Advertisement

Resource-Efficient OT Combiners with Active Security

  • Ignacio Cascudo
  • Ivan Damgård
  • Oriol Farràs
  • Samuel Ranellucci
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10678)

Abstract

An OT-combiner takes n candidate implementations of the oblivious transfer (OT) functionality, some of which may be faulty, and produces a secure instance of oblivious transfer as long as a large enough number of the candidates are secure. We see an OT-combiner as a 2-party protocol that can make several black-box calls to each of the n OT candidates, and we want to protect against an adversary that can corrupt one of the parties and a certain number of the OT candidates, obtaining their inputs and (in the active case) full control of their outputs.

In this work we consider perfectly (unconditionally, zero-error) secure OT-combiners and we focus on minimizing the number of calls to the candidate OTs.

First, we construct a single-use (one call per OT candidate) OT-combiner which is perfectly secure against active adversaries corrupting one party and a constant fraction of the OT candidates. This extends a previous result by Ishai et al. (ISIT 2014) that proves the same fact for passive adversaries.

Second, we consider a more general asymmetric corruption model where an adversary can corrupt different sets of OT candidates depending on whether it is Alice or Bob who is corrupted. We give sufficient and necessary conditions for the existence of an OT combiner with a given number of calls to the candidate OTs in terms of the existence of secret sharing schemes with certain access structures and share-lengths. This allows in some cases to determine the optimal number of calls to the OT candidates which are needed to construct an OT combiner secure against a given adversary.

Notes

Acknowledgments

We thank the anonymous reviewers for their suggestions, which have helped us to improve this work.

