# Garbled Circuits Reimagined: Logic Synthesis Unleashes Efficient Secure Computation

^{*}

## Abstract

**:**

## 1. Introduction

## 2. Garbled Circuits

#### 2.1. The GC Protocol

- Boolean circuit synthesis. Starting from a target computation, commonly described in high-level languages like C++ or Python, it is required that Alice generates a Boolean circuit whose function f(·): ${\mathbb{B}}^{m}\to {\mathbb{B}}^{n}$ implements the computation.
- GC generation. With a parameter $\mathit{l}\in \mathbb{N}$ indicating the desired security level, for each wire in the circuit, Alice selects an encoding function En(·): $\mathbb{B}\to {\mathbb{B}}^{\mathit{l}}$ that maps the two potential binary values, 0 and 1, to two l-bit labels. For example, the label A that corresponds to Alice’s private input a is created following $A=\mathit{En}$(a). Correspondingly, for each logic gate in the circuit, an encrypted table is created based on its truth table; each entry of the table is a cipher text created by encrypting the output label using the input labels. In this way, a GC F, which is essentially a network of encrypted tables, is generated by Alice on top of the Boolean circuit.
- GC transmission. Alice sends Bob the GC F, the label corresponding to her inputs A, and a set of labels $\mathcal{B}$ that consists of all the potential labels for Bob’s private input. By exploiting oblivious transfer (OT) as the moderator, among the labels in $\mathcal{B}$, Bob only learns B, the one that corresponds to his private input b.
- GC evaluation. Bob evaluates the received GC F and obtains the garbled output Y following $Y=\mathit{F}$(X), where $X=\{A,B\}$.
- Result sharing. Alice announces the decoding function for the primary output wire De(·): ${\mathbb{B}}^{\mathit{l}}\to \mathbb{B}$, while Bob shares the evaluation result Y. These two resources of information jointly determine the computation result y, as $y=\mathit{De}$(Y).

#### 2.2. Bottleneck of System Performance

#### 2.3. Advanced Garbling Schemes

#### 2.3.1. Free-XOR

#### 2.3.2. Garbling Gadget

## 3. Logic Synthesis

#### 3.1. Exact Synthesis

#### 3.2. Peephole Optimization

#### 3.2.1. Cuts

#### 3.2.2. Logic Rewriting

#### 3.3. Algebraic Rewriting

#### 3.4. Don’t-Cares-Based Optimization

#### 3.5. Boolean Function Classification

- Swap two variables: $\mathit{f}\stackrel{{\mathit{x}}_{\mathit{i}}\leftrightarrow {\mathit{x}}_{\mathit{j}}}{\to}{\mathit{f}}^{\prime}$.
- Complement a variable: $\mathit{f}\stackrel{{\mathit{x}}_{\mathit{i}}\to \neg {\mathit{x}}_{\mathit{i}}}{\to}{\mathit{f}}^{\prime}$, where “¬” indicates negation.
- Complement the function: $\mathit{f}\stackrel{\neg}{\to}{\mathit{f}}^{\prime}$.
- Translational operation: $\mathit{f}\stackrel{{\mathit{x}}_{\mathit{i}}\to ({\mathit{x}}_{\mathit{i}}\oplus {\mathit{x}}_{\mathit{j}})}{\to}{\mathit{f}}^{\prime}$.
- Disjoint translational operation: $\mathit{f}\stackrel{\oplus {\mathit{x}}_{\mathit{i}}}{\to}{\mathit{f}}^{\prime}$.

