"The Simplest Protocol for Oblivious Transfer" Revisited
نویسندگان
چکیده
In 2015, Chou and Orlandi presented an oblivious transfer protocol that already drew a lot of attention both from theorists and practitioners due to its extreme simplicity and high efficiency. Chou and Orlandi claimed that their protocol is UC-secure in the random oracle model under dynamic corruptions, which is a very strong security guarantee. Unfortunately, in this work we point out a flaw in their security proof for the case of sender corruption. We define a decisional problem and we prove that, if a correct proof is provided, then this problem can be solved correctly with overwhelming probability. Therefore, the protocol by Chou and Orlandi cannot be instantiated securely with groups for which our decisional problem cannot be solved correctly with overwhelming probability. Our decisional problem can be solved with overwhelming probability when a DDH oracle is provided. Therefore, it seems likely that the protocol by Chou and Orlandi can be instantiated securely with gap-DH groups.
منابع مشابه
The Simplest Protocol for Oblivious Transfer
This report discusses a fundamental primitive protocol in cryptography called oblivious transfer. It is a core protocol used in many techniques for secure computation, and as such, requires thorough research for achieving better security guarantees with the best possible efficiency. In this report, we present a general discussion about the security of cryptographic protocols and concepts used i...
متن کاملThe Simplest Protocol for Oblivious Transfer
Oblivious Transfer (OT) is the fundamental building block of cryptographic protocols. In this paper we describe the simplest and most efficient protocol for 1-out-of-n OT to date, which is obtained by tweaking the Diffie-Hellman key-exchange protocol. The protocol achieves UC-security against active and adaptive corruptions in the random oracle model. Due to its simplicity, the protocol is extr...
متن کاملEquational Security Proofs of Oblivious Transfer Protocols
We exemplify and evaluate the use of the equational framework of Micciancio and Tessaro (ITCS 2013) by analyzing a number of concrete Oblivious Transfer protocols: a classic OT transformation to increase the message size, and the recent (so called “simplest”) OT protocol in the random oracle model of Chou and Orlandi (Latincrypt 2015), together with some simple variants. Our analysis uncovers s...
متن کاملEfficient RKA-Secure KEM and IBE Schemes Against Invertible Functions
Cryptographic Protocols Efficient RKA-Secure KEM and IBE Schemes Against Invertible Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Eiichiro Fujisaki and Keita Xagawa Simulation-Based Secure Functional Encryption in the Random Oracle Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Vinc...
متن کاملA Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM
Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a number of applications, in particular, as an essential building block for two-party and multi-party computation. We construct a round-optimal (2 rounds) universally composable (UC) protocol for oblivious transfer secure against active adaptive adversaries from any OW-CPA secure public-key encryption scheme with certain...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017