Unconditionally Secure Oblivious Transfer from Real Network Behavior

Secure multi-party computation (MPC) deals with the problem of shared computation between parties that do not trust each other: they are interested in performing a joint task, but they also want to keep their respective inputs private. In a world where an ever-increasing amount of computation is outsourced, for example to the cloud, MPC is a subject of crucial importance. However, unconditionally secure MPC protocols have never found practical application: the lack of realistic noisy channel models, that are required to achieve security against computationally unbounded adversaries, prevents implementation over real-world, standard communication protocols. In this paper we show for the first time that the inherent noise of wireless communication can be used to build multi-party protocols that are secure in the information-theoretic setting. In order to do so, we propose a new noisy channel, the Delaying-Erasing Channel (DEC), that models network communication in both wired and wireless contexts. This channel integrates erasures and delays as sources of noise, and models reordered, lost and corrupt packets. We provide a protocol that uses the properties of the DEC to achieve Oblivious Transfer (OT), a fundamental primitive in cryptography that implies any secure computation. In order to show that the DEC reflects the behavior of wireless communication, we run an experiment over a 802.11n wireless link, and gather extensive experimental evidence supporting our claim. We also analyze the collected data in order to estimate the level of security that such a network can provide in our model. We show the flexibility of our construction by choosing for our implementation of OT a standard communication protocol, the Real-time Transport Protocol (RTP). Since the RTP is used in a number of multimedia streaming and teleconference applications, we can imagine a wide variety of practical uses and application settings for our construction

Protocolo de comprometimento com segurança incondicional baseado no canal com ruído de reordenamento de pacotes

Tese (doutorado) — Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Elétrica, 2021.Um grande esforço de pesquisa foi envidado nos últimos 50 anos para desenvolver primitivas criptográficas incondicionalmente seguras baseadas em condições físicas, como a existência de ruído em canais de comunicação, capacidade de armazenamento limitada ou as leis da mecânica quântica. Em trabalho desenvolvido por Paolo Palmieri e Olivier Pereira, demonstrou-se que a variação no atraso sofrido por pacotes enviados através de canais de comunicação pode ser usada como uma hipótese plausível e eficaz para se obter a primitiva criptográfica incondicionalmente segura de \textit{Oblivious Transfer} contra adversários passivos. Além disso, os autores observaram que a variação do atraso implica no efeito de reordenamento dos pacotes. No presente trabalho, pavimentamos o caminho para essa possibilidade, propondo uma nova definição para canais com ruído do tipo reordenamento de pacotes. A nossa finalidade é facilitar a obtenção de medidas estatísticas e entrópicas relativas ao canal. Apresentamos diferenças chaves entre os ruídos de atraso e de reordenamento. Finalmente, propomos a primeira implementação direta de uma primitiva criptográfica de comprometimento incondicionalmente segura contra adversários maliciosos baseada no canal de reordenamento de pacotes.A lot of research effort has been deployed in the last 50 years on achieving unconditionally secure cryptographic primitives based on physical assumptions, such as noisy channels, bounded storage capacity or quantum mechanics laws. In a work of Paolo Palmieri and Olivier Pereira, it was demonstrated the variable delay of packets sent by communication channels could be used as a reasonable and an effective assumption to achieve the unconditionally secure cryptographic primitive of Oblivious Transfer against passive adversaries. Furthermore, the authors observed that variable delays implies packet reordering effect. In the present work, we pave the path into this possibility by establishing a new definition of the Packet Reordering noisy channel. Our purpose is to simplify the calculation of statistical and entropic measures. We demonstrate key differences between noises of delay and reordering. Finally, we show the first directly implemented unconditionally secure commitment scheme against malicious adversaries based onthe packet reordering noisy channel

Unconditionally secure relativistic multi-party biased coin flipping and die rolling.