#### 3.6. Multiplicative Complexity

## 4. A Cipher-Text-Efficient Logic Representation

#### 4.1. MC Compactness

#### 4.2. A Study on the Properties of OneHot Gates

## 5. Mapping XAGs to X1Gs Following Algebraic Rewriting Rules

#### 5.1. An Algebraic-Rewriting-Based Mapping Approach

Algorithm 1: Mapping an XAG to an X1G by applying algebraic rewriting |

#### 5.2. Limitations

## 6. Agilely Synthesizing Optimal X1G Implementations for Small-Scale Functions

#### 6.1. AND Fence

#### 6.2. Abstract XAG

#### 6.3. Exactly Synthesizing Garbling-Cost-Optimal X1Gs

#### 6.3.1. Formulating an Exact Synthesis Problem

Algorithm 2: Agilely Synthesizing Optimal Abstract XAG using AND Fences |

#### 6.3.2. Effects of Suboptimality on XOR Counts

#### 6.4. Database Generation

**Theorem 1.**

**Proof.**

## 7. A Logic Optimization Flow for X1Gs

#### 7.1. Database-Driven Logic Rewriting

**cuts**(n), are computed following the cut enumeration algorithm proposed in [26] (line 4). As soon as a part of the logic network is rewritten, cut enumeration shall be conducted dynamically.

**cuts**(n), using the prepared database, its optimal implementation can be constructed with negligible runtime overhead. Algorithm 3 is elaborated in such a greedy manner that the cut C′ ∈

**cuts**(n) that leads to the most significant reduction in local cost is to be committed (line 11, 12). Redundant nodes resulting from the rewritten operation are then removed (line 13).

Algorithm 3: Database-driven logic rewriting |

#### 7.2. Don’t-Care-Based OneHot Reduction

Algorithm 4: Don’t-care-based logic optimization for X1G |

## 8. Experimental Results

#### 8.1. Evaluation on the Exact Synthesis Formulation

#### 8.2. Evaluation on the X1G Optimization Flow

## 9. Discussion

## 10. Conclusions

## Author Contributions

## Funding

## Institutional Review Board Statement

## Informed Consent Statement

## Data Availability Statement

## Acknowledgments

## Conflicts of Interest

## Abbreviations

2PC | Secure two-party computation |

ANF | Algebraic normal form |

BDD | Binary decision diagram |

DC | Don’t-care |

FHE | Fully homomorphic encryption |

GC | Garbled circuits |

MC | Multiplicative complexity |

MPC | Secure multiparty computation |

ODC | Observability don’t-care |

OT | Oblivious transfer |

SAT | Boolean satisfiability |

SDC | Satisfiability don’t-care |

SSV | Single selection variable |

X1G | XOR-OneHot graph |

XAG | XOR-AND graph |

## Appendix A

Algorithm A1: Determining the minimum modulus to interpret a symmetric
logic function as a modular addition |

