International Journal of Information Security

, Volume 14, Issue 1, pp 73–84 | Cite as

Information-theoretically secure oblivious polynomial evaluation in the commodity-based model

  • Rafael Tonicelli
  • Anderson C. A. Nascimento
  • Rafael Dowsley
  • Jörn Müller-Quade
  • Hideki Imai
  • Goichiro Hanaoka
  • Akira Otsuka
Regular Contribution


Oblivious polynomial evaluation (OPE) consists of a two-party protocol where a sender inputs a polynomial \(p(x)\) and a receiver inputs a single value \(x_{0}\). At the end of the protocol, the sender learns nothing and the receiver learns \(p(x_{0})\). This paper deals with the problem of oblivious polynomial evaluation under an information-theoretic perspective, which is based on the definitions of unconditional security developed by Crépeau et al. (Information-theoretic conditions for two-party secure function evaluation. EUROCRYPT 2006, LNCS 4004. Springer, Berlin, Heidelberg, pp 538–554, 2006). In this paper, we propose an information-theoretic model for oblivious polynomial evaluation relying on pre-distributed data and prove very general lower bounds on the size of the pre-distributed data, as well as the size of the communications in any protocol. It is demonstrated that these bounds are tight by obtaining a round-optimal OPE protocol, which meets the lower bounds simultaneously. We present a natural generalization to OPE called oblivious linear functional evaluation.


Information-theoretic cryptography Cryptographic primitives Oblivious polynomial evaluation Commodity-based model 


