Abstract
Oblivious polynomial evaluation (OPE) consists of a two-party protocol where a sender inputs a polynomial \(p(x)\) and a receiver inputs a single value \(x_{0}\). At the end of the protocol, the sender learns nothing and the receiver learns \(p(x_{0})\). This paper deals with the problem of oblivious polynomial evaluation under an information-theoretic perspective, which is based on the definitions of unconditional security developed by Crépeau et al. (Information-theoretic conditions for two-party secure function evaluation. EUROCRYPT 2006, LNCS 4004. Springer, Berlin, Heidelberg, pp 538–554, 2006). In this paper, we propose an information-theoretic model for oblivious polynomial evaluation relying on pre-distributed data and prove very general lower bounds on the size of the pre-distributed data, as well as the size of the communications in any protocol. It is demonstrated that these bounds are tight by obtaining a round-optimal OPE protocol, which meets the lower bounds simultaneously. We present a natural generalization to OPE called oblivious linear functional evaluation.
Similar content being viewed by others
References
Ahlswede, R., Csiszár, I.: On oblivious transfer capacity. ISIT 2007, pp. 2061–2064. (2007)
Beaver, D.: Commodity-based cryptography (extended abstract). STOC 1997, pp. 446–455. (1997)
Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. CRYPTO 89, 547–557 (1990)
Bleichenbacher, D., Nguyen, P.: Noisy Polynomial Interpolation and Noisy Chinese Remaindering. EUROCRYPT 2000, LNCS. Springer, New York (2000)
Blundo, C., Masucci, B., Stinson, D.R., Wei, R.: Constructions and bounds for unconditionally secure non-interactive commitment schemes. Des Codes Cryptogr 26(1–3), 97–110 (2002)
Chang, Yan-Cheng, Lu, Chi-Jen: Oblivious Polynomial Evaluation and Oblivious Neural Learning. ASIACRYPT 2001, LNCS. Springer, New York (2001)
Crépeau, C.: Efficient cryptographic protocols based on noisy channels. EUROCRYPT 1997, pp. 306–317. (1997)
Crépeau, C., Morozov, K., Wolf, S.: Efficient unconditional oblivious transfer from almost any noisy channel. SCN 2004, pp. 47–59. (2004)
Crépeau, C., Savvides, G., Schaffner, G., Wullschleger, J.: Information-theoretic conditions for two-party secure function evaluation. EUROCRYPT 2006, LNCS, 4004, Springer, Berlin, Heidelberg, pp. 538–554. (2006)
Crépeau, C., Wullschleger, J.: Statistical security conditions for two-party secure function evaluation. ICITS 2008, LNCS, vol. 5155, pp. 86–99. Springer, New York (2008)
Dowsley, R., van de Graaf, J., Müller-Quade, J., Nascimento, A.C.A.: Oblivious transfer based on the McEliece assumptions. ICITS 2008, pp. 107–117. (2008)
Dowsley, R., van de Graaf, J., Müller-Quade, J., Nascimento, A.C.A.: Oblivious transfer based on the McEliece assumptions. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E95–A(2), 567–575 (2012)
Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. CRYPTO 82, pp. 205–210. (1983)
Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. TCC 2005, pp. 303–324. (2005)
Gilboa, N.: Two party RSA key generation. CRYPTO 1999, pp. 116–129. (1999)
Haitner, I.: Implementing oblivious transfer using collection of dense trapdoor permutations. TCC 2004, pp. 394–409. (2004)
Hanaoka, G., Imai, H., Müller-Quade, J., Nascimento, A.C.A., Otsuka, A., Winter, A.: Information theoretically secure oblivious polynomial evaluation: model, bounds, and constructions. ACISP 2004, pp. 62–73. (2004)
Hanaoka, G., Shikata, J., Zheng, Y., Imai, H.: Unconditionally secure digital signature schemes admitting transferability. ASIACRYPT 2000, LNCS, vol. 1976, pp. 130–142. Springer, New York (2000)
Imai, H., Morozov, K., Nascimento, A.C.A.: On the oblivious transfer capacity of the erasure channel. ISIT 2006, pp. 1428–1431. (2006)
Kalai, Y.T.: Smooth projective hashing and two-message oblivious transfer. EUROCRYPT 2005, pp. 78–95. (2005)
Kilian, J.: Founding cryptography on oblivious transfer. STOC 1988, pp. 20–31. (1988)
Matsumoto, T., Imai, H.: On the key predistribution systems. A practical solution to the key distribution problem. CRYPTO 1987, LNCS, vol. 293, pp. 185–193. Springer, New York (1988)
Lindell, Y., Pinkas, B.: Privacy preserving data mining. J. Cryptol. 15(19), 177–206 (2002)
Nascimento, A.C.A., Morozov, K., Imai, H.: Efficient oblivious transfer protocols achieving a non-zero rate from any non-trivial noisy correlation. ICITS. (2007)
Nascimento, A.C.A., Winter, A.: On the oblivious-transfer capacity of noisy resources. IEEE Trans. Inf. Theory 54(6), 2572–2581 (2008)
Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. STOC 1999, pp. 245–254. (1999)
Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In 12th annual ACM-SIAM symposium on discrete algorithms, pp. 448–457. (2001)
Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. CRYPTO 2008, pp. 554–571. (2008)
Pinto, A.C.B., Dowsley, R., Morozov, K., Nascimento, A.C.A.: Achieving oblivious transfer capacity of generalized erasure channels in the malicious model. IEEE Trans. Inf. Theory 57(8), 5566–5571 (2011)
Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical Report TR-81, Harvard. (1981)
Rivest, R.: Unconditionally secure commitment and oblivious transfer schemes using concealing channels and a trusted initializer. Preprint available at http://people.csail.mit.edu/rivest/Rivest-commitment
Author information
Authors and Affiliations
Corresponding author
Additional information
A preliminary, conference version of this work appeared in [17]. We would like to point out that this journal version uses a more strict, simulation-based model of security for the positive results which implies the security of sequential compositions of the protocol. In addition, the proofs of the lower bounds are generalized to cover also protocols with multiple rounds instead of being for one-round protocols only.
Rights and permissions
About this article
Cite this article
Tonicelli, R., Nascimento, A.C.A., Dowsley, R. et al. Information-theoretically secure oblivious polynomial evaluation in the commodity-based model. Int. J. Inf. Secur. 14, 73–84 (2015). https://doi.org/10.1007/s10207-014-0247-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-014-0247-8