On Multiparty Garbling of Arithmetic Circuits

We initiate a study of garbled circuits that contain both Boolean and arithmetic gatesin secure multiparty computation. In particular, we incorporate the garbling gadgets for arithmeticcircuits recently presented by Ball, Malkin, and Rosulek (ACM CCS 2016) into the multiparty garblingparadigm initially introduced by Beaver, Micali, and Rogaway (STOC ’90). This is the first work thatstudies arithmetic garbled circuits in the multiparty setting. Using mixed Boolean-arithmetic circuitsallows more efficient secure computation of functions that naturally combine Boolean and arithmeticcomputations. Our garbled circuits are secure in the semi-honest model, under the same hardnessassumptions as Ball et al., and can be efficiently and securely computed in constant rounds assumingan honest majority.We first extend free addition and multiplication by a constant to the multiparty setting. We thenextend to the multiparty setting efficient garbled multiplication gates. The garbled multiplication gateconstruction we show was previously achieved only in the two-party setting and assuming a randomoracle.We further present a new garbling technique, and show how this technique can improve efficiency ingarbling selector gates. Selector gates compute a simple “if statement” in the arithmetic setting: thegate selects the output value from two input integer values, according to a Boolean selector bit; if thebit is 0 the output equals the first value, and if the bit is 1 the output equals the second value. Usingour new technique, we show a new and designated garbled selector gate that reduces by approximately33% the evaluation time, for any number of parties, from the best previously known constructions thatuse existing techniques and are secure based on the same hardness assumptions.On the downside, we find that testing equality and computing exponentiation by a constant are signif-icantly more complex to garble in the multiparty setting than in the two-party setting.