9 research outputs found
On the Oblivious Transfer Capacity of Generalized Erasure Channels against Malicious Adversaries
Noisy channels are a powerful resource for cryptography as they can be used
to obtain information-theoretically secure key agreement, commitment and
oblivious transfer protocols, among others. Oblivious transfer (OT) is a
fundamental primitive since it is complete for secure multi-party computation,
and the OT capacity characterizes how efficiently a channel can be used for
obtaining string oblivious transfer. Ahlswede and Csisz\'{a}r (\emph{ISIT'07})
presented upper and lower bounds on the OT capacity of generalized erasure
channels (GEC) against passive adversaries. In the case of GEC with erasure
probability at least 1/2, the upper and lower bounds match and therefore the OT
capacity was determined. It was later proved by Pinto et al. (\emph{IEEE Trans.
Inf. Theory 57(8)}) that in this case there is also a protocol against
malicious adversaries achieving the same lower bound, and hence the OT capacity
is identical for passive and malicious adversaries. In the case of GEC with
erasure probability smaller than 1/2, the known lower bound against passive
adversaries that was established by Ahlswede and Csisz\'{a}r does not match
their upper bound and it was unknown whether this OT rate could be achieved
against malicious adversaries as well. In this work we show that there is a
protocol against malicious adversaries achieving the same OT rate that was
obtained against passive adversaries.
In order to obtain our results we introduce a novel use of interactive
hashing that is suitable for dealing with the case of low erasure probability
()
Commitment and Oblivious Transfer in the Bounded Storage Model with Errors
The bounded storage model restricts the memory of an adversary in a
cryptographic protocol, rather than restricting its computational power, making
information theoretically secure protocols feasible. We present the first
protocols for commitment and oblivious transfer in the bounded storage model
with errors, i.e., the model where the public random sources available to the
two parties are not exactly the same, but instead are only required to have a
small Hamming distance between themselves. Commitment and oblivious transfer
protocols were known previously only for the error-free variant of the bounded
storage model, which is harder to realize
On the practical use of physical unclonable functions in oblivious transfer and bit commitment protocols
In recent years, PUF-based schemes have been suggested not only for the basic tasks of tamper-sensitive key storage or the identification of hardware systems, but also for more complex protocols like oblivious transfer (OT) or bit commitment (BC), both of which possess broad and diverse applications. In this paper, we continue this line of research. We first present an attack on two recent OT and BC protocols which have been introduced by Brzuska et al. (CRYPTO, LNCS 6841, pp 51–70, Springer 2011). The attack quadratically reduces the number of CRPs which malicious players must read out to cheat, and fully operates within the original communication model of Brzuska et al. (CRYPTO, LNCS 6841, pp 51–70, Springer 2011). In practice, this leads to insecure protocols when electrical PUFs with a medium challenge-length are used (e.g., 64 bits), or whenever optical PUFs are employed. These two PUF types are currently among the most popular designs of so-called Strong PUFs. Secondly, we show that the same attack applies to a recent OT protocol of Ostrovsky et al. (IACR Cryptol. ePrint Arch. 2012:143, 2012), leading to exactly the same consequences. Finally, we discuss countermeasures. We present a new OT protocol with better security properties, which utilizes interactive hashing as a substep and is based on an earlier protocol by Rührmair (TRUST, LNCS 6101, pp 430–440, Springer 2010). We then closely analyze its properties, including its security, security amplification, and practicality
Unconditional security from noisy quantum storage
We consider the implementation of two-party cryptographic primitives based on
the sole assumption that no large-scale reliable quantum storage is available
to the cheating party. We construct novel protocols for oblivious transfer and
bit commitment, and prove that realistic noise levels provide security even
against the most general attack. Such unconditional results were previously
only known in the so-called bounded-storage model which is a special case of
our setting. Our protocols can be implemented with present-day hardware used
for quantum key distribution. In particular, no quantum storage is required for
the honest parties.Comment: 25 pages (IEEE two column), 13 figures, v4: published version (to
appear in IEEE Transactions on Information Theory), including bit wise
min-entropy sampling. however, for experimental purposes block sampling can
be much more convenient, please see v3 arxiv version if needed. See
arXiv:0911.2302 for a companion paper addressing aspects of a practical
implementation using block samplin
Fair games against an all-powerful adversary
Suppose that a weak (polynomial time) device needs to interact over a clear channel with a strong (in nitely-powerful) and untrustworthy adversarial device. Assuming the existence of one-way functions, during this interaction (game) the in nitelypowerful device can encrypt and (computationally) hide information from the weak device. However,tokeep the game fair, the weak player must hide information from the in nitely-powerful player in the information-theoretic sense. Clearly, encryption in this case is useless, and other means must be used. In this paper, we show that under a general complexity assumption, this task is always possible to achieve. That is, we show that the weak player can play any polynomial length partial-information game (or secure protocol) with the strong player using any one-way function � we achieve this by implementing oblivious transfer protocol in this model. We also establish related impossibility results concerning oblivious transfer. In the proof of our main result, we present aninteractive-hashing technique which forces a polynomial-time player to choose two inputs in the range of a one-way function, one of which it cannot invert, while perfectly concealing which input is that one. This technique allows us to reduce the complexity assumptions and to simplify the cryptographic primitive ofgeneral secure computation protocols with informationtheoretic security to one player. We believe that the interactive-hashing is a technique of independent interest
Cryptography Based on Correlated Data: Foundations and Practice
Correlated data can be very useful in cryptography. For instance, if a uniformly random key is available to Alice and Bob, it can be used as an one-time pad to transmit a message with perfect security. With more elaborate forms of correlated data, the parties can achieve even more complex cryptographic tasks, such as secure multiparty computation. This thesis explores (from both a theoretical and a practical point of view) the topic of cryptography based on correlated data