Advances in Cryptology - CRYPTO 2006
Volume 4117 of the series Lecture Notes in Computer Science pp 555-569
On Robust Combiners for Private Information Retrieval and Other Primitives
- Remo MeierAffiliated withDepartment of Computer Science, ETH Zurich
- , Bartosz PrzydatekAffiliated withDepartment of Computer Science, ETH Zurich
Abstract
Let and \(\mathcal A\) and \(\mathcal B\) denote cryptographic primitives. \(\mathcal A\) (k ,m )-robust \(\mathcal A\)-to-\(\mathcal B\) combiner is a construction, which takes m implementations of primitive \({\ensuremath{{\cal A}}}\) as input, and yields an implementation of primitive \({\ensuremath{{\cal B}}}\), which is guaranteed to be secure as long as at least k input implementations are secure. The main motivation for such constructions is the tolerance against wrong assumptions on which the security of implementations is based. For example, a (1,2)-robust \(\mathcal A\)-to-\(\mathcal B\) combiner yields a secure implementation of \({\ensuremath{{\cal B}}}\) even if an assumption underlying one of the input implementations of \({\ensuremath{{\cal A}}}\) turns out to be wrong.
In this work we study robust combiners for private information retrieval (PIR), oblivious transfer (OT), and bit commitment (BC). We propose a (1,2)-robust PIR-to-PIR combiner, and describe various optimizations based on properties of existing PIR protocols. The existence of simple PIR-to-PIR combiners is somewhat surprising, since OT, a very closely related primitive, seems difficult to combine (Harnik et al., Eurocrypt’05). Furthermore, we present (1,2)-robust PIR-to-OT and PIR-to-BC combiners. To the best of our knowledge these are the first constructions of \(\mathcal A\)-to-\(\mathcal B\) combiners with \({\ensuremath{{\cal A}}}\neq {\ensuremath{{\cal B}}}\). Such combiners, in addition to being interesting in their own right, offer insights into relationships between cryptographic primitives. In particular, our PIR-to-OT combiner together with the impossibility result for OT-combiners of Harnik et al. rule out certain types of reductions of PIR to OT. Finally, we suggest a more fine-grained approach to construction of robust combiners, which may lead to more efficient and practical combiners in many scenarios.
Keywords
robust combiners cryptographic primitives reductions private information retrieval oblivious transfer bit commitment- Title
- On Robust Combiners for Private Information Retrieval and Other Primitives
- Book Title
- Advances in Cryptology - CRYPTO 2006
- Book Subtitle
- 26th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20-24, 2006. Proceedings
- Pages
- pp 555-569
- Copyright
- 2006
- DOI
- 10.1007/11818175_33
- Print ISBN
- 978-3-540-37432-9
- Online ISBN
- 978-3-540-37433-6
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- 4117
- Series ISSN
- 0302-9743
- Publisher
- Springer Berlin Heidelberg
- Copyright Holder
- Springer-Verlag Berlin Heidelberg
- Additional Links
- Topics
- Keywords
-
- robust combiners
- cryptographic primitives
- reductions
- private information retrieval
- oblivious transfer
- bit commitment
- Industry Sectors
- eBook Packages
- Editors
-
- Cynthia Dwork (16)
- Editor Affiliations
-
- 16. Microsoft Research
- Authors
-
- Remo Meier (17)
- Bartosz Przydatek (17)
- Author Affiliations
-
- 17. Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland
Continue reading...
To view the rest of this content please follow the download PDF link above.