STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Fairplay—a secure two-party computation system
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Protocols for secure computations
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Revisiting the Efficiency of Malicious Two-Party Computation
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Efficient Two-Party Secure Computation on Committed Inputs
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Improved Garbled Circuit: Free XOR Gates and Applications
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
LEGO for Two-Party Secure Computation
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Secure Two-Party Computation Is Practical
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Efficient two party and multi party computation against covert adversaries
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Non-interactive verifiable computing: outsourcing computation to untrusted workers
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Possibility and Impossibility Results for Selective Decommitments
Journal of Cryptology
Secure two-party computation via cut-and-choose oblivious transfer
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Two-output secure computation with malicious adversaries
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Faster secure two-party computation using garbled circuits
SEC'11 Proceedings of the 20th USENIX conference on Security
Efficiency tradeoffs for malicious two-party computation
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Billion-gate secure computation with malicious adversaries
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Hi-index | 0.00 |
Almost all existing protocols for secure two-party computation require a specific hardness assumption, such as DDH, discrete logarithm, or a random oracle, even after assuming oracle access to the oblivious transfer functionality for their correctness and/or efficiency. We propose and implement a Yao-based protocol that is secure against malicious adversaries and enjoys the following benefits: it requires the minimal hardness assumption, i.e., OTs; it uses 10 rounds of communication plus OT rounds; it has the optimal overhead complexity (for an approach that uses the circuit-level cut-and-choose technique); and it is embarrassingly parallelizable in the sense that each circuit can be processed in a pipelined manner, and all circuits can be processed in parallel. To achieve these properties, we describe novel solutions for the three main obstacles for achieving security against malicious adversaries in a cut-and-choose garbled-circuit protocol. We propose an efficient proof to establish the generator's output authenticity; we suggest the use of an auxiliary circuit that computes a hash to ensure the generator's input consistency; and we advance the performance of Pinkas and Lindell's state-of-the-art approach for handling the selective failure attack. Not only does our protocol require weaker cryptographic assumptions, but our implementation of this protocol also demonstrates a several factor improvement over the best prior work which relies on specific number-theoretic assumptions. Thus, we show that performance does not require specific algebraic assumptions.