Advertisement

Almost Optimal Oblivious Transfer from QA-NIZK

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10355)

Abstract

We show how to build a UC-Secure Oblivious Transfer in the presence of Adaptive Corruptions from Quasi-Adaptive Non-Interactive Zero-Knowledge proofs. Our result is based on the work of Jutla and Roy at Asiacrypt 2015, where the authors proposed a constant-size very efficient \(\mathsf {PAKE}\) scheme. As a stepping stone, we first show how a two-flow \(\mathsf {PAKE}\) scheme can be generically transformed in an optimized way, in order to achieve an efficient three-flow Oblivious-Transfer scheme. We then compare our generic transformations to existing OT constructions and see that we manage to gain at least a factor 2 to the best known constructions. To the best of our knowledge, our scheme is the first UC-secure Oblivious Transfer with a constant size flow from the receiver, and nearly optimal size for the server.

Keywords

OT UC QA-NIZK Pairing-based cryptography 

Notes

Acknowledgments

This work was supported in part by the French ANR EnBid (ANR-14-CE28-0003) and ID-FIX (ANR-16-CE39-0004) Projects.

References

  1. 1.
    Abdalla, M., Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D.: SPHF-friendly non-interactive commitments. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 214–234. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42033-7_12 CrossRefGoogle Scholar
  2. 2.
    Abdalla, M., Benhamouda, F., Pointcheval, D.: Disjunctions for hash proof systems: new constructions and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 69–100. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46803-6_3 Google Scholar
  3. 3.
    Abdalla, M., Chevalier, C., Pointcheval, D.: Smooth projective hashing for conditionally extractable commitments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 671–689. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_39 CrossRefGoogle Scholar
  4. 4.
    Ateniese, G., Camenisch, J., Hohenberger, S., de Medeiros, B.: Practical group signatures without random oracles. Cryptology ePrint Archive, Report 2005/385 (2005). http://eprint.iacr.org/2005/385
  5. 5.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006). doi: 10.1007/11693383_22 CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). doi: 10.1007/3-540-45539-6_11 CrossRefGoogle Scholar
  7. 7.
    Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, pp. 72–84. IEEE Computer Society Press, May 1992Google Scholar
  8. 8.
    Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: New techniques for SPHFs and efficient one-round PAKE protocols. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 449–475. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40041-4_25 CrossRefGoogle Scholar
  9. 9.
    Blazy, O., Chevalier, C.: Generic construction of UC-secure oblivious transfer. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 65–86. Springer, Cham (2015). doi: 10.1007/978-3-319-28166-7_4 CrossRefGoogle Scholar
  10. 10.
    Blazy, O., Chevalier, C.: Structure-preserving smooth projective hashing. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 339–369. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53890-6_12 CrossRefGoogle Scholar
  11. 11.
    Blazy, O., Chevalier, C., Germouty, P.: Adaptive oblivious transfer and generalization. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 217–247. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53890-6_8 CrossRefGoogle Scholar
  12. 12.
    Blazy, O., Chevalier, C., Germouty, P.: Almost optimal oblivious transfer from QA-NIZK. Cryptology ePrint Archive, Report 2017/358 (2017). http://eprint.iacr.org/2017/358
  13. 13.
    Blazy, O., Fuchsbauer, G., Izabachène, M., Jambert, A., Sibert, H., Vergnaud, D.: Batch Groth–Sahai. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 218–235. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13708-2_14 CrossRefGoogle Scholar
  14. 14.
    Blazy, O., Kiltz, E., Pan, J.: (Hierarchical) identity-based encryption from affine message authentication. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 408–425. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44371-2_23 CrossRefGoogle Scholar
  15. 15.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). doi: 10.1007/3-540-44647-8_13 CrossRefGoogle Scholar
  16. 16.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October 2001Google Scholar
  17. 17.
    Canetti, R., Cohen, A., Lindell, Y.: A simpler variant of universally composable security for standard multiparty computation. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 3–22. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48000-7_1 CrossRefGoogle Scholar
  18. 18.
    Canetti, R., Dachman-Soled, D., Vaikuntanathan, V., Wee, H.: Efficient password authenticated key exchange via oblivious transfer. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 449–466. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-30057-8_27 CrossRefGoogle Scholar
