practical garbled circuit optimizations
play

Practical Garbled Circuit Optimizations Mike Rosulek Collaborators: - PowerPoint PPT Presentation

Jan 27, 2023 •573 likes •2.19k views

Practical Garbled Circuit Optimizations Mike Rosulek Collaborators: David Evans / Vlad Kolesnikov / Payman Mohassel / Samee Zahur Garbled circuit framework [Yao86] Garbled circuit framework [Yao86] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 1

  1. Average bits per garbled gate [ZahurRosulekEvans] [Yao,GoldreichMicaliWigderson] [NaorPinkasSumner] [KolesnikovMohasselRosulek] 5 λ [BeaverMicaliRogaway] [PinkasSchneiderSmartWilliams] 4 λ [KolesnikovSchneider] 3 λ 2 λ DES SHA256 1 λ SHA1 AES 1986 1990 1999 2008 2009 2014 2015 Prediction: by 2026, all garbled circuits will have zero size.

  2. Murky beginnings [Yao86] A 0 , A 1 C 0 , C 1 B 0 , B 1 E A 0 , B 0 ( C 0 ) E A 0 , B 1 ( C 1 ) E A 1 , B 0 ( C 0 ) E A 1 , B 1 ( C 0 ) ◮ Position in this list leaks semantic value

  3. Murky beginnings [Yao86] A 0 , A 1 C 0 , C 1 B 0 , B 1 E A 0 , B 0 ( C 0 ) E A 0 , B 1 ( C 1 ) E A 1 , B 0 ( C 0 ) E A 1 , B 1 ( C 0 ) ◮ Position in this list leaks semantic value

  4. Murky beginnings [Yao86] A 0 , A 1 C 0 , C 1 B 0 , B 1 E A 0 , B 0 ( C 0 ) E A 0 , B 1 ( C 1 ) E A 1 , B 0 ( C 0 ) E A 1 , B 1 ( C 0 ) ◮ Position in this list leaks semantic value = ⇒ permute ciphertexts

  5. Murky beginnings [Yao86] A 0 , A 1 C 0 , C 1 B 0 , B 1 E A 0 , B 0 ( C 0 ) E A 0 , B 1 ( C 1 ) E A 1 , B 0 ( C 0 ) E A 1 , B 1 ( C 0 ) ◮ Position in this list leaks semantic value = ⇒ permute ciphertexts ◮ Need to detect [in]correct decryption

  6. Murky beginnings [Yao86] A 0 , A 1 C 0 , C 1 B 0 , B 1 E A 0 , B 0 ( C 0 ) E A 0 , B 1 ( C 1 ) E A 1 , B 0 ( C 0 ) E A 1 , B 1 ( C 0 ) ◮ Position in this list leaks semantic value = ⇒ permute ciphertexts ◮ Need to detect [in]correct decryption ◮ (Apparently) no one knows exactly what Yao had in mind: ◮ E K 0 , K 1 ( M ) = � E ( K 0 , S 0 ) , E ( K 1 , S 1 ) � where S 0 ⊕ S 1 = M [GoldreichMicaliWigderson87] ◮ E K 0 , K 1 ( M ) = E ( K 1 , E ( K 0 , M )) [LindellPinkas09]

  7. Permute-and-Point [BeaverMicaliRogaway90] A 0 , A 1 C 0 , C 1 B 0 , B 1 E A 0 , B 0 ( C 0 ) E A 0 , B 1 ( C 1 ) E A 1 , B 0 ( C 0 ) E A 1 , B 1 ( C 0 )

  8. Permute-and-Point [BeaverMicaliRogaway90] ◮ Randomly assign ( • , • ) or ( • , • ) A • 0 , A • C • 0 , C • 1 1 to each pair of wire labels B • 0 , B • ◮ Include color in the wire label 1 (e.g., as last bit) 0 ( C • 0 ) E A • 0 , B • 1 ( C • E A • 1 ) 0 , B • 0 ( C • E A • 0 ) 1 , B • 1 ( C • 0 ) E A • 1 , B •

  9. Permute-and-Point [BeaverMicaliRogaway90] ◮ Randomly assign ( • , • ) or ( • , • ) A • 0 , A • C • 0 , C • 1 1 to each pair of wire labels B • 0 , B • ◮ Include color in the wire label 1 (e.g., as last bit) •• E A 0 , B 0 ( C • 0 ) ◮ Order the 4 ciphertexts •• E A 0 , B 1 ( C • 1 ) canonically, by color of keys •• E A 1 , B 0 ( C • 0 ) •• E A 1 , B 1 ( C • 0 )

  10. Permute-and-Point [BeaverMicaliRogaway90] ◮ Randomly assign ( • , • ) or ( • , • ) A • 0 , A • C • 0 , C • 1 1 to each pair of wire labels B • 0 , B • ◮ Include color in the wire label 1 (e.g., as last bit) •• E A 0 , B 1 ( C • 1 ) ◮ Order the 4 ciphertexts •• E A 0 , B 0 ( C • 0 ) canonically, by color of keys •• E A 1 , B 1 ( C • 0 ) •• E A 1 , B 0 ( C • 0 )

  11. Permute-and-Point [BeaverMicaliRogaway90] ◮ Randomly assign ( • , • ) or ( • , • ) A 0 , A • C 0 , C 1 1 to each pair of wire labels B 0 , B • ◮ Include color in the wire label 1 (e.g., as last bit) •• E A 0 , B 1 ( C 1 ) ◮ Order the 4 ciphertexts •• E A 0 , B 0 ( C 0 ) canonically, by color of keys •• E A 1 , B 1 ( C 0 ) ◮ Evaluate by decrypting •• E A 1 , B 0 ( C 0 ) ciphertext indexed by your colors

