International Association
for Cryptologic Research

In the last few years garbled circuits (GC) have been elevated from being merely a component in Yao\'s protocol for secure two-party computation, to a cryptographic primitive in its own right, following the growing number applications that use GCs.

Zero-Knowledge (ZK) protocols is one of these examples: In a recent paper Jawurek et al. [JKO13] showed that GCs can be used to construct efficient ZK for unstructured languages. In this work we show that due to the property of this particular scenario (i.e., one of the party knows all the secret input bits, and therefore all intermediate values in the computation), we can construct more efficient garbled schemes specifically tailored to this goal.

As a highlight of our result, in one of our constructions only one encryption per gate needs to be communicated, and XOR gates never require any cryptographic operation.

In addition to making a step forward towards more practical ZK, we believe that our contribution is also interesting from a conceptual point of view: in the terminology of Bellare et al. [BHR12] our garbling schemes achieve authenticity, but no privacy nor obliviousness, therefore representing the first natural separation between those notions.