## References

- Bogetoft, P.; Damgård, I.; Jakobsen, T.; Nielsen, K.; Pagter, J.; Toft, T. A Practical Implementation of Secure Auctions Based on Multiparty Integer Computation. In Proceedings of the International Conference on Financial Cryptography and Data Security, Anguilla, British West Indies, 27 February–2 March 2006; pp. 142–147. [Google Scholar] [CrossRef]
- Clarkson, M.R.; Chong, S.; Myers, A.C. Civitas: Toward a Secure Voting System. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, 18–22 May 2008; pp. 354–368. [Google Scholar] [CrossRef]
- Gilad-Bachrach, R.; Dowlin, N.; Laine, K.; Lauter, K.; Naehrig, M.; Wernsing, J. CryptoNets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy. In Proceedings of the 33rd International Conference on International Conference on Machine Learning, New York, NY, USA, 19–24 June 2016; Volume 48, pp. 201–210. [Google Scholar]
- Chen, F.; Jiang, X.; Wang, S.; Schilling, L.M.; Meeker, D.; Ong, T.; Matheny, M.E.; Doctor, J.N.; Ohno-Machado, L.; Vaidya, J. Perfectly Secure and Efficient Two-Party Electronic-Health-Record Linkage. IEEE Internet Comput.
**2018**, 22, 32–41. [Google Scholar] [CrossRef] [PubMed] - Yao, A.C.C. How to Generate and Exchange Secrets. In Proceedings of the 27th Annual Symposium on Foundations of Computer Science (SFCS 1986), Toronto, ON, Canada, 27–29 October 1986; pp. 162–167. [Google Scholar] [CrossRef]
- Gentry, C. A Fully Homomorphic Encryption Scheme; Stanford University: Stanford, CA, USA, 2009. [Google Scholar]
- Shamir, A. How to Share a Secret. Commun. ACM
**1979**, 22, 612–613. [Google Scholar] [CrossRef] - Kolesnikov, V.; Schneider, T. Improved garbled circuit: Free XOR gates and applications. In Proceedings of the International Colloquium on Automata, Languages, and Programming, Reykjavik, Iceland, 7–11 July 2008; pp. 486–498. [Google Scholar] [CrossRef]
- Zahur, S.; Rosulek, M.; Evans, D. Two Halves Make a Whole. In Proceedings of the Advances in Cryptology—EUROCRYPT 2015, Sofia, Bulgaria, 26–30 April 2015; pp. 220–250. [Google Scholar] [CrossRef]
- Ball, M.; Malkin, T.; Rosulek, M. Garbling Gadgets for Boolean and Arithmetic Circuits. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016; pp. 565–577. [Google Scholar] [CrossRef]
- Songhori, E.M.; Hussain, S.U.; Sadeghi, A.R.; Schneider, T.; Koushanfar, F. TinyGarble: Highly Compressed and Scalable Sequential Garbled Circuits. In Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, USA, 17–21 May 2015; pp. 411–428. [Google Scholar] [CrossRef]
- Riazi, M.S.; Javaheripi, M.; Hussain, S.U.; Koushanfar, F. MPCircuits: Optimized Circuit Generation for Secure Multi-Party Computation. In Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, VA, USA, 5–10 May 2019; pp. 198–207. [Google Scholar] [CrossRef]
- Testa, E.; Soeken, M.; Riener, H.; Amarù, L.; De Micheli, G. A Logic Synthesis Toolbox for Reducing the Multiplicative Complexity in Logic Networks. In Proceedings of the Design, Automation & Test in Europe Conference & Exhibition (DATE), Grenoble, France, 9–13 March 2020; pp. 568–573. [Google Scholar] [CrossRef]
- Liu, H.L.; Li, Y.T.; Chen, Y.C.; Wang, C.Y. A Don’t-Care-Based Approach to Reducing the Multiplicative Complexity in Logic Networks. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.
**2022**, 41, 4821–4825. [Google Scholar] [CrossRef] - Yu, M.; De Micheli, G. Generating Lower-Cost Garbled Circuits: Logic Synthesis Can Help. In Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust (HOST), San Jose, CA, USA, 1–4 May 2023; pp. 304–314. [Google Scholar] [CrossRef]
- Yu, M.; De Micheli, G. Striving for Both Quality and Speed: Logic Synthesis for Practical Garbled Circuits. In Proceedings of the IEEE/ACM International Conference on Computer-Aided Design (ICCAD), San Francisco, CA, USA, 29 October–2 November 2023. accepted. [Google Scholar]
- Beaver, D.; Micali, S.; Rogaway, P. The Round Complexity of Secure Protocols. In Proceedings of the 23rd Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, 13–17 May 1990; pp. 503–513. [Google Scholar] [CrossRef]
- Bellare, M.; Hoang, V.T.; Rogaway, P. Foundations of Garbled Circuits. In Proceedings of the ACM Conference on Computer and Communications Security, Raleigh, NC, USA, 16–18 October 2012; pp. 784–796. [Google Scholar] [CrossRef]
- Ball, M.; Carmer, B.; Malkin, T.; Rosulek, M.; Schimanski, N. Garbled Neural Networks Are Practical; Cryptology ePrint Archive: 2019. Available online: https://eprint.iacr.org/2019/338 (accessed on 20 November 2023).
- Naor, M.; Pinkas, B.; Sumner, R. Privacy Preserving Auctions and Mechanism Design. In Proceedings of the ACM Conference on Electronic Commerce, Denver, CO, USA, 3–5 November 1999; pp. 129–139. [Google Scholar] [CrossRef]
- Lawler, E.L. An Approach to Multilevel Boolean Minimization. J. ACM
