2,228 research outputs found
A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM
Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a
number of applications, in particular, as an essential building block for
two-party and multi-party computation. We construct a round-optimal (2 rounds)
universally composable (UC) protocol for oblivious transfer secure against
active adaptive adversaries from any OW-CPA secure public-key encryption scheme
with certain properties in the random oracle model (ROM). In terms of
computation, our protocol only requires the generation of a public/secret-key
pair, two encryption operations and one decryption operation, apart from a few
calls to the random oracle. In~terms of communication, our protocol only
requires the transfer of one public-key, two ciphertexts, and three binary
strings of roughly the same size as the message. Next, we show how to
instantiate our construction under the low noise LPN, McEliece, QC-MDPC, LWE,
and CDH assumptions. Our instantiations based on the low noise LPN, McEliece,
and QC-MDPC assumptions are the first UC-secure OT protocols based on coding
assumptions to achieve: 1) adaptive security, 2) optimal round complexity, 3)
low communication and computational complexities. Previous results in this
setting only achieved static security and used costly cut-and-choose
techniques.Our instantiation based on CDH achieves adaptive security at the
small cost of communicating only two more group elements as compared to the
gap-DH based Simplest OT protocol of Chou and Orlandi (Latincrypt 15), which
only achieves static security in the ROM
Composable Security in the Bounded-Quantum-Storage Model
We present a simplified framework for proving sequential composability in the
quantum setting. In particular, we give a new, simulation-based, definition for
security in the bounded-quantum-storage model, and show that this definition
allows for sequential composition of protocols. Damgard et al. (FOCS '05,
CRYPTO '07) showed how to securely implement bit commitment and oblivious
transfer in the bounded-quantum-storage model, where the adversary is only
allowed to store a limited number of qubits. However, their security
definitions did only apply to the standalone setting, and it was not clear if
their protocols could be composed. Indeed, we first give a simple attack that
shows that these protocols are not composable without a small refinement of the
model. Finally, we prove the security of their randomized oblivious transfer
protocol in our refined model. Secure implementations of oblivious transfer and
bit commitment then follow easily by a (classical) reduction to randomized
oblivious transfer.Comment: 21 page
ROYALE: A Framework for Universally Composable Card Games with Financial Rewards and Penalties Enforcement
While many tailor made card game protocols are known, the vast majority of those suffer from three main issues: lack of mechanisms for distributing financial rewards and punishing cheaters, lack of composability guarantees and little flexibility, focusing on the specific game of poker. Even though folklore holds that poker protocols can be used to play any card game, this conjecture remains unproven and, in fact, does not hold for a number of protocols (including recent results). We both tackle the problem of constructing protocols for general card games and initiate a treatment of such protocols in the Universal Composability (UC) framework, introducing an ideal functionality that captures general card games constructed from a set of core card operations. Based on this formalism, we introduce Royale, the first UC-secure general card games which supports financial rewards/penalties enforcement. We remark that Royale also yields the first UC-secure poker protocol. Interestingly, Royale performs better than most previous works (that do not have composability guarantees), which we highlight through a detailed concrete complexity analysis and benchmarks from a prototype implementation
Universally composable zero-knowledge protocol using trusted platform modules
Cryptographic protocols that are established as secure in the Universally Composable (UC) model of security provide strong security assurances even when run in complex environments. Unfortunately, in order to achieve such strong security properties, UC protocols are often impractical, and most non-trivial two-party protocols cannot be secure in the UC model without some sort of external capability (or "setup assumption") being introduced. Recent work by Hofheinz et al provided an important breakthrough in designing realistic universally composable two party protocols, in which they use trusted, tamper proof hardware as a special type of helping functionality which they call a catalyst. Hofheinz et al. use government issued signature cards as a catalyst to design universally composable protocols for zero-knowledge proofs and commitments, but did not give a complete security proof for either protocol.
In this thesis, we consider another form of security hardware, Trusted Platform Modules (TPMs), which are more widespread than signature cards and are currently shipped as a part of almost every business laptop or desktop. Trusted Module Platforms are tamper evident devices which support cryptographic functionalities including digital signatures, but have a different key management model from signature cards. In this thesis we consider TPMs as catalysts and describe a universally composable zero knowledge protocol using Trusted Platform Modules. We also present a complete security proof for both the Hofheinz's universally composable zero knowledge protocol from signature cards and our universally composable zero knowledge protocol using TPMs as a catalyst
EasyUC: using EasyCrypt to mechanize proofs of universally composable security
We present a methodology for using the EasyCrypt proof assistant (originally designed for mechanizing the generation of proofs of game-based security of cryptographic schemes and protocols) to mechanize proofs of security of cryptographic protocols within the universally composable (UC) security framework. This allows, for the first time, the mechanization and formal verification of the entire sequence of steps needed for proving simulation-based security in a modular way: Specifying a protocol and the desired ideal functionality; Constructing a simulator and demonstrating its validity, via reduction to hard computational problems; Invoking the universal composition operation and demonstrating that it indeed preserves security. We demonstrate our methodology on a simple example: stating and proving the security of secure message communication via a one-time pad, where the key comes from a Diffie-Hellman key-exchange, assuming ideally authenticated communication. We first put together EasyCrypt-verified proofs that: (a) the Diffie-Hellman protocol UC-realizes an ideal key-exchange functionality, assuming hardness of the Decisional Diffie-Hellman problem, and (b) one-time-pad encryption, with a key obtained using ideal key-exchange, UC-realizes an ideal secure-communication functionality. We then mechanically combine the two proofs into an EasyCrypt-verified proof that the composed protocol realizes the same ideal secure-communication functionality. Although formulating a methodology that is both sound and workable has proven to be a complex task, we are hopeful that it will prove to be the basis for mechanized UC security analyses for significantly more complex protocols and tasks.Accepted manuscrip
Classical Cryptographic Protocols in a Quantum World
Cryptographic protocols, such as protocols for secure function evaluation
(SFE), have played a crucial role in the development of modern cryptography.
The extensive theory of these protocols, however, deals almost exclusively with
classical attackers. If we accept that quantum information processing is the
most realistic model of physically feasible computation, then we must ask: what
classical protocols remain secure against quantum attackers?
Our main contribution is showing the existence of classical two-party
protocols for the secure evaluation of any polynomial-time function under
reasonable computational assumptions (for example, it suffices that the
learning with errors problem be hard for quantum polynomial time). Our result
shows that the basic two-party feasibility picture from classical cryptography
remains unchanged in a quantum world.Comment: Full version of an old paper in Crypto'11. Invited to IJQI. This is
authors' copy with different formattin
- …