Advertisement

Adaptive Oblivious Transfer and Generalization

  • Olivier Blazy
  • Céline Chevalier
  • Paul Germouty
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10032)

Abstract

Oblivious Transfer (\(\mathsf {OT} \)) protocols were introduced in the seminal paper of Rabin, and allow a user to retrieve a given number of lines (usually one) in a database, without revealing which ones to the server. The server is ensured that only this given number of lines can be accessed per interaction, and so the others are protected; while the user is ensured that the server does not learn the numbers of the lines required. This primitive has a huge interest in practice, for example in secure multi-party computation, and directly echoes to Symmetrically Private Information Retrieval (SPIR).

Recent Oblivious Transfer instantiations secure in the UC framework suffer from a drastic fallback. After the first query, there is no improvement on the global scheme complexity and so subsequent queries each have a global complexity of \(\mathcal {O}(|DB|)\) meaning that there is no gain compared to running completely independent queries. In this paper, we propose a new protocol solving this issue, and allowing to have subsequent queries with a complexity of \(\mathcal {O}(\log (|DB|))\) while keeping round optimality, and prove the protocol security in the UC framework with adaptive corruptions and reliable erasures.

As a second contribution, we show that the techniques we use for Oblivious Transfer can be generalized to a new framework we call Oblivious Language-Based Envelope (\(\mathsf {OLBE}\)). It is of practical interest since it seems more and more unrealistic to consider a database with uncontrolled access in access control scenarios. Our approach generalizes Oblivious Signature-Based Envelope, to handle more expressive credentials and requests from the user. Naturally, \(\mathsf {OLBE}\) encompasses both \(\mathsf {OT} \) and \(\mathsf {OSBE}\), but it also allows to achieve Oblivious Transfer with fine grain access over each line. For example, a user can access a line if and only if he possesses a certificate granting him access to such line.

We show how to generically and efficiently instantiate such primitive, and prove them secure in the Universal Composability framework, with adaptive corruptions assuming reliable erasures. We provide the new UC ideal functionalities when needed, or we show that the existing ones fit in our new framework.

The security of such designs allows to preserve both the secrecy of the database values and the user credentials. This symmetry allows to view our new approach as a generalization of the notion of Symmetrically PIR.

Keywords

Adaptive oblivious transfer Oblivious signature-based envelope UC Framework Private information retrieval 

Notes

Acknowledgments

This work was supported in part by the French ANR EnBid Project (ANR-14-CE28-0003).

