More extensions of weak oblivious transfer
Minh Anh Đặng2006 International Conference onResearch, Innovation and Vision for the Future
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Oblivious Transfer (OT) is a primitive of asymmetrically distributing information between users, proposed to build Secure Computations. In this letter, we propose an informationtheoretical variant of OT that requires weak assumptions and can be therefore more easily implemented with transmission media. We show then that One-out-of-two Oblivious Transfer (O-OT), the central version of OT, can be reduced to this Weak OT (WOT) with arbitrary small loss of security, i.e. secure O-OT can be realised from our WOT.
Related papers
Obtaining Efficient Fully Simulatable Oblivious Transfer from General Assumptions
Anais do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2011)
We introduce a general construction of fully simulatable oblivious transfer based on lossy encryption. Furthermore, we extend the common definition of lossy encryption by introducing the notion of computationally lossy encryption. If the cryptosystem used is computationally lossy, our general construction yields oblivious transfer protocols with computational security for both parties. Otherwise, when regular statistically lossy cryptosystems are employed in this construction, it yields oblivious transfer protocols with statistical security for the sender. The construction introduced in this paper is realizable from rerandomizable, homomorphic and lossy cryptosystems in general. Thus, it yields specific constructions based on different assumptions, such as DDH, LWE and McEliece. Moreover, it proves the equivalence of fully simulatable oblivious transfer and lossy encryption.
Weakening Security Assumptions and Oblivious Transfer (Abstract)
International Cryptology Conference, 1988
Efficient oblivious transfers with access control
Computers & Mathematics with Applications, 2012
Oblivious transfer (OT) is a protocol where a receiver can obtain t-out-of-n services from the sender without releasing anything about his choices. OT can be used to protect user's privacy. In principle, any user can interact with a server to request some services. This might allow some undesirable users to obtain services from the server. How to ensure that only the authorized receivers can obtain services obliviously is a daunting task. In this paper, we introduce oblivious signature based-on envelope (OSBE) to OT and propose two novel OT schemes, which only allow the legitimate receivers to obtain services obliviously. The receiver is required to authenticate himself to the issuer to possess the required credential prior to access the protected services; while no authentication from the sender needs to be done. The sender knows the number of the services selected by the receiver, but does not know anything about his choices and personally identifiable information. The feature of our scheme also lies in avoiding zero knowledge proofs and achieving all-ornothing non-transferable credentials. Our schemes are efficient in the cost of communication and computation.
(Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens
Theory of Cryptography, 2014
We continue the line of work initiated by Katz (Eurocrypt 2007) on using tamper-proof hardware for universally composable secure computation. As our main result, we show an efficient oblivious-transfer (OT) protocol in which two parties each create and exchange a single, stateless token and can then run an unbounded number of OTs. Our result yields what we believe is the most practical and efficient known approach for oblivious transfer based on tamper-proof tokens, and implies that the parties can perform (repeated) secure computation of arbitrary functions without exchanging additional tokens. Motivated by this result, we investigate the minimal number of stateless tokens needed for universally composable OT/ secure computation. We prove that our protocol is optimal in this regard for constructions making black-box use of the tokens (in a sense we define). We also show that nonblack-box techniques can be used to obtain a construction using only a single stateless token.
Efficient Unconditional Oblivious Transfer From Almost Any Noisy Channel
Security in Communication Networks, 2005
Abstract. Oblivious transfer (OT) is a cryptographic primitive of cen-tral importance, in particular in two-and multi-party computation. There exist various protocols for different variants of OT, but any such realiza-tion from scratch can be broken in principle by at least one of the ...
Reducing Complexity Assumptions for Oblivious Transfer
2009
Abstract. Reducing the minimum assumptions needed to construct various cryptographic primitives is an important and interesting task in theoretical cryptography. Oblivious transfer, one of the most basic cryptographic building blocks, could be also studied under this scenario. Reducing the minimum assumptions for oblivious transfer seems not an easy task, as there are a few impossibility results under black-box reductions.
New Results on Unconditionally Secure Distributed Oblivious Transfer
Lecture Notes in Computer Science, 2003
This paper is about the Oblivious Transfer in the distributed model recently proposed by M. Naor and B. Pinkas. In this setting a Sender has n secrets and a Receiver is interested in one of them. During a set up phase, the Sender gives information about the secrets to m servers. Afterwards, in a recovering phase, the receiver can compute the secret she wishes by interacting with k of them. More precisely, from the answers received she computes the secret in which she is interested but she gets no information on the others and, at the same time, any coalition of k − 1 servers can neither compute any secret nor figure out which one the receiver has recovered. We present an analysis and new results holding for this model: lower bounds on the resources required to implement such a scheme (i.e., randomness, memory storage, communication complexity); some impossibility results for one-round distributed oblivious transfer protocols; two polynomial-based constructions implementing 1-out-of-n distributed oblivious transfer, which generalize the two constructions for 1-out-of-2 given by Naor and Pinkas; as well as new one-round and two-round distributed oblivious transfer protocols, both for threshold and general access structures on the set of servers, which are optimal with respect to some of the given bounds. Most of these constructions are basically combinatorial in nature.
