J Cryptol (2018) 31:798–844
Fast Garbling of Circuits Under Standard Assumptions
University of Haifa and AWS, Haifa, Israel
· Ariel Nof
· Benny Pinkas
Bar-Ilan University, Ramat-Gan, Israel
firstname.lastname@example.org; email@example.com; firstname.lastname@example.org
Communicated by Jonathan Katz.
Received 5 September 2015 / Revised 2 July 2017
Online publication 11 December 2017
Abstract. Protocols for secure computation enable mutually distrustful parties to
jointly compute on their private inputs without revealing anything, but the result. Over
recent years, secure computation has become practical and considerable effort has been
made to make it more and more efﬁcient. A highly important tool in the design of two-
party protocols is Yao’s garbled circuit construction (Yao 1986), and multiple optimiza-
tions on this primitive have led to performance improvements in orders of magnitude
over the last years. However, many of these improvements come at the price of making
very strong assumptions on the underlying cryptographic primitives being used (e.g.,
that AES is secure for related keys, that it is circular-secure, and even that it behaves
like a random permutation when keyed with a public ﬁxed key). The justiﬁcation behind
making these strong assumptions has been that otherwise it is not possible to achieve
fast garbling and thus fast secure computation. In this paper, we take a step back and
examine whether it is really the case that such strong assumptions are needed. We pro-
vide new methods for garbling that are secure solely under the assumption that the
primitive used (e.g., AES) is a pseudorandom function. Our results show that in many
cases, the penalty incurred is not signiﬁcant, and so a more conservative approach to
the assumptions being used can be adopted.
Keywords. Multi-party computation, Secure protocols, Garbling.
An extended abstract of this paper appeared at ACM CCS 2015.
Supported by the PQCRYPTO project, which was partially funded by the European Commission Horizon
2020 Research Programme, Grant #645622.
Supported by the European Research Council under the ERC consolidators Grant Agreement N. 615172
(HIPS) and under the European Union’s Seventh Framework Program (FP7/2007-2013) Grant Agreement N.
609611 (PRACTICE), and by the BIU Center for Research in Applied Cryptography and Cyber Security in
conjunction with the Israel National Cyber Bureau in the Prime Minister’s Ofﬁce.
© International Association for Cryptologic Research 2017