Skip to main content
SpringerLink
Log in
Book cover

Annual International Conference on the Theory and Applications of Cryptographic Techniques

EUROCRYPT 2021: Advances in Cryptology – EUROCRYPT 2021 pp 213–241Cite as

Compact, Efficient and UC-Secure Isogeny-Based Oblivious Transfer

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12696)

Abstract

Oblivious transfer (OT) is an essential cryptographic tool that can serve as a building block for almost all secure multiparty functionalities. The strongest security notion against malicious adversaries is universal composability (UC-secure). An important goal is to have post-quantum OT protocols. One area of interest for post-quantum cryptography is isogeny-based crypto. Isogeny-based cryptography has some similarities to Diffie-Hellman, but lacks some algebraic properties that are needed for discrete-log-based OT protocols. Hence it is not always possible to directly adapt existing protocols to the isogeny setting.

We propose the first practical isogeny-based UC-secure oblivious transfer protocol in the presence of malicious adversaries. Our scheme uses the CSIDH framework and does not have an analogue in the Diffie-Hellman setting. The scheme consists of a constant number of isogeny computations. The underlying computational assumption is a problem that we call the computational reciprocal CSIDH problem, and that we prove polynomial-time equivalent to the computational CSIDH problem.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Alamati, N., De Feo, L., Montgomery, H., Patranabis, S.: Cryptographic group actions and applications. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 411–439. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_14

    CrossRef  Google Scholar 

  2. Barreto, P., Oliveira, G., Benits, W., Nascimento, A.: Supersingular isogeny oblivious transfer. Cryptology ePrint Archive, report 2018/459 (2018). https://eprint.iacr.org/2018/459

  3. Barreto, P.S., David, B., Dowsley, R., Morozov, K., Nascimento, A.C.: A framework for efficient adaptively secure composable oblivious transfer in the ROM, arXiv preprint arXiv:1710.08256 (2017)

  4. Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547–557. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_48

    CrossRef  Google Scholar 

  5. Bernstein, D., de Feo, L., Leroux, A., Smith, B.: Faster computation of isogenies of large prime degree, arXiv preprint arXiv:2003.10118 (2020)

  6. Beullens, W., Kleinjung, T., Vercauteren, F.: CSI-FiSh: efficient isogeny based signatures through class group computations. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 227–247. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_9

    CrossRef  Google Scholar 

  7. Burdges, J., Feo, L.D. Delay encryption. Cryptology ePrint Archive, report 2020/638 (2020). https://eprint.iacr.org/2020/638

  8. Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13, 143–202 (2000)

    CrossRef  MathSciNet  Google Scholar 

  9. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols, in Proceedings 42nd IEEE Symposium on Foundations of Computer Science, pp. 136–145. IEEE (2001)

    Google Scholar 

  10. Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively secure multi-party computation. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pp. 639–648 (1996)

    Google Scholar 

  11. Canetti, R., Kushilevitz, E., Lindell, Y.: On the limitations of universally composable two-party computation without set-up assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 68–86. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_5

    CrossRef  Google Scholar 

  12. Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_15

    CrossRef  Google Scholar 

  13. Chou, T., Orlandi, C.: The simplest protocol for oblivious transfer. In: Lauter, K., Rodríguez-Henríquez, F. (eds.) LATINCRYPT 2015. LNCS, vol. 9230, pp. 40–58. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22174-8_3

    CrossRef  Google Scholar 

  14. Couveignes, J.M.: Hard homogeneous spaces. 1997, IACR Cryptology ePrint Archive, 2006, p. 291 (2006)

    Google Scholar 

  15. Crépeau, C., van de Graaf, J., Tapp, A.: Committed oblivious transfer and private multi-party computation. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 110–123. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_9

    CrossRef  Google Scholar 

  16. David, B.M., Nascimento, A.C.A., Müller-Quade, J.: Universally composable oblivious transfer from lossy encryption and the McEliece assumptions. In: Smith, A. (ed.) ICITS 2012. LNCS, vol. 7412, pp. 80–99. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32284-6_5

    CrossRef  Google Scholar 

  17. de Saint Guilhem, C., Orsini, E., Petit, C., Smart, N.P.: Secure oblivious transfer from semi-commutative masking. IACR Cryptology ePrint Archive, 2018, p. 648 (2018)

    Google Scholar 

  18. Döttling, N., Garg, S., Hajiabadi, M., Masny, D., Wichs, D.: Two-round oblivious transfer from CDH or LPN. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 768–797. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_26

    CrossRef  Google Scholar 

  19. Dowsley, R., van de Graaf, J., Müller-Quade, J., Nascimento, A.C.A.: Oblivious transfer based on the McEliece assumptions. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 107–117. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85093-9_11

    CrossRef  Google Scholar 

  20. Felderhoff, J.: Hard homogeneous spaces and commutative supersingular isogeny based diffie-hellman, internship report, LIX, Ecole polytechnique, ENS de Lyon, August 2019

