TY - GEN
T1 - Equivocating yao
T2 - 49th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2017
AU - Canetti, Ran
AU - Poburinnaya, Oxana
AU - Venkitasubramaniam, Muthuramakrishnan
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/6/19
Y1 - 2017/6/19
N2 - Yao's circuit garbling scheme is one of the basic building blocks of cryptographic protocol design. Originally designed to enable two-message, two-party secure computation, the scheme has been extended in many ways and has innumerable applications. Still, a basic question has remained open throughout the years: Can the scheme be extended to guarantee security in face of an adversary that corrupts both parties, adaptively, as the computation proceeds? We answer this question in the afrmative. We define a new type of encryption, called functionally equivocal encryption (FEE), and show that when Yao's scheme is implemented with an FEE as the underlying encryption mechanism, it becomes secure against such adaptive adversaries. We then show how to implement FEE from any one way function. Combining our scheme with non-committing encryption, we obtain the first two-message, two-party computation protocol, and the first constant-round multiparty computation protocol, in the plain model, that are secure against semi-honest adversaries who can adaptively corrupt all parties. A number of extensions and applications are described within.
AB - Yao's circuit garbling scheme is one of the basic building blocks of cryptographic protocol design. Originally designed to enable two-message, two-party secure computation, the scheme has been extended in many ways and has innumerable applications. Still, a basic question has remained open throughout the years: Can the scheme be extended to guarantee security in face of an adversary that corrupts both parties, adaptively, as the computation proceeds? We answer this question in the afrmative. We define a new type of encryption, called functionally equivocal encryption (FEE), and show that when Yao's scheme is implemented with an FEE as the underlying encryption mechanism, it becomes secure against such adaptive adversaries. We then show how to implement FEE from any one way function. Combining our scheme with non-committing encryption, we obtain the first two-message, two-party computation protocol, and the first constant-round multiparty computation protocol, in the plain model, that are secure against semi-honest adversaries who can adaptively corrupt all parties. A number of extensions and applications are described within.
KW - Adaptive security
KW - Garbled circuits
KW - Secure computation
UR - http://www.scopus.com/inward/record.url?scp=85025164211&partnerID=8YFLogxK
U2 - 10.1145/3055399.3055495
DO - 10.1145/3055399.3055495
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85025164211
T3 - Proceedings of the Annual ACM Symposium on Theory of Computing
SP - 497
EP - 509
BT - STOC 2017 - Proceedings of the 49th Annual ACM SIGACT Symposium on Theory of Computing
A2 - McKenzie, Pierre
A2 - King, Valerie
A2 - Hatami, Hamed
PB - Association for Computing Machinery
Y2 - 19 June 2017 through 23 June 2017
ER -