Join Log in
Score:0
Mubashwir Alam avatar Crypto

Conditional Boolean circuits

ru flag
Mubashwir Alam

I have two questions I couldn't find straightforward answers to after many searches.

(1) We can perform 2-party MPC over arbitrary functions using Garbled Circuit. To do that, we first need to convert a function to a boolean circuit and then garble it. Is there any tool available where we can convert any arbitrary function to a boolean circuit? Say I want to sort three numbers from a given input. How can I convert this function to a boolean circuit?

(2) How do conditional statements work in the boolean circuit? I understand mux or X switch and Y switch operations can be done for simple operations like if (c) swap(a,b) can be done. But how it works in the case of multiple statements?

E.g, I have three numbers a, b, c. The operation I want to perform is like below:

func(a,b,c):
    if c == 1:
        c = a + b
        a = 2 * c
        b = 2 * a
    else
        a = 0
        b = 0

What will the above function look like in boolean circuits? Please give me references if available.

Thanks.

106
1 + 0
Score:1
Mark avatar Crypto
ng flag
Mark

Say I want to sort three numbers from a given input. How can I convert this function to a boolean circuit?

For this particular question, there are simple answers. The traditional way to sort number using circuits (which show up when one wants to sort in parallel) are with sorting networks. For very small input sizes optimal sorting networks are known. In general the sorting network with the best asymptotics (AKS) is not particularly practical. Instead, a good (general) recommendation is Batcher Odd-Even Mergesort, which uses $O(n (\log n)^2)$ comparisons, and is a depth $O((\log n)^2)$ circuit.

How do conditional statements work in the boolean circuit?

The main answer is "they are a pain". General (conditional) statements can be seen as computing something of the form.

if val:
    C1(x1,...,xn)
else:
    C2(x1,...,xn)

here, C1 and C2 are smaller circuits/functions/whatever. Anyway, to compute this branch using a circuit, one can first convert it to be branchless by writing

ytrue = C1(x1,...,xn)
yfalse = C2(x1,...,xn)
yreturn = (val and ytrue) or (not val and yfalse)

Essentially, when val is true one can simplify this to the first part of the branch. When val is false, one can simplify it to the second part of the branch.

In princple it should be straightforward to compile some broad class of programs to binary circuits. Searching for "MPC Circuit Compiler" finds some relevant results, i.e. this paper which includes some discussion of prior literature.

+ 3
Mubashwir Alam avatar
ru flag
Mubashwir Alam
Thanks for the detail description. So, in the boolean circuit, it will eventually execute both branches and select the result for the true branch. Is there any way we can only activate the true branch? Or in a boolean circuit, we must calculate both branches all the time? Is there any reference for that?
0
Reply
us flag
Mikero
It is possible to pay (in communication) only for the longest branch: in [garbled circuits](https://eprint.iacr.org/2020/973), [secret-sharing](https://eprint.iacr.org/2021/604), [GMW paradigm](https://eprint.iacr.org/2020/1175). These are all relatively recent developments.
2
Reply
Mark avatar
ng flag
Mark
I think it is worth emphasizing that if one ignores MPC (and solely discusses boolean circuits), you always have to evaluate both branches of the computation. Circuits always evaluate *every* computation path. This makes them useful for constant-time code (they, by definition essentially, cannot have timing differences). It also makes them annoying for code that branches heavily.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.