We introduce relativistic multi-party biased die-rolling protocols, generalizing coin flipping to M ≥ 2 parties and to N ≥ 2 outcomes for any chosen outcome biases and show them unconditionally secure. Our results prove that the most general random secure multi-party computation, where all parties receive the output and there is no secret input by any party, can be implemented with unconditional security. Our protocols extend Kent's (Kent A. 1999 Phys. Rev. Lett. 83, 5382) two-party unbiased coin-flipping protocol, do not require any quantum communication, are practical to implement with current technology and to our knowledge are the first multi-party relativistic cryptographic protocols

Asymmetric Multi-Party Computation

Current protocols for Multi-Party Computation (MPC) consider the setting where all parties have access to similar resources. For example, all parties have access to channels bounded by the same worst-case delay upper bound ?, and all channels have the same cost of communication. As a consequence, the overall protocol performance (resp. the communication cost) may be heavily affected by the slowest (resp. the most expensive) channel, even when most channels are fast (resp. cheap). Given the state of affairs, we initiate a systematic study of asymmetric MPC. In asymmetric MPC, the parties are divided into two categories: fast and slow parties, depending on whether they have access to high-end or low-end resources. We investigate two different models. In the first, we consider asymmetric communication delays: Fast parties are connected via channels with small delay ? among themselves, while channels connected to (at least) one slow party have a large delay ? ? ?. In the second model, we consider asymmetric communication costs: Fast parties benefit from channels with cheap communication, while channels connected to a slow party have an expensive communication. We provide a wide range of positive and negative results exploring the trade-offs between the achievable number of tolerated corruptions t and slow parties s, versus the round complexity and communication cost in each of the models. Among others, we achieve the following results. In the model with asymmetric communication delays, focusing on the information-theoretic (i-t) setting: - An i-t asymmetric MPC protocol with security with abort as long as t+s < n and t < n/2, in a constant number of slow rounds. - We show that achieving an i-t asymmetric MPC protocol for t+s = n and with number of slow rounds independent of the circuit size implies an i-t synchronous MPC protocol with round complexity independent of the circuit size, which is a major problem in the field of round-complexity of MPC. - We identify a new primitive, asymmetric broadcast, that allows to consistently distribute a value among the fast parties, and at a later time the same value to slow parties. We completely characterize the feasibility of asymmetric broadcast by showing that it is possible if and only if 2t + s < n. - An i-t asymmetric MPC protocol with guaranteed output delivery as long as t+s < n and t < n/2, in a number of slow rounds independent of the circuit size. In the model with asymmetric communication cost, we achieve an asymmetric MPC protocol for security with abort for t+s < n and t < n/2, based on one-way functions (OWF). The protocol communicates a number of bits over expensive channels that is independent of the circuit size. We conjecture that assuming OWF is needed and further provide a partial result in this direction

Building Oblivious Transfer on Channel Delays

In the information-theoretic setting, where adversaries have unlimited computational power, the fundamental cryptographic primitive Oblivious Transfer (OT) cannot be securely achieved if the parties are communicating over a clear channel. To preserve secrecy and security, the players have to rely on noise in the communication. Noisy channels are therefore a useful tool to model noise behavior and build protocols implementing OT. This paper explores a source of errors that is inherently present in practically any transmission medium, but has been scarcely studied in this context: delays in the communication. In order to have a model for the delays that is both general and comparable to the channels usually used for OT – such as the Binary Symmetric Channel (BSC) – we introduce a new noisy channel, the Binary Discrete-time Delaying Channel (BDDC). We show that such a channel realistically reproduces real-life communication scenarios where delays are hard to predict and we propose a protocol for achieving oblivious transfer over the BDDC. We analyze the security of our construction in the semi-honest setting, showing that our realization of OT substantially decreases the protocol sensitivity to the user’s knowledge of the channel compared to solutions relying on other channel properties, and is very efficient for wide ranges of delay probabilities. The flexibility and generality of the model opens the way for future implementation in media where delays are a fundamental characteristic

Quantum key distribution based on orthogonal states allows secure quantum bit commitment

For more than a decade, it was believed that unconditionally secure quantum bit commitment (QBC) is impossible. But basing on a previously proposed quantum key distribution scheme using orthogonal states, here we build a QBC protocol in which the density matrices of the quantum states encoding the commitment do not satisfy a crucial condition on which the no-go proofs of QBC are based. Thus the no-go proofs could be evaded. Our protocol is fault-tolerant and very feasible with currently available technology. It reopens the venue for other "post-cold-war" multi-party cryptographic protocols, e.g., quantum bit string commitment and quantum strong coin tossing with an arbitrarily small bias. This result also has a strong influence on the Clifton-Bub-Halvorson theorem which suggests that quantum theory could be characterized in terms of information-theoretic constraints.Comment: Published version plus an appendix showing how to defeat the counterfactual attack, more references [76,77,90,118-120] cited, and other minor change