Efficient secure computation with garbled circuits

Abstract. Secure two-party computation enables applications in which partic-ipants compute the output of a function that depends on their private inputs, without revealing those inputs or relying on any trusted third party. In this pa-per, we show the potential of building privacy-preserving applications using gar-bled circuits, a generic technique that until recently was believed to be too ineffi-cient to scale to realistic problems. We present a Java-based framework that uses pipelining and circuit-level optimizations to build efficient and scalable privacy-preserving applications. Although the standard garbled circuit protocol assumes a very week, honest-but-curious adversary, techniques are available for convert-ing such protocols to resist stronger adversaries, including fully malicious adver-saries. We summarize approaches to producing malicious-resistant secure com-putations that reduce the costs of transforming a protocol to be secure against stronger adversaries. In addition, we summarize results on ensuring fairness, the property that either both parties receive the result or neither party does. Several open problems remain, but as theory and pragmatism advance, secure computa-tion is approaching the point where it offers practical solutions for a wide variety of important problems.