Achieving Oblivious Transfer Capacity of Generalized Erasure Channels in the Malicious Model

Information-theoretically secure string oblivious transfer (OT) can be constructed based on discrete memoryless channel (DMC). The oblivious transfer capacity of a channel characterizes - similarly to the (standard) information capacity - how efficiently it can be exploited for secure oblivious transfer of strings. The OT capacity of a generalized erasure channel (GEC) - which is a combination of a (general) DMC with the erasure channel - has been established by Ahlswede and Csizar at ISIT'07 in the case of passive adversaries. In this paper, we present the protocol that achieves this capacity against malicious adversaries for GEC with erasure probability at least 1/2. Our construction is based on the protocol of Crepeau and Savvides from Eurocrypt'06 which uses interactive hashing (IH). We solve an open question posed by the above paper, by basing it upon a constant round IH scheme (previously proposed by Ding et al. at TCC'04). As a side result, we show that the Ding et al. IH protocol can deal with transmission errors.

[1]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[2]  W. Marsden I and J , 2012 .

[3]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[4]  Ronen Shaltiel,et al.  Constant-Round Oblivious Transfer in the Bounded Storage Model , 2004, Journal of Cryptology.

[5]  George Savvides,et al.  Interactive hashing and reductions between oblivious transfer variants , 2007 .

[6]  Thomas M. Cover,et al.  Enumerative source encoding , 1973, IEEE Trans. Inf. Theory.

[7]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[8]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[9]  L. Fortnow,et al.  Recent Developments in Explicit Constructions of Extractors , 2002, Bull. EATCS.

[10]  Claude Crépeau,et al.  Efficient Cryptographic Protocols Based on Noisy Channels , 1997, EUROCRYPT.

[11]  Joe Kilian,et al.  Achieving Oblivious Transfer Using Weakened Security Assumptions (Extended Abstract) , 1988, FOCS 1988.

[12]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[13]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[14]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[15]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[16]  Hideki Imai,et al.  On the Oblivious Transfer Capacity of the Erasure Channel , 2006, 2006 IEEE International Symposium on Information Theory.

[17]  Kirill Morozov,et al.  Efficient Unconditional Oblivious Transfer from Almost Any Noisy Channel , 2004, SCN.

[18]  Moni Naor,et al.  Derandomized Constructions of k-Wise (Almost) Independent Permutations , 2005, Algorithmica.

[19]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[20]  Claude Crépeau,et al.  Optimal Reductions Between Oblivious Transfers Using Interactive Hashing , 2006, EUROCRYPT.

[21]  Claude Cripeaut Equivalence Between Two Flavours of Oblivious Transfers , 1988 .

[22]  W. T. Gowers An Almost m-wise Independent Random Permutation of the Cube , 1996, Combinatorics, Probability and Computing.

[23]  Ronen Shaltiel,et al.  Constant-Round Oblivious Transfer in the Bounded Storage Model , 2006, Journal of Cryptology.

[24]  Hideki Imai,et al.  Commitment Capacity of Discrete Memoryless Channels , 2003, IMACC.

[25]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[26]  Rafail Ostrovsky,et al.  Fair Games against an All-Powerful Adversary , 1990, Advances In Computational Complexity Theory.

[27]  Jaikumar Radhakrishnan,et al.  Bounds for Dispersers, Extractors, and Depth-Two Superconcentrators , 2000, SIAM J. Discret. Math..

[28]  Anderson C. A. Nascimento,et al.  On the Oblivious-Transfer Capacity of Noisy Resources , 2008, IEEE Transactions on Information Theory.

[29]  Claude Crépeau,et al.  Oblivious transfer with a memory-bounded receiver , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[30]  Stefan Wolf,et al.  Efficient oblivious transfer from any non-trivial binary-symmetric channel , 2002, Proceedings IEEE International Symposium on Information Theory,.

[31]  Rudolf Ahlswede,et al.  On Oblivious Transfer Capacity , 2007, 2007 IEEE International Symposium on Information Theory.

[32]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[33]  Rafail Ostrovsky,et al.  Perfect Zero-Knowledge Arguments for NP Using Any One-Way Permutation , 1998, Journal of Cryptology.

[34]  Claude Crépeau,et al.  Equivalence Between Two Flavours of Oblivious Transfers , 1987, CRYPTO.

[35]  Joe Kilian,et al.  Achieving oblivious transfer using weakened security assumptions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[36]  Toby Berger,et al.  Review of Information Theory: Coding Theorems for Discrete Memoryless Systems (Csiszár, I., and Körner, J.; 1981) , 1984, IEEE Trans. Inf. Theory.

[37]  Kirill Morozov,et al.  Generalized Oblivious Transfer Protocols Based on Noisy Channels , 2001, MMM-ACNS.

[38]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[39]  Jeroen van de Graaf,et al.  Committed Oblivious Transfer and Private Multi-Party Computation , 1995, CRYPTO.

[40]  Stephen Wiesner,et al.  Conjugate coding , 1983, SIGA.

[41]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[42]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[43]  H. Chernoff A Measure of Asymptotic Efficiency for Tests of a Hypothesis Based on the sum of Observations , 1952 .

[44]  Ueli Maurer,et al.  Secret key agreement by public discussion , 1993 .

[45]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[46]  Leonid A. Levin,et al.  Pseudo-random Generation from one-way functions (Extended Abstracts) , 1989, STOC 1989.

[47]  Claude Crépeau,et al.  Statistical Security Conditions for Two-Party Secure Function Evaluation , 2008, ICITS.