XOR approach when instantiated with any hash function satisfying our definition. Our results do not impact the security of the free-XOR technique in practice, or imply an error in the free-XOR work, but instead pin down the assumptions needed to prove security.