  1. 1.
    Ahlswede, R., Csiszár, I.: On oblivious transfer capacity. ISIT 2007, pp. 2061–2064. (2007)Google Scholar
  2. 2.
    Beaver, D.: Commodity-based cryptography (extended abstract). STOC 1997, pp. 446–455. (1997)Google Scholar
  3. 3.
    Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. CRYPTO 89, 547–557 (1990)Google Scholar
  4. 4.
    Bleichenbacher, D., Nguyen, P.: Noisy Polynomial Interpolation and Noisy Chinese Remaindering. EUROCRYPT 2000, LNCS. Springer, New York (2000)Google Scholar
  5. 5.
    Blundo, C., Masucci, B., Stinson, D.R., Wei, R.: Constructions and bounds for unconditionally secure non-interactive commitment schemes. Des Codes Cryptogr 26(1–3), 97–110 (2002)CrossRefzbMATHMathSciNetGoogle Scholar
  6. 6.
    Chang, Yan-Cheng, Lu, Chi-Jen: Oblivious Polynomial Evaluation and Oblivious Neural Learning. ASIACRYPT 2001, LNCS. Springer, New York (2001)Google Scholar
  7. 7.
    Crépeau, C.: Efficient cryptographic protocols based on noisy channels. EUROCRYPT 1997, pp. 306–317. (1997)Google Scholar
  8. 8.
    Crépeau, C., Morozov, K., Wolf, S.: Efficient unconditional oblivious transfer from almost any noisy channel. SCN 2004, pp. 47–59. (2004)Google Scholar
  9. 9.
    Crépeau, C., Savvides, G., Schaffner, G., Wullschleger, J.: Information-theoretic conditions for two-party secure function evaluation. EUROCRYPT 2006, LNCS, 4004, Springer, Berlin, Heidelberg, pp. 538–554. (2006)Google Scholar
  10. 10.
    Crépeau, C., Wullschleger, J.: Statistical security conditions for two-party secure function evaluation. ICITS 2008, LNCS, vol. 5155, pp. 86–99. Springer, New York (2008)Google Scholar
  11. 11.
    Dowsley, R., van de Graaf, J., Müller-Quade, J., Nascimento, A.C.A.: Oblivious transfer based on the McEliece assumptions. ICITS 2008, pp. 107–117. (2008)Google Scholar
  12. 12.
    Dowsley, R., van de Graaf, J., Müller-Quade, J., Nascimento, A.C.A.: Oblivious transfer based on the McEliece assumptions. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E95–A(2), 567–575 (2012)CrossRefGoogle Scholar
  13. 13.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. CRYPTO 82, pp. 205–210. (1983) Google Scholar
  14. 14.
    Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. TCC 2005, pp. 303–324. (2005)Google Scholar
  15. 15.
    Gilboa, N.: Two party RSA key generation. CRYPTO 1999, pp. 116–129. (1999)Google Scholar
  16. 16.
    Haitner, I.: Implementing oblivious transfer using collection of dense trapdoor permutations. TCC 2004, pp. 394–409. (2004)Google Scholar
  17. 17.
    Hanaoka, G., Imai, H., Müller-Quade, J., Nascimento, A.C.A., Otsuka, A., Winter, A.: Information theoretically secure oblivious polynomial evaluation: model, bounds, and constructions. ACISP 2004, pp. 62–73. (2004)Google Scholar
  18. 18.
    Hanaoka, G., Shikata, J., Zheng, Y., Imai, H.: Unconditionally secure digital signature schemes admitting transferability. ASIACRYPT 2000, LNCS, vol. 1976, pp. 130–142. Springer, New York (2000)Google Scholar
  19. 19.
    Imai, H., Morozov, K., Nascimento, A.C.A.: On the oblivious transfer capacity of the erasure channel. ISIT 2006, pp. 1428–1431. (2006)Google Scholar
  20. 20.
    Kalai, Y.T.: Smooth projective hashing and two-message oblivious transfer. EUROCRYPT 2005, pp. 78–95. (2005)Google Scholar
  21. 21.
    Kilian, J.: Founding cryptography on oblivious transfer. STOC 1988, pp. 20–31. (1988)Google Scholar
  22. 22.
    Matsumoto, T., Imai, H.: On the key predistribution systems. A practical solution to the key distribution problem. CRYPTO 1987, LNCS, vol. 293, pp. 185–193. Springer, New York (1988)Google Scholar
  23. 23.
    Lindell, Y., Pinkas, B.: Privacy preserving data mining. J. Cryptol. 15(19), 177–206 (2002)CrossRefzbMATHMathSciNetGoogle Scholar
  24. 24.
    Nascimento, A.C.A., Morozov, K., Imai, H.: Efficient oblivious transfer protocols achieving a non-zero rate from any non-trivial noisy correlation. ICITS. (2007)Google Scholar
  25. 25.
    Nascimento, A.C.A., Winter, A.: On the oblivious-transfer capacity of noisy resources. IEEE Trans. Inf. Theory 54(6), 2572–2581 (2008)CrossRefMathSciNetGoogle Scholar
  26. 26.
    Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. STOC 1999, pp. 245–254. (1999)Google Scholar
  27. 27.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In 12th annual ACM-SIAM symposium on discrete algorithms, pp. 448–457. (2001)Google Scholar
  28. 28.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. CRYPTO 2008, pp. 554–571. (2008)Google Scholar
  29. 29.
    Pinto, A.C.B., Dowsley, R., Morozov, K., Nascimento, A.C.A.: Achieving oblivious transfer capacity of generalized erasure channels in the malicious model. IEEE Trans. Inf. Theory 57(8), 5566–5571 (2011)CrossRefMathSciNetGoogle Scholar
  30. 30.
    Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical Report TR-81, Harvard. (1981)Google Scholar
  31. 31.
    Rivest, R.: Unconditionally secure commitment and oblivious transfer schemes using concealing channels and a trusted initializer. Preprint available at

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Rafael Tonicelli
    • 1
  • Anderson C. A. Nascimento
    • 1
  • Rafael Dowsley
    • 2
  • Jörn Müller-Quade
    • 2
  • Hideki Imai
    • 3
  • Goichiro Hanaoka
    • 3
  • Akira Otsuka
    • 3
  1. 1.Department of Electrical EngineeringUniversity of BrasiliaBrasília Brazil
  2. 2.Institute of Theoretical InformaticsKarlsruhe Institute of TechnologyKarlsruheGermany
  3. 3.National Institute of Advanced Industrial Science and Technology (AIST)Tokyo Japan

Personalised recommendations