  12. Permute-and-Point [BeaverMicaliRogaway90] ◮ Randomly assign ( • , • ) or ( • , • ) A 0 , A • C • 0 , C 1 1 to each pair of wire labels B 0 , B • ◮ Include color in the wire label 1 (e.g., as last bit) •• E A 0 , B 1 ( C 1 ) ◮ Order the 4 ciphertexts •• E A 0 , B 0 ( C 0 ) canonically, by color of keys •• E A 1 , B 1 ( C • 0 ) ◮ Evaluate by decrypting •• E A 1 , B 0 ( C 0 ) ciphertext indexed by your colors

  13. Permute-and-Point [BeaverMicaliRogaway90] ◮ Randomly assign ( • , • ) or ( • , • ) A 0 , A • C • 0 , C 1 1 to each pair of wire labels B 0 , B • ◮ Include color in the wire label 1 (e.g., as last bit) •• E A 0 , B 1 ( C 1 ) ◮ Order the 4 ciphertexts •• E A 0 , B 0 ( C 0 ) canonically, by color of keys •• E A 1 , B 1 ( C • 0 ) ◮ Evaluate by decrypting •• E A 1 , B 0 ( C 0 ) ciphertext indexed by your colors Can use one-time-secure symmetric encryption!

  14. Computational cost of garbling E A , B ( C ) : cost to garble AES PRF ( A , gateID ) ⊕ PRF ( B , gateID ) ⊕ C ∼ 6s [extrapolated] [NaorPinkasSumner99] time from Fairplay [MNPS04] : PRF = SHA256

  15. Computational cost of garbling 2 hash ≫ 1 hash E A , B ( C ) : cost to garble AES PRF ( A , gateID ) ⊕ PRF ( B , gateID ) ⊕ C ∼ 6s [extrapolated] [NaorPinkasSumner99] time from Fairplay [MNPS04] : PRF = SHA256 H ( A � B � gateID ) ⊕ C 0.15s [LindellPinkasSmart08] time from [sS12] ; H = SHA256

  16. Computational cost of garbling 2 hash ≫ 1 hash ≫ 1 block cipher E A , B ( C ) : cost to garble AES PRF ( A , gateID ) ⊕ PRF ( B , gateID ) ⊕ C ∼ 6s [extrapolated] [NaorPinkasSumner99] time from Fairplay [MNPS04] : PRF = SHA256 H ( A � B � gateID ) ⊕ C 0.15s [LindellPinkasSmart08] time from [sS12] ; H = SHA256 AES256 ( A � B , gateID ) ⊕ C 0.12s [shelatShen12]

  17. Computational cost of garbling 2 hash ≫ 1 hash ≫ 1 block cipher ≫ 1 block cipher w/o key schedule E A , B ( C ) : cost to garble AES PRF ( A , gateID ) ⊕ PRF ( B , gateID ) ⊕ C ∼ 6s [extrapolated] [NaorPinkasSumner99] time from Fairplay [MNPS04] : PRF = SHA256 H ( A � B � gateID ) ⊕ C 0.15s [LindellPinkasSmart08] time from [sS12] ; H = SHA256 AES256 ( A � B , gateID ) ⊕ C 0.12s [shelatShen12] AES ( const , K ) ⊕ K ⊕ C 0.0003s where K = 2 A ⊕ 4 B ⊕ gateID [BellareHoangKeelveedhiRogaway13]

  18. Scoreboard size ( × λ ) garble cost eval cost assumption Classical large? 8 5 PKE P&P 4 4/8 1/2 hash/PRF

  19. Garbled Row Reduction [NaorPinkasSumner99] A • 0 , A • C • 0 C • 1 1 B • 0 B • 1 •• E A 0 , B 1 ( C • 1 ) •• E A 0 , B 0 ( C • 0 ) •• E A 1 , B 1 ( C • 0 ) •• E A 1 , B 0 ( C • 0 )

  20. Garbled Row Reduction [NaorPinkasSumner99] C 0 ← { 0 , 1 } n C 1 ← { 0 , 1 } n A • 0 , A • C • 0 C • 1 1 B • 0 B • 1 •• E A 0 , B 1 ( C • 1 ) •• E A 0 , B 0 ( C • 0 ) •• E A 1 , B 1 ( C • 0 ) •• E A 1 , B 0 ( C • 0 )

  21. Garbled Row Reduction [NaorPinkasSumner99] C 0 ← { 0 , 1 } n C 1 ← { 0 , 1 } n A • 0 , A • C • 0 C • 1 1 B • 0 B • 1 •• E A 0 , B 1 ( C • 1 ) •• E A 0 , B 0 ( C • 0 ) •• E A 1 , B 1 ( C • 0 ) •• E A 1 , B 0 ( C • 0 ) ◮ What wire label will be payload of 1st ( •• ) ciphertext?

