[PDF] Top 20 Optimizing Authenticated Garbling for Faster Secure Two-Party Computation

... their authenticated-garbling protocol to the multi-party ...multi- party garbling, making it compatible with some of the half-gate ...1 garbling parties and one evaluating ...2- ... See full document

... server-aided secure two-party computation where all parties can behave ...second party and the server is still comparable to the work during execution of regular two-party ... See full document

... protocol. Secure two-party computation allows two parties to compute an arbitrary functionality on their private inputs without learning anything about the other party’s input (beyond ... See full document

... with two parties while offering the same level of ...of garbling which incurs additional ...with two parties. For instance, 3PC protocol is achievable just in two rounds with the minimal ... See full document

... A garbling scheme consists of three procedures: a) program garbling method, b) an input encoding method, and c) an evaluation ...the garbling method produces a “garbled” version Π of e Π as well as ... See full document

... times faster than SWH in the two cloud setting and 8500 times faster when executed on the same machine setting for high-depth polynomial ...is faster for small chain of multiplications and ... See full document

... three-party computation (3PC) where the adversary corrupts at most one party (honest majority) is an important special case that has received particular ...their two-party counterparts ... See full document

... ad-hoc secure computation can be performed efficiently on mobile de- vices when aided by a trusted hardware ...is two orders of mag- nitude faster than that of other generic secure ... See full document

... is faster than any other PSI protocols if one set is much smaller than the other (like in the case of PSM), but in this case the output will necessarily leak to the receiver, which prevents composition with ... See full document

... This is where A and B rely on oblivious transfer [15, 16]. An oblivious transfer protocol allows a receiver to obtain a message from a set computed by the sender such that: (i) only one message can be received and (ii) ... See full document

... strings also eliminated all the constraints previously needed on the gate keys, and thus their protocol works with most gate garbling optimizations. Unfortunately, the error correcting code used to construct the ... See full document

... Reactive secure computation. Reactive secure computation is an SFE which consists of several steps, where each step operates based on inputs from the par- ties and a state information that it ... See full document

... is secure in the adaptive ...honest party protocol on behalf of the uncorrupted parties and forces the output to be a pre-chosen pseudorandom string allowing it to output the cycle in the graph ...no ... See full document

... (with two low-entropy terms and one medium- entropy term), and 3-term disjunctions as SELECT-id queries plotted against the number of records satisfying ... See full document

... Hsieh et al. proposed an enhancement of the Saeednia's protocol where the reduction of the computational cost and the improvement of security aspects were made. However, Tseng et al. demonstrated that Hsieh's protocol ... See full document

... third party functionality in a secure ...just two parties and one of them is cheating), then such protocols also exist, but in general they do not provide fairness, ...dishonest party can ... See full document

... domized encodings, to obtain a passively secure protocol with amortized O(1) computational overhead (implying O(1) communication). As well as needing a strong assumption on the PRG, a major drawback is the use of ... See full document

... Our protocol is similar in structure to previous protocols [20,2], in that we carry out one run of the passively secure IKNP extension, and then use a cor- relation check to enforce correct behaviour. As in the ... See full document

... The enforcement of access policies and the support of policy updates are important challenging issues in the data sharing systems. In this study, we pro- posed a attribute-based data sharing scheme to en- force a ... See full document

... first two steps (setup and encrypted item exchange) within the underlying unfair SMPC protocol ...each party depends on each other party at every phase of our protocols, even a malicious TTP that may ... See full document