67 research outputs found
The Simplest Protocol for Oblivious Transfer
Oblivious Transfer (OT) is one of the fundamental building blocks of cryptographic protocols.
In this paper we describe the simplest and most efficient protocol for -out-of- OT to date, which is obtained by tweaking the Diffie-Hellman key-exchange protocol. The protocol allows to perform -out-of- OTs using only full exponentiations ( for the receiver, for the sender) and, sending only group elements and ciphertexts.
We also report on an implementation of the protocol using elliptic curves, and on a number of mechanisms we employ to ensure that our software is secure against active attacks too.
Experimental results show that our protocol (thanks to both algorithmic and implementation optimizations) is at least one order of magnitude faster than previous work
"The Simplest Protocol for Oblivious Transfer'' Revisited
In 2015, Chou and Orlandi presented an oblivious transfer protocol that already drew a lot of attention both from theorists and practitioners due to its extreme simplicity and high efficiency.
Chou and Orlandi claimed that their protocol is universally composable secure (UC-secure) in the random oracle model under dynamic corruptions.
UC-security is a very strong security guarantee that assures that, not only the protocol in itself is secure, but can be also used safely in larger protocols.
Unfortunately, in this work we point out a flaw in their security proof for the case of a corrupt sender.
In more detail, we define a decisional problem and we prove that, if a correct security proof for the Chou and Orlandi's protocol is provided, then this problem can be solved correctly with overwhelming probability. Therefore, the protocol of Chou and Orlandi cannot be instantiated securely with groups for which our decisional problem cannot be solved correctly with overwhelming probability.
Consequently, the protocol of Chou and Orlandi cannot be instantiated with {\em all} groups \G in which the CDH problem is intractable, but only with groups in which both the CDH problem is intractable and our decisional problem can be solved with overwhelming probability.
After the appearance of our work, Chou and Orlandi acknowledged the problems we pointed out in their security proof and subsequent works showed additional issues, removing the claims of UC security of their protocol
Generation and Distribution of Quantum Oblivious Keys for Secure Multiparty Computation
The oblivious transfer primitive is sufficient to implement secure multiparty
computation. However, secure multiparty computation based only on classical
cryptography is severely limited by the security and efficiency of the
oblivious transfer implementation. We present a method to efficiently and
securely generate and distribute oblivious keys by exchanging qubits and by
performing commitments using classical hash functions. With the presented
hybrid approach, quantum and classical, we obtain a practical and high-speed
oblivious transfer protocol, secure even against quantum computer attacks. The
oblivious distributed keys allow implementing a fast and secure oblivious
transfer protocol, which can pave the way for the widespread of applications
based on secure multiparty computation.Comment: 11 pages, 5 figure
ВИКОРИСТАННЯ МЕТОДУ «РОЗДІЛЯЙ ТА ВОЛОДАРЮЙ» В АЛГОРИТМАХ ЗАПЕРЕЧУВАНОГО ШИФРУВАННЯ
Abstract. The deniable encryption algorithms productivity increasing is investigated in this paper. This investigation is relevant because of effective schemes for information and its users protection. But these algorithms is very complex and lumped. It really affects them. That's why deniable encryption algorithms have not been widespread in data processing and information security systems. The execution time reducing methods and tools exploration is the main goal of this work. The divide and conquer method has been discussed and investigated in this paper. It has been implemented into the data processing system of the deniable encryption algorithms. Nothing modifies have been implemented into the base algorithm. It allows to make it universal and apply to other deniable encryption algorithms. The series of experiments have been completed by authors to verify the hypothesis. The base deniable encryption algorithm discussing is the first stage of investigation. Its vulnerabilities have been found and investigated. Another algorithm is based on the divide and conquer method applying. It has been implemented into the modified data processing system. The both algorithms efficiency has been investigated by the experiments with the real with public and secret information files. The experiments have been completed on the prepared equipment. This equipment simulates the user's workplace with real hardware and software. According to the results the deniable encryption algorithms productivity has been reached by the divide and rule method. Also the method has been verified by the different size encryption keys. The base deniable encryption algorithms have not been modified. The results have been compared with other authors' investigations. In the end authors' hypothesis has been proved. But some restrictions of this results reaching have been set by the authors.