Generalized Oblivious Transfer
2013
Abstract. We present protocols for two flavors of oblivious transfer (OT): the Rabin and 1-out-of-2 OT based on the assumptions related to security of the McEliece cryptosystem and two zero-knowledge identification (ZKID) schemes, Stern’s from Crypto ’93 and Shamir’s from Crypto ’89, which are based on syndrome decoding and permuted kernels, respectively. This is a step towards diversifying computational assumptions on which OT – cryptographic primitive of central importance – can be based. As a by-product, we expose new interesting applications for both ZKID schemes: Stern’s can be used for proving correctness of McEliece encryption, while Shamir’s – for proving that some matrix represents a permuted subcode of a given code. Unfortunately, it turned out to be difficult to reduce the sender’s security of both schemes to a hard problem, although the intuition suggests a successful attack may allow to solve some long-standing problems in coding theory.
Oblivious Transfer and Linear Functions
2006
We study unconditionally secure 1-out-of-2 Oblivious Transfer (1–2 OT). We first point out that a standard security requirement for 1–2 OT of bits, namely that the receiver only learns one of the bits sent, holds if and only if the receiver has no information on the XOR of the two bits. We then generalize this to 1–2 OT of strings and show that the security can be characterized in terms of binary linear functions. More precisely, we show that the receiver learns only one of the two strings sent if and only if he has no information on the result of applying any binary linear function (which non-trivially depends on both inputs) to the two strings. We then argue that this result not only gives new insight into the nature of 1–2 OT, but it in particular provides a very powerful tool for analyzing 1–2 OT protocols. We demonstrate this by showing that with our characterization at hand, the reducibility of 1–2 OT (of strings) to a wide range of weaker primitives follows by a very simple argument. This is in sharp contrast to previous literature, where reductions of 1–2 OT to weaker flavors have rather complicated and sometimes even incorrect proofs.
Concurrent oblivious transfer
Proceedings 41st Annual Symposium on Foundations of Computer Science
We consider the problem of designing an efficient oblivious transfer (OT) protocol that is provably secure in a concurrent setting, i.e., where many OT sessions may be running concurrently with their messages interleaved arbitrarily. Known OT protocols use zero-knowledge proofs, and no concurrent zero-knowledge proofs are known that use less than a poly-logarithmic number of rounds (at least without requiring a pre-processing phase, a public random string, an auxiliary string, timing constraints, or pre-distributed public keys). We introduce a model for proving security of concurrent OT protocols, and present a protocol that is proven secure in this model based on the Decisional Diffie-Hellman problem. The protocol is efficient, requiring only a slightly non-constant number of rounds.
Related topics
Related papers
S.: Efficient unconditional oblivious transfer from almost any noisy channel
2004
Abstract. Oblivious transfer (OT) is a cryptographic primitive of cen-tral importance, in particular in two- and multi-party computation. There exist various protocols for different variants of OT, but any such realiza-tion from scratch can be broken in principle by at least one of the two involved parties if she has sufficient computing power—and the same even holds when the parties are connected by a quantum channel. We show that, on the other hand, if noise—which is inherently present in any physical communication channel—is taken into account, then OT can be realized in an unconditionally secure way for both parties, i.e., even against dishonest players with unlimited computing power. We give the exact condition under which a general noisy channel allows for realiz-ing OT and show that only “trivial ” channels, for which OT is obviously impossible to achieve, have to be excluded. Moreover, our realization of OT is efficient: For a security parameter α> 0—an upper bound on the...
Essentially Optimal Universally Composable Oblivious Transfer
Information Security and Cryptology – ICISC 2008, 2009
Oblivious transfer is one of the most important cryptographic primitives, both for theoretical and practical reasons and several protocols were proposed during the years. We provide the first oblivious transfer protocol which is simultaneously optimal on the following list of parameters: Security: it has universal composition. Trust in setup assumptions: only one of the parties needs to trust the setup (and some setup is needed for UC security). Trust in computational assumptions: only one of the parties needs to trust a computational assumption. Round complexity: it uses only two rounds. Communication complexity: it communicates O(1) group elements to transfer one out of two group elements. The Big-O notation hides 32, meaning that the communication is probably not optimal, but is essentially optimal in that the overhead is at least constant. Our construction is based on pairings, and we assume the presence of a key registration authority.
Secure Two-Party Computation via Leaky Generalized Oblivious Transfer
We construct a protocol for constant round Two-Party Secure Function Evaluation in the standard model which improves previous protocols in several ways. We are able to reduce the number of calls to Oblivious Transfer by a factor proportional to the security parameter. In addition to being more efficient than previous instantiations, our protocol only requires black box calls to OT and Commitment. This is achieved by the use of a faulty variant of the Cutand-Choose OT. The concepts of Garbling Schemes, faulty Cut-and-Choose Oblivious Transfer and Privacy Amplification are combined using the Cut-and-Choose paradigm to obtain the final protocol.
