Efficient secure two-party computation with untrusted hardware tokens (full version)

Abstract

Secure and efficient evaluation of arbitrary functions on private inputs has been subject of cryptographic research for decades. In particular, the following scenario appears in a variety of practical applications: a service provider (server S) and user (client C) wish to compute a function f on their respective private data, without incurring the expense of a trusted third party. This can be solved interactively using Secure Function Evaluation (SFE) protocols, for example, using the very efficient garbled circuit (GC) approach [23, 36]. However, GC protocols potentially require a large amount of data to be transferred between S and C. This is because f needs to be encrypted (garbled) as (Formula presented.) and transferred from S to C.