Efficient Adaptively Secure Zero-Knowledge from Garbled Circuits.

The primary contribution of this work lies in constructing efficient UC-secure constant round ZK protocols from garbled circuits that are secure against adaptive corruptions, with communication linear ... A conditional verification technique is then used to obtain a three-round adaptively secure zero-knowledge argument in the non-programmable random oracle model (NPROM). ... Zero Knowledge in Two Rounds As discussed in Section 4, it seems unlikely that we can do better than three rounds to obtain a zero-knowledge from only one garbled circuit. ...

doi:10.1007/978-3-319-76581-5_17 fatcat:tjl2sphid5c4lpdtdkkzvd45bi

As an interesting implication of producing size zero garbled circuits, our scheme scores adaptive security for free. ... Garbled circuits are of central importance in cryptography, finding widespread application in secure computation, zero-knowledge (ZK) protocols, and verifiable outsourcing of computation to name a few. ... Kg := i=1 Ki 3. return Kg, bg Fig. 12 : 12 Evaluating an l-fan-in AND gate 7 Online-Efficient Zero-Knowledge .F COT 1 . 1 Receive (prove, sid, x, w) from P and (verify, sid, x ) from V 2. if x = x ...

doi:10.1007/978-3-319-63688-7_7 fatcat:gae6qdbna5b7xokp2uoc7afiq4

In this paper we address the problem of how to construct efficient zero-knowledge protocols for generic languages and we propose a protocol based on Yao's garbled circuit technique. ... The protocol achieves active security and is essentially only twice as slow as the passive secure version of Yao's garbled circuit protocol. ... We thank Yan Huang for his support with FastGC and his OT implementation, Stefan Tillich for his support with their circuits and Yael Ejgenberg for support for the SCAPI framework. ...

doi:10.1145/2508859.2516662 dblp:conf/ccs/JawurekKO13 fatcat:vrq5wfgz35bhzf25qqezgpp6rq

Core to this construction is a new way of transforming 2PC protocols to efficient (adaptively secure) instance-dependent commitment schemes. ... We also improve our basic construction to obtain the first linear-rate adaptive ZK proofs by relying on efficient maliciously secure 2PC protocols. ... Linear-Rate Adaptive Zero-Knowledge Proofs In the next section we will rely on the protocol of [IKOS09] to construct an adaptively secure zero-knowledge protocol with optimal efficiency, we briefly recall ...

doi:10.1007/978-3-662-53008-5_14 fatcat:o2gtgbyqfncfppt67cveqoe3ua

Existing techniques do not provide efficient solutions for proving knowledge of such a signature: On the one hand, ZK proofs based on garbled circuits (Jawurek et al. 2013) give efficient proofs for checking ... We design new constructions obtaining the best of both worlds: combining the efficiency of the garbled circuit approach for non-algebraic statements and that of sigma protocols for algebraic ones. ... Security against a cheating prover follows from the properties of the circuit garbling scheme. ...

doi:10.1007/978-3-662-53015-3_18 fatcat:ze4h4lmpmnbk5kmnhfrpyemm5q

We provide an exact, concrete analysis of the efficiency of our scheme and demonstrate that (at least for not very small circuits) our protocol is more efficient than any other known today. ... Recently, a number of protocols have been proposed for the efficient construction of two-party computation secure in the presence of malicious adversaries (where security is proven under the standard simulationbased ... used in Step 7b is a zero-knowledge proof of knowledge, and that the symmetric encryption scheme used to generate the garbled circuit is secure. ...

doi:10.1007/978-3-642-19571-6_20 fatcat:hc7btm5r2vdsnd7qdnm6izcydy

We describe a zero-knowledge proof system in which a prover holds a large dataset M and can repeatedly prove NP relations about that dataset. ... Security against a cheating prover follows from the properties of the circuit garbling scheme. ... Removing the privacy requirement from the garbling scheme leads to a non-trivial reduction in garbled circuit size. Adapting to the ORAM setting, using constant rounds. ...

doi:10.1007/978-3-662-48000-7_8 fatcat:jc4rroobbva53l5ebsluu3svgi

Recently, several new techniques were presented to dramatically improve key parts of secure two-party computation (2PC) protocols that use the cut-and-choose paradigm on garbled circuits for 2PC with security ... These include techniques for reducing the number of garbled circuits (Lindell 13, Huang et al. 13, Lindell and Riva 14, Huang et al. 14) and techniques for reducing the overheads besides garbled circuits ... Adaptively-Secure Garbling The standard security notion of garbled circuits (e.g., [24] ) deals with a static adversary, meaning that the adversary picks its input before seeing the garbled circuit. ...

doi:10.1145/2810103.2813666 dblp:conf/ccs/LindellR15 fatcat:jyffjjnsurdxjdxz7c6tjjxrx4

Applying cut-and-choose techniques to Yao's garbled circuit protocol has been a promising approach for designing efficient Two-Party Computation (2PC) with malicious and covert security, as is evident ... the circuit in use) in the Random Oracle Model, where |C| is the circuit size and t is a statistical security parameter. ... Both requirements can be solved in the plain model by using trapdoor commitments [3] and efficient Zero-Knowledge Proof of Knowledge (ZKPoK), or in the Random Oracle Model, by committing using a hash ...

