Function Recovery Attacks in Gate-Hiding Garbled Circuits using SAT Solving
Chao Yin, Zunchen Huang, Chenglu Jin, Marten van Dijk, Fabio Massacci
TL;DR
This work analyzes gate-hiding garbled circuits in Semi-PFE and demonstrates that exposing circuit topology enables practical function-recovery of hidden gate types. It introduces topology-preserving simplifications (R-Wave, S-Class, Z-Class, ZS) and an incremental SAT-solving framework to dramatically prune the gate-type search space, enabling efficient recovery from IO observations. The authors present a baseline SAT-based decamouflaging approach and an optimized attack that separates candidate generation from discriminating-input searches, extending to scenarios with hidden inputs (Threat Model B). Empirical evaluation on ISCAS89, 2PC cryptographic circuits, and fault-tolerant sensor-fusion MPC circuits shows large speedups (up to $159$-fold) and successful recovery within a 24-hour budget, highlighting topology leakage as a practical vulnerability and motivating countermeasures such as circuit-level redundancy and gate-type simplifications.
Abstract
Semi-Private Function Evaluation enables joint computation while protecting both input data and function logic. A practical instantiation is gate-hiding garbled circuits, which conceal gate functionalities while revealing the circuit topology. Existing security definitions intentionally exclude leakage through circuit topology, leaving the concrete impact of such leakage on function privacy insufficiently understood. We analyze the empirical security of gate hiding under two adversarial models that capture realistic computational capabilities. We present a SAT-based function-recovery attack that reconstructs hidden gate operations from a circuit's public topology. To enable recovery on larger and more complex circuits, we develop an incremental SAT-solving framework combined with a set of composable, topology-preserving simplification theorems. These techniques jointly reduce the SAT instance size and progressively constrain the search space across repeated solving iterations. We evaluate our attack on ISCAS benchmarks, representative secure computation circuits, and fault-tolerant sensor fusion circuits under a fixed 24-hour recovery budget. Compared to baseline approaches, our optimized attack achieves up to a 159-fold speedup in recovery time without increasing the number of oracle queries. Our results demonstrate that topology leakage alone can enable effective function recovery in practice.
