TY - JOUR
T1 - Actively Secure Half-Gates with Minimum Overhead under Duplex Networks
AU - Cui, Hongrui
AU - Wang, Xiao
AU - Yang, Kang
AU - Yu, Yu
N1 - Publisher Copyright:
© The Author(s) 2025.
PY - 2025/4
Y1 - 2025/4
N2 - Actively secure two-party computation (2PC) is one of the canonical building blocks in modern cryptography. One main goal for designing actively secure 2PC protocols is to reduce the communication overhead, compared to semi-honest 2PC protocols. In this paper, we make significant progress in closing this gap by proposing two new actively secure constant-round 2PC protocols, one with one-way communication of 2κ+5 bits per AND gate (for κ-bit computational security and any statistical security) and one with total communication of 2κ+ρ+5 bits per AND gate (for ρ-bit statistical security). In particular, our first protocol essentially matches the one-way communication of semi-honest half-gates protocol. Our optimization is achieved by three new techniques: The recent compression technique by Dittmer et al. (Crypto 13510:57–87, 2022) shows that a relaxed preprocessing is sufficient for authenticated garbling that does not reveal masked wire values to the garbler. We introduce a new form of authenticated bits and propose a new technique of generating authenticated AND triples to reduce the one-way communication of preprocessing from 5ρ+1 bits to 2 bits per AND gate for ρ-bit statistical security. Unfortunately, the above compressing technique is only compatible with a less compact authenticated garbled circuit of size 2κ+3ρ bits per AND gate. We designed a new authenticated garbling that does not use information-theoretic MACs but rather dual execution without leakage to authenticate wire values in the circuit. This allows us to use a more compact half-gates based authenticated garbled circuit of size 2κ+1 bits per AND gate, and meanwhile keep compatible with the compression technique. Our new technique can achieve one-way communication of 2κ+5 bits per AND gate. In terms of total communication, we notice that the communication overhead of the consistency checking method by Dittmer et al. (Crypto 13510:57–87, 2022) can be optimized by adding one-round of interaction and utilizing the Free-XOR property. This reduces the online communication from 2κ+3ρ bits down to 2κ+ρ+1 bits per AND gate. Combined with our first contribution, this yields total amortized communication of 2κ+ρ+5 bits.
AB - Actively secure two-party computation (2PC) is one of the canonical building blocks in modern cryptography. One main goal for designing actively secure 2PC protocols is to reduce the communication overhead, compared to semi-honest 2PC protocols. In this paper, we make significant progress in closing this gap by proposing two new actively secure constant-round 2PC protocols, one with one-way communication of 2κ+5 bits per AND gate (for κ-bit computational security and any statistical security) and one with total communication of 2κ+ρ+5 bits per AND gate (for ρ-bit statistical security). In particular, our first protocol essentially matches the one-way communication of semi-honest half-gates protocol. Our optimization is achieved by three new techniques: The recent compression technique by Dittmer et al. (Crypto 13510:57–87, 2022) shows that a relaxed preprocessing is sufficient for authenticated garbling that does not reveal masked wire values to the garbler. We introduce a new form of authenticated bits and propose a new technique of generating authenticated AND triples to reduce the one-way communication of preprocessing from 5ρ+1 bits to 2 bits per AND gate for ρ-bit statistical security. Unfortunately, the above compressing technique is only compatible with a less compact authenticated garbled circuit of size 2κ+3ρ bits per AND gate. We designed a new authenticated garbling that does not use information-theoretic MACs but rather dual execution without leakage to authenticate wire values in the circuit. This allows us to use a more compact half-gates based authenticated garbled circuit of size 2κ+1 bits per AND gate, and meanwhile keep compatible with the compression technique. Our new technique can achieve one-way communication of 2κ+5 bits per AND gate. In terms of total communication, we notice that the communication overhead of the consistency checking method by Dittmer et al. (Crypto 13510:57–87, 2022) can be optimized by adding one-round of interaction and utilizing the Free-XOR property. This reduces the online communication from 2κ+3ρ bits down to 2κ+ρ+1 bits per AND gate. Combined with our first contribution, this yields total amortized communication of 2κ+ρ+5 bits.
KW - Actively secure 2PC
KW - Correlated oblivious transfer
KW - Garbled circuit
UR - https://www.scopus.com/pages/publications/85219188706
U2 - 10.1007/s00145-025-09539-4
DO - 10.1007/s00145-025-09539-4
M3 - 文章
AN - SCOPUS:85219188706
SN - 0933-2790
VL - 38
JO - Journal of Cryptology
JF - Journal of Cryptology
IS - 2
M1 - 19
ER -