**1964**, 11, 283–295. [Google Scholar] [CrossRef] - Soeken, M.; Haaswijk, W.; Testa, E.; Mishchenko, A.; Amarù, L.; Brayton, R.K.; De Micheli, G. Practical exact synthesis. In Proceedings of the Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany, 19–23 March 2018; pp. 309–314. [Google Scholar] [CrossRef]
- Haaswijk, W.; Soeken, M.; Mishchenko, A.; De Micheli, G. SAT-Based Exact Synthesis: Encodings, Topology Families, and Parallelism. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.
**2020**, 39, 871–884. [Google Scholar] [CrossRef] - Murray, C.D.; Williams, R.R. On the (Non) NP-Hardness of Computing Circuit Complexity. In Proceedings of the 30th Conference on Computational Complexity, Portland, OR, USA, 17–19 June 2015; pp. 365–380. [Google Scholar]
- Cong, J.; Wu, C.; Ding, Y. Cut Ranking and Pruning: Enabling a General and Efficient FPGA Mapping Solution. In Proceedings of the ACM/SIGDA Seventh International Symposium on Field Programmable Gate Arrays, Monterey, CA, USA, 21–23 February 1999; pp. 29–35. [Google Scholar] [CrossRef]
- Mishchenko, A.; Chatterjee, S.; Brayton, R.K. Improvements to Technology Mapping for LUT-Based FPGAs. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.
**2007**, 26, 240–253. [Google Scholar] [CrossRef] - Yang, W.; Wang, L.; Mishchenko, A. Lazy Man’s Logic Synthesis. In Proceedings of the IEEE/ACM International Conference on Computer-Aided Design (ICCAD), San Jose, CA, USA, 5–8 November 2012; pp. 597–604. [Google Scholar] [CrossRef]
- Mishchenko, A.; Chatterjee, S.; Brayton, R. DAG-Aware AIG Rewriting: A Fresh Look at Combinational Logic Synthesis. In Proceedings of the 43rd Annual Design Automation Conference, San Francisco, CA, USA, 24–28 July 2006; pp. 532–535. [Google Scholar] [CrossRef]
- Brand. Redundancy and Don’t Cares in Logic Synthesis. IEEE Trans. Comput.
**1983**, C-32, 947–952. [CrossRef] - Mishchenko, A.; Brayton, R.K. SAT-Based Complete Don’t-Care Computation for Network Optimization. In Proceedings of the Design, Automation & Test in Europe Conference & Exhibition (DATE), Munich, Germany, 7–11 March 2005; pp. 412–417. [Google Scholar] [CrossRef]
- Goto, E.; Takahasi, T. Some Theorems Useful in Threshold Logic for Enumerating Boolean Functions. In Proceedings of the International Federation for Information Processing Congress, Munich, Germany, 27 August–1 September 1962; pp. 747–752. [Google Scholar]
- Edwards, C. The Application of the Rademacher–Walsh Transform to Boolean Function Classification and Threshold Logic Synthesis. IEEE Trans. Comput.
**1975**, C-24, 48–62. [Google Scholar] [CrossRef] - Boyar, J.; Peralta, R.; Pochuev, D. On the Multiplicative Complexity of Boolean Functions over the Basis (∧, ⊕, 1). Theor. Comput. Sci.
**2000**, 235, 43–57. [Google Scholar] [CrossRef] - Sönmez Turan, M. New Bounds on the Multiplicative Complexity of Boolean Functions; Cryptology ePrint Archive: 2022. Available online: https://eprint.iacr.org/2022/1077 (accessed on 20 November 2023).
- Çalık, Ç.; Sönmez Turan, M.; Peralta, R. The Multiplicative Complexity of 6-variable Boolean Functions. Cryptogr. Commun.
**2019**, 11, 93–107. [Google Scholar] [CrossRef] - Brandão, L.T.A.N.; Çalık, C.; Sönmez Turan, M.; Peralta, R. Upper Bounds on the Multiplicative Complexity of Symmetric Boolean Functions. Cryptogr. Commun.
**2019**, 11, 1339–1362. [Google Scholar] [CrossRef] - Häner, T.; Soeken, M. The multiplicative complexity of interval checking. arXiv
**2022**, arXiv:2201.10200. [Google Scholar] - Marakkalage, D.S.; Testa, E.; Riener, H.; Mishchenko, A.; Soeken, M.; De Micheli, G. Three-Input Gates for Logic Synthesis. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.
**2021**, 40, 2184–2188. [Google Scholar] [CrossRef] - Mishchenko, A.; Brayton, R.; Jang, S.; Kravets, V. Delay Optimization using SOP Balancing. In Proceedings of the IEEE/ACM International Conference on Computer-Aided Design (ICCAD), San Jose, CA, USA, 7–10 November 2011; pp. 375–382. [Google Scholar] [CrossRef]
- Soeken, M. Determining the Multiplicative Complexity of Boolean Functions using SAT. arXiv
**2020**, arXiv:2005.01778. [Google Scholar] - Knuth, D.E. Art of Computer Programming, Volume 4, Fascicle 4, The: Generating All Trees–History of Combinatorial Generation; Addison-Wesley Professional: Sebastopol, CA, USA, 2013. [Google Scholar]
- Miller, D.M.; Soeken, M. An Algorithm for Linear, Affine and Spectral Classification of Boolean Functions. In Advanced Boolean Techniques; Springer: Berlin/Heidelberg, Germany, 2020; pp. 195–215. [Google Scholar] [CrossRef]
- Tseitin, G.S. On the Complexity of Derivation in Propositional Calculus. In Automation of Reasoning: 2: Classical Papers on Computational Logic 1967–1970; Springer: Berlin/Heidelberg, Germany, 1983; pp. 466–483. [Google Scholar] [CrossRef]
- Eén, N.; Sörensson, N. An Extensible SAT-solver. In Proceedings of the Theory and Applications of Satisfiability Testing, Barcelona, Spain, 5–9 July 2004; Springer: Berlin/Heidelberg, Germany, 2004; pp. 502–518. [Google Scholar] [CrossRef]