Keywords: deniable encryption; information security; sensitive data; the divide and conquer method; unauthorized access; coercion; productivity; cipher.Поточне дослідження проведене авторами для перевірки гіпотези щодо можливості збільшення швидкості роботи алгоритмів заперечуваного шифрування. Вказане дослідження є актуальним, оскільки алгоритми заперечуваного шифрування використовують ефективні схеми перетворення для захисту як інформації, так і її користувачів. Разом з тим, структура алгоритмів заперечуваного шифрування досить складна та зосереджена. Це впливає на швидкість їх роботи та робить неможливим їх практичне застосування в галузях з обробки даних і захисту інформації. Основною метою дослідження є пошук методів і засобів, використання яких дозволить зменшити час виконання алгоритмів заперечуваного шифрування. В цій роботі було розглянуто та досліджено застосування методу «розділяй та володарюй». Вказаний метод був застосований до процедур обробки даних алгоритмів заперечуваного шифрування. Оскільки кінцеве рішення повинне бути універсальним для подальшого використання з іншими алгоритмами заперечуваного шифрування, то автори не вносили жодних змін у вихідні алгоритми шифрування. Для перевірки гіпотези автори провели серію експериментів. Першим об’єктом дослідження був алгоритм заперечуваного шифрування побудований на базі багатопотокових обчислень. Недоліки безпеки спричинені його використанням були виявлені та досліджені. Інший алгоритм ґрунтувався на використанні методу «розділяй та володарюй». Вказаний метод був імплементований в систему обробки даних першого алгоритму. Для перевірки ефективності обох алгоритмів в експериментах були використані реальні файли з публічними та секретними даними. Саме дослідження було проведене на стендовому обладнанні, яке імітує типове робоче місце користувача. Результати експериментів демонструють появу приросту у швидкості роботи вихідного алгоритму заперечуваного шифрування даних. Також вказані результати були перевірені з використанням ключів шифрування різного розміру. Отримані результати були порівняні з дослідженнями інших авторів. В кінцевому результаті гіпотеза авторів була підтверджена. Використання методу «розділяй та володарюй» призвело до значного приросту швидкодії алгоритмів заперечуваного шифрування даних
PQC: R-Propping of a Simple Oblivious Transfer
Post-quantum cryptography (PQC) is nowadays a very active research field [1]. We follow a non-standard way to achieve it, taking any common protocol and replacing arithmetic with GF(2^8) field operations, a procedure defined as R-Propping [2-7]. The resulting protocol security relies on the intractability of a generalized discrete log problem, combined with the power sets of algebraic ring extension tensors and resilience to quantum and algebraic attacks. Oblivious Transfer (OT) is a keystone for Secure Multiparty Computing (SMPC) [8], one of the most pursued cryptographic areas. It is a critical issue to develop a fast OT solution because of its intensive use in many protocols. Here, we adopt the simple OT protocol developed by Chou and Orlandi [9] as the base model to be propped. Our solution is fully scalable to achieve quantum and classical security levels as needed. We present a step-by-step numerical example of the proposed protocol
Finding Safety in Numbers with Secure Allegation Escrows
For fear of retribution, the victim of a crime may be willing to report it
only if other victims of the same perpetrator also step forward. Common
examples include 1) identifying oneself as the victim of sexual harassment,
especially by a person in a position of authority or 2) accusing an influential
politician, an authoritarian government, or ones own employer of corruption. To
handle such situations, legal literature has proposed the concept of an
allegation escrow: a neutral third-party that collects allegations anonymously,
matches them against each other, and de-anonymizes allegers only after
de-anonymity thresholds (in terms of number of co-allegers), pre-specified by
the allegers, are reached.
