University of Calgary
The authors advocate schemes based on fixed-key AES as the best route to highly efficient circuit-garbling. They provide such schemes making only one AES call per garbled-gate evaluation. On the theoretical side, they justify the security of these methods in the random-permutation model, where parties have access to a public random permutation. On the practical side, they provide the JustGarble system, which implements their schemes. JustGarble evaluates moderate-sized garbled-circuits at an amortized cost of 23.2 cycles per gate (7.25 nsec), far faster than any prior reported results.