**Figure 3.**Cipher-text-optimal implementations of function ${}^{\#}2888a000$: (

**a**) Adopting XAG as the logic representation. (

**b**) Adopting X1G as the logic representation.

**Figure 4.**Abstract XAG and AND fence: (

**a**) an abstract XAG implementation of Boolean function ${}^{\#}2888a000$ and (

**b**) its AND fence.

**Table 1.**Features of the four 3-input symmetric logic gates of interest, with garbling gadget adopted as the garbling scheme.

Gate Type | Truth Table | Functional MC | Garbling Cost (#Cipher-Texts) | MC Compactness |
---|---|---|---|---|

AND3 | ${}^{\#}$80 | 2 | 3 | 0.67 |

Majority | ${}^{\#}e8$ | 1 | 3 | 0.23 |

OneHot | ${}^{\#}16$ | 2 | 2 | 1.00 |

Gamble | ${}^{\#}81$ | 1 | 2 | 0.50 |

**Table 2.**Synthesizing optimal X1G implementations for the 48 representatives of 5-variable spectral-equivalent classes.

Exact Synthesis Algorithm | #Solutions | Accumulated #OneHots | Accumulated Time [s] |
---|---|---|---|

Baseline | 43 | 113 | 1354.58 |

Ours (Algorithm 2) | 48 | 120 ^{1} | 40.23 |

^{1}This number goes down to 105 if we exclude the 5 cases where no solutions are synthesized following the baseline encoding.

