Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [garbled-circuits]

Garbled Circuits are used in Secure Multiparty Computation

Yao's garbled circuit is a method Proposed by Andy Yao in 1986 for Secure multiparty computation. This is a two party protocol. This protocol is only secure against an adversary from the Honest-but-curious adversary model.

More here at cryptotutor (might be offline; 2016-07-04 archive).

86 questions
36
votes
1 answer

What exactly is a "garbled circuit"?

There are plenty of questions here about the details and how-to's of "garbled circuits", but I have not seen anything that defines what garbled circuits are. What exactly is a garbled circuit? What are they intended to be used for? What are their…
Ella Rose
  • 19,603
  • 6
  • 53
  • 101
4
votes
1 answer

Garbled circuits: How can the sender safely retrieve the output?

I've read a few papers about how Yao's Garbled Circuit protocol can be made secure against malicious adversaries, but I haven't seen any mentioning how the sender safely retrieves the output of the function after the receiver computes it. Suppose…
Louis FD
  • 43
  • 5
3
votes
0 answers

Can "nothing-up-my-sleeve" computations be obtained from other cryptosystems?

So, in cryptography, it is sometimes the case that in order to set up a cryptosystem, one needs some output $f(x)$ for randomly generated $x$ where $f$ is a one-way function but where the input $x$ can be used to break the cryptosystem (i.e. the…
Joseph Van Name
  • 1,235
  • 12
  • 19
3
votes
1 answer

Difference between FleXOR and Free-XOR

I would like to know the differences between FleXOR and Free-XOR. I searched in the web but I couldn’t understand the information I found. I understand that there are both cryptographic methods as well as optimizations for Yao's Garbled Circuits,…
elli
  • 153
  • 4
2
votes
0 answers

What does "hard-coded" mean in the context of garbled-circuit?

What does "hard-coded" mean in the context of garbled-circuit? Is it not encryption?
mallea
  • 1,605
  • 1
  • 9
  • 21
2
votes
0 answers

Reusing input labels in half-gate construction

In the half-gate construction of garbled circuits, is it possible to garble multiple instances of a circuit while re-using certain input labels? Suppose Alice and Bob would like to compute a function using garbled circuits. Alice will act as the…
sinu
  • 21
  • 2
1
vote
1 answer

How to securely set constant values inside garbled circuits?

Suppose there are some constant values which must be set inside the circuit. The naive way is to simply pass the needed constants as inputs to the circuit. But this seems wasteful. What it the proper way of setting (i.e. hard-coding) constant values…
walter7x
  • 60
  • 5
1
vote
0 answers

Suppose that Alice is malicious, but Bob behaves honestly during the execution of the protocol.

Suppose that Alice has a secret bit $a$ and Bob has a secret bits $b_1,b_2$ and that Alice and Bob want to compute the function $h(a,b_1,b_2)=b_1 \wedge (b_2 \oplus a)$ using Yao's Garbled Circuit protocol. a) Suppose that Alice selects two random…
Username Unknown
  • 207
  • 3
  • 12
1
vote
1 answer

Is garbled circuit a post-quantum primitive?

I understood garbled circuit can hide some function $f$ jointly by multi parties. With quantum computer, can we see the circuit inside it?
mallea
  • 1,605
  • 1
  • 9
  • 21
1
vote
2 answers

Yao's Garbled Circuit with different outputs

In a lecture I was told of a a possibility to modify Yao's Garbled Circuit Protocol so that both parties in the end get each a part of the output but not the other part. This may be achieved by manipulating the Circuit. Does anybody have some hints…
Ragnar
  • 11
  • 1
1
vote
1 answer

The reference of external values in Garbled Circuit

Is anyone aware of the source for a technique that incorporates external wire values into Garbled Circuits? I have come across this technique, which can be found here. However, I was unable to locate the primary reference for it. The purpose of this…
Mahdi Mahdavi
  • 482
  • 2
  • 10
0
votes
1 answer

why the intermediate labed value should be encrypted in Garbled Circuits?

I do not know why the intermediate value (for example, W5, W6) should be encrypted?? I think the encryption (random value) only needs in the input process (e.g. w1, w2, w3, w4).
user110027
  • 1