TY - GEN
T1 - Authenticated garbling and efficient maliciously secure two-party computation
AU - Wang, Xiao
AU - Ranellucci, Samuel
AU - Katz, Jonathan
PY - 2017/10/30
Y1 - 2017/10/30
N2 - We propose a simple and efficient framework for obtaining efficient constant-round protocols for maliciously secure two-party computation. Our framework uses a function-independent preprocessing phase to generate authenticated information for the two parties; this information is then used to construct a single "authenticated" garbled circuit which is transmitted and evaluated. We also show how to efficiently instantiate the preprocessing phase with a new, highly optimized version of the TinyOT protocol by Nielsen et al. Our protocol outperforms existing work in both the singleexecution and amortized settings, with or without preprocessing: • In the single-execution setting, our protocol evaluates an AES circuit with malicious security in 37 ms with an online time of 1 ms. Previous work with the best overall time requires 62 ms (with 14 ms online time); previous work with the best online time (also 1 ms) requires 124 ms overall. • If we amortize over 1024 executions, each AES computation requires just 6.7 ms with roughly the same online time as above. The best previous work in the amortized setting has roughly the same total time but does not support functionindependent preprocessing. Our work shows that the performance penalty for maliciously secure two-party computation (as compared to semi-honest security) is much smaller than previously believed.
AB - We propose a simple and efficient framework for obtaining efficient constant-round protocols for maliciously secure two-party computation. Our framework uses a function-independent preprocessing phase to generate authenticated information for the two parties; this information is then used to construct a single "authenticated" garbled circuit which is transmitted and evaluated. We also show how to efficiently instantiate the preprocessing phase with a new, highly optimized version of the TinyOT protocol by Nielsen et al. Our protocol outperforms existing work in both the singleexecution and amortized settings, with or without preprocessing: • In the single-execution setting, our protocol evaluates an AES circuit with malicious security in 37 ms with an online time of 1 ms. Previous work with the best overall time requires 62 ms (with 14 ms online time); previous work with the best online time (also 1 ms) requires 124 ms overall. • If we amortize over 1024 executions, each AES computation requires just 6.7 ms with roughly the same online time as above. The best previous work in the amortized setting has roughly the same total time but does not support functionindependent preprocessing. Our work shows that the performance penalty for maliciously secure two-party computation (as compared to semi-honest security) is much smaller than previously believed.
UR - http://www.scopus.com/inward/record.url?scp=85037830558&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85037830558&partnerID=8YFLogxK
U2 - 10.1145/3133956.3134053
DO - 10.1145/3133956.3134053
M3 - Conference contribution
AN - SCOPUS:85037830558
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 21
EP - 37
BT - CCS 2017 - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017
Y2 - 30 October 2017 through 3 November 2017
ER -