Authenticity-oriented (previously named as \emph{privacy-free}) garbling schemes of Frederiksen et al. Eurocrypt '15 are designed to satisfy only the authenticity criterion of Bellare et al. ACM CCS '12, and to be more efficient compared to full-fledged garbling schemes. In this work, we improve the state-of-the-art authenticity-oriented version of half gates (HG) garbling of Zahur et al. Crypto '15 by allowing it to be bandwidth-free if any of the input wires of an AND gate is freely settable by the garbler. Our full solution AuthOr then successfully combines the ideas from information-theoretical garbling of Kondi and Patra Crypto '17 and the HG garbling-based scheme that we obtained. AuthOr has a lower communication cost (i.e. garbled circuit or GC size) than HG garbling without any further security assumption. Theoretically, AuthOr's GC size reduction over HG garbling lies in the range between 0 to 100%, and the exact improvement depends on the circuit structure. We have implemented our scheme and conducted tests on various circuits that were constructed by independent researchers. Our experimental results show that in practice, the GC size gain may be up to roughly 98%.

翻译：Frederiksen等人于Eurocrypt '15提出的真实性导向（原称\emph{隐私无关}）混淆方案，旨在仅满足Bellare等人在ACM CCS '12中提出的真实性标准，并相较于完整混淆方案具有更高效率。本研究改进了Zahur等人于Crypto '15提出的半门（HG）混淆方案在真实性导向方面的现有最优方案，通过允许混淆方自由设置AND门的任意输入线来实现零带宽传输。我们提出的完整方案AuthOr成功融合了Kondi与Patra在Crypto '17提出的信息论混淆思想，以及我们基于HG混淆构建的改进方案。在未引入额外安全假设的前提下，AuthOr比HG混淆具有更低的通信成本（即混淆电路GC尺寸）。理论上，AuthOr相较于HG混淆的GC尺寸缩减幅度在0%至100%之间，具体改进效果取决于电路结构。我们实现了该方案并对独立研究者构建的多种电路进行了测试。实验结果表明，实际应用中GC尺寸最高可缩减约98%。