1. Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation 2017 2PC CCS GarbledCircuits Implementation
    Xiao Wang, Samuel Ranellucci, and Jonathan Katz
    [View PDF on acmccs.github.io]
    [Show BibTex Citation]

    author = {Wang, Xiao and Ranellucci, Samuel and Katz, Jonathan},
    title = {Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation},
    year = {2017},
    isbn = {9781450349468},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    url = {https://doi.org/10.1145/3133956.3134053},
    doi = {10.1145/3133956.3134053},
    booktitle = {Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security},
    pages = {21–37},
    numpages = {17},
    keywords = {two-party computation, garbled circuit, secure computation},
    location = {Dallas, Texas, USA},
    series = {CCS ’17}

We propose a simple and efficient framework for obtaining efficient constant-round protocols for maliciously secure two-party computation. Our framework uses a function-independent preprocessing phase to generate authenticated information for the two parties; this information is then used to construct a single“authenticated” garbled circuit which is transmitted and evaluated.We also show how to efficiently instantiate the preprocessing phase by designing a highly optimized version of the TinyOT protocol by Nielsen et al. Our overall protocol outperforms existing work in both the single-execution and amortized settings, with or without preprocessing: In the single-execution setting, our protocol evaluates an AES circuit with malicious security in37 ms with an online time of just 1 ms. Previous work with the best online time (also 1 ms)requires 124 ms in total; previous work with the best total time requires 62 ms (with 14 ms online time). If we amortize the computation over 1024 executions, each AES computation requires just 6.7 ms with roughly the same online time as above. The best previous work in the amortized setting has roughly the same total time but does not support function-independent preprocessing.Our work shows that the performance penalty for maliciously secure two-party computation (as compared to semi-honest security) is much smaller than previously believed.