Constant-Rate Oblivious Transfer from Noisy Channels

A binary symmetric channel (BSC) is a noisy communication channel that flips each bit independently with some fixed error probability 0 < p < 1/2. Crepeau and Kilian (FOCS 1988) showed that oblivious transfer, and hence general secure two-party computation, can be unconditionally realized by communicating over a BSC. There has been a long line of works on improving the efficiency and generality of this construction. However, all known constructions that achieve security against malicious parties require the parties to communicate poly(k) bits over the channel for each instance of oblivious transfer (more precisely, (2/1)- bit-OT) being realized, where k is a statistical security parameter. The question of achieving a constant (positive) rate was left open, even in the easier case of realizing a single oblivious transfer of a long string. We settle this question in the affirmative by showing how to realize n independent instances of oblivious transfer, with statistical error that vanishes with n, by communicating just O(n) bits over a BSC. As a corollary, any boolean circuit of size s can be securely evaluated by two parties with O(s)+poly(k) bits of communication over a BSC, improving over the O(s) ċ poly(k) complexity of previous constructions.

[1]  Madhu Sudan,et al.  Highly Resilient Correctors for Polynomials , 1992, Inf. Process. Lett..

[2]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[3]  Gilles Brassard,et al.  All-or-Nothing Disclosure of Secrets , 1986, CRYPTO.

[4]  Anderson C. A. Nascimento,et al.  On the Oblivious Transfer Capacity of Noisy Correlations , 2006, 2006 IEEE International Symposium on Information Theory.

[5]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[6]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[7]  Claude Crépeau,et al.  Efficient Cryptographic Protocols Based on Noisy Channels , 1997, EUROCRYPT.

[8]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[9]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[10]  Rafail Ostrovsky,et al.  Extracting Correlations , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[11]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[12]  Hideki Imai,et al.  Efficient Oblivious Transfer Protocols Achieving a Non-zero Rate from Any Non-trivial Noisy Correlation , 2007, ICITS.

[13]  Yuval Ishai,et al.  OT-Combiners via Secure Computation , 2008, TCC.

[14]  Ignacio Cascudo,et al.  The Torsion-Limit for Algebraic Function Fields and Its Application to Arithmetic Secret Sharing , 2011, CRYPTO.

[15]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[16]  Severin Winkler,et al.  On the Efficiency of Classical and Quantum Oblivious Transfer Reductions , 2010, IACR Cryptol. ePrint Arch..

[17]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[18]  Ueli Maurer,et al.  Indistinguishability Amplification , 2007, CRYPTO.

[19]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[20]  Hideki Imai,et al.  Commitment Capacity of Discrete Memoryless Channels , 2003, IMACC.

[21]  Moni Naor,et al.  On Robust Combiners for Oblivious Transfer and Other Primitives , 2005, EUROCRYPT.

[22]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[23]  Shlomo Shamai,et al.  Information Theoretic Security , 2009, Found. Trends Commun. Inf. Theory.

[24]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[25]  Ueli Maurer,et al.  Perfect cryptographic security from partially independent channels , 1991, STOC '91.

[26]  Tal Rabin Advances in Cryptology - CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 2010. Proceedings , 2010, CRYPTO.

[27]  Yuval Ishai,et al.  Scalable Secure Multiparty Computation , 2006, CRYPTO.

[28]  C. Crepeau,et al.  "Efficient cryptographic protocols based on noisy channels," Advances in Cryptology-EUROCRYPT'97 , 1997 .

[29]  Rafail Ostrovsky,et al.  Zero-knowledge from secure multiparty computation , 2007, STOC '07.

[30]  Hao Chen,et al.  Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields , 2006, CRYPTO.

[31]  Joe Kilian More general completeness theorems for secure two-party computation , 2000, STOC '00.

[32]  Kirill Morozov,et al.  Efficient Unconditional Oblivious Transfer from Almost Any Noisy Channel , 2004, SCN.

[33]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[34]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[35]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[36]  Jürg Wullschleger,et al.  Error-Tolerant Combiners for Oblivious Primitives , 2008, ICALP.

[37]  Rudolf Ahlswede,et al.  On Oblivious Transfer Capacity , 2007, 2007 IEEE International Symposium on Information Theory.

[38]  Ivan Damgård,et al.  Unfair Noisy Channels and Oblivious Transfer , 2003, TCC.

[39]  Joe Kilian,et al.  Achieving oblivious transfer using weakened security assumptions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[40]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[41]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[42]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[43]  Stephen Wiesner,et al.  Conjugate coding , 1983, SIGA.

[44]  H. Stichtenoth,et al.  On the Asymptotic Behaviour of Some Towers of Function Fields over Finite Fields , 1996 .

[45]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[46]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[47]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[48]  Ivan Damgård,et al.  On the (Im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions , 1998, EUROCRYPT.

[49]  Jürg Wullschleger Oblivious Transfer from Weak Noisy Channels , 2009, TCC.

[50]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.