An allegation escrow can be realized as a single trusted third party;
however, this party must be trusted to keep the identity of the alleger and
content of the allegation private. To address this problem, this paper
introduces Secure Allegation Escrows (SAE, pronounced "say"). A SAE is a group
of parties with independent interests and motives, acting jointly as an escrow
for collecting allegations from individuals, matching the allegations, and
de-anonymizing the allegations when designated thresholds are reached. By
design, SAEs provide a very strong property: No less than a majority of parties
constituting a SAE can de-anonymize or disclose the content of an allegation
without a sufficient number of matching allegations (even in collusion with any
number of other allegers). Once a sufficient number of matching allegations
exist, the join escrow discloses the allegation with the allegers' identities.
We describe how SAEs can be constructed using a novel authentication protocol
and a novel allegation matching and bucketing algorithm, provide formal proofs
of the security of our constructions, and evaluate a prototype implementation,
demonstrating feasibility in practice.Comment: To appear in NDSS 2020. New version includes improvements to writing
and proof. The protocol is unchange
A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM
Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a
number of applications, in particular, as an essential building block for
two-party and multi-party computation. We construct a round-optimal (2 rounds)
universally composable (UC) protocol for oblivious transfer secure against
active adaptive adversaries from any OW-CPA secure public-key encryption scheme
with certain properties in the random oracle model (ROM). In terms of
computation, our protocol only requires the generation of a public/secret-key
pair, two encryption operations and one decryption operation, apart from a few
calls to the random oracle. In~terms of communication, our protocol only
requires the transfer of one public-key, two ciphertexts, and three binary
strings of roughly the same size as the message. Next, we show how to
instantiate our construction under the low noise LPN, McEliece, QC-MDPC, LWE,
and CDH assumptions. Our instantiations based on the low noise LPN, McEliece,
and QC-MDPC assumptions are the first UC-secure OT protocols based on coding
assumptions to achieve: 1) adaptive security, 2) optimal round complexity, 3)
low communication and computational complexities. Previous results in this
setting only achieved static security and used costly cut-and-choose
techniques.Our instantiation based on CDH achieves adaptive security at the
small cost of communicating only two more group elements as compared to the
gap-DH based Simplest OT protocol of Chou and Orlandi (Latincrypt 15), which
only achieves static security in the ROM
BVOT: Self-Tallying Boardroom Voting with Oblivious Transfer
A boardroom election is an election with a small number of voters carried out
with public communications. We present BVOT, a self-tallying boardroom voting
protocol with ballot secrecy, fairness (no tally information is available
before the polls close), and dispute-freeness (voters can observe that all
voters correctly followed the protocol).
BVOT works by using a multiparty threshold homomorphic encryption system in
which each candidate is associated with a masked unique prime. Each voter
engages in an oblivious transfer with an untrusted distributor: the voter
selects the index of a prime associated with a candidate and receives the
selected prime in masked form. The voter then casts their vote by encrypting
their masked prime and broadcasting it to everyone. The distributor does not
learn the voter's choice, and no one learns the mapping between primes and
candidates until the audit phase. By hiding the mapping between primes and
candidates, BVOT provides voters with insufficient information to carry out
effective cheating. The threshold feature prevents anyone from computing any
partial tally---until everyone has voted. Multiplying all votes, their
decryption shares, and the unmasking factor yields a product of the primes each
raised to the number of votes received.
In contrast to some existing boardroom voting protocols, BVOT does not rely
on any zero-knowledge proof; instead, it uses oblivious transfer to assure
ballot secrecy and correct vote casting. Also, BVOT can handle multiple
candidates in one election. BVOT prevents cheating by hiding crucial
information: an attempt to increase the tally of one candidate might increase
the tally of another candidate. After all votes are cast, any party can tally
the votes
Protocols for Authenticated Oblivious Transfer
Oblivious transfer (OT) is a basic building block in many cryptographic protocols. In this paper, we exploit some well-known authenticated Diffie-Hellman-based key exchange protocols to build three authenticated 1-out-of-2 oblivious transfers. We show that our proposed protocols are secure in the semi-honest model. We also compare our schemes with three similar 1-out-of-2 OT protocols and show that authentication in our schemes costs only up to either two more exponentiations or one message signing, compared to those with no authentication
- …