  22. Garbled Row Reduction [NaorPinkasSumner99] C 0 ← { 0 , 1 } n C 1 = E − 1 A 0 , B 1 ( 0 n ) A • 0 , A • C • 0 C • 1 1 B • 0 B • 1 •• E A 0 , B 1 ( C • 1 ) •• E A 0 , B 0 ( C • 0 ) •• E A 1 , B 1 ( C • 0 ) •• E A 1 , B 0 ( C • 0 ) ◮ What wire label will be payload of 1st ( •• ) ciphertext? ◮ Choose that label so that 1st ciphertext is 0 n

  23. Garbled Row Reduction [NaorPinkasSumner99] C 0 ← { 0 , 1 } n C 1 = E − 1 A 0 , B 1 ( 0 n ) A • 0 , A • C • 0 C • 1 1 B • 0 B • 1 0 n •• •• E A 0 , B 0 ( C • 0 ) •• E A 1 , B 1 ( C • 0 ) •• E A 1 , B 0 ( C • 0 ) ◮ What wire label will be payload of 1st ( •• ) ciphertext? ◮ Choose that label so that 1st ciphertext is 0 n

  24. Garbled Row Reduction [NaorPinkasSumner99] C 0 ← { 0 , 1 } n C 1 = E − 1 A 0 , B 1 ( 0 n ) A • 0 , A • C • 0 C • 1 1 B • 0 B • 1 •• E A 0 , B 0 ( C • 0 ) •• E A 1 , B 1 ( C • 0 ) •• E A 1 , B 0 ( C • 0 ) ◮ What wire label will be payload of 1st ( •• ) ciphertext? ◮ Choose that label so that 1st ciphertext is 0 n ◮ No need to include 1st ciphertext in garbled gate

  25. Garbled Row Reduction [NaorPinkasSumner99] C 0 ← { 0 , 1 } n C 1 = E − 1 A 0 , B 1 ( 0 n ) A • 0 , A • C • 0 C • 1 1 B • 0 B • 1 •• E A 0 , B 0 ( C • 0 ) •• E A 1 , B 1 ( C • 0 ) •• E A 1 , B 0 ( C • 0 ) ◮ What wire label will be payload of 1st ( •• ) ciphertext? ◮ Choose that label so that 1st ciphertext is 0 n ◮ No need to include 1st ciphertext in garbled gate ◮ Evaluate as before, but imagine ciphertext 0 n if you got •• .

  26. Scoreboard size ( × λ ) garble cost eval cost assumption Classical large? 8 5 PKE P&P 4 4/8 1/2 hash/PRF GRR3 3 4/8 1/2 hash/PRF

  27. Free XOR [KolesnikovSchneider08] A 0 , A 1 C 0 , C 1 B 0 , B 1

  28. Free XOR [KolesnikovSchneider08] A , A ⊕ ∆ A C , C ⊕ ∆ C B , B ⊕ ∆ B ◮ Wire’s offset ≡ XOR of its two labels

  29. Free XOR [KolesnikovSchneider08] A , A ⊕ ∆ C , C ⊕ ∆ B , B ⊕ ∆ ◮ Wire’s offset ≡ XOR of its two labels ◮ Choose all wires to have same (secret) offset ∆

  30. Free XOR [KolesnikovSchneider08] C ← { 0 , 1 } n A , A ⊕ ∆ C , C ⊕ ∆ B , B ⊕ ∆ ◮ Wire’s offset ≡ XOR of its two labels ◮ Choose all wires to have same (secret) offset ∆

  31. Free XOR [KolesnikovSchneider08] C : = A ⊕ B A , A ⊕ ∆ C , C ⊕ ∆ B , B ⊕ ∆ A ⊕ B = A ⊕ B � ������ �� ������ � ���� ���� false false false ◮ Wire’s offset ≡ XOR of its two labels ◮ Choose all wires to have same (secret) offset ∆ ◮ Choose false output = false input ⊕ false input

  32. Free XOR [KolesnikovSchneider08] C : = A ⊕ B A , A ⊕ ∆ C , C ⊕ ∆ B , B ⊕ ∆ A ⊕ B ⊕ ∆ = A ⊕ B ⊕ ∆ � ������ �� ������ � ���� ���� false true true ◮ Wire’s offset ≡ XOR of its two labels ◮ Choose all wires to have same (secret) offset ∆ ◮ Choose false output = false input ⊕ false input ◮ Evaluate by xor ing input wire labels (no crypto)

  33. Free XOR [KolesnikovSchneider08] C : = A ⊕ B A , A ⊕ ∆ C , C ⊕ ∆ B , B ⊕ ∆ A ⊕ ∆ ⊕ B = A ⊕ B ⊕ ∆ � ������ �� ������ � ���� ���� false true true ◮ Wire’s offset ≡ XOR of its two labels ◮ Choose all wires to have same (secret) offset ∆ ◮ Choose false output = false input ⊕ false input ◮ Evaluate by xor ing input wire labels (no crypto)

  34. Free XOR [KolesnikovSchneider08] C : = A ⊕ B A , A ⊕ ∆ C , C ⊕ ∆ B , B ⊕ ∆ A ⊕ ∆ ⊕ B ⊕ ∆ = A ⊕ B � ������ �� ������ � ���� ���� true true false ◮ Wire’s offset ≡ XOR of its two labels ◮ Choose all wires to have same (secret) offset ∆ ◮ Choose false output = false input ⊕ false input ◮ Evaluate by xor ing input wire labels (no crypto)

  35. Freedom at a cost . . . A , A ⊕ ∆ C , C ⊕ ∆ B , B ⊕ ∆ ( C ) E A , B E A , B ⊕ ∆ ( C ⊕ ∆) E A ⊕ ∆ , B ( C ) E A ⊕ ∆ , B ⊕ ∆ ( C ) ◮ Still need to garble and gates

