On the Oblivious Transfer Capacity of Generalized Erasure Channels Against Malicious Adversaries: The Case of Low Erasure Probability

Noisy channels are a powerful resource for cryptography as they can be used to obtain information-theoretic secure key agreement, commitment, and oblivious transfer protocols, among others. Oblivious transfer (OT) is a fundamental primitive, since it is complete for secure multi-party computation, and the OT capacity characterizes how efficiently a channel can be used for obtaining string oblivious transfer. Ahlswede and Csiszár (ISIT’07) presented upper and lower bounds on the OT capacity of generalized erasure channels (GECs) against passive adversaries. In the case of GEC with erasure probability at least 1/2, the upper and lower bounds match and, therefore, the OT capacity was determined. It was later proved by Pinto et al. [IEEE Trans. Inf. Theory 57(8)] that the OT capacity is identical for passive and malicious adversaries. In the case of GEC with erasure probability smaller than 1/2, the known lower bound against passive adversaries that was established by Ahlswede and Csiszár does not match their upper bound and it was unknown whether this OT rate could be achieved against malicious adversaries as well. In this paper, we show that there is a protocol against malicious adversaries achieving the same OT rate that was obtained against passive adversaries. We obtain our results by a new combination of interactive hashing and typicality tests that are suitable for dealing with the case of low erasure probability ( $p^{*} <1/2$ ).

[1]  George Savvides,et al.  Interactive hashing and reductions between oblivious transfer variants , 2007 .

[2]  Hideki Imai,et al.  On the Oblivious Transfer Capacity of the Erasure Channel , 2006, 2006 IEEE International Symposium on Information Theory.

[3]  Thomas M. Cover,et al.  Enumerative source encoding , 1973, IEEE Trans. Inf. Theory.

[4]  Claude Crépeau,et al.  Efficient Cryptographic Protocols Based on Noisy Channels , 1997, EUROCRYPT.

[5]  Rafail Ostrovsky,et al.  Constant-Rate Oblivious Transfer from Noisy Channels , 2011, CRYPTO.

[6]  Leonid A. Levin,et al.  Pseudo-random Generation from one-way functions (Extended Abstracts) , 1989, STOC 1989.

[7]  Claude Crépeau,et al.  Statistical Security Conditions for Two-Party Secure Function Evaluation , 2008, ICITS.

[8]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[9]  Jeroen van de Graaf,et al.  Committed Oblivious Transfer and Private Multi-Party Computation , 1995, CRYPTO.

[10]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[11]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[12]  Stefan Wolf,et al.  Efficient oblivious transfer from any non-trivial binary-symmetric channel , 2002, Proceedings IEEE International Symposium on Information Theory,.

[13]  Rafail Ostrovsky,et al.  Fair Games against an All-Powerful Adversary , 1990, Advances In Computational Complexity Theory.

[14]  Jaikumar Radhakrishnan,et al.  Bounds for Dispersers, Extractors, and Depth-Two Superconcentrators , 2000, SIAM J. Discret. Math..

[15]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[16]  Joe Kilian,et al.  Achieving oblivious transfer using weakened security assumptions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[17]  H. Chernoff A Measure of Asymptotic Efficiency for Tests of a Hypothesis Based on the sum of Observations , 1952 .

[18]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[19]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[20]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[21]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[22]  Joe Kilian,et al.  Achieving Oblivious Transfer Using Weakened Security Assumptions (Extended Abstract) , 1988, FOCS 1988.

[23]  Imre Csiszár,et al.  Information Theory - Coding Theorems for Discrete Memoryless Systems, Second Edition , 2011 .

[24]  Rudolf Ahlswede,et al.  On Oblivious Transfer Capacity , 2007, 2007 IEEE International Symposium on Information Theory.

[25]  Claude Crépeau,et al.  Equivalence Between Two Flavours of Oblivious Transfers , 1987, CRYPTO.

[26]  Kirill Morozov,et al.  Efficient Unconditional Oblivious Transfer from Almost Any Noisy Channel , 2004, SCN.

[27]  Rudolf Ahlswede,et al.  Founding Cryptography on Oblivious Transfer , 2016 .

[28]  Claude Crépeau,et al.  Optimal Reductions Between Oblivious Transfers Using Interactive Hashing , 2006, EUROCRYPT.

[29]  Kirill Morozov,et al.  Achieving Oblivious Transfer Capacity of Generalized Erasure Channels in the Malicious Model , 2011, IEEE Transactions on Information Theory.

[30]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[31]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[32]  Anderson C. A. Nascimento,et al.  Commitment and Oblivious Transfer in the Bounded Storage Model With Errors , 2015, IEEE Transactions on Information Theory.

[33]  Stephen Wiesner,et al.  Conjugate coding , 1983, SIGA.

[34]  Ronen Shaltiel,et al.  Constant-Round Oblivious Transfer in the Bounded Storage Model , 2004, Journal of Cryptology.

[35]  Yan Zong Ding,et al.  Oblivious Transfer in the Bounded Storage Model , 2001, CRYPTO.

[36]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[37]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[38]  Kirill Morozov,et al.  Generalized Oblivious Transfer Protocols Based on Noisy Channels , 2001, MMM-ACNS.

[39]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[40]  Anderson C. A. Nascimento,et al.  On the Oblivious-Transfer Capacity of Noisy Resources , 2008, IEEE Transactions on Information Theory.

[41]  Claude Crépeau,et al.  Oblivious transfer with a memory-bounded receiver , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).