Semi-commutative Masking: A Framework for Isogeny-Based Protocols, with an Application to Fully Secure Two-Round Isogeny-Based OT

We define semi-commutative invertible masking structures which aim to capture the methodology of exponentiation-only protocol design (such as discrete logarithm and isogeny-based cryptography). We discuss two instantiations: the first is based on commutative group actions and captures both the action of exponentiation in the discrete logarithm setting and the action of the class group of commutative endomorphism rings of elliptic curves, in the style of the CSIDH key-exchange protocol; the second is based on the semi-commutative action of isogenies of supersingular elliptic curves, in the style of the SIDH key-exchange protocol. We then construct two oblivious transfer protocols using this new structure and prove that these UC-securely realise the oblivious transfer functionality in the random-oracle-hybrid model against passive adversaries with static corruptions. Moreover, by starting from one of these two protocols and using the compiler introduced by Döttling et al. (Eurocrypt 2020), we achieve the first fully UC-secure two-round OT protocol based on supersingular isogenies.

[1]  David Jao,et al.  Constructing elliptic curve isogenies in quantum subexponential time , 2010, J. Math. Cryptol..

[2]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[3]  Jonathan Katz,et al.  Global-Scale Secure Multiparty Computation , 2017, CCS.

[4]  Reza Azarderakhsh,et al.  Practical Supersingular Isogeny Group Key Agreement , 2019, IACR Cryptol. ePrint Arch..

[5]  Atsushi Fujioka,et al.  One-Round Authenticated Group Key Exchange from Isogenies , 2019, IACR Cryptol. ePrint Arch..

[6]  Paulo Barreto,et al.  Supersingular Isogeny Oblivious Transfer , 2018, IACR Cryptol. ePrint Arch..

[7]  Tanja Lange,et al.  CSIDH: An Efficient Post-Quantum Commutative Group Action , 2018, IACR Cryptol. ePrint Arch..

[8]  Benjamin Smith,et al.  Towards practical key exchange from ordinary isogeny graphs , 2018, IACR Cryptol. ePrint Arch..

[9]  G. Ballew,et al.  The Arithmetic of Elliptic Curves , 2020, Elliptic Curves.

[10]  Alfred Menezes,et al.  On Isogeny Graphs of Supersingular Elliptic Curves over Finite Fields , 2018, IACR Cryptol. ePrint Arch..

[11]  Frederik Vercauteren,et al.  Computational problems in supersingular elliptic curve isogenies , 2017, IACR Cryptol. ePrint Arch..

[12]  Christophe Petit,et al.  Faster Algorithms for Isogeny Problems Using Torsion Point Images , 2017, ASIACRYPT.

[13]  Alexander Rostovtsev,et al.  Public-Key Cryptosystem Based on Isogenies , 2006, IACR Cryptol. ePrint Arch..

[14]  Marcel Keller,et al.  MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer , 2016, IACR Cryptol. ePrint Arch..

[15]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[16]  Claudio Orlandi,et al.  The Simplest Protocol for Oblivious Transfer , 2015, IACR Cryptol. ePrint Arch..

[17]  André Schrottenloher,et al.  Quantum Security Analysis of CSIDH and Ordinary Isogeny-based Schemes , 2018, IACR Cryptol. ePrint Arch..

[18]  Reza Azarderakhsh,et al.  Key Compression for Isogeny-Based Cryptosystems , 2016, AsiaPKC '16.

[19]  Rajeev Anand Sahu,et al.  Supersingular Isogeny-Based Designated Verifier Blind Signature , 2019, IACR Cryptol. ePrint Arch..

[20]  Francisco Rodríguez-Henríquez,et al.  A Faster Software Implementation of the Supersingular Isogeny Diffie-Hellman Key Exchange Protocol , 2018, IEEE Transactions on Computers.

[21]  Craig Costello,et al.  Efficient Algorithms for Supersingular Isogeny Diffie-Hellman , 2016, CRYPTO.

[22]  Christophe Petit,et al.  Weak instances of SIDH variants under improved torsion-point attacks , 2020, IACR Cryptol. ePrint Arch..

[23]  Arpita Patra,et al.  Fast and Universally-Composable Oblivious Transfer and Commitment Scheme with Adaptive Security , 2017, IACR Cryptol. ePrint Arch..

[24]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[25]  David Jao,et al.  SoK: The Problem Landscape of SIDH , 2018, IACR Cryptol. ePrint Arch..

[26]  Paulo S. L. M. Barreto,et al.  A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM , 2017, IACR Cryptol. ePrint Arch..

[27]  Jintai Ding,et al.  A Framework for Universally Composable Oblivious Transfer from One-Round Key-Exchange , 2019, IACR Cryptol. ePrint Arch..

[28]  Emmanuel Bresson,et al.  Separation Results on the "One-More" Computational Problems , 2008, CT-RSA.

[29]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[30]  Vanessa Vitse,et al.  Simple Oblivious Transfer Protocols Compatible with Supersingular Isogenies , 2019, AFRICACRYPT.

[31]  Zvika Brakerski,et al.  Two-Message Statistical Sender-Private OT from LWE , 2018, IACR Cryptol. ePrint Arch..

[32]  Steven D. Galbraith,et al.  Identification Protocols and Signature Schemes Based on Supersingular Isogeny Problems , 2017, ASIACRYPT.

[33]  Steven D. Galbraith,et al.  On the Security of Supersingular Isogeny Cryptosystems , 2016, ASIACRYPT.

[34]  Jianhong Zhang,et al.  Practical t-out-n Oblivious Transfer and Its Applications , 2003, ICICS.

[35]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[36]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2011, J. Math. Cryptol..

[37]  Nico Döttling,et al.  Two-Round Oblivious Transfer from CDH or LPN , 2020, IACR Cryptol. ePrint Arch..