Implementing Information-Theoretically Secure Oblivious Transfer from Packet Reordering
If we assume that adversaries have unlimited computational capabilities, secure computation between mutually distrusting players can not be achieved using an error-free communication medium. However, secure multi-party computation becomes possible when a noisy channel is available to the parties. For instance, the Binary Symmetric Channel (BSC) has been used to implement Oblivious Transfer (OT), a fundamental primitive in secure multi-party computation. Current research is aimed at designing protocols based on real-world noise sources, in order to make the actual use of information-theoretically secure computation a more realistic prospect for the future.
In this paper, we introduce a modified version of the recently proposed Binary Discrete-time Delaying Channel (BDDC), a noisy channel based on communication delays. We call our variant Reordering Channel (RC), and we show that it successfully models packet reordering, the common behavior of packet switching networks that results in the reordering of the packets in a stream during their transit over the network. We also show that the protocol implementing oblivious transfer on the BDDC can be adapted to the new channel by using a different sending strategy, and we provide a functioning implementation of this modified protocol. Finally, we present strong experimental evidence that reordering occurrences between two remote Internet hosts are enough for our construction to achieve statistical security against honest-but-curious adversaries.
KeywordsOblivious transfer secure multi-party computation noisy channels packet reordering delay
Unable to display preview. Download preview PDF.
- 1.Bellardo, J., Savage, S.: Measuring packet reordering. In: Internet Measurement Workshop, pp. 97–105. ACM (2002)Google Scholar
- 4.Chaum, D., Damgård, I., van de Graaf, J.: Multiparty computations ensuring privacy of each party’s input and correctness of the result. In: Pomerance , pp. 87–119Google Scholar
- 5.Crépeau, C.: Equivalence between two flavours of oblivious transfers. In: Pomerance , pp. 350–354Google Scholar
- 6.Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions (extended abstract). In: FOCS, pp. 42–52. IEEE (1988)Google Scholar
- 9.Damgård, I.B., Kilian, J., Salvail, L.: On the (Im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 56–73. Springer, Heidelberg (1999)Google Scholar
- 12.Jayasumana, A., Piratla, N., Banka, T., Bare, A., Whitner, R.: Improved packet reordering metrics. RFC 5236 (Informational) (June 2008), http://www.ietf.org/rfc/rfc5236.txt
- 13.Kilian, J.: Founding cryptography on oblivious transfer. In: STOC, pp. 20–31. ACM (1988)Google Scholar
- 14.Laine, J., Saaristo, S.: RUDE: Real-time UDP data emitter (1999–2002), http://rude.sourceforge.net/
- 16.Paxson, V.E.: Measurements and Analysis of End-to-End Internet Dynamics. Ph.D. thesis, EECS Department, University of California, Berkeley (June 1997), http://www.eecs.berkeley.edu/Pubs/TechRpts/1997/5498.html
- 17.Pomerance, C. (ed.): CRYPTO 1987. LNCS, vol. 293. Springer, Heidelberg (1988)Google Scholar
- 18.Postel, J.: User datagram protocol. RFC 768 (Standard) (August 1980), http://www.ietf.org/rfc/rfc768.txt
- 19.Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical Report TR-81, Aiken Computation Laboratory, Harvard University (1981) (manuscript)Google Scholar
- 21.Ye, B., Jayasumana, A.P., Piratla, N.M.: On monitoring of end-to-end packet reordering over the internet. In: International Conference on Networking and Services (2006)Google Scholar