Implementing Information-Theoretically Secure Oblivious Transfer from Packet Reordering

  • Paolo Palmieri
  • Olivier Pereira
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7259)


If we assume that adversaries have unlimited computational capabilities, secure computation between mutually distrusting players can not be achieved using an error-free communication medium. However, secure multi-party computation becomes possible when a noisy channel is available to the parties. For instance, the Binary Symmetric Channel (BSC) has been used to implement Oblivious Transfer (OT), a fundamental primitive in secure multi-party computation. Current research is aimed at designing protocols based on real-world noise sources, in order to make the actual use of information-theoretically secure computation a more realistic prospect for the future.

In this paper, we introduce a modified version of the recently proposed Binary Discrete-time Delaying Channel (BDDC), a noisy channel based on communication delays. We call our variant Reordering Channel (RC), and we show that it successfully models packet reordering, the common behavior of packet switching networks that results in the reordering of the packets in a stream during their transit over the network. We also show that the protocol implementing oblivious transfer on the BDDC can be adapted to the new channel by using a different sending strategy, and we provide a functioning implementation of this modified protocol. Finally, we present strong experimental evidence that reordering occurrences between two remote Internet hosts are enough for our construction to achieve statistical security against honest-but-curious adversaries.


Oblivious transfer secure multi-party computation noisy channels packet reordering delay 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellardo, J., Savage, S.: Measuring packet reordering. In: Internet Measurement Workshop, pp. 97–105. ACM (2002)Google Scholar
  2. 2.
    Bennett, J.C.R., Partridge, C., Shectman, N.: Packet reordering is not pathological network behavior. IEEE/ACM Trans. Netw. 7(6), 789–798 (1999)CrossRefGoogle Scholar
  3. 3.
    Bohacek, S., Hespanha, J.P., Lee, J., Lim, C., Obraczka, K.: A new tcp for persistent packet reordering. IEEE/ACM Trans. Netw. 14(2), 369–382 (2006)CrossRefGoogle Scholar
  4. 4.
    Chaum, D., Damgård, I., van de Graaf, J.: Multiparty computations ensuring privacy of each party’s input and correctness of the result. In: Pomerance [17], pp. 87–119Google Scholar
  5. 5.
    Crépeau, C.: Equivalence between two flavours of oblivious transfers. In: Pomerance [17], pp. 350–354Google Scholar
  6. 6.
    Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions (extended abstract). In: FOCS, pp. 42–52. IEEE (1988)Google Scholar
  7. 7.
    Crépeau, C., Morozov, K., Wolf, S.: Efficient Unconditional Oblivious Transfer from Almost Any Noisy Channel. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 47–59. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Damgård, I., Fehr, S., Morozov, K., Salvail, L.: Unfair Noisy Channels and Oblivious Transfer. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 355–373. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Damgård, I.B., Kilian, J., Salvail, L.: On the (Im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 56–73. Springer, Heidelberg (1999)Google Scholar
  10. 10.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Jaiswal, S., Iannaccone, G., Diot, C., Kurose, J., Towsley, D.: Measurement and classification of out-of-sequence packets in a tier-1 ip backbone. IEEE/ACM Trans. Netw. 15, 54–66 (2007), CrossRefGoogle Scholar
  12. 12.
    Jayasumana, A., Piratla, N., Banka, T., Bare, A., Whitner, R.: Improved packet reordering metrics. RFC 5236 (Informational) (June 2008),
  13. 13.
    Kilian, J.: Founding cryptography on oblivious transfer. In: STOC, pp. 20–31. ACM (1988)Google Scholar
  14. 14.
    Laine, J., Saaristo, S.: RUDE: Real-time UDP data emitter (1999–2002),
  15. 15.
    Palmieri, P., Pereira, O.: Building Oblivious Transfer on Channel Delays. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 125–138. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  16. 16.
    Paxson, V.E.: Measurements and Analysis of End-to-End Internet Dynamics. Ph.D. thesis, EECS Department, University of California, Berkeley (June 1997),
  17. 17.
    Pomerance, C. (ed.): CRYPTO 1987. LNCS, vol. 293. Springer, Heidelberg (1988)Google Scholar
  18. 18.
    Postel, J.: User datagram protocol. RFC 768 (Standard) (August 1980),
  19. 19.
    Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical Report TR-81, Aiken Computation Laboratory, Harvard University (1981) (manuscript)Google Scholar
  20. 20.
    Wullschleger, J.: Oblivious Transfer from Weak Noisy Channels. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 332–349. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    Ye, B., Jayasumana, A.P., Piratla, N.M.: On monitoring of end-to-end packet reordering over the internet. In: International Conference on Networking and Services (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Paolo Palmieri
    • 1
  • Olivier Pereira
    • 1
  1. 1.UCL Crypto GroupUniversité catholique de LouvainLouvain-la-NeuveBelgium

Personalised recommendations