  36. Freedom at a cost . . . C ← { 0 , 1 } n A , A ⊕ ∆ C , C ⊕ ∆ B , B ⊕ ∆ ( C ) E A , B E A , B ⊕ ∆ ( C ⊕ ∆) E A ⊕ ∆ , B ( C ) E A ⊕ ∆ , B ⊕ ∆ ( C ) ◮ Still need to garble and gates ◮ Compatible with garbled row-reduction

  37. Freedom at a cost . . . C : = E − 1 A , B ( 0 n ) A , A ⊕ ∆ C , C ⊕ ∆ B , B ⊕ ∆ ( C E A ) , B , B ⊕ ∆ ( C ⊕ ∆) E A ( C ) E A ⊕ ∆ , B E A ⊕ ∆ , B ⊕ ∆ ( C ) ◮ Still need to garble and gates ◮ Compatible with garbled row-reduction

  38. Freedom at a cost . . . A , A ⊕ ∆ C , C ⊕ ∆ B , B ⊕ ∆ ( C E A ) , B , B ⊕ ∆ ( C ⊕ ∆) E A ( C ) E A ⊕ ∆ , B E A ⊕ ∆ , B ⊕ ∆ ( C ) ◮ Still need to garble and gates ◮ Compatible with garbled row-reduction ◮ Secret ∆ used in key and payload of ciphertexts!

  39. Freedom at a cost . . . A , A ⊕ ∆ C , C ⊕ ∆ B , B ⊕ ∆ ( C E A ) , B , B ⊕ ∆ ( C ⊕ ∆) E A ( C ) E A ⊕ ∆ , B E A ⊕ ∆ , B ⊕ ∆ ( C ) ◮ Still need to garble and gates ◮ Compatible with garbled row-reduction ◮ Secret ∆ used in key and payload of ciphertexts! ◮ Requires related-key + circularity assumption [ChoiKatzKumaresanZhou12]

  40. Scoreboard size ( × λ ) garble cost eval cost assumption XOR AND XOR AND XOR AND Classical large? 8 5 PKE P&P 4 4 4/8 4/8 1/2 1/2 PRF/hash GRR3 3 3 4/8 4/8 1/2 1/2 PRF/hash Free XOR 0 3 0 4 0 1 circ. hash

  41. Row reduction ++ [PinkasSchneiderSmartWilliams09] Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 B 0 , B 1

  42. Row reduction ++ [PinkasSchneiderSmartWilliams09] Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) K 2 = E − 1 A 0 , B 1 ( 0 n ) K 3 = E − 1 A 1 , B 0 ( 0 n ) K 4 = E − 1 A 1 , B 1 ( 0 n )

  43. Row reduction ++ [PinkasSchneiderSmartWilliams09] Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0

  44. Row reduction ++ [PinkasSchneiderSmartWilliams09] Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0 ( 3 , K 3 ) ( 4 , K 4 ) ( 1 , K 1 ) ( 1 , K 1 ) , ( 3 , K 3 ) , ( 4 , K 4 )

  45. Row reduction ++ [PinkasSchneiderSmartWilliams09] Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0 ( 3 , K 3 ) ( 4 , K 4 ) ( 1 , K 1 ) P = uniq deg-2 poly thru ( 1 , K 1 ) , ( 3 , K 3 ) , ( 4 , K 4 )

  46. Row reduction ++ [PinkasSchneiderSmartWilliams09] Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 ( 2 , K 2 ) K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 P ( 6 ) K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0 P ( 5 ) P = uniq deg-2 poly thru ( 1 , K 1 ) , ( 3 , K 3 ) , ( 4 , K 4 ) ( 2 , K 2 ) , ( 5 , P ( 5 )) , ( 6 , P ( 6 ))

  47. Row reduction ++ [PinkasSchneiderSmartWilliams09] Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 ( 2 , K 2 ) K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 P ( 6 ) K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0 P ( 5 ) P = uniq deg-2 poly thru ( 1 , K 1 ) , ( 3 , K 3 ) , ( 4 , K 4 ) Q = uniq deg-2 poly thru ( 2 , K 2 ) , ( 5 , P ( 5 )) , ( 6 , P ( 6 ))

  48. Row reduction ++ [PinkasSchneiderSmartWilliams09] C 0 = P ( 0 ) ; C 1 = Q ( 0 ) Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 P ( 0 ) K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0 Q ( 0 ) P = uniq deg-2 poly thru ( 1 , K 1 ) , ( 3 , K 3 ) , ( 4 , K 4 ) Q = uniq deg-2 poly thru ( 2 , K 2 ) , ( 5 , P ( 5 )) , ( 6 , P ( 6 ))

  49. Row reduction ++ [PinkasSchneiderSmartWilliams09] C 0 = P ( 0 ) ; C 1 = Q ( 0 ) Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 P ( 5 ) P ( 6 ) K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 P ( 0 ) K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 P ( 6 ) K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0 P ( 5 ) Q ( 0 ) P = uniq deg-2 poly thru ( 1 , K 1 ) , ( 3 , K 3 ) , ( 4 , K 4 ) Q = uniq deg-2 poly thru ( 2 , K 2 ) , ( 5 , P ( 5 )) , ( 6 , P ( 6 ))

