IACR News item: 13 October 2015
Yehuda Lindell, Ben Riva
ePrint ReportWe design a highly optimized protocol in the offline/online setting that makes use of all state-of-the-art techniques, along with several new techniques that we introduce. A crucial part of our protocol is a new technique for enforcing consistency of the inputs used by the party who garbles the circuits. This technique has both theoretical and practical advantages over \\mbox{previous methods.}
We present a prototype implementation of our new protocol, which is also the first implementation of the amortized cut-and-choose technique of Lindell and Riva (Crypto 2014).
Our prototype achieves a speed of just \\emph{$7$ ms in the online stage} and just $74$ ms in the offline stage per 2PC invoked, for securely computing AES in the presence of malicious adversaries (using 9 threads on two 2.9GHz machines located in the same Amazon region). We note that no prior work has gone below one second overall on average for the secure computation of AES for malicious adversaries (nor below 20ms in the online stage). Our implementation securely evaluates SHA-256 (which is a \\emph{much bigger circuit}) with $33$ ms online time and $206$ ms offline time, per 2PC invoked.
Additional news items may be found on the IACR news page.