Benchmark | #Cipher-Texts | #Cipher-Texts (X1G Optimization Flow) | Red. | Time [s] | |||
---|---|---|---|---|---|---|---|

(SOTA) | Mapping | Logic Rewrite | DC-Based Opt. | Algebraic Rewrite | |||

Adder | 256 | 256 | 256 (1 *) | 256 | 256 | 0.00% | 1.72 |

Barrel shifter | 1664 | 1664 | 1664 (1) | 1664 | 1664 | 0.00% | 1.88 |

Divider | 10,264 | 9882 | 9294 (6) | 9288 | 9288 | 9.51% | 129.31 |

Log2 | 17,546 | 16,986 | 15,584 (4) | 15,318 | 15,314 | 12.72% | 532.73 |

Max | 1744 | 1662 | 1636 (2) | 1636 | 1636 | 6.19% | 6.71 |

Multiplier | 15,170 | 15,022 | 14,698 (3) | 14,694 | 14,694 | 3.14% | 116.10 |

Sine | 3918 | 3724 | 3266 (5) | 3244 | 3242 | 17.25% | 214.06 |

Square-root | 10,434 | 10,176 | 9406 (5) | 9400 | 9400 | 9.91% | 288.12 |

Square | 9192 | 9052 | 8662 (4) | 8648 | 8648 | 5.92% | 58.63 |

Geometric mean | 4503.95 | 4395.44 | 4186.17 | 4173.57 | 4173.16 | 7.34% | |

Round-robin arbiter | 2348 | 2260 | 1488 (2) | 1488 | 1488 | 36.63% | 62.23 |

Coding-cavlc | 788 | 656 | 524 (2) | 512 | 512 | 35.03% | 39.57 |

ALU control unit | 90 | 82 | 74 (3) | 74 | 74 | 17.78% | 2.87 |

Decoder | 656 | 656 | 656 (1) | 656 | 656 | 0.00% | 1.93 |

i2c controller | 1114 | 1004 | 886 (3) | 872 | 872 | 21.72% | 34.75 |

int to float converter | 170 | 144 | 132 (3) | 130 | 130 | 23.53% | 9.15 |

Memory controller | 9390 | 8298 | 7264 (5) | 7156 | 7156 | 23.79% | 296.11 |

Priority encoder | 646 | 592 | 450 (2) | 450 | 450 | 30.34% | 16.06 |

Look-ahead XY router | 186 | 126 | 114 (2) | 114 | 114 | 38.71% | 7.29 |

Voter | 8514 | 7848 | 6344 (6) | 6242 | 6242 | 26.69% | 244.20 |

Geometric mean | 850.80 | 749.59 | 633.83 | 628.75 | 628.43 | 26.14% |

Benchmark | #Cipher-Texts | #Cipher-Texts (X1G Optimization Flow) | Red. | Time [s] | |||
---|---|---|---|---|---|---|---|

(SOTA) | Mapping | Logic Rewrite | DC-Based Opt. | Algebraic Rewrite | |||

AES (Key Expansion) | 10,880 | 10,240 | 10,240 (2) | 10,240 | 10,240 | 5.88% | 41.17 |

AES (No Key Expansion) | 13,600 | 12,800 | 12,800 (2) | 12,800 * | 12,800 | 5.88% | 50.22 |

DES (Key Expansion) | 13,830 | 13,346 | 12,864 (4) | 12,482 | 12,474 | 9.80% | 533.58 |

DES (No Key Expansion) | 13,666 | 13,194 | 12,690 (5) | 12,280 | 12,278 | 10.16% | 525.35 |

