Endemic Oblivious Transfer

Oblivious Transfer has played a crucial role in the design of secure multi party computation. Nevertheless, there are not many practical solutions that achieve simulation based security and at the same time instantiable based on different assumptions. In this work, we consider a simulation based security notion that we call endemic security. We show how to construct highly efficient oblivious transfer in the random oracle model that achieves endemic security under a wide range of assumptions, among them DDH, CDH, LWE and coding based assumptions. We construct a secure oblivious transfer based on DDH that takes only a single communication round which allows significant performance gains. We also instantiate our oblivious transfer with the Crystals.Kyber key agreement. Our implementation shows that both instantiations can be computed in under one millisecond. Further, we revisit, correct and improve existing oblivious transfer extension techniques. We provide an implementation of an oblivious transfer extension protocol in the ideal cipher model that is actively secure, processing up to 23 million OTs per second and up to 10 times faster than previous secure implementations. We also show that our framework can compute endemically secure OT extension and the base OTs in just two rounds.

[1]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[2]  Yehuda Lindell,et al.  More Efficient Oblivious Transfer Extensions , 2017, Journal of Cryptology.

[3]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[4]  Fabrice Benhamouda,et al.  k-Round Multiparty Computation from k-Round Oblivious Transfer via Garbled Interactive Circuits , 2018, EUROCRYPT.

[5]  Jonathan Katz,et al.  Efficient and Secure Multiparty Computation from Fixed-Key Block Ciphers , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[6]  Rafail Ostrovsky,et al.  Round-Optimal Black-Box Two-Party Computation , 2015, CRYPTO.

[7]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[9]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[10]  Arpita Patra,et al.  Fast and Universally-Composable Oblivious Transfer and Commitment Scheme with Adaptive Security , 2017, IACR Cryptol. ePrint Arch..

[11]  Damien Stehlé,et al.  CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM , 2017, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[12]  Julian Loss,et al.  Efficient and Universally Composable Protocols for Oblivious Transfer from the CDH Assumption , 2017, IACR Cryptol. ePrint Arch..

[13]  Emmanuela Orsini,et al.  Actively Secure 1-out-of-N OT Extension with Application to Private Set Intersection , 2017, CT-RSA.

[14]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[15]  Donald Beaver,et al.  Correlated pseudorandomness and the complexity of private computations , 1996, STOC '96.

[16]  Yuval Ishai,et al.  Two-Round MPC: Information-Theoretic and Black-Box , 2018, IACR Cryptol. ePrint Arch..

[17]  Sanjam Garg,et al.  Two-round Multiparty Secure Computation from Minimal Assumptions , 2018, IACR Cryptol. ePrint Arch..

[18]  Peter Rindal,et al.  Improved Private Set Intersection Against Malicious Adversaries , 2017, EUROCRYPT.

[19]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[20]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[21]  Alex J. Malozemoff,et al.  Efficiently Enforcing Input Validity in Secure Two-party Computation , 2016, IACR Cryptol. ePrint Arch..

[22]  Rudolf Ahlswede,et al.  Founding Cryptography on Oblivious Transfer , 2016 .

[23]  Abhi Shelat,et al.  Secure Two-party Threshold ECDSA from ECDSA Assumptions , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[24]  Daniele Venturi,et al.  Secure Multi-Party Computation from Strongly Uniform Key Agreement , 2018, IACR Cryptol. ePrint Arch..

[25]  Silvio Micali,et al.  Non-Interactive Oblivious Transfer and Spplications , 1989, CRYPTO.

[26]  Paulo S. L. M. Barreto,et al.  A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM , 2017, IACR Cryptol. ePrint Arch..

[27]  Marcel Keller,et al.  Actively Secure OT Extension with Optimal Overhead , 2015, CRYPTO.

[28]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[29]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[30]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[31]  Yehuda Lindell,et al.  More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries , 2015, IACR Cryptol. ePrint Arch..

[32]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[33]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[34]  Sampath Kannan,et al.  The relationship between public key encryption and oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[35]  Yehuda Lindell,et al.  A Simpler Variant of Universally Composable Security for Standard Multiparty Computation , 2015, CRYPTO.

[36]  Peter Rindal,et al.  Malicious-Secure Private Set Intersection via Dual Execution , 2017, CCS.

[37]  Claudio Orlandi,et al.  The Simplest Protocol for Oblivious Transfer , 2015, IACR Cryptol. ePrint Arch..

[38]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[39]  Jeroen van de Graaf,et al.  Committed Oblivious Transfer and Private Multi-Party Computation , 1995, CRYPTO.

[40]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[41]  Robert S. Winternitz A Secure One-Way Hash Function Built from DES , 1984, 1984 IEEE Symposium on Security and Privacy.

[42]  Rafail Ostrovsky,et al.  Efficient Non-interactive Secure Computation , 2011, EUROCRYPT.

[43]  Zvika Brakerski,et al.  Two-Message Statistical Sender-Private OT from LWE , 2018, IACR Cryptol. ePrint Arch..

[44]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.