Semi-Private Function Evaluation enables joint computation while protecting both input data and function logic. A practical instantiation is gate-hiding garbled circuits, which conceal gate functionalities while revealing the circuit topology. Existing security definitions intentionally exclude leakage through circuit topology, leaving the concrete impact of such leakage on function privacy insufficiently understood. We analyze the empirical security of gate hiding under two adversarial models that capture realistic computational capabilities. We present a SAT-based function-recovery attack that reconstructs hidden gate operations from a circuit's public topology. To enable recovery on larger and more complex circuits, we develop an incremental SAT-solving framework combined with a set of composable, topology-preserving simplification theorems. These techniques jointly reduce the SAT instance size and progressively constrain the search space across repeated solving iterations. We evaluate our attack on ISCAS benchmarks, representative secure computation circuits, and fault-tolerant sensor fusion circuits under a fixed 24-hour recovery budget. Compared to baseline approaches, our optimized attack achieves up to a 159-fold speedup in recovery time without increasing the number of oracle queries. Our results demonstrate that topology leakage alone can enable effective function recovery in practice.
翻译:半私有函数求值能够在保护输入数据和函数逻辑的同时实现联合计算。一种实用的实现方式是门隐藏混淆电路,它在公开电路拓扑结构的同时隐藏门功能。现有的安全定义有意排除了通过电路拓扑结构造成的泄露,使得此类泄露对函数隐私的具体影响尚未得到充分理解。我们在两种反映实际计算能力的对抗模型下分析了门隐藏的经验安全性。我们提出了一种基于SAT的函数恢复攻击,能够从电路的公开拓扑结构中重建隐藏的门操作。为了在更大更复杂的电路上实现恢复,我们开发了一种增量SAT求解框架,并结合一组可组合、保持拓扑结构的简化定理。这些技术共同减少了SAT实例的规模,并在重复求解迭代中逐步约束搜索空间。我们在固定24小时恢复预算下,对ISCAS基准电路、代表性安全计算电路和容错传感器融合电路评估了我们的攻击。与基线方法相比,优化后的攻击在恢复时间上实现了高达159倍的加速,且未增加预言机查询次数。我们的结果表明,仅凭拓扑结构泄露就能够在实践中实现有效的函数恢复。