Oblivious Transfer in the Bounded Storage Model

Building on a previous important work of Cachin, CrEpeau, and Marcil [15], we present a provably secure and more efficient protocol for (2 1)-Oblivious Transfer with a storage-bounded receiver. A public random string of n bits long is employed, and the protocol is secure against any receiver who can store γn bits, γ < 1. Our work improves the work of CCM [15] in two ways. First, the CCM protocol requires the sender and receiver to store O(nc) bits, c ∼ 2/3. We give a similar but more efficient protocol that just requires the sender and receiver to store O(√kn) bits, where k is a security parameter. Second, the basic CCM Protocol was proved in [15] to guarantee that a dishonest receiver who can store O(n) bits succeeds with probability at most O(n-d), d ∼ 1/3, although repitition of the protocol can make this probability of cheating exponentially small [20]. Combining the methodologies of [24] and [15], we prove that in our protocol, a dishonest storage-bounded receiver succeeds with probability only 2-O(k), without repitition of the protocol. Our results answer an open problem raised by CCM in the affirmative.

[1]  Leslie G. Valiant,et al.  NP is as easy as detecting unique solutions , 1985, STOC '85.

[2]  Gilles Brassard,et al.  Practical Quantum Oblivious Transfer , 1991, CRYPTO.

[3]  Uriel Feige,et al.  On Message Proof Systems with Known Space Verifiers , 1993, CRYPTO.

[4]  Gilles Brassard,et al.  Oblivious Transfers and Privacy Amplification , 1997, EUROCRYPT.

[5]  Ueli Maurer,et al.  Unconditionally Secure Key Agreement and the Intrinsic Conditional Information , 1999, IEEE Trans. Inf. Theory.

[6]  Noam Nisan,et al.  Pseudorandom generators for space-bounded computations , 1990, STOC '90.

[7]  Rafail Ostrovsky,et al.  Reducibility and Completeness in Private Computations , 2000, SIAM J. Comput..

[8]  Ueli Maurer,et al.  Towards Characterizing When Information-Theoretic Secret Key Agreement Is Possible , 1996, ASIACRYPT.

[9]  Joe Kilian,et al.  A general completeness theorem for two party games , 1991, STOC '91.

[10]  Claude Crépeau,et al.  Oblivious transfer with a memory-bounded receiver , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[11]  Donald Beaver,et al.  Commodity-based cryptography (extended abstract) , 1997, STOC '97.

[12]  Cynthia Dwork,et al.  Finite state verifiers II: zero knowledge , 1992, JACM.

[13]  Jeroen van de Graaf,et al.  Committed Oblivious Transfer and Private Multi-Party Computation , 1995, CRYPTO.

[14]  Richard E. Ladner,et al.  Probabilistic Game Automata , 1988, J. Comput. Syst. Sci..

[15]  Gilles Brassard,et al.  Information theoretic reductions among disclosure problems , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[16]  Y. Aumann,et al.  Clock construction in fully asynchronous parallel systems and PRAM simulation , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[17]  Juan A. Garay,et al.  Concurrent oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[18]  Richard E. Ladner,et al.  Probabilistic Game Automata , 1986, J. Comput. Syst. Sci..

[19]  Silvio Micali,et al.  Lower Bounds for Oblivious Transfer Reductions , 1999, EUROCRYPT.

[20]  Miklos Santha,et al.  On the Reversibility of Oblivious Transfer , 1991, EUROCRYPT.

[21]  Moni Naor,et al.  Distributed Oblivious Transfer , 2000, ASIACRYPT.

[22]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[23]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[24]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[25]  Michael O. Rabin,et al.  Transaction Protection by Beacons , 1983, J. Comput. Syst. Sci..

[26]  Yonatan Aumann,et al.  Everlasting security in the bounded storage model , 2002, IEEE Trans. Inf. Theory.

[27]  Joe Kilian,et al.  Achieving oblivious transfer using weakened security assumptions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[28]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[29]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[30]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[31]  Yonatan Aumann,et al.  Information Theoretically Secure Communication in the Limited Storage Space Model , 1999, CRYPTO.

[32]  Ueli Maurer,et al.  Information-Theoretically Secure Secret-Key Agreement by NOT Authenticated Public Discussion , 1997, EUROCRYPT.

[33]  Claude Cripeaut Equivalence Between Two Flavours of Oblivious Transfers , 1988 .

[34]  Ueli Maurer,et al.  Unconditional Security Against Memory-Bounded Adversaries , 1997, CRYPTO.

[35]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[36]  Noam Nisan,et al.  Pseudorandom generators for space-bounded computation , 1992, Comb..

[37]  Manuel Blum How to exchange (secret) keys , 1983, STOC '83.

[38]  Ueli Maurer,et al.  Information-Theoretic Key Agreement: From Weak to Strong Secrecy for Free , 2000, EUROCRYPT.

[39]  Moti Yung,et al.  One-Message Statistical Zero-Knowledge Proofs and Space-Bounded Verifier , 1992, ICALP.

[40]  Gilles Brassard,et al.  All-or-Nothing Disclosure of Secrets , 1986, CRYPTO.

[41]  Claude Crépeau,et al.  Equivalence Between Two Flavours of Oblivious Transfers , 1987, CRYPTO.

[42]  InitializerRonald L. RivestLaboratory Unconditionally Secure Commitment and Oblivious Transfer Schemes Using Private Channels and a Trusted Initializer , 1999 .

[43]  Christian Cachin,et al.  Entropy measures and unconditional security in cryptography , 1997 .

[44]  Cynthia Dwork,et al.  Finite state verifiers I: the power of interaction , 1992, JACM.

[45]  Gilles Brassard,et al.  Oblivious transfers and intersecting codes , 1996, IEEE Trans. Inf. Theory.

[46]  Christian Cachin On the Foundations of Oblivious Transfer , 1998, EUROCRYPT.

[47]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[48]  Silvio Micali,et al.  Non-Interactive Oblivious Transfer and Applications , 1989, CRYPTO.

[49]  Anne Condon Space-bounded probabilistic game automata , 1991, JACM.

[50]  Oded Goldreich,et al.  How to Solve any Protocol Problem - An Efficiency Improvement , 1987, CRYPTO.

[51]  Rafail Ostrovsky,et al.  Perfect Zero-Knowledge Arguments for NP Using Any One-Way Permutation , 1998, Journal of Cryptology.

[52]  Joe Kilian,et al.  Zero-knowledge with log-space verifiers , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.