BaseOTs in Yao garbled circuit

[ramym1]

Hi, are online BaseOTs calculations needed If only Yao Garbled circuit is used? If not, is it possible to configure ABY not to perform BaseOTs calculations (or moving the BaseOTs part to the offline phase) in such a case? If such possibility is not yet implemented, would it make sense to try updating the source code myself so the online BaseOT part won't be performed when only using Yao Garbled circuit? (I mean, will this hurt other functionalities in the code?)

Thanks a lot.

[dd23]

You need OTs for evaluator to receive the wire labels corresponding to his private inputs to the garbled circuit. For efficiency reasons we use OT Extension, which always require a certain amount of base OTs. So yes, as far as I'm aware you do need base OTs for Yao's GCs. Unless I'm missing some exotic scheme, or you want to do something different.

However, these Base OTs are only performed once (immediately after the parties connect and before setup and online phase) and are usually not considered in the setup or online running time measurement.

[ramym1]

I see, so is it possible to run the same circle with different inputs more than one time while performing Base OTs only once?

[MartKro]

That's exactly the idea behind the SIMD (short for simple instruction multiple data) input/output gates (operations like and or add work like the if they were single data). I will highly recommend you to read the 4th chapter of the ABY developer guide if you are interested.

[ramym1]

Thanks a lot 👍

[dd23]

Quick follow-up: You don't necessarily need to model your circuit as SIMD, you can also run different/multiple circuits between two parties that only connect once.

Essentially you can do the following:

1. connect the parties (which runs the base OTs),
2. evaluate some circuit
3. reset the parties
4. go back to 2. if there are other circuits to evaluate.

Have a look at our test cases, where we do this. This is the test method, and here is the call to reset.

[ramym1]

Thanks! Is it possible to do something similar regarding the setup phase and online phase (To run the same circuit multiple times while performing setup phase only once) ?

[dd23]

That is possible but be aware that this is not secure and must only be done for testing purposes.

We have implemented this for Boolean sharing with GMW, but be aware that this code might not be perfect and is not really tested…

Have a look here: https://github.com/encryptogroup/ABY/blob/public/src/examples/min-euclidean-dist/common/min-euclidean-dist-circuit.cpp#L36

In order to run the setup phase only once, call the following: sharings[S_BOOL]->SetPreCompPhaseValue(ePreCompRAMWrite); This should in the first iteration run the setup phase and in the following iterations re-use the same setup phase from before.

[ramym1]

I see, can you please clarify the idea behind trying to reduce the online phase as much as possible? For example, in Yao Garbled circuit protocol, why is it helpful to transfer garbled circuits in the setup phase? will this reduce the total time of communication or the number of communication rounds?

[dd23]

Have a look at the papers: http://encrypto.de/papers/DSZ15.pdf https://eprint.iacr.org/2009/411

[dnat112]

Why is it that the baseOTs only need to be run once rather than once per circuit? Is there something special you are doing to re-use the baseOTs? If the parties connect again in the future, will the baseOTs need to be run again (or can they be stored somewhere and re-used)?