New Results on Unconditionally Secure Distributed Oblivious Transfer
This paper is about the Oblivious Transfer in the distributed model recently proposed by M. Naor and B. Pinkas. In this setting a Sender has n secrets and a Receiver is interested in one of them. During a set up phase, the Sender gives information about the secrets to m servers. Afterwards, in a recovering phase, the receiver can compute the secret she wishes by interacting with k of them. More precisely, from the answers received she computes the secret in which she is interested but she gets no information on the others and, at the same time, any coalition of k - 1 servers can neither compute any secret nor figure out which one the receiver has recovered.
We present an analysis and new results holding for this model: lower bounds on the resources required to implement such a scheme (i.e., randomness, memory storage, communication complexity); some impossibility results for one-round distributed oblivious transfer protocols; two polynomial-based constructions implementing 1-out-of-n distributed oblivious transfer, which generalize the two constructions for 1-out-of-2 given by Naor and Pinkas; as well as new one-round and two-round distributed oblivious transfer protocols, both for threshold and general access structures on the set of servers, which are optimal with respect to some of the given bounds. Most of these constructions are basically combinatorial in nature.
KeywordsAccess Structure Secret Sharing Scheme Oblivious Transfer Conditional Mutual Information Unconditionally Secure
- 3.M. Bellare and S. Micali, Non-interactive Oblivious Transfer and Applications, Advances in Cryptology: Crypto’ 89, Springer-Verlag, pp. 547–559, 1990.Google Scholar
- 4.G.R. Blakley. Safeguarding Cryptographic Keys. Proceedings of AFIPS 1979 National Computer Conference, Vol. 48, pp. 313–317, 1979.Google Scholar
- 7.G. Brassard, C. Crepéau, and J.-M. Roberts, Information Theoretic Reductions Among Disclosure Problems, Proceedings of 27th IEEE Symposium on Foundations of Computer Science, pp. 168–173, 1986.Google Scholar
- 10.R.M. Capocelli, A. De Santis, L. Gargano and U. Vaccaro, On the Size of the Shares in Secret Sharing Schemes, Advances in cryptology-CRYPTO’91, Lecture Notes in Computer Science, vol. 576, pp. 101–113, 1992.Google Scholar
- 11.B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan, Private Information Retrieval, Proc. 36th IEEE Symposium on Foundations of Computer Science (FOCS), 1995, 41–50.Google Scholar
- 12.T. M. Cover and J. A. Thomas, Elements of Information Theory, John Wiley amp;Sons, 1991.Google Scholar
- 13.C. Crepéau, Equivalence between to flavors of oblivious transfers, Advances in Cryptology: Proceedings of Crypto’ 87, vol. 293, pp. 350–354, Springer Verlag, 1988.Google Scholar
- 14.C. Crepéau, A Zero-Knowledge Poker Protocol that achieves confidentiality of the players’ strategy or how to achieve an electronic poker face, Advances in Cryptology: Proceedings of Crypto’ 86, Springer-Verlag, pp. 239–247, 1987.Google Scholar
- 15.G. Di Crescenzo, Y. Ishai, and R. Ostrovsky, Universal Service-Providers for Database private Information Retrieval, Proc. of Seventeenth Annual ACM Symposium on Principles of Distributed Computing (PODC), 1998.Google Scholar
- 17.Y. Dodis and S. Micali, Lower Bounds for Oblivious Transfer Reduction, Advances in Cryptology: Proceedings of Eurocrypt’ 99, vol. 1592, pp. 42–54, Springer Verlag, 1999.Google Scholar
- 20.Y. Gertner, Y. Ishai, E. Kushilevitz, and T. Malkin, Protecting Data Privacy in Private Information Retrieval Schemes, Proc. of the 30th Annual ACM Symposium on Theory of Computing (STOC), 1998, pp. 151–160.Google Scholar
- 21.Y. Gertner, S. Goldwasser, and T. Malkin, A Random Server Model for Private Information Retrieval or How to Achieve Information Theoretic PIR Avoiding Database Replication, RANDOM 1998, Lecture Notes in Computer Science, Vol. 1518, pp. 200–217, 1998.Google Scholar
- 22.Y. Gertner, S. Kannan, T. Malkin, O. Reingold, and M. Viswanathan, The Relationship between Public Key Encryption and Oblivious Transfer, Proceedings of the 41st Annual Symposium on Foundations of Computer Science (FOCS 2000), pp. 325–339, 2000.Google Scholar
- 23.O. Goldreich, S. Micali, and A. Wigderson, How to play ANY mental game or: A Completeness Theorem for Protocols with Honest Majority, Proceedings of 19th Annual Symposium on Theory of Computing, pp. 20–31, 1987.Google Scholar
- 24.J. Kilian, Founding Cryptography on Oblivious Transfer, Proceedings of 20th Annual Symposium on Theory of Computing, pp. 20–31, 1988.Google Scholar
- 25.M. Naor and B. Pinkas, Distributed Oblivious Transfer, Advances in Cryptology: Proceedings of Asiacrypt’ 00, Springer-Verlag, pp. 205–219, 2000.Google Scholar
- 26.M. Naor, B. Pinkas, and R. Sumner, Privacy Preserving Auctions and Mechanism Design, ACM Conference on Electronic Commerce, 1999 available at http://www.wisdom.weizmann.ac.il/naor/onpub.html
- 27.M. Rabin, How to Exchange Secrets by Oblivious Transfer, Technical Memo TR-81, Aiken Computation Laboratory, Harvard University, 1981.Google Scholar
- 28.R. Rivest, Unconditionally Secure Committment and Oblivious Transfer Schemes Using Private Channels and a Trusted Initializer, manuscript. Available: http://theory.lcs.mit.edu/~rivest/publications.html
- 30.D.R. Stinson. Bibliography on Secret Sharing Schemes. http://www.cacr.math.uwaterloo.ca/~dstinson/ssbib.html.