A basic implementation of Yao's Garbled Circuits

Related tags

Cryptography yao-gc
Overview

yao-gc

This is a rudimentary implementation of Yao's Garbled Circuits. This is a technique which allows two parties to evaluate a boolean function on their private inputs, without revealing those inputs to eachother.

This is a special case of Multiparty-Computation, in the case of 2 parties which are semi-honest. By semi-honest, we mean that both parties will follow the protocol, and won't send malicious inputs in an attempt to derail it.

This implementation provides a LISP-y DSL for describing circuits, and implements a simple command line program which runs the protocol by communicating over TCP.

Usage

yao-gc 0.1.0

USAGE:
    yao-gc [FLAGS] <ADDRESS> --circuit <circuit>

FLAGS:
    -h, --help       Prints help information
    -l, --listen     If true, then this will be the garbler listening for connections
    -V, --version    Prints version information

OPTIONS:
    -c, --circuit <circuit>    The path to the circuit file

ARGS:
    <ADDRESS>    The network address to listen on, or to connect to

As an example, consider having a simple and circuit in the file circuit.txt:

(& a0 b0)

This calculates the and operation between A's first input, and B's first input.

A will go first:

$ yao-gc --listen --circuit circuit.txt localhost:1234
input:
1

Then B will go second, connecting to the port that A is listening on:

$ yao-gc --circuit circuit.txt localhost:1234
input:
0
false

A will also print false, since they receive the result after running the protocol as well.

The number of input bits is determined by the maximum input the circuit uses for that respective party. So if the circuit contains a2 as the largest input, then A will need to supply 3 bits, for a0, a1, and a2.

Circuit Language

The language is very simple. A program is a single boolean expression, which is either:

  • An input, like a0, or b0
  • A unary operator (! <expr>)
  • A binary operator (<op> <expr> <expr>)

Inputs

Each input starts with either a, or b, and then the index of the input (zero-based). Inputs starting with a denote party A, or the one listening for a connection, and inputs starting with b denote the other party, which initiates the connection.

Unary Operators

There's a single unary operation !, which negates a boolean value.

Binary Operators

There are currently 4 supported binary operators:

  • & the and operator
  • | the or operator
  • ^ the xor operator
  • = the equals operator

These, combined with !, are sufficient to implement every boolean operation.

Examples

Examples can be found in the /examples directory of this repository.

Limitations

  • Only a single output is supported at the moment.

This isn't a fundamental limitation of garbled circuits, just of this implementation. This could easily be amended

  • The protocol only works for two parties
  • The protocol isn't maliciously secure

This are limitations of the protocol being implemented, not this implementation.

You might also like...
Polkadot Node Implementation

Polkadot Implementation of a https://polkadot.network node in Rust based on the Substrate framework. NOTE: In 2018, we split our implementation of "Po

Official implementation of the YeeCo Root Chain (Layer 1)
Official implementation of the YeeCo Root Chain (Layer 1)

yeeroot Official implementation of the YeeCo Root Chain (Layer 1) YeeCo is a permissionless, secure, high performance and scalable public blockchain p

A (mostly) pure-Rust implementation of various cryptographic algorithms.

Rust-Crypto A (mostly) pure-Rust implementation of various common cryptographic algorithms. Rust-Crypto seeks to create practical, auditable, pure-Rus

A pure-Rust implementation of group operations on Ristretto and Curve25519
A pure-Rust implementation of group operations on Ristretto and Curve25519

curve25519-dalek A pure-Rust implementation of group operations on Ristretto and Curve25519. curve25519-dalek is a library providing group operations

An implementation of Keccak derived functions specified in FIPS-202, SP800-185 and KangarooTwelve

tiny-keccak An implementation of Keccak derived functions specified in FIPS-202, SP800-185 and KangarooTwelve. Documentation The Keccak-f[1600] permut

[INACTIVE] TLS 1.2 implementation in Rust

suruga is Rust implementation of TLS 1.2. It currently implements some core parts of TLS 1.2, NIST P-256 ECDHE and chacha20-poly1305. Usage extern cra

An implementation of the OPAQUE password-authenticated key exchange protocol

The OPAQUE key exchange protocol OPAQUE is an asymmetric password-authenticated key exchange protocol. It allows a client to authenticate to a server

A prototype implementation of the Host Identity Protocol v2 for bare-metal systems, written in pure-rust.
A prototype implementation of the Host Identity Protocol v2 for bare-metal systems, written in pure-rust.

Host Identity Protocol for bare-metal systems, using Rust I've been evaluating TLS replacements in constrained environments for a while now. Embedded

Statemint Node Implementation

Statemint Implementation of Statemint, a blockchain to support generic assets in the Polkadot and Kusama networks. Statemint will allow users to: Depl

Owner
Lúcás Meier
"apprentice cryptographer"
Lúcás Meier
🛠️ Uses zkevm-circuits and anvil mainnetfork to prove that a tx solves an EVM challenge

zk-proof-of-evm-execution This is a PoC developed at hackathon that enables a user to prove that they know some calldata that can solve a challenge on

soham 9 Mar 29, 2023
Arkworks circuits for verifiable time-lock encryption

zk-timelock This repo contains arithmetic circuits for verifiable time-lock encryption made using arkworks-rs toolkit. For more details on such an enc

Timofey 68 Apr 5, 2023
Uses Plonky2 proof system to build recursive circuits for Merkle Trees.

ProvableMerkleTrees Introduction This repo provides Rust code to build Merkle Trees, equipped with a Provable interface to generate Zero Knowledge pro

null 5 Aug 18, 2023
A basic contract to facilitate multi-hop FIN swaps

Fin Multi A basic contract designed to support consolidation of staking "dust" into a single asset, via FIN Market Swaps. ExecuteMsg requires a Vec<Ve

Kujira 2 Oct 11, 2022
basic rust-libp2p gossipsub network

gossipnet is Archived This repository has been archived and is no longer actively maintained. The project has been consolidated into a mono repository

Astria 9 May 25, 2023
Minimal implementation of the Mimblewimble protocol.

Grin Grin is an in-progress implementation of the Mimblewimble protocol. Many characteristics are still undefined but the following constitutes a firs

null 5k Dec 28, 2022
IBC modules and relayer - Formal specifications and Rust implementation

ibc-rs Rust implementation of the Inter-Blockchain Communication (IBC) protocol. This project comprises primarily four crates: The ibc crate defines t

Informal Systems 296 Dec 31, 2022
A Rust implementation of BIP-0039

bip39-rs A Rust implementation of BIP0039 Changes See the changelog file, or the Github releases for specific tags. Documentation Add bip39 to your Ca

Infincia LLC 49 Dec 9, 2022
Official Rust implementation of the Nimiq protocol

Nimiq Core implementation in Rust (core-rs) Rust implementation of the Nimiq Blockchain Core Nimiq is a frictionless payment protocol for the web. Thi

Nimiq 72 Sep 23, 2022
Rust implementation of Zcash protocol

The Parity Zcash client. Gitter Blog: Parity teams up with Zcash Foundation for Parity Zcash client Installing from source Installing the snap Running

Parity Technologies 183 Sep 8, 2022