Reusable garbled circuits and succinct functional encryption

• dc.contributor.author: Goldwasser, Shafi
• dc.contributor.author: Kalai, Yael Tauman
• dc.contributor.author: Popa, Raluca Ada
• dc.contributor.author: Vaikuntanathan, Vinod
• dc.contributor.author: Zeldovich, Nickolai
• dc.date.issued: 2013-06
• dc.identifier.isbn: 9781450320290
• dc.identifier.issn: 0737-8017
• dc.identifier.uri: http://hdl.handle.net/1721.1/91245
• dc.description.abstract: Garbled circuits, introduced by Yao in the mid 80s, allow computing a function f on an input x without leaking anything about f or x besides f(x). Garbled circuits found numerous applications, but every known construction suffers from one limitation: it offers no security if used on multiple inputs x. In this paper, we construct for the first time reusable garbled circuits. The key building block is a new succinct single-key functional encryption scheme. Functional encryption is an ambitious primitive: given an encryption Enc(x) of a value x, and a secret key sk_f for a function f, anyone can compute f(x) without learning any other information about x. We construct, for the first time, a succinct functional encryption scheme for {\em any} polynomial-time function f where succinctness means that the ciphertext size does not grow with the size of the circuit for f, but only with its depth. The security of our construction is based on the intractability of the Learning with Errors (LWE) problem and holds as long as an adversary has access to a single key sk_f (or even an a priori bounded number of keys for different functions). Building on our succinct single-key functional encryption scheme, we show several new applications in addition to reusable garbled circuits, such as a paradigm for general function obfuscation which we call token-based obfuscation, homomorphic encryption for a class of Turing machines where the evaluation runs in input-specific time rather than worst-case time, and a scheme for delegating computation which is publicly verifiable and maintains the privacy of the computation.
• dc.description.sponsorship: Natural Sciences and Engineering Research Council of Canada (NSERC Discovery Grant)
• dc.description.sponsorship: United States. Defense Advanced Research Projects Agency (DARPA award FA8750-11-2-0225)
• dc.description.sponsorship: United States. Defense Advanced Research Projects Agency (DARPA award N66001-10-2-4089)
• dc.description.sponsorship: National Science Foundation (U.S.) (NSF award CNS-1053143)
• dc.description.sponsorship: National Science Foundation (U.S.) (NSF award IIS-1065219)
• dc.description.sponsorship: Google (Firm)
• dc.language.iso: en_US
• dc.publisher: Association for Computing Machinery
• dc.relation.isversionof: http://dx.doi.org/10.1145/2488608.2488678
• dc.source: MIT web domain
• dc.type: Article
• dc.identifier.citation: Goldwasser, Shafi, Yael Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, and Nickolai Zeldovich. “Reusable Garbled Circuits and Succinct Functional Encryption.” Proceedings of the 45th Annual ACM Symposium on Symposium on Theory of Computing - STOC ’13 (2013), June 1-4, 2013, Palo Alto, Calif. USA. ACM, p. 555-564.
• dc.contributor.department: Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
• dc.contributor.department: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
• dc.contributor.mitauthor: Goldwasser, Shafi
• dc.contributor.mitauthor: Popa, Raluca Ada
• dc.contributor.mitauthor: Zeldovich, Nickolai
• dc.relation.journal: Proceedings of the 45th annual ACM symposium on Symposium on theory of computing - STOC '13
• dc.eprint.version: Author's final manuscript
• dc.identifier.orcid: https://orcid.org/0000-0003-4728-1535
• dc.identifier.orcid: https://orcid.org/0000-0003-0238-2703