TY - GEN
T1 - Pushing the Limits of Valiant’s Universal Circuits
T2 - 41st Annual International Cryptology Conference, CRYPTO 2021
AU - Liu, Hanlin
AU - Yu, Yu
AU - Zhao, Shuoyao
AU - Zhang, Jiang
AU - Liu, Wenling
AU - Hu, Zhenkai
N1 - Publisher Copyright:
© 2021, International Association for Cryptologic Research.
PY - 2021
Y1 - 2021
N2 - A universal circuit (UC) is a general-purpose circuit that can simulate arbitrary circuits (up to a certain size n). Valiant provides a k-way recursive construction of UCs (STOC 1976), where k tunes the complexity of the recursion. More concretely, Valiant gives theoretical constructions of 2-way and 4-way UCs of asymptotic (multiplicative) sizes 5 nlog n and 4.75 nlog n respectively, which matches the asymptotic lower bound Ω(nlog n) up to some constant factor. Motivated by various privacy-preserving cryptographic applications, Kiss et al. (Eurocrypt 2016) validated the practicality of 2-way universal circuits by giving example implementations for private function evaluation. Günther et al. (Asiacrypt 2017) and Alhassan et al. (J. Cryptology 2020) implemented the 2-way/4-way hybrid UCs with various optimizations in place towards making universal circuits more practical. Zhao et al. (Asiacrypt 2019) optimized Valiant’s 4-way UC to asymptotic size 4.5 nlog n and proved a lower bound 3.64 nlog n for UCs under Valiant’s framework. As the scale of computation goes beyond 10-million-gate (n= 10 7 ) or even billion-gate level (n= 10 9 ), the constant factor in UC’s size plays an increasingly important role in application performance. In this work, we investigate Valiant’s universal circuits and present an improved framework for constructing universal circuits with the following advantages. Simplicity. Parameterization is no longer needed. In contrast to those previous implementations that resorted to a hybrid construction combining k= 2 and k= 4 for a tradeoff between fine granularity and asymptotic size-efficiency, our construction gets the best of both worlds when configured at the lowest complexity (i.e., k= 2 ).Compactness. Our universal circuits have asymptotic size 3 nlog n, improving upon the best previously known 4.5 nlog n by 33% and beating the 3.64 nlog n lower bound for UCs constructed under Valiant’s framework (Zhao et al., Asiacrypt 2019).Tightness. We show that under our new framework the UC’s size is lower bounded by 2.95 nlog n, which almost matches the 3 nlog n circuit size of our 2-way construction. We implement the 2-way universal circuit and evaluate its performance with other implementations, which confirms our theoretical analysis.
AB - A universal circuit (UC) is a general-purpose circuit that can simulate arbitrary circuits (up to a certain size n). Valiant provides a k-way recursive construction of UCs (STOC 1976), where k tunes the complexity of the recursion. More concretely, Valiant gives theoretical constructions of 2-way and 4-way UCs of asymptotic (multiplicative) sizes 5 nlog n and 4.75 nlog n respectively, which matches the asymptotic lower bound Ω(nlog n) up to some constant factor. Motivated by various privacy-preserving cryptographic applications, Kiss et al. (Eurocrypt 2016) validated the practicality of 2-way universal circuits by giving example implementations for private function evaluation. Günther et al. (Asiacrypt 2017) and Alhassan et al. (J. Cryptology 2020) implemented the 2-way/4-way hybrid UCs with various optimizations in place towards making universal circuits more practical. Zhao et al. (Asiacrypt 2019) optimized Valiant’s 4-way UC to asymptotic size 4.5 nlog n and proved a lower bound 3.64 nlog n for UCs under Valiant’s framework. As the scale of computation goes beyond 10-million-gate (n= 10 7 ) or even billion-gate level (n= 10 9 ), the constant factor in UC’s size plays an increasingly important role in application performance. In this work, we investigate Valiant’s universal circuits and present an improved framework for constructing universal circuits with the following advantages. Simplicity. Parameterization is no longer needed. In contrast to those previous implementations that resorted to a hybrid construction combining k= 2 and k= 4 for a tradeoff between fine granularity and asymptotic size-efficiency, our construction gets the best of both worlds when configured at the lowest complexity (i.e., k= 2 ).Compactness. Our universal circuits have asymptotic size 3 nlog n, improving upon the best previously known 4.5 nlog n by 33% and beating the 3.64 nlog n lower bound for UCs constructed under Valiant’s framework (Zhao et al., Asiacrypt 2019).Tightness. We show that under our new framework the UC’s size is lower bounded by 2.95 nlog n, which almost matches the 3 nlog n circuit size of our 2-way construction. We implement the 2-way universal circuit and evaluate its performance with other implementations, which confirms our theoretical analysis.
KW - Multiparty computation
KW - Private function evaluation
KW - Universal circuits
UR - https://www.scopus.com/pages/publications/85115336974
U2 - 10.1007/978-3-030-84245-1_13
DO - 10.1007/978-3-030-84245-1_13
M3 - 会议稿件
AN - SCOPUS:85115336974
SN - 9783030842444
T3 - Lecture Notes in Computer Science
SP - 365
EP - 394
BT - Advances in Cryptology – CRYPTO 2021 - 41st Annual International Cryptology Conference, CRYPTO 2021, Proceedings
A2 - Malkin, Tal
A2 - Peikert, Chris
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 16 August 2021 through 20 August 2021
ER -