Weakening Security Assumptions and Oblivious Transfer
Lecture Notes in Computer Science
Generic Fully Simulatable Adaptive Oblivious Transfer
Lecture Notes in Computer Science, 2011
We aim at constructing adaptive oblivious transfer protocols, enjoying fully simulatable security, from various well-known assumptions such as DDH, d-Linear, QR, and DCR. To this end, we present two generic constructions of adaptive OT, one of which utilizes verifiable shuffles together with threshold decryption schemes, while the other uses permutation networks together with what we call loosely-homomorphic key encapsulation schemes. The constructions follow a novel designing approach called "blind permutation", which completely differs from existing ones. We then show that specific choices of the building blocks lead to concrete adaptive OT protocols with fully simulatable security in the standard model under the targeted assumptions. Our generic methods can be extended to build universally composable (UC) secure, and leakage-resilient OT protocols.
Extending Oblivious Transfers Efficiently
Lecture Notes in Computer Science, 2003
We consider the problem of extending oblivious transfers: Given a small number of oblivious transfers "for free," can one implement a large number of oblivious transfers? Beaver has shown how to extend oblivious transfers given a one-way function. However, this protocol is inefficient in practice, in part due to its non-black-box use of the underlying one-way function. We give efficient protocols for extending oblivious transfers in the random oracle model. We also put forward a new cryptographic primitive which can be used to instantiate the random oracle in our constructions. Our methods suggest particularly fast heuristics for oblivious transfer that may be useful in a wide range of applications.
Efficient and Universally Composable Committed Oblivious Transfer and Applications
Lecture Notes in Computer Science, 2004
Committed Oblivious Transfer (COT) is a useful cryptographic primitive that combines the functionalities of bit commitment and oblivious transfer. In this paper, we introduce an extended version of COT (ECOT) which additionally allows proofs of relations among committed bits, and we construct an efficient protocol that securely realizes an ECOT functionality in the universalcomposability (UC) framework in the common reference string (CRS) model. Our construction is more efficient than previous (non-UC) constructions of COT, involving only a constant number of exponentiations and communication rounds. Using the ECOT functionality as a building block, we construct efficient UC protocols for general two-party and multi-party functionalities (in the CRS model), each gate requiring a constant number of ECOT's.
Efficient Oblivious Transfer Protocols Achieving a Non-zero Rate from Any Non-trivial Noisy Correlation
Lecture Notes in Computer Science, 2009
Oblivious transfer (OT) is a two-party primitive which is one of the cornerstones of modern cryptography. We focus on providing information-theoretic security for both parties, hence building OT assuming noisy resources (channels or correlations) available to them. This primitive is about transmitting two strings such that the receiver can obtain one (and only one) of them, while the sender remains ignorant of this choice. Recently, Winter and Nascimento proved that oblivious transfer capacity is positive for any non-trivial discrete memoryless channel or correlation in the case of passive cheaters. Their construction was inefficient. The OT capacity characterizes the maximal efficiency of constructing OT using a particular noisy primitive. Building on their result, we extend it in two ways: 1) we construct efficient passively-secure protocols achieving the same rates; 2) we show that an important class of noisy correlations actually allows to build OT with non-zero rate secure against active cheating (before, positive rates were only achieved for the erasure channel).
On Unconditionally Secure Distributed Oblivious Transfer
Journal of Cryptology, 2007
This paper is about the Oblivious Transfer in the distributed model proposed by M. Naor and B. Pinkas. In this setting a Sender has n secrets and a Receiver is interested in one of them. During a set up phase, the Sender gives information about the secrets to m Servers. Afterwards, in a recovering phase, the Receiver can compute the secret she wishes by interacting with any k of them. More precisely, from the answers received she computes the secret in which she is interested but she gets no information on the others and, at the same time, any coalition of k − 1 Servers can neither compute any secret nor figure out which one the Receiver has recovered.
A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM
2017
Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a number of applications, in particular, as an essential building block for two-party and multi-party computation. We construct a round-optimal (2 rounds) universally composable (UC) protocol for oblivious transfer secure against active adaptive adversaries from any OW-CPA secure public-key encryption scheme with certain properties in the random oracle model (ROM). In terms of computation, our protocol only requires the generation of a public/secret-key pair, two encryption operations and one decryption operation, apart from a few calls to the random oracle. In~terms of communication, our protocol only requires the transfer of one public-key, two ciphertexts, and three binary strings of roughly the same size as the message. Next, we show how to instantiate our construction under the low noise LPN, McEliece, QC-MDPC, LWE, and CDH assumptions. Our instantiations based on the low noise LPN, McEliece, and QC-MDPC...
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.