175 research outputs found
Commitment and Oblivious Transfer in the Bounded Storage Model with Errors
The bounded storage model restricts the memory of an adversary in a
cryptographic protocol, rather than restricting its computational power, making
information theoretically secure protocols feasible. We present the first
protocols for commitment and oblivious transfer in the bounded storage model
with errors, i.e., the model where the public random sources available to the
two parties are not exactly the same, but instead are only required to have a
small Hamming distance between themselves. Commitment and oblivious transfer
protocols were known previously only for the error-free variant of the bounded
storage model, which is harder to realize
Unconditional security from noisy quantum storage
We consider the implementation of two-party cryptographic primitives based on
the sole assumption that no large-scale reliable quantum storage is available
to the cheating party. We construct novel protocols for oblivious transfer and
bit commitment, and prove that realistic noise levels provide security even
against the most general attack. Such unconditional results were previously
only known in the so-called bounded-storage model which is a special case of
our setting. Our protocols can be implemented with present-day hardware used
for quantum key distribution. In particular, no quantum storage is required for
the honest parties.Comment: 25 pages (IEEE two column), 13 figures, v4: published version (to
appear in IEEE Transactions on Information Theory), including bit wise
min-entropy sampling. however, for experimental purposes block sampling can
be much more convenient, please see v3 arxiv version if needed. See
arXiv:0911.2302 for a companion paper addressing aspects of a practical
implementation using block samplin
On the practical use of physical unclonable functions in oblivious transfer and bit commitment protocols
In recent years, PUF-based schemes have been suggested not only for the basic tasks of tamper-sensitive key storage or the identification of hardware systems, but also for more complex protocols like oblivious transfer (OT) or bit commitment (BC), both of which possess broad and diverse applications. In this paper, we continue this line of research. We first present an attack on two recent OT and BC protocols which have been introduced by Brzuska et al. (CRYPTO, LNCS 6841, pp 51–70, Springer 2011). The attack quadratically reduces the number of CRPs which malicious players must read out to cheat, and fully operates within the original communication model of Brzuska et al. (CRYPTO, LNCS 6841, pp 51–70, Springer 2011). In practice, this leads to insecure protocols when electrical PUFs with a medium challenge-length are used (e.g., 64 bits), or whenever optical PUFs are employed. These two PUF types are currently among the most popular designs of so-called Strong PUFs. Secondly, we show that the same attack applies to a recent OT protocol of Ostrovsky et al. (IACR Cryptol. ePrint Arch. 2012:143, 2012), leading to exactly the same consequences. Finally, we discuss countermeasures. We present a new OT protocol with better security properties, which utilizes interactive hashing as a substep and is based on an earlier protocol by Rührmair (TRUST, LNCS 6101, pp 430–440, Springer 2010). We then closely analyze its properties, including its security, security amplification, and practicality
On the Oblivious Transfer Capacity of Generalized Erasure Channels against Malicious Adversaries
Noisy channels are a powerful resource for cryptography as they can be used
to obtain information-theoretically secure key agreement, commitment and
oblivious transfer protocols, among others. Oblivious transfer (OT) is a
fundamental primitive since it is complete for secure multi-party computation,
and the OT capacity characterizes how efficiently a channel can be used for
obtaining string oblivious transfer. Ahlswede and Csisz\'{a}r (\emph{ISIT'07})
presented upper and lower bounds on the OT capacity of generalized erasure
channels (GEC) against passive adversaries. In the case of GEC with erasure
probability at least 1/2, the upper and lower bounds match and therefore the OT
capacity was determined. It was later proved by Pinto et al. (\emph{IEEE Trans.
Inf. Theory 57(8)}) that in this case there is also a protocol against
malicious adversaries achieving the same lower bound, and hence the OT capacity
is identical for passive and malicious adversaries. In the case of GEC with
erasure probability smaller than 1/2, the known lower bound against passive
adversaries that was established by Ahlswede and Csisz\'{a}r does not match
their upper bound and it was unknown whether this OT rate could be achieved
against malicious adversaries as well. In this work we show that there is a
protocol against malicious adversaries achieving the same OT rate that was
obtained against passive adversaries.
In order to obtain our results we introduce a novel use of interactive
hashing that is suitable for dealing with the case of low erasure probability
()
Cryptography in the Bounded-Quantum-Storage Model
This thesis initiates the study of cryptographic protocols in the
bounded-quantum-storage model. On the practical side, simple protocols for
Rabin Oblivious Transfer, 1-2 Oblivious Transfer and Bit Commitment are
presented. No quantum memory is required for honest players, whereas the
protocols can only be broken by an adversary controlling a large amount of
quantum memory. The protocols are efficient, non-interactive and can be
implemented with today's technology.
On the theoretical side, new entropic uncertainty relations involving
min-entropy are established and used to prove the security of protocols
according to new strong security definitions. For instance, in the realistic
setting of Quantum Key Distribution (QKD) against quantum-memory-bounded
eavesdroppers, the uncertainty relation allows to prove the security of QKD
protocols while tolerating considerably higher error rates compared to the
standard model with unbounded adversaries.Comment: PhD Thesis, BRICS, University of Aarhus, Denmark, 128 page
Quantum oblivious transfer: a short review
Quantum cryptography is the field of cryptography that explores the quantum
properties of matter. Its aim is to develop primitives beyond the reach of
classical cryptography or to improve on existing classical implementations.
Although much of the work in this field is dedicated to quantum key
distribution (QKD), some important steps were made towards the study and
development of quantum oblivious transfer (QOT). It is possible to draw a
comparison between the application structure of both QKD and QOT primitives.
Just as QKD protocols allow quantum-safe communication, QOT protocols allow
quantum-safe computation. However, the conditions under which QOT is actually
quantum-safe have been subject to a great amount of scrutiny and study. In this
review article, we survey the work developed around the concept of oblivious
transfer in the area of theoretical quantum cryptography, with an emphasis on
some proposed protocols and their security requirements. We review the
impossibility results that daunt this primitive and discuss several quantum
security models under which it is possible to prove QOT security.Comment: 40 pages, 14 figure
A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM
Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a
number of applications, in particular, as an essential building block for
two-party and multi-party computation. We construct a round-optimal (2 rounds)
universally composable (UC) protocol for oblivious transfer secure against
active adaptive adversaries from any OW-CPA secure public-key encryption scheme
with certain properties in the random oracle model (ROM). In terms of
computation, our protocol only requires the generation of a public/secret-key
pair, two encryption operations and one decryption operation, apart from a few
calls to the random oracle. In~terms of communication, our protocol only
requires the transfer of one public-key, two ciphertexts, and three binary
strings of roughly the same size as the message. Next, we show how to
instantiate our construction under the low noise LPN, McEliece, QC-MDPC, LWE,
and CDH assumptions. Our instantiations based on the low noise LPN, McEliece,
and QC-MDPC assumptions are the first UC-secure OT protocols based on coding
assumptions to achieve: 1) adaptive security, 2) optimal round complexity, 3)
low communication and computational complexities. Previous results in this
setting only achieved static security and used costly cut-and-choose
techniques.Our instantiation based on CDH achieves adaptive security at the
small cost of communicating only two more group elements as compared to the
gap-DH based Simplest OT protocol of Chou and Orlandi (Latincrypt 15), which
only achieves static security in the ROM
- …