    Google Scholar 

  21. De Feo, L., Galbraith, S.D.: SeaSign: compact isogeny signatures from class group actions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 759–789. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_26

    CrossRef  Google Scholar 

  22. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proceedings of the Nineteenth ACM Symposium on Theory of Computing, STOC, pp. 218–229. ACM (1987)

    Google Scholar 

  23. Hallgren, S.: Fast quantum algorithms for computing the unit group and class group of a number field. In: Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, May 22–24, 2005, pp. 468–474 (2005)

    Google Scholar 

  24. Hazay, C., Lindell, Y.: Efficient Secure Two-Party Protocols. ISC, Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14303-8

    CrossRef  MATH  Google Scholar 

  25. Jao, D., et al.: Sike: supersingular isogeny key encapsulation (2017). https://sike.org/

  26. Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_2

    CrossRef  MATH  Google Scholar 

  27. Lai, Y.-F., Galbraith, S.D., de Saint Guilhem, C.D.: Compact, efficient and UC-secure isogeny-based oblivious transfer. Cryptology ePrint Archive, report 2020/1012 (2020). https://eprint.iacr.org/2020/1012

  28. Lindell, A.Y.: Efficient fully-simulatable oblivious transfer. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 52–70. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79263-5_4

    CrossRef  Google Scholar 

  29. Meyer, M., Campos, F., Reith, S.: On Lions and elligators: an efficient constant-time implementation of CSIDH. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 307–325. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25510-7_17

    CrossRef  Google Scholar 

  30. Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proceedings of the Twelfth Annual ACM-SIAM Symposium on Discrete Algorithms, Society for Industrial and Applied Mathematics, pp. 448–457 (2001)

    Google Scholar 

  31. NIST: National institute of standards and technology (2020). https://csrc.nist.gov/Projects/post-quantum-cryptography/round-3-submissions

  32. Oded, G.: Foundations of cryptography: Volume 2, basic applications (2009)

    Google Scholar 

  33. Onuki, H., Aikawa, Y., Yamazaki, T., Takagi, T.: A constant-time algorithm of CSIDH keeping two points. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 103, 1174–1182 (2020)

    CrossRef  Google Scholar 

  34. Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_31

    CrossRef  Google Scholar 

  35. Rabin, M.O.: How to exchange secrets with oblivious transfer, Technical report TR-81, p. 187. Harvard University, Aiken Computation Lab (1981)

    Google Scholar 

  36. Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies. IACR Cryptology ePrint Archive, 2006, p. 145 (2006)

    Google Scholar 

  37. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev. 41, 303–332 (1999)

    CrossRef  MathSciNet  Google Scholar 

  38. Vitse, V.: Simple oblivious transfer protocols compatible with supersingular isogenies. In: Buchmann, J., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2019. LNCS, vol. 11627, pp. 56–78. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23696-0_4

    CrossRef  Google Scholar 

  39. Wu, Q.-H., Zhang, J.-H., Wang, Y.-M.: Practical t-out-n oblivious transfer and its applications. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 226–237. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39927-8_21

    CrossRef  Google Scholar 

Download references

Acknowledgments

We sincerely thank the anonymous reviewers of EUROCRYPT 2021 for their patience and valuable comments that helped to substantially improve the presentation of this work. We are also grateful to Wouter Castryck for sharing his knowledge of isogenies and Yehuda Lindell for sharing his knowledge of MPC. This research is partially funded by the Ministry for Business, Innvovation and Employment in New Zealand.

This work was supported in part by ERC Advanced Grant ERC-2015-AdG-IMPaCT and by CyberSecurity Research Flanders with reference number VR20192203. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the ERC or of Cyber Security Research Flanders.

Author information

Authors and Affiliations

  1. University of Auckland, Auckland, New Zealand

    Yi-Fu Lai & Steven D. Galbraith

  2. imec-COSIC, KU Leuven, Leuven, Belgium

    Cyprien Delpech de Saint Guilhem

Authors
  1. Yi-Fu Lai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Steven D. Galbraith
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cyprien Delpech de Saint Guilhem
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yi-Fu Lai .

Editor information

Editors and Affiliations

  1. Inria, Paris, France

    Anne Canteaut

  2. UCLouvain, Louvain-la-Neuve, Belgium

    François-Xavier Standaert

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lai, YF., Galbraith, S.D., Delpech de Saint Guilhem, C. (2021). Compact, Efficient and UC-Secure Isogeny-Based Oblivious Transfer. In: Canteaut, A., Standaert, FX. (eds) Advances in Cryptology – EUROCRYPT 2021. EUROCRYPT 2021. Lecture Notes in Computer Science(), vol 12696. Springer, Cham. https://doi.org/10.1007/978-3-030-77870-5_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-77870-5_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-77869-9

  • Online ISBN: 978-3-030-77870-5

  • eBook Packages: Computer ScienceComputer Science (R0)

search

Navigation