A Weakness in Some Oblivious Transfer and Zero-Knowledge Protocols
نویسندگان
چکیده
We consider oblivious transfer protocols and their applications that use underneath semantically secure homomorphic encryption scheme (e.g. Paillier’s). We show that some oblivious transfer protocols and their derivatives such as private matching, oblivious polynomial evaluation and private shared scalar product could be subject to an attack. The same attack can be applied to some non-interactive zero-knowledge arguments which use homomorphic encryption schemes underneath. The roots of our attack lie in the additional property that some semantically secure encryption schemes possess, namely, the decryption also reveals the random coin used for the encryption, and that the (sender’s or prover’s) inputs may belong to a space, that is very small compared to the plaintext space. In this case it appears that even a semi-honest chooser (verifier) can derive from the random coin bounds for all or some of the sender’s (prover’s) private inputs with non-negligible probability. We propose a fix which precludes the attacks.
منابع مشابه
Efficient Fully-Simulatable Oblivious Transfer
Oblivious transfer, first introduced by Rabin, is one of the basic building blocks of cryptographic protocols. In an oblivious transfer (or more exactly, in its 1-out-of-2 variant), one party known as the sender has a pair of messages and the other party known as the receiver obtains one of them. Somewhat paradoxically, the receiver obtains exactly one of the messages (and learns nothing of the...
متن کاملConcurrent Oblivious Transfer
We consider the problem of designing an efficient oblivious transfer (OT) protocol that is provably secure in a concurrent setting, i.e., where many OT sessions may be running concurrently with their messages interleaved arbitrarily. Known OT protocols use zero-knowledge proofs, and no concurrent zero-knowledge proofs are known that use less than a poly-logarithmic number of rounds (at least wi...
متن کاملSecond Summary Report on Two-party Protocols Second Summary Report on Two-party Protocols
This report focuses on secure two-party protocols. We consider different notions of security and discuss the most attractive models and set-up assumptions (e.g., random oracle, common reference string, bare public keys, trusted computing base) that have been proposed so far. We consider many popular two-party games (e.g., zero-knowledge proof systems, commitment schemes, oblivious transfer, fai...
متن کاملBlack-Box Constructions of Protocols for Secure Computation
In this paper, we study the question of whether or not it is possible to construct protocols for general secure computation in the setting of malicious adversaries and no honest majority that use the underlying primitive (e.g., enhanced trapdoor permutation) in a black-box way only. Until now, all known general constructions for this setting were inherently non-blackbox since they required the ...
متن کاملUniversally Composable Symbolic Analysis for Two-Party Protocols Based on Homomorphic Encryption
We consider a class of two-party function evaluation protocols in which the parties are allowed to use ideal functionalities as well as a set of powerful primitives, namely commitments, homomorphic encryption, and certain zero-knowledge proofs. With these it is possible to capture protocols for oblivious transfer, coin-flipping, and generation of multiplication-triples. We show how any protocol...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2006 شماره
صفحات -
تاریخ انتشار 2006