34 research outputs found
On the Oblivious Transfer Capacity of the Degraded Wiretapped Binary Erasure Channel
We study oblivious transfer (OT) between Alice and Bob in the presence of an
eavesdropper Eve over a degraded wiretapped binary erasure channel from Alice
to Bob and Eve. In addition to the privacy goals of oblivious transfer between
Alice and Bob, we require privacy of Alice and Bob's private data from Eve. In
previous work we derived the OT capacity (in the honest-but-curious model) of
the wiretapped binary independent erasure channel where the erasure processes
of Bob and Eve are independent. Here we derive a lower bound on the OT capacity
in the same secrecy model when the wiretapped binary erasure channel is
degraded in favour of Bob.Comment: To be presented at the IEEE International Symposium on Information
Theory (ISIT 2015), Hong Kon
The Oblivious Transfer Capacity of the Wiretapped Binary Erasure Channel
We consider oblivious transfer between Alice and Bob in the presence of an
eavesdropper Eve when there is a broadcast channel from Alice to Bob and Eve.
In addition to the secrecy constraints of Alice and Bob, Eve should not learn
the private data of Alice and Bob. When the broadcast channel consists of two
independent binary erasure channels, we derive the oblivious transfer capacity
for both 2-privacy (where the eavesdropper may collude with either party) and
1-privacy (where there are no collusions).Comment: This is an extended version of the paper "The Oblivious Transfer
Capacity of the Wiretapped Binary Erasure Channel" to be presented at ISIT
201
An Elementary Completeness Proof for Secure Two-Party Computation Primitives
In the secure two-party computation problem, two parties wish to compute a
(possibly randomized) function of their inputs via an interactive protocol,
while ensuring that neither party learns more than what can be inferred from
only their own input and output. For semi-honest parties and
information-theoretic security guarantees, it is well-known that, if only
noiseless communication is available, only a limited set of functions can be
securely computed; however, if interaction is also allowed over general
communication primitives (multi-input/output channels), there are "complete"
primitives that enable any function to be securely computed. The general set of
complete primitives was characterized recently by Maji, Prabhakaran, and
Rosulek leveraging an earlier specialized characterization by Kilian. Our
contribution in this paper is a simple, self-contained, alternative derivation
using elementary information-theoretic tools.Comment: 6 pages, extended version of ITW 2014 pape
A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM
Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a
number of applications, in particular, as an essential building block for
two-party and multi-party computation. We construct a round-optimal (2 rounds)
universally composable (UC) protocol for oblivious transfer secure against
active adaptive adversaries from any OW-CPA secure public-key encryption scheme
with certain properties in the random oracle model (ROM). In terms of
computation, our protocol only requires the generation of a public/secret-key
pair, two encryption operations and one decryption operation, apart from a few
calls to the random oracle. In~terms of communication, our protocol only
requires the transfer of one public-key, two ciphertexts, and three binary
strings of roughly the same size as the message. Next, we show how to
instantiate our construction under the low noise LPN, McEliece, QC-MDPC, LWE,
and CDH assumptions. Our instantiations based on the low noise LPN, McEliece,
and QC-MDPC assumptions are the first UC-secure OT protocols based on coding
assumptions to achieve: 1) adaptive security, 2) optimal round complexity, 3)
low communication and computational complexities. Previous results in this
setting only achieved static security and used costly cut-and-choose
techniques.Our instantiation based on CDH achieves adaptive security at the
small cost of communicating only two more group elements as compared to the
gap-DH based Simplest OT protocol of Chou and Orlandi (Latincrypt 15), which
only achieves static security in the ROM
On the Composability of Statistically Secure Random Oblivious Transfer
We show that random oblivious transfer protocols that are statistically secure according to a definition based on a list of information-theoretical properties are also statistically universally composable. That is, they are simulatable secure with an unlimited adversary, an unlimited simulator, and an unlimited environment machine. Our result implies that several previous oblivious transfer protocols in the literature that were proven secure under weaker, non-composable definitions of security can actually be used in arbitrary statistically secure applications without lowering the security