  19. 19.
    Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005). doi: 10.1007/11426639_24 CrossRefGoogle Scholar
  20. 20.
    Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002). doi: 10.1007/3-540-46035-7_22 CrossRefGoogle Scholar
  21. 21.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: 34th ACM STOC, pp. 494–503. ACM Press, May 2002Google Scholar
  22. 22.
    Choi, S.G., Katz, J., Wee, H., Zhou, H.-S.: Efficient, adaptively secure, and composable oblivious transfer with a single, global CRS. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 73–88. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36362-7_6 CrossRefGoogle Scholar
  23. 23.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002). doi: 10.1007/3-540-46035-7_4 CrossRefGoogle Scholar
  24. 24.
    Escala, A., Groth, J.: Fine-tuning Groth-Sahai proofs. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 630–649. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54631-0_36 CrossRefGoogle Scholar
  25. 25.
    Garay, J.A., Wichs, D., Zhou, H.-S.: Somewhat non-committing encryption and efficient adaptively secure oblivious transfer. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 505–523. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_30 CrossRefGoogle Scholar
  26. 26.
    Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003). doi: 10.1007/3-540-39200-9_33 CrossRefGoogle Scholar
  27. 27.
    Ghadafi, E., Smart, N.P., Warinschi, B.: Groth–Sahai proofs revisited. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 177–192. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13013-7_11 CrossRefGoogle Scholar
  28. 28.
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78967-3_24 CrossRefGoogle Scholar
  29. 29.
    Horvitz, O., Katz, J.: Universally-composable two-party computation in two rounds. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 111–129. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74143-5_7 CrossRefGoogle Scholar
  30. 30.
    Jutla, C.S., Roy, A.: Shorter quasi-adaptive NIZK proofs for linear subspaces. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 1–20. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42033-7_1 CrossRefGoogle Scholar
  31. 31.
    Jutla, C.S., Roy, A.: Switching lemma for bilinear tests and constant-size NIZK proofs for linear subspaces. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 295–312. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44381-1_17 CrossRefGoogle Scholar
  32. 32.
    Jutla, C.S., Roy, A.: Dual-system simulation-soundness with applications to UC-PAKE and more. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 630–655. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48797-6_26 CrossRefGoogle Scholar
  33. 33.
    Katz, J., Vaikuntanathan, V.: Smooth projective hashing and password-based authenticated key exchange from lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 636–652. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-10366-7_37 CrossRefGoogle Scholar
  34. 34.
    Katz, J., Vaikuntanathan, V.: Round-optimal password-based authenticated key exchange. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 293–310. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19571-6_18 CrossRefGoogle Scholar
  35. 35.
    Kiltz, E., Wee, H.: Quasi-adaptive NIZK for linear subspaces revisited. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 101–128. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46803-6_4 Google Scholar
  36. 36.
    Libert, B., Peters, T., Joye, M., Yung, M.: Non-malleability from malleability: simulation-sound quasi-adaptive NIZK proofs and CCA2-secure encryption from homomorphic signatures. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 514–532. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-55220-5_29 CrossRefGoogle Scholar
  37. 37.
    Lindell, Y.: Highly-efficient universally-composable commitments based on the DDH assumption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 446–466. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-20465-4_25 CrossRefGoogle Scholar
  38. 38.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Kosaraju, S.R. (ed.) 12th SODA, pp. 448–457. ACM-SIAM, January 2001Google Scholar
  39. 39.
    Nguyen, M.-H.: The relationship between password-authenticated key exchange and other cryptographic primitives. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 457–475. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30576-7_25 CrossRefGoogle Scholar
  40. 40.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85174-5_31 CrossRefGoogle Scholar
  41. 41.
    Rabin, M.O.: How to exchange secrets with oblivious transfer. Technical report TR81, Harvard University (1981)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Olivier Blazy
    • 1
  • Céline Chevalier
    • 2
  • Paul Germouty
    • 1
  1. 1.Université de Limoges, XLimLimogesFrance
  2. 2.CRED, Université Panthéon-Assas Paris IIParisFrance

Personalised recommendations