Breaking the circuit size barrier for secure computation under DDH

Elette Boyle, Niv Gilboa, Yuval Ishai

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

65 Scopus citations


Under the Decisional Diffie-Hellman (DDH)assumption, we present a 2-out-of-2 secret sharing scheme that supports a compact evaluation of branching programs on the shares. More concretely, there is an evaluation algorithm Eval with a single bit of output, such that if an input w ∈ {0, 1}n is shared into (w0, w1), then for any deterministic branching program P of size S we have that Eval(P,w0)⊕ Eval(P,w1)= P(w)except with at most δ failure probability. The running time of the sharing algorithm is polynomial in n and the security parameter λ, and that of Eval is polynomial in S, λ, and 1/δ. This applies as a special case to boolean formulas of size S or boolean circuits of depth log S. We also present a public-key variant that enables homomorphic computation on inputs contributed by multiple clients. The above result implies the following DDH-based applications: – A secure 2-party computation protocol for evaluating any branching program or formula of size S, where the communication complexity is linear in the input size and only the running time grows with S. – A secure 2-party computation protocol for evaluating layered boolean circuits of size S with communication complexity O(S/ log S). – A 2-party function secret sharing scheme, as defined by Boyle et al. (Eurocrypt 2015), for general branching programs (with inverse polynomial error probability). – A 1-round 2-server private information retrieval scheme supporting general searches expressed by branching programs. Prior to our work, similar results could only be achieved using fully homomorphic encryption. We hope that our approach will lead to more practical alternatives to known fully homomorphic encryption schemes in the context of low-communication secure computation.

Original languageEnglish
Title of host publicationAdvances in Cryptology - 36th Annual International Cryptology Conference, CRYPTO 2016, Proceedings
EditorsMatthew Robshaw, Jonathan Katz
PublisherSpringer Verlag
Number of pages31
ISBN (Print)9783662530177
StatePublished - 1 Jan 2016
Event36th Annual International Cryptology Conference, CRYPTO 2016 - Santa Barbara, United States
Duration: 14 Aug 201618 Aug 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference36th Annual International Cryptology Conference, CRYPTO 2016
Country/TerritoryUnited States
CitySanta Barbara

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)


Dive into the research topics of 'Breaking the circuit size barrier for secure computation under DDH'. Together they form a unique fingerprint.

Cite this