Overlaying conditional circuit clauses for secure computation

Abstract

We improve secure function evaluation (SFE) by optimizing circuit representation of the function and designing new SFE protocols. (1)We propose a heuristic for constructing a circuit C0, universal for a given set of Boolean circuits S= {C1,.., Ck|. Namely, given each Ci, we view it as a directed acyclic graph (DAG) Di by ignoring the Boolean gate functions of Ci. We embed D1,.., Dk in a new DAG D0, such that each Ci can be obtained by a corresponding programming of D0 (i.e. by assignment of Boolean gates to the nodes of D0). DAG D0, viewed as a Boolean circuit with unprogrammed gates, is the S -universal circuit C0.(2)Our heuristic often produces C0 significantly smaller than Valiant’s universal circuit or a circuit incorporating all C1,.., Ck. Exploiting this, we construct new Garbled Circuit (GC) and GMW-based SFE protocols, which are particularly efficient for circuits with if/switch clauses. Our GMW protocol evaluates 8-input Boolean gates at the same cost as the usual 2-input gates. This advances general GMW-based SFE, and is particularly useful for circuits with if/switch conditional clauses. Experimentally, for a switch containing 32 simple circuits, our construction resulted in ≈ 6.1 × smaller circuit C0. This directly translates into ≈ 6.1 × improvement in GMW SFE computing this switch. Recent state-of-the-art generic circuit optimizations from hardware design adapted to SFE report 10 - 20 % circuit (garble table) reduction. Our SFE is in the semi-honest model, and is compatible with Free-XOR. We further show that optimal embedding is NP-hard.