Comp. 32-bit SLT | 168 | 138 | 120 (3) | 120 | 120 | 28.57% | 6.81 |

Comp. 32-bit SLTEQ | 174 | 152 | 134 (2) | 134 | 134 | 22.99% | 7.24 |

Comp. 32-bit ULT | 168 | 138 | 120 (3) | 120 | 120 | 28.57% | 6.81 |

Comp. 32-bit ULTEQ | 174 | 152 | 134 (2) | 134 | 134 | 22.99% | 7.26 |

MD5 | 18,734 | 18,734 | 18,734 (1) | 18,734 | 18,732 | 0.01% | 27.61 |

SHA-1 | 22,966 | 22,834 | 22,636 (3) | 22,636 | 22,636 | 1.44% | 107.32 |

SHA-256 | 52,928 | 51,832 | 50,086 (3) | 50,086 | 50,086 | 5.37% | 335.79 |

Geometric mean | 3322.25 | 3066.13 | 2890.11 | 2873.61 | 2873.38 | 13.51% | |

Auction_2_16 | 194 | 194 | 194 (1) | 194 | 194 | 0.00% | 1.92 |

Auction_2_32 | 386 | 386 | 386 (1) | 386 | 386 | 0.00% | 1.92 |

Auction_3_16 | 464 | 464 | 460 (2) | 460 | 460 | 0.86% | 3.04 |

Auction_3_32 | 912 | 912 | 908 (2) | 908 | 908 | 0.44% | 3.11 |

Auction_4_16 | 990 | 990 | 986 (2) | 986 | 986 | 0.40% | 3.26 |

Auction_4_32 | 1950 | 1950 | 1946(2) | 1946 | 1946 | 0.21% | 3.44 |

Knn_comb_1_8 | 1108 | 1108 | 1100 (2) | 1100 | 1100 | 0.72% | 4.42 |

Knn_comb_1_16 | 2324 | 2324 | 2300 (2) | 2300 | 2300 | 1.03% | 4.87 |

Knn_comb_2_8 | 1762 | 1726 | 1676 (4) | 1676 | 1676 | 4.88% | 10.40 |

Knn_comb_2_16 | 3838 | 3754 | 3648 (4) | 3648 | 3648 | 4.95% | 15.21 |

Knn_comb_3_8 | 2120 | 2108 | 2082 (3) | 2082 | 2082 | 1.79% | 7.90 |

Knn_comb_3_16 | 4788 | 4760 | 4694 (3) | 4694 | 4694 | 1.96% | 13.64 |

Voting_1_3 | 14 | 14 | 12 (2) | 12 | 12 | 14.29% | 1.92 |

Voting_1_4 | 30 | 28 | 26 (2) | 26 | 26 | 13.33% | 2.18 |

Voting_2_2 | 42 | 40 | 38 (2) | 38 | 38 | 9.52% | 2.93 |

Voting_2_3 | 110 | 110 | 110 (1) | 110 | 110 | 0.00% | 2.37 |

Voting_2_4 | 208 | 208 | 204 (2) | 204 | 204 | 1.92% | 3.72 |

Voting_3_4 | 550 | 550 | 536 (2) | 536 | 536 | 2.55% | 7.47 |

Stable_matching_4_8 | 32,002 | 29,416 | 27,824 (6) | 27,824 | 27,824 | 13.06% | 379.88 |

Stable_matching_8_8 | 119,546 | 108,320 | 105,086 (3) | 105,086 | 105,086 | 12.10% | 502.04 |

Geometric mean | 790.95 | 777.04 | 757.74 | 756.64 | 756.64 | 4.34% |

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |

© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Yu, M.; Marakkalage, D.S.; De Micheli, G.
Garbled Circuits Reimagined: Logic Synthesis Unleashes Efficient Secure Computation. *Cryptography* **2023**, *7*, 61.
https://doi.org/10.3390/cryptography7040061

**AMA Style**

Yu M, Marakkalage DS, De Micheli G.
Garbled Circuits Reimagined: Logic Synthesis Unleashes Efficient Secure Computation. *Cryptography*. 2023; 7(4):61.
https://doi.org/10.3390/cryptography7040061

**Chicago/Turabian Style**

Yu, Mingfei, Dewmini Sudara Marakkalage, and Giovanni De Micheli.
2023. "Garbled Circuits Reimagined: Logic Synthesis Unleashes Efficient Secure Computation" *Cryptography* 7, no. 4: 61.
https://doi.org/10.3390/cryptography7040061