In this research we aim at combining Authenticated Garbling and VOLE-in-the-Head techniques to make Garbled Circuit publicly verifiable.
We are working on a prototype of our protocol in C++ which put together the code base of emp-ag2pc (Authenticated Garbling) and faest (VOLE-in-the-Head).
Garbled Circuit (GC) protocol consists of two parties called Garbler (G) and Evaluator (E). In GC-based MPC the Garbler G will encrypt (garble) the circuit and send the encrypted circuit C along with its decryption keys (that correspond to G's private inputs but look random to the Evaluator E) and let the Evaluator E obtain its decryption keys (via Oblivious Transfer, that correspond to the Evaluator E's private input but without the Garbler G learning which keys are obtained). Then the Evaluator E can decrypt the garbled circuit C to obtain the final result (and send it back to the Garbler G if necessary). GC-based MPC is constant round so network latency is not an important factor here. The bottleneck in this approach is the size of the garbled circuit C and thus network bandwidth is key to scalability of GC-based MPC.
For more information also see an in-depth description of Garbled Circuit: Primer to GC and Optimizations + (Generalized) Half-Gate Optimization.
Authenticated Garbling is a technique in which the Evaluator can "authenticate" the garbled circuit sent by the Garbler such that it can detect any deviation from the protocol and abort if necessary.
Authenticated shared bits: 2 instances of VOLE (between A and B) for (A sender), and (B sender); during evalaution of -th wire (output ), B learns
Authenticated parallel AND (*) (circuit independent): use the VOLE instances to come up with
Authenticated circuit wires (circuit dependent) via Authenticated Garbling:
For XOR: trivial just XOR the authenticated bits (also done locally by evaluator without communication)
For AND:
How to compute
On how to generate the VOLE instances
See more at
Authenticated Garbling for Active Secure Garbled (Boolean Circuit)
VOLE-in-the-Head is a technique that allows generation of public verifiable VOLE instances. VOLEitH makes use of All-but-One Vector Commitment.
To open one seed one can simply send its path sibblings.
We simply generate VOLE instances of Authenticated Garbling using VOLE-in-the-Head technique to make the Garbled Circuit not only authenticated to the Evaluator but also to the public verifier.