Quantum security analysis of a lattice-based oblivious transfer protocol

  • Mo-meng Liu
  • Juliane Krämer
  • Yu-pu Hu
  • Johannes Buchmann


Because of the concise functionality of oblivious transfer (OT) protocols, they have been widely used as building blocks in secure multiparty computation and high-level protocols. The security of OT protocols built upon classical number theoretic problems, such as the discrete logarithm and factoring, however, is threatened as a result of the huge progress in quantum computing. Therefore, post-quantum cryptography is needed for protocols based on classical problems, and several proposals for post-quantum OT protocols exist. However, most post-quantum cryptosystems present their security proof only in the context of classical adversaries, not in the quantum setting. In this paper, we close this gap and prove the security of the lattice-based OT protocol proposed by Peikert et al. (CRYPTO, 2008), which is universally composably secure under the assumption of learning with errors hardness, in the quantum setting. We apply three general quantum security analysis frameworks. First, we apply the quantum lifting theorem proposed by Unruh (EUROCRYPT, 2010) to prove that the security of the lattice-based OT protocol can be lifted into the quantum world. Then, we apply two more security analysis frameworks specified for post-quantum cryptographic primitives, i.e., simple hybrid arguments (CRYPTO, 2011) and game-preserving reduction (PQCrypto, 2014).

Key words

Oblivious transfer Post-quantum Lattice-based Learning with errors Universally composable 

CLC number



Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Bernstein, D.J., Buchamann, J., Dahmen, E., 2009. Post-Quantum Cryptography. Springer, Berlin. Scholar
  2. Canetti, R., 2001. Universally composable security: a new paradigm for cryptographic protocols. Proc. 42nd IEEE Symp. on Foundations of Computer Science, p.136–145. Scholar
  3. Damgård, I., Funder, J., Nielsen, J.B., et al., 2014. Superposition attacks on cryptographic protocols. LNCS, 8317:142–161. Scholar
  4. Even, S., Goldreich, O., Lempel, A., 1985. A randomized protocol for signing contracts. Commun. ACM, 28(6):637–647. Scholar
  5. Fehr, S., Katz, J., Song, F., et al., 2013. Feasibility and completeness of cryptographic tasks in the quantum world. LNCS, 7785:281–296. Scholar
  6. Gentry, C., Peikert, C., Vaikuntanathan, V., 2008. Trapdoors for hard lattices and new cryptographic constructions. Proc. 40th Annual ACM Symp. on Theory of Computing, p.197–206. Scholar
  7. Gilboa, N., 1999. Two party RSA key generation. LNCS, 1666:116–129. Scholar
  8. Hallgren, S., Smith, A., Song, F., 2011. Classical cryptographic protocols in a quantum world. LNCS, 6841:411–428. Scholar
  9. Hallgren, S., Smith, A., Song, F., 2015. Classical cryptographic protocols in a quantum world. Cryptology ePrint Archive, 2015/687. Scholar
  10. Ishai, Y., Kilian, J., Nissim, K., et al., 2003. Extending oblivious transfers efficiently. LNCS, 2729:145–161. Scholar
  11. Lai, R.W.F., Cheung, H.K.F., Chow, S.S.M., 2014. Trapdoors for ideal lattices with applications. LNCS, 8957:239–256. Scholar
  12. Lyubashevsky, V., Peikert, C., Regev, O., 2013. On ideal lattices and learning with errors over rings. J. ACM, 60(6):43. Scholar
  13. Micciancio, D., Regev, O., 2009. Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (Eds.), Post-Quantum Cryptography. Springer, Berlin, p.147–191. Scholar
  14. Nielsen, M.A., Chuang, I.L., 2010. Quantum Computation and Quantum Information. Cambridge University Press, Cambridge.CrossRefzbMATHGoogle Scholar
  15. Peikert, C., 2009. Some recent progress in lattice-based cryptography. LNCS, 5444:72. Scholar
  16. Peikert, C., Vaikuntanathan, V., Waters, B., 2008. A framework for efficient and composable oblivious transfer. LNCS, 5157:554-571. Scholar
  17. Rabin, M.O., 1981. How to Exchange Secrets with Oblivious Transfer. Technical Report No. TR-81, Aiken Computation Lab, Harvard University, Cambridge, MA. Scholar
  18. Regev, O., 2005. On lattices, learning with errors, random linear codes, and cryptography. Proc. 37th Annual ACM Symp. on Theory of Computing, p.84–93. Scholar
  19. Sendrier, N., 2011. Code-based cryptography. In: van Tilborg, H.C.A., Jajodia, S. (Eds.), Encyclopedia of Cryptography and Security. Springer, New York, p.215–216. Scholar
  20. Shor, P.W., 1997. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput., 26(5):1484–1509. Scholar
  21. Song, F., 2014. A note on quantum security for post-quantum cryptography. LNCS, 8772:246–265. Scholar
  22. Unruh, D., 2010. Universally composable quantum multiparty computation. LNCS, 6110:486–505. Scholar
  23. Unruh, D., 2012. Quantum proofs of knowledge. LNCS, 7237:135–152. Scholar
  24. Watrous, J., 2009. Zero-knowledge against quantum attacks. SIAM J. Comput., 39(1):25–58. Scholar
  25. Zhandry, M., 2012. How to construct quantum random functions. IEEE 53rd Annual Symp. on Foundations of Computer Science, p.679–687. Scholar

Copyright information

© Zhejiang University and Springer-Verlag GmbH Germany, part of Springer Nature 2017

Authors and Affiliations

  1. 1.State Key Laboratory of Integrated Service NetworksXidian UniversityXi’anChina
  2. 2.Technische Universität DarmstadtDarmstadtGermany

Personalised recommendations