Efficient Oblivious Pseudorandom Function with Applications to Adaptive OT and Secure Computation of Set Intersection

  • Stanisław Jarecki
  • Xiaomin Liu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5444)

Abstract

An Oblivious Pseudorandom Function (OPRF) [15] is a two-party protocol between sender S and receiver R for securely computing a pseudorandom function fk(·) on key k contributed by S and input x contributed by R, in such a way that receiver R learns only the value fk(x) while sender S learns nothing from the interaction. In other words, an OPRF protocol for PRF fk(·) is a secure computation for functionality \(\mathcal F_{\mathsf{OPRF}}:(k,x)\rightarrow(\perp,f_k(x))\).

We propose an OPRF protocol on committed inputs which requires only O(1) modular exponentiations, and has a constant number of communication rounds (two in ROM). Our protocol is secure in the CRS model under the Composite Decisional Residuosity (CDR) assumption, while the PRF itself is secure on a polynomially-sized domain under the Decisional q-Diffie-Hellman Inversion assumption on a group of composite order, where q is the size of the PRF domain, and it has a useful feature that fk is an injection for every k.

practical OPRF protocol for an injective PRF, even limited to a polynomially-sized domain, is a versatile tool with many uses in secure protocol design. We show that our OPRF implies a new practical fully-simulatable adaptive (and committed) OT protocol secure without ROM. In another example, this oblivious PRF construction implies the first secure computation protocol of set intersection on committed data with computational cost of O(N) exponentiations where N is the maximum size of both data sets.

References

  1. 1.
    Aiello, W., Ishai, Y., Reingold, O.: Priced oblivious transfer: How to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 119. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Delegatable anonymous credentials. Cryptology ePrint Archive, Report 2008/428 (2008)Google Scholar
  3. 3.
    Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-diffie-hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)Google Scholar
  5. 5.
    Boudot, F., Traoré, J.: Efficient publicly verifiable secret sharing schemes with fast or delayed recovery. In: Varadharajan, V., Mu, Y. (eds.) ICICS 1999. LNCS, vol. 1726, pp. 87–102. Springer, Heidelberg (1999)Google Scholar
  6. 6.
    Camenisch, J.L., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Camenisch, J.L., Michels, M.: Separability and efficiency for generic group signature schemes (Extended abstract). In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 413. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Camenisch, J.L., Neven, G., Shelat, A.: Simulatable adaptive oblivious transfer. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 573–590. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Camenisch, J.L., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)Google Scholar
  10. 10.
    Chaum, D.: Blind signatures for untraceable payments. In: CRYPTO (1982)Google Scholar
  11. 11.
    Cheon, J.H.: Security analysis of the strong diffie-hellman problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 1–11. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Chor, B., Gilboa, N., Naor, M.: Private information retrieval by keywords. Cryptology ePrint Archive, 1998/003 (1998)Google Scholar
  13. 13.
    Dodis, Y., Yampolskiy, A.: A verifiable random function with short proofs and keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005)Google Scholar
  14. 14.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Communications of ACM 28(6) (1985)Google Scholar
  15. 15.
    Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005)Google Scholar
  16. 16.
    Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004)Google Scholar
  17. 17.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM, 33(4) (1986)Google Scholar
  18. 18.
    Green, M., Hohenberger, S.: Blind identity-based encryption and simulatable oblivious transfer. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 265–282. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    Hazay, C., Lindell, Y.: Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 155–175. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003)Google Scholar
  21. 21.
    Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. In: STOC (1999)Google Scholar
  22. 22.
    Naor, M., Pinkas, B.: Oblivious transfer with adaptive queries. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 573. Springer, Heidelberg (1999)Google Scholar
  23. 23.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: SODA (2001)Google Scholar
  24. 24.
    Naor, M., Pinkas, B.: Oblivious polynomial evaluation. SIAM J. Comput. 35(5) (2006)Google Scholar
  25. 25.
    Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. J. ACM 51(2) (2004)Google Scholar
  26. 26.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 223. Springer, Heidelberg (1999)Google Scholar
  27. 27.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  28. 28.
    Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical report, Harvard University (1981)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Stanisław Jarecki
    • 1
  • Xiaomin Liu
    • 1
  1. 1.University of CaliforniaIrvine

Personalised recommendations