References

  1. 1.
    Abdalla, M., Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D.: SPHF-friendly non-interactive commitments. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 214–234. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42033-7_12 CrossRefGoogle Scholar
  2. 2.
    Abdalla, M., Chevalier, C., Pointcheval, D.: Smooth projective hashing for conditionally extractable commitments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 671–689. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_39 CrossRefGoogle Scholar
  3. 3.
    Abdalla, M., Pointcheval, D.: A scalable password-based group key exchange protocol in the standard model. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 332–347. Springer, Heidelberg (2006). doi: 10.1007/11935230_22 CrossRefGoogle Scholar
  4. 4.
    Aiello, B., Ishai, Y., Reingold, O.: Priced oblivious transfer: how to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001). doi: 10.1007/3-540-44987-6_8 CrossRefGoogle Scholar
  5. 5.
    Attrapadung, N.: Dual system encryption via doubly selective security: framework, fully secure functional encryption for regular languages, and more. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 557–577. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-55220-5_31 CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM CCS 12, pp. 784–796. ACM Press, October 2012Google Scholar
  7. 7.
    Ben Hamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: Efficient UC-secure authenticated key-exchange for algebraic languages. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 272–291. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36362-7_18 CrossRefGoogle Scholar
  8. 8.
    Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: New techniques for SPHFs and efficient one-round PAKE protocols. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 449–475. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40041-4_25 CrossRefGoogle Scholar
  9. 9.
    Blazy, O., Chevalier, C.: Generic construction of UC-secure oblivious transfer. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 65–86. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-28166-7_4 CrossRefGoogle Scholar
  10. 10.
    Blazy, O., Chevalier, C., Germouty, P.: Adaptive oblivious transfer and generalizations. Cryptology ePrint Archive, Report 2016/259 (2016). http://eprint.iacr.org/2016/259
  11. 11.
    Blazy, O., Fuchsbauer, G., Pointcheval, D., Vergnaud, D.: Signatures on randomizable ciphertexts. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 403–422. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19379-8_25 CrossRefGoogle Scholar
  12. 12.
    Blazy, O., Kiltz, E., Pan, J.: (Hierarchical) identity-based encryption from affine message authentication. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 408–425. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44371-2_23 CrossRefGoogle Scholar
  13. 13.
    Blazy, O., Pointcheval, D., Vergnaud, D.: Round-optimal privacy-preserving protocols with smooth projective hash functions. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 94–111. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28914-9_6 CrossRefGoogle Scholar
  14. 14.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). doi: 10.1007/3-540-44647-8_13 CrossRefGoogle Scholar
  15. 15.
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30576-7_18 CrossRefGoogle Scholar
  16. 16.
    Camenisch, J., Casati, N., Gross, T., Shoup, V.: Credential authenticated identification and key exchange. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 255–276. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14623-7_14 CrossRefGoogle Scholar
  17. 17.
    Camenisch, J., Dubovitskaya, M., Haralambiev, K.: Efficient structure-preserving signature scheme from standard assumptions. In: Visconti, I., Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 76–94. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32928-9_5 CrossRefGoogle Scholar
  18. 18.
    Camenisch, J., Dubovitskaya, M., Neven, G.: Oblivious transfer with access control. In: Al-Shaer, E., Jha, S., Keromytis, A.D. (eds.) ACM CCS 2009, pp. 131–140. ACM Press, November 2009Google Scholar
  19. 19.
    Camenisch, J., Dubovitskaya, M., Neven, G., Zaverucha, G.M.: Oblivious transfer with hidden access control policies. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 192–209. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19379-8_12 CrossRefGoogle Scholar
  20. 20.
    Camenisch, J., Neven, G., shelat, A.: Simulatable adaptive oblivious transfer. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 573–590. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72540-4_33 CrossRefGoogle Scholar
  21. 21.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October 2001Google Scholar
  22. 22.
    Canetti, R., Cohen, A., Lindell, Y.: A simpler variant of universally composable security for standard multiparty computation. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 3–22. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48000-7_1 CrossRefGoogle Scholar
  23. 23.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: 34th ACM STOC, pp. 494–503. ACM Press, May 2002Google Scholar
  24. 24.
    Choi, S.G., Katz, J., Wee, H., Zhou, H.-S.: Efficient, adaptively secure, and composable oblivious transfer with a single, global CRS. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 73–88. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36362-7_6 CrossRefGoogle Scholar
  25. 25.
    Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: 36th FOCS, pp. 41–50. IEEE Computer Society Press, October 1995Google Scholar
  26. 26.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002). doi: 10.1007/3-540-46035-7_4 CrossRefGoogle Scholar
  27. 27.
    Cui, Y., Fujisaki, E., Hanaoka, G., Imai, H., Zhang, R.: Formal security treatments for signatures from identity-based encryption. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 218–227. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-75670-5_16 CrossRefGoogle Scholar
  28. 28.
    Crescenzo, G., Ostrovsky, R., Rajagopalan, S.: Conditional oblivious transfer and timed-release encryption. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 74–89. Springer, Heidelberg (1999). doi: 10.1007/3-540-48910-X_6 CrossRefGoogle Scholar