  50. Row reduction ++ [PinkasSchneiderSmartWilliams09] C 0 = P ( 0 ) ; C 1 = Q ( 0 ) Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 P ( 5 ) P ( 6 ) K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 P ( 6 ) K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0 P ( 5 ) ◮ Evaluate by interpolating poly thru K i , P ( 5 ) and P ( 6 ) P = uniq deg-2 poly thru ( 1 , K 1 ) , ( 3 , K 3 ) , ( 4 , K 4 ) Q = uniq deg-2 poly thru ( 2 , K 2 ) , ( 5 , P ( 5 )) , ( 6 , P ( 6 ))

  51. Row reduction ++ [PinkasSchneiderSmartWilliams09] C 0 = P ( 0 ) ; C 1 = Q ( 0 ) Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 P ( 5 ) P ( 6 ) K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 P ( 6 ) K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0 P ( 5 ) ◮ Evaluate by interpolating poly thru K i , P ( 5 ) and P ( 6 ) P = uniq deg-2 poly thru ( 1 , K 1 ) , ( 3 , K 3 ) , ( 4 , K 4 ) Q = uniq deg-2 poly thru ( 2 , K 2 ) , ( 5 , P ( 5 )) , ( 6 , P ( 6 ))

  52. Row reduction ++ [PinkasSchneiderSmartWilliams09] C 0 = P ( 0 ) ; C 1 = Q ( 0 ) Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 P ( 5 ) P ( 6 ) K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 P ( 6 ) K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0 ( 3 , K 3 ) P ( 5 ) ◮ Evaluate by interpolating poly thru K i , P ( 5 ) and P ( 6 ) P = uniq deg-2 poly thru ( 1 , K 1 ) , ( 3 , K 3 ) , ( 4 , K 4 ) Q = uniq deg-2 poly thru ( 2 , K 2 ) , ( 5 , P ( 5 )) , ( 6 , P ( 6 ))

  53. Row reduction ++ [PinkasSchneiderSmartWilliams09] C 0 = P ( 0 ) ; C 1 = Q ( 0 ) Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 P ( 5 ) P ( 6 ) K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 P ( 6 ) K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0 ( 3 , K 3 ) P ( 5 ) ◮ Evaluate by interpolating poly thru K i , P ( 5 ) and P ( 6 ) P = uniq deg-2 poly thru ( 1 , K 1 ) , ( 3 , K 3 ) , ( 4 , K 4 ) Q = uniq deg-2 poly thru ( 2 , K 2 ) , ( 5 , P ( 5 )) , ( 6 , P ( 6 ))

  54. Row reduction ++ [PinkasSchneiderSmartWilliams09] C 0 = P ( 0 ) ; C 1 = Q ( 0 ) Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 P ( 5 ) P ( 6 ) K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 P ( 0 ) K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 P ( 6 ) K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0 ( 3 , K 3 ) P ( 5 ) ◮ Evaluate by interpolating poly thru K i , P ( 5 ) and P ( 6 ) P = uniq deg-2 poly thru ( 1 , K 1 ) , ( 3 , K 3 ) , ( 4 , K 4 ) Q = uniq deg-2 poly thru ( 2 , K 2 ) , ( 5 , P ( 5 )) , ( 6 , P ( 6 ))

  55. Row reduction ++ [PinkasSchneiderSmartWilliams09] C 0 = P ( 0 ) ; C 1 = Q ( 0 ) Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 P ( 5 ) P ( 6 ) K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 ( 2 , K 2 ) K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 P ( 6 ) K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0 P ( 5 ) ◮ Evaluate by interpolating poly thru Q ( 0 ) K i , P ( 5 ) and P ( 6 ) P = uniq deg-2 poly thru ( 1 , K 1 ) , ( 3 , K 3 ) , ( 4 , K 4 ) Q = uniq deg-2 poly thru ( 2 , K 2 ) , ( 5 , P ( 5 )) , ( 6 , P ( 6 ))

  56. Row reduction ++ [PinkasSchneiderSmartWilliams09] C 0 = P ( 0 ) ; C 1 = Q ( 0 ) Garbled gates with only 2 ciphertexts! A 0 , A 1 C 0 , C 1 ◮ Evaluator can know exactly one of: B 0 , B 1 K 1 = E − 1 A 0 , B 0 ( 0 n ) � learn C 0 P ( 5 ) P ( 6 ) K 2 = E − 1 A 0 , B 1 ( 0 n ) � learn C 1 P ( 0 ) ( 2 , K 2 ) K 3 = E − 1 A 1 , B 0 ( 0 n ) � learn C 0 P ( 6 ) K 4 = E − 1 A 1 , B 1 ( 0 n ) � learn C 0 ( 3 , K 3 ) P ( 5 ) ( 4 , K 4 ) ◮ Evaluate by interpolating poly thru ( 1 , K 1 ) Q ( 0 ) K i , P ( 5 ) and P ( 6 ) P = uniq deg-2 poly thru ◮ Incompatible with Free-XOR: can’t ( 1 , K 1 ) , ( 3 , K 3 ) , ( 4 , K 4 ) ensure C 0 ⊕ C 1 = ∆ Q = uniq deg-2 poly thru ( 2 , K 2 ) , ( 5 , P ( 5 )) , ( 6 , P ( 6 ))

  57. Scoreboard size ( × λ ) garble cost eval cost assumption XOR AND XOR AND XOR AND Classical large? 8 5 PKE P&P 4 4 4/8 4/8 1/2 1/2 hash/PRF GRR3 3 3 4/8 4/8 1/2 1/2 PRF/hash Free XOR 0 3 0 4 0 1 circ. hash GRR2 2 2 4/8 4/8 1/2 1/2 PRF/hash