doi:10.1007/978-3-642-40084-1_3 fatcat:qdebxtao4rcztfrggu372a72pu

It is implemented by a protocol using oblivious transfer and Yao's scrambled circuit. ... We define a new type cryptographical model called secure multi-party proof that allows any t players and a verifier to securely compute a function ) ,..., ( 1 t x x f : each of the players learns nothing ... This work was supported by Foundation of National Natural Science (China) (10871222) and Opening Foundation of Key Lab of Cryptological Technology and Information Security Ministry of Education in Shandong ...

doi:10.4236/jsea.2010.37081 fatcat:rkjuxlsgnzadlkqgoi6ahfdzjm

Open Access

We propose a new framework for fair and secure two-party computation that can be applied on top of any secure two party computation protocol based on Yao's garbled circuits and zeroknowledge proofs. ... The evaluator evaluates the garbled circuit by decrypting the garbled tables in topological order, and learns the output bits. ... Our Solution We show how to efficiently add fairness to any zero knowledge based secure 2PC protocol Γ using our framework. ...

doi:10.1007/978-3-662-54970-4_11 fatcat:kal5d6dvljd57luon6vnl3f3vu

We design efficient garbled-circuit-based two-party protocols secure against malicious adversaries. ... Our efficiency improvements result from a novel way to combine a recent technique of Lindell (Crypto 2013) with LEGO-based cut-andchoose techniques (TCC 2009, Eurocrypt 2013. ... and adaptively secure garbled circuits. ...

doi:10.1007/978-3-662-44381-1_26 fatcat:jm36r6y5qvdx5atgfexkcnlpqm

When two or more parties need to compute a common result while safeguarding their sensitive inputs, they use secure multiparty computation (SMC) techniques such as garbled circuits. ... Adaptive security considers the setting where an adversary may choose its inputs to be garbled based on prior knowledge of the garbled circuit being computed. ... They show that adaptive security of garbled circuits supports one-time programs [24] and secure outsourcing [25] . ...

doi:10.1155/2019/1368905 fatcat:izynm6msrvehfa3ghkw7tykk34

DOAJ

Adaptive security is a strong security notion that captures additional security threats that are not addressed by static corruptions. ... A primary building block in designing adaptively secure protocols is a non-committing encryption (NCE) that implements secure communication channels in the presence of adaptive corruptions. ... Zero-knowledge Proofs and Proofs of Knowledge Our protocols employ zero-knowledge proofs (of knowledge) for assuring correct behavior. ...

doi:10.1007/978-3-642-54242-8_16 fatcat:dtfougkw3nhojilbl7u4mbjrf4

Starting from the work of Lindell and Pinkas [LP07], who constructed efficient two-party computation protocols based on Yao's garbled circuit [Yao86] via a novel cut-and-choose technique, a prolific sequence ... We observe that the highly efficient UC-secure two-party computation protocol (2PC for short) of Lindell [Lin13] , that works in the CRS model, requires the use of UC-secure zero knowledge proofs, which ... Knowledge of q i allows S 2 to recompute the garbled circuit gc i and knowledge k i (obtained from OT) allows to compute the input y (S 2 obtain y also from the knowledge of K i,j,0 , K i,j,1 for each ...

doi:10.1145/2660267.2660374 dblp:conf/ccs/Canetti0S14 fatcat:zlix3j3o6ncg3pynvygouwxbwm

Efficient Adaptively Secure Zero-Knowledge from Garbled Circuits [chapter]

Preserved Fulltext

Privacy-Free Garbled Circuits for Formulas: Size Zero and Information-Theoretic [chapter]

Preserved Fulltext

Zero-knowledge using garbled circuits

Preserved Fulltext

On the Power of Secure Two-Party Computation [chapter]

Preserved Fulltext

Efficient Zero-Knowledge Proof of Algebraic and Non-Algebraic Statements with Applications to Privacy Preserving Credentials [chapter]

Preserved Fulltext

Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer [chapter]

Preserved Fulltext

Efficient Zero-Knowledge Proofs of Non-algebraic Statements with Sublinear Amortized Cost [chapter]

Preserved Fulltext

Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries

Preserved Fulltext

Garbled Circuits Checking Garbled Circuits: More Efficient and Secure Two-Party Computation [chapter]

Preserved Fulltext

Secure Multi-Party Proof and its Applications

Preserved Fulltext

Efficiently Making Secure Two-Party Computation Fair [chapter]

Preserved Fulltext

Amortizing Garbled Circuits [chapter]

Preserved Fulltext

Secure Multiparty Computation and Trusted Hardware: Examining Adoption Challenges and Opportunities

Preserved Fulltext

One-Sided Adaptively Secure Two-Party Computation [chapter]

Preserved Fulltext

Practical UC security with a Global Random Oracle

Preserved Fulltext