Oblivious Transfer via McEliece's PKC and Permuted Kernels

We present two efficient protocols for two flavors of oblivious transfer (OT): the Rabin and 1-out-of-2 OT using the McEliece cryptosystem and Shamir’s zero-knowledge identification scheme based on permuted kernels. This is a step towards diversifying computational assumptions on which OT – the primitive of central importance – can be based. Although we obtain a weak version of Rabin OT (where the malicious receiver may decrease his erasure probability), it can nevertheless be reduced to secure 1-out-of-2 OT. Elaborating on the first protocol, we provide a practical construction for

[1]  Guillaume Poupard A realistic security analysis of identification schemes based on combinatorial problems , 1997, Eur. Trans. Telecommun..

[2]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[3]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[4]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[5]  Stephen Wiesner,et al.  Conjugate coding , 1983, SIGA.

[6]  Iftach Haitner,et al.  Implementing Oblivious Transfer Using Collection of Dense Trapdoor Permutations , 2004, TCC.

[7]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[8]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[9]  Nicolas Sendrier,et al.  On the Security of the McEliece Public-Key Cryptosystem , 2002 .

[10]  Matthieu Finiasz,et al.  How to Achieve a McEliece-Based Digital Signature Scheme , 2001, ASIACRYPT.

[11]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[12]  Claude Crépeau,et al.  Equivalence Between Two Flavours of Oblivious Transfers , 1987, CRYPTO.

[13]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[14]  Anne Canteaut,et al.  A New Algorithm for Finding Minimum-Weight Words in a Linear Code: Application to McEliece’s Cryptosystem and to Narrow-Sense BCH Codes of Length , 1998 .

[15]  Adi Shamir,et al.  An Efficient Identification Scheme Based on Permuted Kernels (Extended Abstract) , 1989, CRYPTO.

[16]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[17]  P. Gaborit,et al.  Identity-based identification and signature schemes using correcting codes , 2007 .

[18]  Pierre-Louis Cayrel,et al.  Identity-Based Identification and Signature Schemes using Error Correcting Codes , 2009, Identity-Based Cryptography.

[19]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[20]  Silvio Micali,et al.  Non-Interactive Oblivious Transfer and Spplications , 1989, CRYPTO.

[21]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[22]  Kazukuni Kobara,et al.  Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC , 2001, Public Key Cryptography.

[23]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometry codes , 1999, IEEE Trans. Inf. Theory.

[24]  Nicolas Sendrier,et al.  Finding the permutation between equivalent linear codes: The support splitting algorithm , 2000, IEEE Trans. Inf. Theory.

[25]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.