  58. FleXOR [KolesnikovMohasselRosulek14] A , A ⊕ ∆ 1

  59. FleXOR [KolesnikovMohasselRosulek14] A ∗ , A ∗ ⊕ ∆ 2 A , A ⊕ ∆ 1 ◮ Translate to a new wire offset

  60. FleXOR [KolesnikovMohasselRosulek14] A ∗ , A ∗ ⊕ ∆ 2 A , A ⊕ ∆ 1 0 0 1 1 ◮ Translate to a new wire offset (unary a �→ a gate)

  61. FleXOR [KolesnikovMohasselRosulek14] A ∗ , A ∗ ⊕ ∆ 2 A , A ⊕ ∆ 1 A ∗ A A ⊕ ∆ 1 A ∗ ⊕ ∆ 2 ◮ Translate to a new wire offset (unary a �→ a gate)

  62. FleXOR [KolesnikovMohasselRosulek14] A ∗ , A ∗ ⊕ ∆ 2 A , A ⊕ ∆ 1 ( A ∗ ) E A E A ⊕ ∆ 1 ( A ∗ ⊕ ∆ 2 ) ◮ Translate to a new wire offset (unary a �→ a gate)

  63. FleXOR [KolesnikovMohasselRosulek14] A ∗ ← { 0 , 1 } n A ∗ , A ∗ ⊕ ∆ 2 A , A ⊕ ∆ 1 ( A ∗ ) E A E A ⊕ ∆ 1 ( A ∗ ⊕ ∆ 2 ) ◮ Translate to a new wire offset (unary a �→ a gate)

  64. FleXOR [KolesnikovMohasselRosulek14] A ∗ : = E − 1 A ( 0 n ) A ∗ , A ∗ ⊕ ∆ 2 A , A ⊕ ∆ 1 ( A ∗ ) E A E A ⊕ ∆ 1 ( A ∗ ⊕ ∆ 2 ) ◮ Translate to a new wire offset (unary a �→ a gate)

  65. FleXOR [KolesnikovMohasselRosulek14] A ∗ : = E − 1 A ( 0 n ) A ∗ , A ∗ ⊕ ∆ 2 A , A ⊕ ∆ 1 0 n E A ⊕ ∆ 1 ( A ∗ ⊕ ∆ 2 ) ◮ Translate to a new wire offset (unary a �→ a gate)

  66. FleXOR [KolesnikovMohasselRosulek14] A ∗ : = E − 1 A ( 0 n ) A ∗ , A ∗ ⊕ ∆ 2 A , A ⊕ ∆ 1 E A ⊕ ∆ 1 ( A ∗ ⊕ ∆ 2 ) ◮ Translate to a new wire offset (unary a �→ a gate) using 1 ciphertext

  67. FleXOR [KolesnikovMohasselRosulek14] A ∗ : = E − 1 A ( 0 n ) ∆ 1 → ∆ 2 A ∗ , A ∗ ⊕ ∆ 2 A , A ⊕ ∆ 1 E A ⊕ ∆ 1 ( A ∗ ⊕ ∆ 2 ) ◮ Translate to a new wire offset (unary a �→ a gate) using 1 ciphertext

  68. FleXOR [KolesnikovMohasselRosulek14] A , A ⊕ ∆ A C , C ⊕ ∆ C B , B ⊕ ∆ B

  69. FleXOR [KolesnikovMohasselRosulek14] A , A ⊕ ∆ A ∆ A → ∆ C C , C ⊕ ∆ C B , B ⊕ ∆ B ∆ B → ∆ C ◮ Adjust inputs to target offset ∆ C (1 ciphertext each)

  70. FleXOR [KolesnikovMohasselRosulek14] A , A ⊕ ∆ A ∆ A → ∆ C C , C ⊕ ∆ C free B , B ⊕ ∆ B ∆ B → ∆ C ◮ Adjust inputs to target offset ∆ C (1 ciphertext each), then XOR is free

  71. FleXOR [KolesnikovMohasselRosulek14] A , A ⊕ ∆ A ∆ A → ∆ C C , C ⊕ ∆ C free B , B ⊕ ∆ C ◮ Adjust inputs to target offset ∆ C (1 ciphertext each), then XOR is free ◮ If input wire already suitable, no need to adjust

  72. FleXOR [KolesnikovMohasselRosulek14] A , A ⊕ ∆ A ∆ A → ∆ C C , C ⊕ ∆ C free B , B ⊕ ∆ C ◮ Adjust inputs to target offset ∆ C (1 ciphertext each), then XOR is free ◮ If input wire already suitable, no need to adjust ◮ Total cost: 0, 1 or 2 depending on how many { ∆ A , ∆ B , ∆ C } distinct.