  29. 29.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644–654 (1976)MathSciNetCrossRefMATHGoogle Scholar
  30. 30.
    Escala, A., Herold, G., Kiltz, E., Ràfols, C., Villar, J.: An algebraic framework for diffie-hellman assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 129–147. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40084-1_8 CrossRefGoogle Scholar
  31. 31.
    Fischlin, M.: Round-optimal composable blind signatures in the common reference string model. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 60–77. Springer, Heidelberg (2006). doi: 10.1007/11818175_4 CrossRefGoogle Scholar
  32. 32.
    Gay, R., Kerenidis, I., Wee, H.: Communication complexity of conditional disclosure of secrets and attribute-based encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 485–502. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48000-7_24 CrossRefGoogle Scholar
  33. 33.
    Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003). doi: 10.1007/3-540-39200-9_33 CrossRefGoogle Scholar
  34. 34.
    Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. In: 30th ACM STOC, pp. 151–160. ACM Press, May 1998Google Scholar
  35. 35.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or A completeness theorem for protocols with honest majority. In: Aho, A. (ed.) 19th ACM STOC, pp. 218–229. ACM Press, May 1987Google Scholar
  36. 36.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)MathSciNetCrossRefMATHGoogle Scholar
  37. 37.
    Green, M., Hohenberger, S.: Blind identity-based encryption and simulatable oblivious transfer. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 265–282. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-76900-2_16 CrossRefGoogle Scholar
  38. 38.
    Green, M., Hohenberger, S.: Universally composable adaptive oblivious transfer. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 179–197. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-89255-7_12 CrossRefGoogle Scholar
  39. 39.
    Guleria, V., Dutta, R.: Lightweight universally composable adaptive oblivious transfer. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 285–298. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-11698-3_22 Google Scholar
  40. 40.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefMATHGoogle Scholar
  41. 41.
    Horvitz, O., Katz, J.: Universally-composable two-party computation in two rounds. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 111–129. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74143-5_7 CrossRefGoogle Scholar
  42. 42.
    Ishai, Y., Wee, H.: Partial garbling schemes and their applications. In: Esparza, J., Fraigniaud, P., Husfeldt, T., Koutsoupias, E. (eds.) ICALP 2014. LNCS, vol. 8572, pp. 650–662. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-43948-7_54 Google Scholar
  43. 43.
    Jarecki, S., Liu, X.: Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 577–594. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00457-5_34 CrossRefGoogle Scholar
  44. 44.
    Kalai, Y.T.: Smooth projective hashing and two-message oblivious transfer. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 78–95. Springer, Heidelberg (2005). doi: 10.1007/11426639_5 CrossRefGoogle Scholar
  45. 45.
    Katz, J., Vaikuntanathan, V.: Round-optimal password-based authenticated key exchange. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 293–310. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19571-6_18 CrossRefGoogle Scholar
  46. 46.
    Kiayias, A., Leonardos, N., Lipmaa, H., Pavlyk, K., Tang, Q.: Optimal rate private information retrieval from homomorphic encryption. PoPETs 2015(2), 222–243 (2015). http://www.degruyter.com/view/j/popets.2015.2015.issue-2/popets-2015-0016/popets-2015-0016.xml
  47. 47.
    Kurosawa, K., Nojima, R., Phong, L.T.: Generic fully simulatable adaptive oblivious transfer. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 274–291. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21554-4_16 CrossRefGoogle Scholar
  48. 48.
    Laur, S., Lipmaa, H.: A new protocol for conditional disclosure of secrets and its applications. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 207–225. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72738-5_14 CrossRefGoogle Scholar
  49. 49.
    Li, N., Du, W., Boneh, D.: Oblivious signature-based envelope. In: Borowsky, E., Rajsbaum, S. (eds.) 22nd ACM PODC, pp. 182–189. ACM, Jul 2003Google Scholar
  50. 50.
    Naor, M., Pinkas, B.: Visual authentication and identification. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 322–336. Springer, Heidelberg (1997). doi: 10.1007/BFb0052245 CrossRefGoogle Scholar
  51. 51.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Kosaraju, S.R. (ed.) 12th SODA, pp. 448–457. ACM-SIAM, January 2001Google Scholar
  52. 52.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85174-5_31 CrossRefGoogle Scholar
  53. 53.
    Rabin, M.O.: How to exchange secrets with oblivious transfer. Technical Report TR81, Harvard University (1981)Google Scholar
  54. 54.
    Rial, A., Kohlweiss, M., Preneel, B.: Universally composable adaptive priced oblivious transfer. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 231–247. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03298-1_15 CrossRefGoogle Scholar
  55. 55.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). doi: 10.1007/3-540-39568-7_5 CrossRefGoogle Scholar
  56. 56.
    Wang, X.S., Huang, Y., Chan, T.H.H., Shelat, A., Shi, E.: SCORAM: Oblivious RAM for secure computation. In: Ahn, G.J., Yung, M., Li, N. (eds.) ACM CCS 14, pp. 191–202. ACM Press, November 2014Google Scholar
  57. 57.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005). doi: 10.1007/11426639_7 CrossRefGoogle Scholar
  58. 58.
    Wee, H.: Dual system encryption via predicate encodings. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 616–637. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54242-8_26 CrossRefGoogle Scholar
  59. 59.
    Yao, A.C.C.: How to generate and exchange secrets (extended abstract). In: 27th FOCS, pp. 162–167. IEEE Computer Society Press, October 1986Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Olivier Blazy
    • 1
  • Céline Chevalier
    • 2
  • Paul Germouty
    • 1
  1. 1.Université de Limoges, XLimLimogesFrance
  2. 2.CRED, Université Panthéon-AssasParisFrance

Personalised recommendations