ROTed: Random Oblivious Transfer for embedded devices

Oblivious Transfer (OT) is a fundamental primitive in cryptography, supporting protocols such as Multi-Party Computation and Private Set Intersection (PSI), that are used in applications like contact discovery, remote diagnosis and contact tracing. Due to its fundamental nature, it is utterly important that its execution is secure even if arbitrarily composed with other instances of the same, or other protocols. This property can be guaranteed by proving its security under the Universal Composability model. Herein, a 3-round Random Oblivious Transfer (ROT) protocol is proposed, which achieves high computational efficiency, in the Random Oracle Model. The security of the protocol is based on the Ring Learning With Errors assumption (for which no quantum solver is known). ROT is the basis for OT extensions and, thus, achieves wide applicability, without the overhead of compiling ROTs from OTs. Finally, the protocol is implemented in a server-class Intel processor and four application-class ARM processors, all with different architectures. The usage of vector instructions provides on average a 40% speedup. The implementation shows that our proposal is at least one order of magnitude faster than the state-of-the-art, and is suitable for a wide range of applications in embedded systems, IoT, desktop, and servers. From a memory footprint perspective, there is a small increase (16%) when compared to the state-of-the-art. This increase is marginal and should not prevent the usage of the proposed protocol in a multitude of devices. In sum, the proposal achieves up to 37k ROTs/s in an Intel server-class processor and up to 5k ROTs/s in an ARM application-class processor. A PSI application, using the proposed ROT, is up to 6.6 times faster than related art.

[1]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[2]  Claudio Orlandi,et al.  The Simplest Protocol for Oblivious Transfer , 2015, IACR Cryptol. ePrint Arch..

[3]  Julian Loss,et al.  Efficient and Universally Composable Protocols for Oblivious Transfer from the CDH Assumption , 2017, IACR Cryptol. ePrint Arch..

[4]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[5]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[6]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[7]  Benny Pinkas,et al.  PSI from PaXoS: Fast, Malicious Private Set Intersection , 2020, IACR Cryptol. ePrint Arch..

[8]  Jakob Jonsson,et al.  PKCS #1: RSA Cryptography Specifications Version 2.2 , 2016, RFC.

[9]  Elaine B. Barker,et al.  Recommendation for Random Number Generation Using Deterministic Random Bit Generators , 2007 .

[10]  Benny Pinkas,et al.  SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension , 2019, IACR Cryptol. ePrint Arch..

[11]  Jintai Ding,et al.  A Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Problem , 2012, IACR Cryptol. ePrint Arch..

[12]  Moritz Schubotz,et al.  A First Step Towards Content Protecting Plagiarism Detection , 2020, JCDL.

[13]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[14]  Jintai Ding,et al.  A Framework for Universally Composable Oblivious Transfer from One-Round Key-Exchange , 2019, IACR Cryptol. ePrint Arch..

[15]  Peter Rindal,et al.  PIR-PSI: Scaling Private Contact Discovery , 2018, IACR Cryptol. ePrint Arch..

[16]  Moti Yung,et al.  On Deploying Secure Computing: Private Intersection-Sum-with-Cardinality , 2020, 2020 IEEE European Symposium on Security and Privacy (EuroS&P).

[17]  Peter Rindal,et al.  Endemic Oblivious Transfer , 2019, IACR Cryptol. ePrint Arch..

[18]  Ran Canetti,et al.  Blazing Fast OT for Three-Round UC OT Extension , 2020, IACR Cryptol. ePrint Arch..

[19]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[20]  Vitaly Shmatikov,et al.  Privacy-preserving remote diagnostics , 2007, CCS '07.

[21]  Frederik Vercauteren,et al.  Efficient software implementation of ring-LWE encryption , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[22]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[23]  Phillipp Schoppmann,et al.  Asymmetric Private Set Intersection with Applications to Contact Tracing and Private Vertical Federated Machine Learning , 2020, ArXiv.

[24]  Paulo S. L. M. Barreto,et al.  A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM , 2017, IACR Cryptol. ePrint Arch..

[25]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[26]  Leonel Sousa,et al.  Software Emulation of Quantum Resistant Trusted Platform Modules , 2020, ICETE.

[27]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[28]  Emmanuela Orsini,et al.  TinyKeys: A New Approach to Efficient Multi-Party Computation , 2018, IACR Cryptol. ePrint Arch..

[29]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.

[30]  Emmanuela Orsini,et al.  Actively Secure 1-out-of-N OT Extension with Application to Private Set Intersection , 2017, CT-RSA.

[31]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[32]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.