  73. FleXOR [KolesnikovMohasselRosulek14] A , A ⊕ ∆ A ∆ A → ∆ C C , C ⊕ ∆ C free B , B ⊕ ∆ C ◮ Adjust inputs to target offset ∆ C (1 ciphertext each), then XOR is free ◮ If input wire already suitable, no need to adjust ◮ Total cost: 0, 1 or 2 depending on how many { ∆ A , ∆ B , ∆ C } distinct. Combinatorial optimization problem: Choose an offset for each wire, minimizing total cost of XOR gates ◮ Subj. to compatibility with 2-ciphertext row-reduction of AND gates ◮ (or) Subj. to removing circularity property of free-XOR

  74. Scoreboard size ( × λ ) garble cost eval cost assumption XOR AND XOR AND XOR AND Classical large? 8 5 PKE P&P 4 4 4/8 4/8 1/2 1/2 hash/PRF GRR3 3 3 4/8 4/8 1/2 1/2 PRF/hash Free XOR 0 3 0 4 0 1 circ. hash GRR2 2 2 4/8 4/8 1/2 1/2 PRF/hash { 0 , 1 , 2 } { 0 , 1 , 2 } { 0 , 1 , 2 } FleXOR 2 4 1 circ. hash

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SFE: Yaos Garbled Circuit Oblivious Transfer IDEAL World Pick one out of two, without

SFE: Yaos Garbled Circuit Oblivious Transfer IDEAL World Pick one out of two, without

SFE: Yaos Garbled Circuit Oblivious Transfer IDEAL World Pick one out of two, without revealing which Intuitive property: OT transfer partial A:up, B:down A up I need just information All 2 of one them! But cant

432 views • 20 slides
FREE IF : HOW TO OMIT INACTIVE BRANCHES AND IMPLEMENT S-UNIVERSAL GARBLED CIRCUIT ALMOST FOR

FREE IF : HOW TO OMIT INACTIVE BRANCHES AND IMPLEMENT S-UNIVERSAL GARBLED CIRCUIT ALMOST FOR

FREE IF : HOW TO OMIT INACTIVE BRANCHES AND IMPLEMENT S-UNIVERSAL GARBLED CIRCUIT ALMOST FOR FREE V L A D KO L E S N I KO V G E O R G I A T E C H HIGH-LEVEL OVERVIEW OF THE RESULT f 1 (x,y) f 2 (x,y) f 3 (x,y) f 30 (x,y) c Sel In GC,

559 views • 18 slides
THE CIRCUIT PATTERN Slide 2- The Circuit Pattern Circuit training is the first stage of practical

THE CIRCUIT PATTERN Slide 2- The Circuit Pattern Circuit training is the first stage of practical

Noise Liaison Group PANLG Presentation on Circuits THE CIRCUIT PATTERN Slide 2- The Circuit Pattern Circuit training is the first stage of practical pilot training focused on take-offs and landings. It involves the pilot making approaches to the

649 views • 17 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.33k views • 102 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.28k views • 126 slides
Stronger Security for Reusable Garbled Circuits, General Definitions and Attacks Shweta Agrawal

Stronger Security for Reusable Garbled Circuits, General Definitions and Attacks Shweta Agrawal

Stronger Security for Reusable Garbled Circuits, General Definitions and Attacks Shweta Agrawal IIT Madras Garbled Circuits (Yao 86) Garble Circuit C: Garble(C; R) Encode Input x: Encode(x; R) Decode: ( ) = ( ) C x C x

884 views • 23 slides
Loop Optimizations Important because lots of execution Loop Optimizations Loop Optimizations

Loop Optimizations Important because lots of execution Loop Optimizations Loop Optimizations

Loop Optimizations Important because lots of execution Loop Optimizations Loop Optimizations time occurs in loops First, we will identify loops We will study three optimizations Loop-invariant code motion This lecture is

249 views • 5 slides
Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against passive adversaries MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against

2.07k views • 85 slides
Adaptive Garbled RAM from Adaptive Garbled RAM from Laconic Oblivious Transfer Sanjam Garg

Adaptive Garbled RAM from Adaptive Garbled RAM from Laconic Oblivious Transfer Sanjam Garg

Adaptive Garbled RAM from Adaptive Garbled RAM from Laconic Oblivious Transfer Sanjam Garg Sanjam Garg Rafail Ostrovsky Rafail Ostrovsky Akshayaram Srinivasan Akshayaram Srinivasan UC Berkeley UCLA UC Berkeley Crypto 2018 Garbled RAM

323 views • 20 slides
Concepts Introduced in Chapter 9 introduction to compiler optimizations basic blocks and

Concepts Introduced in Chapter 9 introduction to compiler optimizations basic blocks and

Concepts Introduced in Chapter 9 introduction to compiler optimizations basic blocks and control flow graphs local optimizations global optimizations 1 EECS 665 Compiler Construction Compiler Optimizations Compiler

454 views • 24 slides
Sequential Circuit Test Generation 1 Introduction Almost all practical digital systems are

Sequential Circuit Test Generation 1 Introduction Almost all practical digital systems are

Sequential Circuit Test Generation 1 Introduction Almost all practical digital systems are sequential circuits. Their testing is more complex than that of combinational circuits, due to two reasons: Internal memory states 1.

619 views • 35 slides
Verifying Optimizations using SMT Solvers Nuno Lopes technology Why verify optimizations? from

Verifying Optimizations using SMT Solvers Nuno Lopes technology Why verify optimizations? from

technology from seed Verifying Optimizations using SMT Solvers Nuno Lopes technology Why verify optimizations? from seed Catch bugs before they even exist Corner cases are hard to debug Time spent in additional verification step

1.34k views • 44 slides
Hashing Garbled Circuits for Free Xiong Fan, Chaya Ganesh and Vladimir Kolesnikov Motivation

Hashing Garbled Circuits for Free Xiong Fan, Chaya Ganesh and Vladimir Kolesnikov Motivation

Hashing Garbled Circuits for Free Xiong Fan, Chaya Ganesh and Vladimir Kolesnikov Motivation Garbled circuits (GC) main technique for secure computation Motivation Garbled circuits (GC) main technique for secure computation Primitive in

