Reducing Complexity Assumptions for Oblivious Transfer

  • K. Y. Cheong
  • Takeshi Koshiba
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5824)


Reducing the minimum assumptions needed to construct various cryptographic primitives is an important and interesting task in theoretical cryptography. Oblivious transfer, one of the most basic cryptographic building blocks, could be also studied under this scenario. Reducing the minimum assumptions for oblivious transfer seems not an easy task, as there are a few impossibility results under black-box reductions.

Until recently, it is widely believed that oblivious transfer can be constructed with trapdoor permutations. Goldreich pointed out some flaw in the folklore and introduced some enhancement to cope with the flaw. Haitner then revised the enhancement more properly. As a consequence they showed that some additional properties for trapdoor permutations are necessary to construct oblivious transfers. In this paper, we discuss possibilities of basing not on trapdoor permutations but on trapdoor functions in general. We generalize previous results and give an oblivious transfer protocol based on a collection of trapdoor functions with some extra properties with respect to the length-expansion and the pre-image size. We discuss that our reduced assumption is almost minimal and show the necessity for the extra properties.


oblivious transfer trapdoor one-way functions 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Halevi, S., Sahai, A., Vadhan, S.P.: Many-to-one trapdoor functions and their relation to public-key cryptosystems. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 283–299. Springer, Heidelberg (1998)Google Scholar
  2. 2.
    Brassard, G., Crépeau, C., Santha, M.: Oblivious transfers and intersecting codes. IEEE Transactions on Information Theory 42(6), 1769–1780 (1996)zbMATHCrossRefGoogle Scholar
  3. 3.
    Brassard, G., Crépeau, C., Wolf, S.: Oblivious transfers and privacy amplification. Journal of Cryptology 16(4), 219–237 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proc. 42nd IEEE Symposium on Foundations of Computer Science, pp. 136–145 (2001)Google Scholar
  5. 5.
    Carter, J., Wegman, M.: Universal classes of hash functions. Journal of Computer and System Sciences 18(2), 143–154 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Choi, S.G., Dachman-Soled, D., Malkin, T., Wee, H.: Simple, black-box constructions of adaptively secure protocols. In: Theory of Cryptography Conference 2009. LNCS, vol. 5444, pp. 387–402 (2009)Google Scholar
  7. 7.
    Crépeau, C.: Equivalence between two flavours of oblivious transfers. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 350–354. Springer, Heidelberg (1988)Google Scholar
  8. 8.
    Crépeau, C., Savvides, G.: Optimal reductions between oblivious transfers using interactive hashing. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 201–221. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Even, S., Goldreich, O.: A Lempel: A randomized protocol for signing contracts. Communications of the ACM 28(6), 637–647 (1985)CrossRefMathSciNetGoogle Scholar
  11. 11.
    Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The relationship between public key encryption and oblivious transfer. In: Proc. 41st IEEE Symposium on Foundations of Computer Science, pp. 325–335 (2000)Google Scholar
  12. 12.
    Goldreich, O.: Foundations of Cryptography, vol II. Cambridge University Press, Cambridge (2004)zbMATHGoogle Scholar
  13. 13.
    Goldreich, O., Levin, L.: A hard-core predicate for all one-way functions. In: Proc. 21st ACM Symposium on Theory of Computing, pp. 25–32 (1989)Google Scholar
  14. 14.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or A completeness theorem for protocols with honest majority. In: Proc. 19th ACM Symposium on Theory of Computing, pp. 218–229 (1987)Google Scholar
  15. 15.
    Haitner, I.: Implementing oblivious transfer using collection of dense trapdoor permutations. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 394–409. Springer, Heidelberg (2004)Google Scholar
  16. 16.
    Haitner, I.: Semi-honest to malicious oblivious transfer—the black-box way. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 412–426. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Haitner, I., Horvitz, O., Katz, J., Koo, C.-Y., Morselli, R., Shaltiel, R.: Reducing complexity assumptions for statistically-hiding commitment. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 58–77. Springer, Heidelberg (2005)Google Scholar
  18. 18.
    Haitner, I., Reingold, O.: Statistically-hiding commitment from any one-way function. In: Proc. 39th ACM Symposium on Theory of Computing, pp. 1–10 (2007)Google Scholar
  19. 19.
    Harnik, D., Naor, M.: On the compressibility of NP instances and cryptographic applications. In: Proc. 47th IEEE Symposium on Foundations of Computer Science, pp. 719–728 (2006)Google Scholar
  20. 20.
    Impagliazzo, R., Luby, M.: One-way functions are essential for complexity based cryptography. In: Proc. 30th IEEE Symposium on Foundations of Computer Science, pp. 230–235 (1989)Google Scholar
  21. 21.
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Proc. 21st ACM Symposium on Theory of Computing, pp. 44–61 (1989)Google Scholar
  22. 22.
    Kilian, J.: Founding cryptography on oblivious tranfer. In: Proc. 20th ACM Symposium on Theory of Computing, pp. 20–31 (1988)Google Scholar
  23. 23.
    Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M.: Perfect zero-knowledge arguments for NP using any one-way permutation. Journal of Cryptology 11(2), 87–108 (1998)zbMATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proc. 12th ACM-SIAM Symposium on Discrete Algorithms, pp. 448–457 (2001)Google Scholar
  25. 25.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008)Google Scholar
  26. 26.
    Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: Proc. 40th ACM Symposium on Theory of Computing, pp. 187–196 (2008)Google Scholar
  27. 27.
    Rabin, M.: How to exchange secrets by oblivious transfer, Technical Report TR-81, Aiken Computation Laboratory, Harvard University (1981)Google Scholar
  28. 28.
    Reingold, O., Trevisan, L., Vadhan, S.P.: Notions of reducibility between cryptographic primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004)Google Scholar
  29. 29.
    Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612–613 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  30. 30.
    Shannon, C.: Communication theory of secrecy systems. Bell System Technical Journal 28(4), 656–715 (1949)MathSciNetGoogle Scholar
  31. 31.
    Wiesner, S.: Conjugate coding. SIGACT News 15(1), 78–88 (1983)CrossRefGoogle Scholar
  32. 32.
    Wolf, S., Wullschleger, J.: Oblivious transfer is symmetric. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 222–232. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  33. 33.
    Wullschleger, J.: Oblivious-transfer amplification. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 555–572. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • K. Y. Cheong
    • 1
  • Takeshi Koshiba
    • 1
  1. 1.Division of Mathematics, Electronics and Informatics, Graduate School of Science and EngineeringSaitama UniversitySaitamaJapan

Personalised recommendations