Oblivious Transfer from Weak Noisy Channels
Various results show that oblivious transfer can be implemented using the assumption of noisy channels. Unfortunately, this assumption is not as weak as one might think, because in a cryptographic setting, these noisy channels must satisfy very strong security requirements.
Unfair noisy channels, introduced by Damgård, Kilian and Salvail [Eurocrypt ’99], reduce these limitations: They give the adversary an unfair advantage over the honest player, and therefore weaken the security requirements on the noisy channel. However, this model still has many shortcomings: For example, the adversary’s advantage is only allowed to have a very special form, and no error is allowed in the implementation.
In this paper we generalize the idea of unfair noisy channels. We introduce two new models of cryptographic noisy channels that we call the weak erasure channel and the weak binary symmetric channel, and show how they can be used to implement oblivious transfer. Our models are more general and use much weaker assumptions than unfair noisy channels, which makes implementation a more realistic prospect. For example, these are the first models that allow the parameters to come from experimental evidence.
KeywordsNoisy Channel Oblivious Transfer Gaussian Channel Binary Symmetric Channel Erasure Channel
- 3.Crépeau, C.: Equivalence between two flavours of oblivious transfers. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 350–354. Springer, Heidelberg (1988)Google Scholar
- 5.Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions (extended abstract). In: Proceedings of the 29th Annual IEEE Symposium on Foundations of Computer Science (FOCS 1988), pp. 42–52 (1988)Google Scholar
- 10.Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing (STOC 1987), pp. 218–229. ACM Press, New York (1987)Google Scholar
- 11.Goldreich, O., Vainish, R.: How to solve any protocol probleman efficiency improvement. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 73–86. Springer, Heidelberg (1988)Google Scholar
- 12.Holenstein, T.: Strengthening key agreement using hard-core sets. PhD thesis, ETH Zurich, Switzerland, Reprint as vol. 7 of ETH Series in Information Security and Cryptography, Hartung-Gorre Verlag (2006)Google Scholar
- 13.Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing (STOC 1989), pp. 12–24. ACM Press, New York (1989)Google Scholar
- 14.Kilian, J.: Founding cryptography on oblivious transfer. In: Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC 1988), pp. 20–31. ACM Press, New York (1988)Google Scholar
- 16.Nascimento, A., Winter, A.: On the oblivious transfer capacity of noisy correlations. IEEE Trans. on Information Theory 54(6) (2008)Google Scholar
- 17.Nascimento, A.C.A., Skludarek, S., Barros, J., Imai, H.: The commitment capacity of the gaussian channel is infinite. IEEE Trans. on Information Theory, Special Issue on Information Security (2007)Google Scholar
- 18.Oggier, F., Morozov, K.: A practical scheme for string commitment based on the gaussian channel. In: Proceedings of 2006 IEEE Information Theory Workshop (ITW 2008) (2008)Google Scholar
- 19.Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical Report TR-81, Harvard Aiken Computation Laboratory (1981)Google Scholar
- 23.Yao, A.C.: Protocols for secure computations. In: Proceedings of the 23rd Annual IEEE Symposium on Foundations of Computer Science (FOCS 1982), pp. 160–164 (1982)Google Scholar