References

  1. [AIR01]
    Aiello, B., Ishai, Y., Reingold, O.: Priced oblivious transfer: how to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_8 CrossRefGoogle Scholar
  2. [BI01]
    Beimel, A., Ishai, Y.: On the power of nonlinear secret-sharing. In: Proceedings of the 16th Annual IEEE Conference on Computational Complexity, Chicago, Illinois, USA, 18–21 June 2001, pp. 188–202 (2001)Google Scholar
  3. [Bla79]
    Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the 1979 AFIPS National Computer Conference, vol. 48, pp. 313–317, June 1979Google Scholar
  4. [BM89]
    Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547–557. Springer, New York (1990).  https://doi.org/10.1007/0-387-34805-0_48 CrossRefGoogle Scholar
  5. [Can01]
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd IEEE Symposium on Foundations of Computer Science, Proceedings. pp. 136–145. IEEE (2001)Google Scholar
  6. [CCG+07]
    Chen, H., Cramer, R., Goldwasser, S., de Haan, R., Vaikuntanathan, V.: Secure computation from random error correcting codes. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 291–310. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-72540-4_17 CrossRefGoogle Scholar
  7. [CCM98]
    Cachin, C., Crépeau, C., Marcil, J.: Oblivious transfer with a memory-bounded receiver. In: 39th Annual Symposium on Foundations of Computer Science, FOCS 1998, 8–11 November 1998, Palo Alto, California, USA, pp. 493–502 (1998)Google Scholar
  8. [CCX13]
    Cascudo, I., Cramer, R., Xing, C.: Bounds on the threshold gap in secret sharing and its applications. IEEE Trans. Inf. Theory 59(9), 5600–5612 (2013)CrossRefzbMATHMathSciNetGoogle Scholar
  9. [CDN15]
    Cramer, R., Damgård, I., Nielsen, J.B.: Secure multiparty computation and secret sharing. Cambridge University Press, Cambridge (2015)CrossRefzbMATHGoogle Scholar
  10. [CK88]
    Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions (extended abstract). In: 29th Annual Symposium on Foundations of Computer Science, White Plains, New York, USA, 24–26 October 1988, pp. 42–52 (1988)Google Scholar
  11. [DvdGMN08]
    Dowsley, R., van de Graaf, J., Müller-Quade, J., Nascimento, A.C.A.: Oblivious transfer based on the McEliece assumptions. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 107–117. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85093-9_11 CrossRefGoogle Scholar
  12. [EGL82]
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology, pp. 205–210. Springer, Boston (1982).  https://doi.org/10.1007/978-1-4757-0602-4_19 Google Scholar
  13. [FHM99]
    Fitzi, M., Hirt, M., Maurer, U.: General adversaries in unconditional multi-party computation. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 232–246. Springer, Heidelberg (1999).  https://doi.org/10.1007/978-3-540-48000-6_19 Google Scholar
  14. [Gab]
    Gaborit, P.: Tables of self-dual codes. http://www.unilim.fr/pages_perso/philippe.gaborit/SD/
  15. [GIS+10]
    Goyal, V., Ishai, Y., Sahai, A., Venkatesan, R., Wadia, A.: Founding cryptography on tamper-proof hardware tokens. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 308–326. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-11799-2_19 CrossRefGoogle Scholar
  16. [HIKN08]
    Harnik, D., Ishai, Y., Kushilevitz, E., Nielsen, J.B.: OT-combiners via secure computation. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 393–411. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78524-8_22 CrossRefGoogle Scholar
  17. [HKN+05]
    Harnik, D., Kilian, J., Naor, M., Reingold, O., Rosen, A.: On robust combiners for oblivious transfer and other primitives. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 96–113. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_6 CrossRefGoogle Scholar
  18. [IKO+11]
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Prabhakaran, M., Sahai, A., Wullschleger, J.: Constant-rate oblivious transfer from noisy channels. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 667–684. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_38 CrossRefGoogle Scholar
  19. [IMSW13]
    Ishai, Y., Maji, H.K., Sahai, A., Wullschleger, J.: Single-use oblivious transfer combiners (2013). Full version of [IMSW14] https://www.cs.purdue.edu/homes/hmaji/papers/IshaiMaSaWu13.pdf
  20. [IMSW14]
    Ishai, Y., Maji, H.K., Sahai, A., Wullschleger, J.: Single-use OT combiners with near-optimal resilience. In: 2014 IEEE International Symposium on Information Theory, Honolulu, HI, USA, 29 June – 4 July 2014, pp. 1544–1548 (2014)Google Scholar
  21. [IPS08]
    Ishai, Y., Prabhakaran, M., Sahai, A.: Founding cryptography on oblivious transfer – efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_32 CrossRefGoogle Scholar
  22. [ISN87]
    Ito, M., Saito, A., Nishizeki, T.: Secret sharing schemes realizing general access structures. In: Proceedings of IEEE GlobeCom 1987 Tokyo, pp. 99–102 (1987)Google Scholar
  23. [JMO93]
    Jackson, W.-A., Martin, K.M., O’Keefe, C.M.: Multisecret threshold schemes. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 126–135. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48329-2_11 Google Scholar
  24. [Kil88]
    Kilian, J.: Founding cryptography on oblivious transfer. In: Proceedings of the 20th Annual ACM Symposium on Theory of Computing, 2–4 May 1988, Chicago, Illinois, USA, pp. 20–31 (1988)Google Scholar
  25. [Mas93]
    Massey, J.L.: Minimal codewords and secret sharing. In: Proceedings of the 6th Joint Swedish-Russian International Workshop on Information Theory, pp. 276–279 (1993)Google Scholar
  26. [PVW08]
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_31 CrossRefGoogle Scholar
  27. [PW08]
    Przydatek, B., Wullschleger, J.: Error-Tolerant Combiners for Oblivious Primitives. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-70583-3_38 Google Scholar
  28. [Rab81]
    Rabin, M.: How to exchange secrets with oblivious transfer. Technical report, Aiken Computation Lab, Harvard University (1981)Google Scholar
  29. [Sha79]
    Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)CrossRefzbMATHMathSciNetGoogle Scholar
  30. [VV15]
    Vaikuntanathan, V., Vasudevan, P.N.: Secret sharing and statistical zero knowledge. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 656–680. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_27 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Ignacio Cascudo
    • 1
  • Ivan Damgård
    • 2
  • Oriol Farràs
    • 3
  • Samuel Ranellucci
    • 4
    • 5
  1. 1.Aalborg UniversityAalborgDenmark
  2. 2.Aarhus UniversityAarhusDenmark
  3. 3.Universitat Rovira i VirgiliTarragonaSpain
  4. 4.University of MarylandCollege ParkUSA
  5. 5.George Mason UniversityFairfaxUSA

Personalised recommendations