2k views • 188 slides
is Practical gnes Kiss Thomas Schneider TU Darmstadt Eurocrypt 2016 May 11, 2016 Universal

is Practical gnes Kiss Thomas Schneider TU Darmstadt Eurocrypt 2016 May 11, 2016 Universal

Valiant s Universal Circuit is Practical gnes Kiss Thomas Schneider TU Darmstadt Eurocrypt 2016 May 11, 2016 Universal Circuit (UC) There is a Boolean circuit of size O log for which it holds that for any Boolean

1.25k views • 65 slides
Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting) Chun Guo

Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting) Chun Guo

Better Concrete Security for Half-Gates Garbling (in the Multi-Instance Setting) Chun Guo Jonathan Katz Xiao Wang Chenkai Weng Yu Yu Yaos garbled circuits Two-party computation (2PC) Multiple optimizations

376 views • 20 slides
Science Olympiad Circuit Lab Key Concepts Circuit Lab Overview Circuit Elements &

Science Olympiad Circuit Lab Key Concepts Circuit Lab Overview Circuit Elements &

Science Olympiad Circuit Lab Key Concepts Circuit Lab Overview Circuit Elements & Tools Basic Relationships (I, V, R, P) Resistor Network Configurations (Series & Parallel) Kirchhoffs Laws Examples Glossary of

106 views • 9 slides
NOT PRECEDENTIAL UNITED STATES COURT OF APPEALS FOR THE THIRD CIRCUIT _______________ No.

NOT PRECEDENTIAL UNITED STATES COURT OF APPEALS FOR THE THIRD CIRCUIT _______________ No.

NOT PRECEDENTIAL UNITED STATES COURT OF APPEALS FOR THE THIRD CIRCUIT _______________ No. 20-3371 _______________ DONALD J. TRUMP FOR PRESIDENT, INC.; LAWRENCE ROBERTS; DAVID JOHN HENRY, Appellants v. SECRETARY COMMONWEALTH OF

569 views • 21 slides
How to drive a DC Motor Corrado Santoro ARSLAB - Autonomous and Robotic Systems Laboratory

How to drive a DC Motor Corrado Santoro ARSLAB - Autonomous and Robotic Systems Laboratory

How to drive a DC Motor Corrado Santoro ARSLAB - Autonomous and Robotic Systems Laboratory Dipartimento di Matematica e Informatica - Universit` a di Catania, Italy santoro@dmi.unict.it L. S. M. Course Corrado Santoro DC Motor Driving

413 views • 18 slides
OPEN ISSUES IN TRANSPORTATION AND PROPAGATION IN FIELD J. Apostolakis NORMALS Optical

OPEN ISSUES IN TRANSPORTATION AND PROPAGATION IN FIELD J. Apostolakis NORMALS Optical

OPEN ISSUES IN TRANSPORTATION AND PROPAGATION IN FIELD J. Apostolakis NORMALS Optical processes depend on the exit normal Problem in presence of coincident surfaces A partial fix created in October 2014 (included in 10.1) Some

365 views • 10 slides
EG2069: Part 1 Introduction to Computers Gorry Fairhurst Dept of Engineering University of

EG2069: Part 1 Introduction to Computers Gorry Fairhurst Dept of Engineering University of

Gorry Fairhurst EG2069: Part 1 Introduction to Computers Gorry Fairhurst Dept of Engineering University of Aberdeen (c) 2000. Gorry Fairhurst Gorry Fairhurst No fixed definition... A computer is a machine which can accept data, process

925 views • 63 slides
3.0 BREAKER ELECTRICAL OPERATION Learning Objectives As a result of this lesson you will be able

3.0 BREAKER ELECTRICAL OPERATION Learning Objectives As a result of this lesson you will be able

Medium Voltage Circuit Breaker Course Chapter 3.0 Student Manual Circuit Breaker Electrical Components and Operation 3.0 BREAKER ELECTRICAL OPERATION Learning Objectives As a result of this lesson you will be able to: 1. Recognize and

564 views • 18 slides
UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT G UILLERMO R OBLES , an individual, No.

UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT G UILLERMO R OBLES , an individual, No.

FOR PUBLICATION UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT G UILLERMO R OBLES , an individual, No. 17-55504 Plaintiff-Appellant , D.C. No. v. 2:16-cv-06599- SJO-FFM D OMINO S P IZZA , LLC, a limited liability corporation,

592 views • 25 slides
The Circuit by Francisco Jimnez Farmworkers picking strawberries. QuickTalk When must you give

The Circuit by Francisco Jimnez Farmworkers picking strawberries. QuickTalk When must you give

SHORT STORY The Circuit by Francisco Jimnez Farmworkers picking strawberries. QuickTalk When must you give up Military families, migrant workers, and show-business professionals, what you want to do for among others, must move frequently for

564 views • 12 slides
Circuit Court Facility Docket Hearing Period: 12/28/2020 To 12/28/2020 Location: Harford

Circuit Court Facility Docket Hearing Period: 12/28/2020 To 12/28/2020 Location: Harford

Circuit Court Facility Docket Hearing Period: 12/28/2020 To 12/28/2020 Location: Harford Circuit Court Hearing Date: 12/28/2020 - Monday 12/28/2020 - Monday Facility Judge/Magistrate Start Hearing Case Number Title Case

240 views • 6 slides

More recommend