One-out-of-q OT Combiners

In 1-out-of-q Oblivious Transfer (OT) protocols, a sender is able to send one of q ≥ 2 messages to a receiver, all while being oblivious to which message was actually transferred. Moreover, the receiver only learns one of these messages. Oblivious Transfer combiners take n instances of OT protocols as input, and produce a single protocol that is secure if sufficiently many of the n original OT implementations are secure. We present a generalization of an OT combiner protocol that was introduced by Cascudo et al. (TCC’17). We show a general 1-out-of-q OT combiner that is valid for any prime power q ≥ 2. Our OT combiner is based on secret sharing schemes that are of independent interest. Our construction achieves the strong notion of perfect security against active (A,B)-adversaries. For q ≥ n, we present a single-use, n-server, 1out-of-q OT combiner that is perfectly secure against active adversaries that corrupt a minority of servers. The amount of bits exchanged during the protocol is (q + q + 1)n log q.

[1]  Yuval Ishai,et al.  On the Power of Nonlinear Secret-Sharing , 2001, IACR Cryptol. ePrint Arch..

[2]  Ignacio Cascudo,et al.  Resource-Efficient OT Combiners with Active Security , 2017, TCC.

[3]  Vladimir Kolesnikov,et al.  Efficient Batched Oblivious PRF with Applications to Private Set Intersection , 2016, CCS.

[4]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[5]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[6]  Jürg Wullschleger,et al.  Error-Tolerant Combiners for Oblivious Primitives , 2008, ICALP.

[7]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[8]  Silvio Micali,et al.  Non-Interactive Oblivious Transfer and Spplications , 1989, CRYPTO.

[9]  Joe Kilian,et al.  Achieving Oblivious Transfer Using Weakened Security Assumptions (Extended Abstract) , 1988, FOCS 1988.

[10]  Amos Beimel,et al.  The Share Size of Secret-Sharing Schemes for Almost All Access Structures and Graphs , 2020, IACR Cryptol. ePrint Arch..

[11]  Emmanuela Orsini,et al.  Actively Secure 1-out-of-N OT Extension with Application to Private Set Intersection , 2017, CT-RSA.

[12]  Claude Crépeau,et al.  Oblivious transfer with a memory-bounded receiver , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[13]  Yuval Ishai,et al.  Founding Cryptography on Tamper-Proof Hardware Tokens , 2010, IACR Cryptol. ePrint Arch..

[14]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[15]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[16]  Jonathan Katz,et al.  Chosen-Ciphertext Security of Multiple Encryption , 2005, TCC.

[17]  Moni Naor,et al.  On Robust Combiners for Oblivious Transfer and Other Primitives , 2005, EUROCRYPT.

[18]  Rudolf Ahlswede,et al.  Founding Cryptography on Oblivious Transfer , 2016 .

[19]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[20]  Ignacio Cascudo,et al.  Server-Aided Two-Party Computation with Minimal Connectivity in the Simultaneous Corruption Model , 2014 .

[21]  Keith M. Martin,et al.  Multisecret Threshold Schemes , 1994, CRYPTO.

[22]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[23]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[24]  Carles Padró,et al.  Lecture Notes in Secret Sharing , 2012, IACR Cryptol. ePrint Arch..

[25]  Vinod Vaikuntanathan,et al.  Towards Breaking the Exponential Barrier for General Secret Sharing , 2017, IACR Cryptol. ePrint Arch..

[26]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[27]  Rafail Ostrovsky,et al.  Minimum resource zero knowledge proofs , 1989, 30th Annual Symposium on Foundations of Computer Science.

[28]  Amos Beimel,et al.  Secret-Sharing Schemes: A Survey , 2011, IWCC.

[29]  Bartosz Przydatek,et al.  On Robust Combiners for Private Information Retrieval and Other Primitives , 2006, CRYPTO.

[30]  G. Blakley,et al.  An efficient algorithm for constructing a cryptosystem which is harder to break than two other cryptosystems , 1981 .

[31]  Jürg Wullschleger,et al.  Robuster Combiners for Oblivious Transfer , 2007, TCC.

[32]  Nico Döttling,et al.  David & Goliath Oblivious Affine Function Evaluation - Asymptotically Optimal Building Blocks for Universally Composable Two-Party Computation from a Single Untrusted Stateful Tamper-Proof Hardware Token , 2012, IACR Cryptol. ePrint Arch..

[33]  László Csirmaz,et al.  The Size of a Share Must Be Large , 1994, Journal of Cryptology.

[34]  Yuval Ishai,et al.  OT-Combiners via Secure Computation , 2008, TCC.

[35]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[36]  Yuval Ishai,et al.  Single-use ot combiners with near-optimal resilience , 2014, 2014 IEEE International Symposium on Information Theory.

[37]  Vinod Vaikuntanathan,et al.  Secret Sharing and Statistical Zero Knowledge , 2015, ASIACRYPT.

[38]  Yehuda Lindell,et al.  How To Simulate It - A Tutorial on the Simulation Proof Technique , 2016, IACR Cryptol. ePrint Arch..

[39]  Vinod Vaikuntanathan,et al.  Breaking the circuit-size barrier in secret sharing , 2018, IACR Cryptol. ePrint Arch..

[40]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[41]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[42]  Gilles Brassard,et al.  Information theoretic reductions among disclosure problems , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[43]  Amos Beimel,et al.  Better secret sharing via robust conditional disclosure of secrets , 2020, Electron. Colloquium Comput. Complex..

[44]  Wen-Guey Tzeng,et al.  Efficient 1-Out-n Oblivious Transfer Schemes , 2002, Public Key Cryptography.

[45]  Carles Padró,et al.  Improving the Linear Programming Technique in the Search for Lower Bounds in Secret Sharing , 2018, IEEE Transactions on Information Theory.

[46]  Giovanni Di Crescenzo,et al.  Multi-Secret Sharing Schemes , 1994, CRYPTO.

[47]  Amos Beimel,et al.  Degree-2 Secret Sharing and Conditional Disclosure of Secrets , 2021, IACR Cryptol. ePrint Arch..

[48]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[49]  Amos Beimel,et al.  Secret-Sharing Schemes for General and Uniform Access Structures , 2019, IACR Cryptol. ePrint Arch..

[50]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[51]  Eyal Kushilevitz,et al.  A zero-one law for Boolean privacy , 1989, STOC '89.

[52]  Carles Padró,et al.  Linear threshold multisecret sharing schemes , 2012, Inf. Process. Lett..

[53]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[54]  Anderson C. A. Nascimento,et al.  Oblivious Transfer Based on the McEliece Assumptions , 2008, ICITS.

[55]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[56]  Moni Naor,et al.  Computationally Secure Oblivious Transfer , 2004, Journal of Cryptology.

[57]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.