Symmetry (May 2024)

A Ciphertext Reduction Scheme for Garbling an S-Box in an AES Circuit with Minimal Online Time

  • Xu Yan,
  • Bin Lian,
  • Yunhao Yang,
  • Xiaotie Wang,
  • Jialin Cui,
  • Xianghong Zhao,
  • Fuqun Wang,
  • Kefei Chen

DOI
https://doi.org/10.3390/sym16060664
Journal volume & issue
Vol. 16, no. 6
p. 664

Abstract

Read online

The secure computation of symmetric encryption schemes using Yao’s garbled circuits, such as AES, allows two parties, where one holds a plaintext block m and the other holds a key k, to compute Enc(k,m) without leaking m and k to one another. Due to its wide application prospects, secure AES computation has received much attention. However, the evaluation of AES circuits using Yao’s garbled circuits incurs substantial communication overhead. To further improve its efficiency, this paper, upon observing the special structures of AES circuits and the symmetries of an S-box, proposes a novel ciphertext reduction scheme for garbling an S-box in the last SubBytes step. Unlike the idea of traditional Yao’s garbled circuits, where the circuit generator uses the input wire labels to encrypt the corresponding output wire labels, our garbling scheme uses the input wire labels of an S-box to encrypt the corresponding “flip bit strings”. This approach leads to a significant performance improvement in our garbling scheme, which necessitates only 28 ciphertexts to garble an S-box and a single invocation of a cryptographic primitive for decryption compared to the best result in previous work that requires 8×28 ciphertexts to garble an S-box and multiple invocations of a cryptographic primitive for decryption. Crucially, the proposed scheme provides a new idea to improve the performance of Yao’s garbled circuits. We analyze the security of the proposed scheme in the semi-honest model and experimentally verify its efficiency.

Keywords