Authenticated BitGC for Actively Secure Rate-One 2PC

Hanlin Liu; Xiao Wang; Kang Yang; Yu Yu

doi:10.1007/978-3-032-01884-7_21

Authenticated BitGC for Actively Secure Rate-One 2PC

Hanlin Liu
, Xiao Wang^*
, Kang Yang^*
, Yu Yu^*

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

In this paper, we present a constant-round actively secure two-party computation protocol with small communication based on the ring learning with errors (RLWE) assumption with key-dependent message security. Our result builds on the recent BitGC protocol by Liu, Wang, Yang, and Yu (Eurocrypt 2025) with communication of one bit per gate for semi-honest security. First, we achieve a different manner of distributed garbling, where the global correlation is secret-shared among the two parties. The garbler always and only holds the garbled labels corresponding to the wire values when all inputs are zero, while the evaluator holds the labels corresponding to the real evaluation. In the second phase, we run an authentication protocol that requires some extra communication, which allows two parties to check the correct computation of each gate by treating the ciphertext as commitments, now that the global key is distributed. For layered circuits, the extra communication for authentication is o(1) bits per gate, resulting in total communication of 1+o(1) bits per gate. For generic circuits, the extra communication cost can be 1 bit per gate, and thus, the total communication cost would be 2 bits per gate.

Original language	English
Title of host publication	Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings
Editors	Yael Tauman Kalai, Seny F. Kamara
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	652-687
Number of pages	36
ISBN (Print)	9783032018830
DOIs	https://doi.org/10.1007/978-3-032-01884-7_21
State	Published - 2025
Externally published	Yes
Event	45th Annual International Cryptology Conference, CRYPTO 2025 - Santa Barbara, United States Duration: 17 Aug 2025 → 21 Aug 2025

Publication series

Name	Lecture Notes in Computer Science
Volume	16003 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	45th Annual International Cryptology Conference, CRYPTO 2025
Country/Territory	United States
City	Santa Barbara
Period	17/08/25 → 21/08/25

Access to Document

10.1007/978-3-032-01884-7_21

Cite this

Liu, H., Wang, X., Yang, K., & Yu, Y. (2025). Authenticated BitGC for Actively Secure Rate-One 2PC. In Y. Tauman Kalai, & S. F. Kamara (Eds.), Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings (pp. 652-687). (Lecture Notes in Computer Science; Vol. 16003 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-01884-7_21

@inproceedings{ca4163469c55424aadfa44dcadb7ea7f,

title = "Authenticated BitGC for Actively Secure Rate-One 2PC",

abstract = "In this paper, we present a constant-round actively secure two-party computation protocol with small communication based on the ring learning with errors (RLWE) assumption with key-dependent message security. Our result builds on the recent BitGC protocol by Liu, Wang, Yang, and Yu (Eurocrypt 2025) with communication of one bit per gate for semi-honest security. First, we achieve a different manner of distributed garbling, where the global correlation is secret-shared among the two parties. The garbler always and only holds the garbled labels corresponding to the wire values when all inputs are zero, while the evaluator holds the labels corresponding to the real evaluation. In the second phase, we run an authentication protocol that requires some extra communication, which allows two parties to check the correct computation of each gate by treating the ciphertext as commitments, now that the global key is distributed. For layered circuits, the extra communication for authentication is o(1) bits per gate, resulting in total communication of 1+o(1) bits per gate. For generic circuits, the extra communication cost can be 1 bit per gate, and thus, the total communication cost would be 2 bits per gate.",

author = "Hanlin Liu and Xiao Wang and Kang Yang and Yu Yu",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2025.; 45th Annual International Cryptology Conference, CRYPTO 2025 ; Conference date: 17-08-2025 Through 21-08-2025",

year = "2025",

doi = "10.1007/978-3-032-01884-7\_21",

language = "英语",

isbn = "9783032018830",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "652--687",

editor = "\{Tauman Kalai\}, Yael and Kamara, \{Seny F.\}",

booktitle = "Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings",

address = "德国",

}

Liu, H, Wang, X, Yang, K & Yu, Y 2025, Authenticated BitGC for Actively Secure Rate-One 2PC. in Y Tauman Kalai & SF Kamara (eds), Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings. Lecture Notes in Computer Science, vol. 16003 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 652-687, 45th Annual International Cryptology Conference, CRYPTO 2025, Santa Barbara, United States, 17/08/25. https://doi.org/10.1007/978-3-032-01884-7_21

Authenticated BitGC for Actively Secure Rate-One 2PC. / Liu, Hanlin; Wang, Xiao; Yang, Kang et al.
Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings. ed. / Yael Tauman Kalai; Seny F. Kamara. Springer Science and Business Media Deutschland GmbH, 2025. p. 652-687 (Lecture Notes in Computer Science; Vol. 16003 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Authenticated BitGC for Actively Secure Rate-One 2PC

AU - Liu, Hanlin

AU - Wang, Xiao

AU - Yang, Kang

AU - Yu, Yu

N1 - Publisher Copyright: © International Association for Cryptologic Research 2025.

PY - 2025

Y1 - 2025

N2 - In this paper, we present a constant-round actively secure two-party computation protocol with small communication based on the ring learning with errors (RLWE) assumption with key-dependent message security. Our result builds on the recent BitGC protocol by Liu, Wang, Yang, and Yu (Eurocrypt 2025) with communication of one bit per gate for semi-honest security. First, we achieve a different manner of distributed garbling, where the global correlation is secret-shared among the two parties. The garbler always and only holds the garbled labels corresponding to the wire values when all inputs are zero, while the evaluator holds the labels corresponding to the real evaluation. In the second phase, we run an authentication protocol that requires some extra communication, which allows two parties to check the correct computation of each gate by treating the ciphertext as commitments, now that the global key is distributed. For layered circuits, the extra communication for authentication is o(1) bits per gate, resulting in total communication of 1+o(1) bits per gate. For generic circuits, the extra communication cost can be 1 bit per gate, and thus, the total communication cost would be 2 bits per gate.

AB - In this paper, we present a constant-round actively secure two-party computation protocol with small communication based on the ring learning with errors (RLWE) assumption with key-dependent message security. Our result builds on the recent BitGC protocol by Liu, Wang, Yang, and Yu (Eurocrypt 2025) with communication of one bit per gate for semi-honest security. First, we achieve a different manner of distributed garbling, where the global correlation is secret-shared among the two parties. The garbler always and only holds the garbled labels corresponding to the wire values when all inputs are zero, while the evaluator holds the labels corresponding to the real evaluation. In the second phase, we run an authentication protocol that requires some extra communication, which allows two parties to check the correct computation of each gate by treating the ciphertext as commitments, now that the global key is distributed. For layered circuits, the extra communication for authentication is o(1) bits per gate, resulting in total communication of 1+o(1) bits per gate. For generic circuits, the extra communication cost can be 1 bit per gate, and thus, the total communication cost would be 2 bits per gate.

UR - https://www.scopus.com/pages/publications/105014148906

U2 - 10.1007/978-3-032-01884-7_21

DO - 10.1007/978-3-032-01884-7_21

M3 - 会议稿件

AN - SCOPUS:105014148906

SN - 9783032018830

T3 - Lecture Notes in Computer Science

SP - 652

EP - 687

BT - Advances in Cryptology – CRYPTO 2025 - 45th Annual International Cryptology Conference, Proceedings

A2 - Tauman Kalai, Yael

A2 - Kamara, Seny F.

PB - Springer Science and Business Media Deutschland GmbH

T2 - 45th Annual International Cryptology Conference, CRYPTO 2025

Y2 - 17 August 2025 through 21 August 2025

ER -