“The simplest protocol for oblivious transfer” revisited

Genç, Ziya Alper; Iovino, Vincenzo; Rial, Alfredo

doi:10.1016/j.ipl.2020.105975

Cited by 6 publications

(2 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Chou and Orlandi [17] proposed a simple and elegant protocol for oblivious transfer and claimed that it was universally composable (with adaptive corruptions) under a suitable assumption in the random oracle model. Unfortunately, subsequent works [10,20,22] uncovered several problems with their proof. While these subsequent works also showed how to address some of these issues, and/or presented modified protocols that could be proven secure, there seems to be no way of proving the original Chou-Orlandi protocol universally composable, even in the random oracle model.…”

Section: Proofs Of Security In the Uc-agmmentioning

confidence: 99%

Algebraic Adversaries in the Universal Composability Framework

Abdalla

Barbosa

Katz

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The algebraic-group model (AGM), which lies between the generic group model and the standard model of computation, provides a means by which to analyze the security of cryptosystems against so-called algebraic adversaries. We formalize the AGM within the framework of universal composability, providing formal definitions for this setting and proving an appropriate composition theorem. This extends the applicability of the AGM to more-complex protocols, and lays the foundations for analyzing algebraic adversaries in a composable fashion. Our results also clarify the meaning of composing proofs in the AGM with other proofs and they highlight a natural form of independence between idealized groups that seems inherent to the AGM and has not been made formal before-these insights also apply to the composition of game-based proofs in the AGM. We show the utility of our model by proving several important protocols universally composable for algebraic adversaries, specifically:(1) the Chou-Orlandi protocol for oblivious transfer, and (2) the SPAKE2 and CPace protocols for password-based authenticated key exchange.

show abstract

Section: Proofs Of Security In the Uc-agmmentioning

confidence: 99%

Algebraic Adversaries in the Universal Composability Framework

Abdalla

Barbosa

Katz

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…We remark that the "Simplest OT" protocol [15] and the protocol by Hauck and Loss [32] have been found to suffer from a number of issues [31,6] and are not UC secure. The CDH based protocol of [22] only realizes an OT functionality with a selective failure (as our first simple construction) and it is unclear how to use it to realize the standard OT functionality (without selective failure).…”

Section: Related Workmentioning

confidence: 99%

Efficient Composable Oblivious Transfer from CDH in the Global Random Oracle Model

David

Dowsley

2020

Cryptology and Network Security

View full text Add to dashboard Cite

Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a number of applications, in particular, as an essential building block for two-party and multi-party computation. We construct the first universally composable (UC) protocol for oblivious transfer secure against active static adversaries based on the Computational Diffie-Hellman (CDH) assumption. Our protocol is proven secure in the observable Global Random Oracle model. We start by constructing a protocol that realizes an OT functionality with a selective failure issue, but shown to be sufficient to instantiate efficient OT extension protocols. In terms of complexity, this protocol only requires the computation of 6 modular exponentiations and the communication of 5 group elements, five binary strings of security parameter length, and two binary strings of message length. Finally, we lift this weak construction to obtain a protocol that realizes the standard OT functionality (without any selective failures) at an additional cost of computing 9 modular exponentiations and communicating 4 group elements, four binary strings of security parameter length and two binary strings of message length. As an intermediate step before constructing our CDH based protocols, we design generic OT protocols from any OW-CPA secure public-key encryption scheme with certain properties, which could potentially be instantiated from more assumptions other than CDH.

show abstract