26,598 research outputs found
On the Oblivious Transfer Capacity of the Degraded Wiretapped Binary Erasure Channel
We study oblivious transfer (OT) between Alice and Bob in the presence of an
eavesdropper Eve over a degraded wiretapped binary erasure channel from Alice
to Bob and Eve. In addition to the privacy goals of oblivious transfer between
Alice and Bob, we require privacy of Alice and Bob's private data from Eve. In
previous work we derived the OT capacity (in the honest-but-curious model) of
the wiretapped binary independent erasure channel where the erasure processes
of Bob and Eve are independent. Here we derive a lower bound on the OT capacity
in the same secrecy model when the wiretapped binary erasure channel is
degraded in favour of Bob.Comment: To be presented at the IEEE International Symposium on Information
Theory (ISIT 2015), Hong Kon
A New Upperbound for the Oblivious Transfer Capacity of Discrete Memoryless Channels
We derive a new upper bound on the string oblivious transfer capacity of
discrete memoryless channels. The main tool we use is the tension region of a
pair of random variables introduced in Prabhakaran and Prabhakaran (2014) where
it was used to derive upper bounds on rates of secure sampling in the source
model. In this paper, we consider secure computation of string oblivious
transfer in the channel model. Our bound is based on a monotonicity property of
the tension region in the channel model. We show that our bound strictly
improves upon the upper bound of Ahlswede and Csisz\'ar (2013).Comment: 7 pages, 3 figures, extended version of submission to IEEE
Information Theory Workshop, 201
On the Oblivious Transfer Capacity of Generalized Erasure Channels against Malicious Adversaries
Noisy channels are a powerful resource for cryptography as they can be used
to obtain information-theoretically secure key agreement, commitment and
oblivious transfer protocols, among others. Oblivious transfer (OT) is a
fundamental primitive since it is complete for secure multi-party computation,
and the OT capacity characterizes how efficiently a channel can be used for
obtaining string oblivious transfer. Ahlswede and Csisz\'{a}r (\emph{ISIT'07})
presented upper and lower bounds on the OT capacity of generalized erasure
channels (GEC) against passive adversaries. In the case of GEC with erasure
probability at least 1/2, the upper and lower bounds match and therefore the OT
capacity was determined. It was later proved by Pinto et al. (\emph{IEEE Trans.
Inf. Theory 57(8)}) that in this case there is also a protocol against
malicious adversaries achieving the same lower bound, and hence the OT capacity
is identical for passive and malicious adversaries. In the case of GEC with
erasure probability smaller than 1/2, the known lower bound against passive
adversaries that was established by Ahlswede and Csisz\'{a}r does not match
their upper bound and it was unknown whether this OT rate could be achieved
against malicious adversaries as well. In this work we show that there is a
protocol against malicious adversaries achieving the same OT rate that was
obtained against passive adversaries.
In order to obtain our results we introduce a novel use of interactive
hashing that is suitable for dealing with the case of low erasure probability
()
Unconditional security from noisy quantum storage
We consider the implementation of two-party cryptographic primitives based on
the sole assumption that no large-scale reliable quantum storage is available
to the cheating party. We construct novel protocols for oblivious transfer and
bit commitment, and prove that realistic noise levels provide security even
against the most general attack. Such unconditional results were previously
only known in the so-called bounded-storage model which is a special case of
our setting. Our protocols can be implemented with present-day hardware used
for quantum key distribution. In particular, no quantum storage is required for
the honest parties.Comment: 25 pages (IEEE two column), 13 figures, v4: published version (to
appear in IEEE Transactions on Information Theory), including bit wise
min-entropy sampling. however, for experimental purposes block sampling can
be much more convenient, please see v3 arxiv version if needed. See
arXiv:0911.2302 for a companion paper addressing aspects of a practical
implementation using block samplin
On the Commitment Capacity of Unfair Noisy Channels
Noisy channels are a valuable resource from a cryptographic point of view.
They can be used for exchanging secret-keys as well as realizing other
cryptographic primitives such as commitment and oblivious transfer. To be
really useful, noisy channels have to be consider in the scenario where a
cheating party has some degree of control over the channel characteristics.
Damg\r{a}rd et al. (EUROCRYPT 1999) proposed a more realistic model where such
level of control is permitted to an adversary, the so called unfair noisy
channels, and proved that they can be used to obtain commitment and oblivious
transfer protocols. Given that noisy channels are a precious resource for
cryptographic purposes, one important question is determining the optimal rate
in which they can be used. The commitment capacity has already been determined
for the cases of discrete memoryless channels and Gaussian channels. In this
work we address the problem of determining the commitment capacity of unfair
noisy channels. We compute a single-letter characterization of the commitment
capacity of unfair noisy channels. In the case where an adversary has no
control over the channel (the fair case) our capacity reduces to the well-known
capacity of a discrete memoryless binary symmetric channel
Commitment and Oblivious Transfer in the Bounded Storage Model with Errors
The bounded storage model restricts the memory of an adversary in a
cryptographic protocol, rather than restricting its computational power, making
information theoretically secure protocols feasible. We present the first
protocols for commitment and oblivious transfer in the bounded storage model
with errors, i.e., the model where the public random sources available to the
two parties are not exactly the same, but instead are only required to have a
small Hamming distance between themselves. Commitment and oblivious transfer
protocols were known previously only for the error-free variant of the bounded
storage model, which is harder to realize
The Oblivious Transfer Capacity of the Wiretapped Binary Erasure Channel
We consider oblivious transfer between Alice and Bob in the presence of an
eavesdropper Eve when there is a broadcast channel from Alice to Bob and Eve.
In addition to the secrecy constraints of Alice and Bob, Eve should not learn
the private data of Alice and Bob. When the broadcast channel consists of two
independent binary erasure channels, we derive the oblivious transfer capacity
for both 2-privacy (where the eavesdropper may collude with either party) and
1-privacy (where there are no collusions).Comment: This is an extended version of the paper "The Oblivious Transfer
Capacity of the Wiretapped Binary Erasure Channel" to be presented at ISIT
201
Private Data Transfer over a Broadcast Channel
We study the following private data transfer problem: Alice has a database of
files. Bob and Cathy want to access a file each from this database (which may
or may not be the same file), but each of them wants to ensure that their
choices of file do not get revealed even if Alice colludes with the other user.
Alice, on the other hand, wants to make sure that each of Bob and Cathy does
not learn any more information from the database than the files they demand
(the identities of which will be unknown to her). Moreover, they should not
learn any information about the other files even if they collude.
It turns out that it is impossible to accomplish this if Alice, Bob, and
Cathy have access only to private randomness and noiseless communication links.
We consider this problem when a binary erasure broadcast channel with
independent erasures is available from Alice to Bob and Cathy in addition to a
noiseless public discussion channel. We study the
file-length-per-broadcast-channel-use rate in the honest-but-curious model. We
focus on the case when the database consists of two files, and obtain the
optimal rate. We then extend to the case of larger databases, and give upper
and lower bounds on the optimal rate.Comment: To be presented at IEEE International Symposium on Information Theory
(ISIT 2015), Hong Kon
- …