Abstract
We study the concrete security of high-performance implementations of half-gates garbling, which all rely on (hardware-accelerated) AES. We find that current instantiations using k-bit wire labels can be completely broken—in the sense that the circuit evaluator learns all the inputs of the circuit garbler—in time O(2k/C), where C is the total number of (non-free) gates that are garbled, possibly across multiple independent executions. The attack can be applied to existing circuit-garbling libraries using k=80 when C ≈ 109, and would require 267 machine-months and cost about $3500 to implement on the Google Cloud Platform. Since the attack can be fully parallelized, it could be carried out in about a month using ≈250 machines. With this as our motivation, we seek a way to instantiate the hash function in the half-gates scheme so as to achieve better concrete security. We present a construction based on AES that achieves optimal security in the single-instance setting (when only a single circuit is garbled). We also show how to modify the half-gates scheme so that its concrete security does not degrade in the multi-instance setting. Our modified scheme is as efficient as prior work in networks with up to 2 Gbps bandwidth.
| Original language | English (US) |
|---|---|
| Title of host publication | Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Proceedings |
| Editors | Daniele Micciancio, Thomas Ristenpart |
| Publisher | Springer |
| Pages | 793-822 |
| Number of pages | 30 |
| ISBN (Print) | 9783030568795 |
| DOIs | |
| State | Published - 2020 |
| Event | 40th Annual International Cryptology Conference, CRYPTO 2020 - Santa Barbara, United States Duration: Aug 17 2020 → Aug 21 2020 |
Publication series
| Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
|---|---|
| Volume | 12171 LNCS |
| ISSN (Print) | 0302-9743 |
| ISSN (Electronic) | 1611-3349 |
Conference
| Conference | 40th Annual International Cryptology Conference, CRYPTO 2020 |
|---|---|
| Country/Territory | United States |
| City | Santa Barbara |
| Period | 8/17/20 → 8/21/20 |
Funding
Acknowledgments. The authors thank Mike Rosulek for his helpful feedback on the paper. Work of Chun Guo was supported by the Program of Qilu Young Scholars (Grant No. 61580089963177) of Shandong University, the National Natural Science Foundation of China (Grant No. 61602276), and the Shandong Nature Science Foundation of China (Grant No. ZR2016FM22). Work of Jonathan Katz was supported in part by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Projects Activity (IARPA), via 2019-1902070008. The views and conclusions herein are those of the authors and should not be interpreted as necessarily representing the official policies, expressed or implied, of ODNI, IARPA, or the U.S. Government. Work of Yu Yu was supported by the National Natural Science Foundation of China (Grant Nos. 61872236 and 61971192) and the National Cryptography Development Fund (Grant No. MMJJ20170209) and the National Key Research and Development Program of China (Grant No. 2018YFA0704701). Xiao Wang and Yu Yu also thank PlatON for their generous support.
ASJC Scopus subject areas
- Theoretical Computer Science
- General Computer Science