Oblivious Transfer from Trapdoor Permutations in Minimal Rounds

Oblivious transfer (OT) is a foundational primitive within cryptography owing to its connection with secure computation. One of the oldest constructions of oblivious transfer was from certified trapdoor permutations (TDPs). However several decades later, we do not know if a similar construction can be obtained from TDPs in general. In this work, we study the problem of constructing round optimal oblivious transfer from trapdoor permutations. In particular, we obtain the following new results (in the plain model) relying on TDPs in a black-box manner: – Three-round oblivious transfer protocol that guarantees indistinguishability-security against malicious senders (and semi-honest receivers). – Four-round oblivious transfer protocol secure against malicious adversaries with black-box simulation-based security. By combining our second result with an already known compiler we obtain the first roundoptimal 2-party computation protocol that relies in a black-box way on TDPs. A key technical tool underlying our results is a new primitive we call dual witness encryption (DWE) that may be of independent interest.

[1]  Gilles Brassard,et al.  Oblivious transfers and intersecting codes , 1996, IEEE Trans. Inf. Theory.

[2]  Iordanis Kerenidis,et al.  Interactive and Noninteractive Zero Knowledge are Equivalent in the Help Model , 2008, TCC.

[3]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[4]  Rafail Ostrovsky,et al.  Round-Optimal Black-Box Two-Party Computation , 2015, CRYPTO.

[5]  Moti Yung,et al.  Certifying Cryptographic Tools: The Case of Trapdoor Permutations , 1992, CRYPTO.

[6]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[7]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[8]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[9]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[10]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[11]  Sanjam Garg,et al.  The Exact Round Complexity of Secure Computation , 2016, EUROCRYPT.

[12]  Rafail Ostrovsky,et al.  Round-Optimal Secure Two-Party Computation from Trapdoor Permutations , 2017, IACR Cryptol. ePrint Arch..

[13]  Ron Rothblum,et al.  Fiat-Shamir: from practice to theory , 2019, STOC.

[14]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[15]  Rafail Ostrovsky,et al.  Round-Optimal Secure Two-Party Computation , 2004, CRYPTO.

[16]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[17]  Daniele Venturi,et al.  A Black-Box Construction of Fully-Simulatable, Round-Optimal Oblivious Transfer from Strongly Uniform Key Agreement , 2019, TCC.

[18]  Leonid Reyzin,et al.  Efficient Noninteractive Certification of RSA Moduli and Beyond , 2019, ASIACRYPT.

[19]  Rafail Ostrovsky,et al.  Fair Games against an All-Powerful Adversary , 1990, Advances In Computational Complexity Theory.

[20]  Moni Naor,et al.  On Robust Combiners for Oblivious Transfer and Other Primitives , 2005, EUROCRYPT.

[21]  Oded Goldreich,et al.  Computational complexity: a conceptual perspective , 2008, SIGA.

[22]  Rudolf Ahlswede,et al.  Founding Cryptography on Oblivious Transfer , 2016 .

[23]  Eike Kiltz,et al.  Certifying RSA , 2012, ASIACRYPT.

[24]  Daniele Venturi,et al.  On Adaptive Security of Delayed-Input Sigma Protocols and Fiat-Shamir NIZKs , 2020, IACR Cryptol. ePrint Arch..

[25]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[26]  Rafail Ostrovsky,et al.  Round Optimal Secure Multiparty Computation from Minimal Assumptions , 2020, TCC.

[27]  Oded Goldreich Basing Non-Interactive Zero-Knowledge on (Enhanced) Trapdoor Permutations: The State of the Art , 2011, Studies in Complexity and Cryptography.

[28]  Ron Rothblum,et al.  Enhancements of Trapdoor Permutations , 2012, Journal of Cryptology.

[29]  Rafail Ostrovsky,et al.  Efficient Non-interactive Secure Computation , 2011, EUROCRYPT.

[30]  Yehuda Lindell Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, CRYPTO.

[31]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[32]  Fabrice Benhamouda,et al.  k-Round Multiparty Computation from k-Round Oblivious Transfer via Garbled Interactive Circuits , 2018, EUROCRYPT.

[33]  Akshayaram Srinivasan,et al.  Round-Optimal Secure Multiparty Computation from Minimal Assumptions , 2020 .

[34]  Rafail Ostrovsky,et al.  Impossibility Results for Static Input Secure Computation , 2012, IACR Cryptol. ePrint Arch..

[35]  Ran Canetti,et al.  Certifying Trapdoor Permutations, Revisited , 2018, IACR Cryptol. ePrint Arch..

[36]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[37]  Rafail Ostrovsky,et al.  Perfect zero-knowledge in constant rounds , 1990, STOC '90.

[38]  Ivan Damgård,et al.  On the Communication Required for Unconditionally Secure Multiplication , 2016, CRYPTO.

[39]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[40]  Rafail Ostrovsky,et al.  Fair Games against an All-Powerful Adversary , 1990, Advances In Computational Complexity Theory.

[41]  Iftach Haitner,et al.  Implementing Oblivious Transfer Using Collection of Dense Trapdoor Permutations , 2004, TCC.

[42]  Rafail Ostrovsky,et al.  Resettable Statistical Zero Knowledge , 2012, IACR Cryptol. ePrint Arch..