On Robust Combiners for Oblivious Transfer and Other Primitives

  • Danny Harnik
  • Joe Kilian
  • Moni Naor
  • Omer Reingold
  • Alon Rosen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3494)


A (1,2)-robust combiner for a cryptographic primitive \({\mathcal P}\) is a construction that takes two candidate schemes for \({\mathcal P}\)and combines them into one scheme that securely implement \({\mathcal P}\)even if one of the candidates fails. Robust combiners are a useful tool for ensuring better security in applied cryptography, and also a handy tool for constructing cryptographic protocols. For example, we discuss using robust combiners for obtaining universal schemes for cryptographic primitives (a universal scheme is an explicit construction that implements \({\mathcal P}\)under the sole assumption that \({\mathcal P}\)exists).

In this paper we study what primitives admit robust combiners. In addition to known and very simple combiners for one-way functions and equivalent primitives, we show robust combiners for protocols in the world of public key cryptography, namely for Key Agreement(KA).

The main point we make is that things are not as nice for Oblivious Transfer (OT) and in general for secure computation. We prove that there are no ”transparent black-box” robust combiners for OT, giving an indication to the difficulty of finding combiners for OT. On the positive side we show a black box construction of a (2,3)-robust combiner for OT, as well as a generic construction of (1,n)-robust OT-combiners from any (1,2)-robust OT-combiner.


Pseudorandom Generator Oblivious Transfer Cryptographic Primitive Candidate Scheme Universal Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Asmuth, C.A., Blakely, G.R.: An efficient algorithm for constructing a cryptosystem which is harder to break than two other cryptosystems. Computers and Mathematics and Applications 7, 447–450 (1981)CrossRefMathSciNetGoogle Scholar
  2. 2.
    Barak, B.: How to go beyond the black-box simulation barrier. In: 42nd FOCS, pp. 106–115 (2001)Google Scholar
  3. 3.
    Barak, B.: Constant-round coin-tossing with a man in the middle or realizing the shared random string model. In: 43rd FOCS, pp. 345–355 (2002)Google Scholar
  4. 4.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: 20th STOC (1988)Google Scholar
  5. 5.
    Blum, M., Kannan, S.: Designing programs that check their work. In: 21st ACM Symposium on the Theory of Computing, pp. 86–97 (1989)Google Scholar
  6. 6.
    Brickell, E., McCurley, K.: An interactive identification scheme based on discrete logarithms and factoring. Journal of Cryptology 5(1), 29–39 (1992)zbMATHCrossRefGoogle Scholar
  7. 7.
    Chor, B., Kushilevitz, E.: A zero-one law for boolean privacy. SIAM Journal on Disc. Math. 4(1), 36–47 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions. In: 29th FOCS, pp. 42–52 (1988)Google Scholar
  9. 9.
    Damgard, I., Kilian, J., Salvail, L.: On the (im)possibility of basing oblivious transfer and bit commitment on weakened security assumptions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 56–73. Springer, Heidelberg (1999)Google Scholar
  10. 10.
    Dodis, Y., Katz, J.: Chosen ciphertext security of multiple encryption. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 188–209. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Communications of the ACM 28(6), 637–647 (1985)CrossRefMathSciNetGoogle Scholar
  12. 12.
    Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The relationship between public key encryption and oblivious transfer. In: 41st FOCS, pp. 325–335 (2000)Google Scholar
  13. 13.
    Goldreich, O.: Foundations of Cryptography. Cambridge University Press, Cambridge (2001)zbMATHCrossRefGoogle Scholar
  14. 14.
    Hastad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM Journal of Computing 29(4), 1364–1396 (1999)CrossRefMathSciNetGoogle Scholar
  15. 15.
    Herzberg, A.: On tolerant cryptographic constructions. ECCC, TR02-135 (2002)Google Scholar
  16. 16.
    Hohenberger, S., Lysyanskaya, A.: How to securely outsource cryptographic computations. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 264–282. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    IETF. The tls protocol, version 1.1 (2002),
  18. 18.
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: 21st ACM STOC, pp. 44–61 (1989)Google Scholar
  19. 19.
    Joux, A.: Multicollisions in iterated hash functions. application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  20. 20.
    Kilian, J.: A note on efficient zero-knowledge proofs and arguments. In: 24th STOC, pp. 723–732 (1992)Google Scholar
  21. 21.
    Levin, L.A.: One-way functions and pseudorandom generators. Combinatorica 7, 357–363 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Naor, M.: Bit commitment using pseudorandomness. Journal of Cryptology 4(2), 151–158 (1991)zbMATHCrossRefGoogle Scholar
  23. 23.
    Nessie. Recommended cryptographic primitives (2003),
  24. 24.
    Reingold, O., Trevisan, L., Vadhan, S.: Notions of reducibility between cryptographic primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  25. 25.
    Shoup, V.: Using hash functions as a hedge against chosen ciphertext attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 275–288. Springer, Heidelberg (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Danny Harnik
    • 1
  • Joe Kilian
    • 2
  • Moni Naor
    • 1
  • Omer Reingold
    • 1
  • Alon Rosen
    • 3
  1. 1.Dept. of Computer Science and Applied Math.Weizmann Institute of Science 
  2. 2.Yianilos Labs 
  3. 3.CSAIL, MIT 

Personalised recommendations