Efficiency Optimizations on Yao's Garbled Circuits and Their Practical Applications

TL;DR

This paper reviews and optimizes Yao's garbled circuit protocol, compares various implementations, explores practical applications, and proposes new techniques for private function evaluation in secure computation.

Contribution

It provides a comprehensive overview of optimizations for Yao's protocol, analyzes their compatibility, and introduces a novel method for circuit mapping in private function evaluation.

Findings

Optimizations reduce communication and computation costs.

Garbled circuit implementations vary in efficiency and applicability.

New technique improves circuit mapping analysis for private function evaluation.

Abstract

The advance of cloud computing and big data technologies brings out major changes in the ways that people make use of information systems. While those technologies extremely ease our lives, they impose the danger of compromising privacy and security of data due to performing the computation on an untrusted remote server. Moreover, there are also many other real-world scenarios requiring two or more (possibly distrustful) parties to securely compute a function without leaking their respective inputs to each other. In this respect, various secure computation mechanisms have been proposed in order to protect users' data privacy. Yao's garbled circuit protocol is one of the most powerful solutions for this problem. In this thesis, we first describe the Yao's protocol in detail, and include the complete list of optimizations over the Yao's protocol. We also compare their advantages in terms of communication and computation complexities, and analyse their compatibility with each other. We also look into generic Yao implementations (including garbled RAM) to demonstrate the use of this powerful tool in practice. We compare those generic implementations in terms of their use of garbled circuit optimizations. We also cover the specific real-world applications for further illustration. Moreover, in some scenarios, the functionality itself may also need to be kept private which leads to an ideal solution of secure computation problem. In this direction, we finally cover the problem of Private Function Evaluation, in particular for the 2-party case where garbled circuits have an important role. We finally analyse the generic mechanism of Mohassel et al. and contribute to it by proposing a new technique for the computation of the number of possible circuit mappings.