generic construction of uc secure oblivious transfer
play

Generic Construction of UC-Secure Oblivious Transfer O. Blazy , - PowerPoint PPT Presentation

Sep 11, 2022 •397 likes •852 views

Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim) Generic OT 1 / 20 Global Framework 1 Cryptographic Tools 2 1-out-of- t Oblivious Transfer 3 Instantiation 4 Conclusion 5 O. Blazy (Xlim)

  1. Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim) Generic OT 1 / 20

  2. Global Framework 1 Cryptographic Tools 2 1-out-of- t Oblivious Transfer 3 Instantiation 4 Conclusion 5 O. Blazy (Xlim) Generic OT 2 / 20

  3. Global Framework 1 Cryptographic Tools 2 1-out-of- t Oblivious Transfer 3 Instantiation 4 Conclusion 5 O. Blazy (Xlim) Generic OT 2 / 20

  4. Global Framework 1 Cryptographic Tools 2 1-out-of- t Oblivious Transfer 3 Instantiation 4 Conclusion 5 O. Blazy (Xlim) Generic OT 2 / 20

  5. Global Framework 1 Cryptographic Tools 2 1-out-of- t Oblivious Transfer 3 Instantiation 4 Conclusion 5 O. Blazy (Xlim) Generic OT 2 / 20

  6. Global Framework 1 Cryptographic Tools 2 1-out-of- t Oblivious Transfer 3 Instantiation 4 Conclusion 5 O. Blazy (Xlim) Generic OT 2 / 20

  7. Global Framework 1 Motivation Cryptographic Tools 2 1-out-of- t Oblivious Transfer 3 Instantiation 4 Conclusion 5 O. Blazy (Xlim) Generic OT 3 / 20

  8. Conditional Actions Oblivious Transfer Database User C ( line ) ← − − − − − − − − − − − − − − − DB [ line ] − − − − − − − − − − − − − − − → � The User learns the value of line but nothing else. � The Database learns nothing. O. Blazy (Xlim) Generic OT 4 / 20

  9. Semantic security Only the requested line should be learned by the User O. Blazy (Xlim) Generic OT 5 / 20

  10. Semantic security Only the requested line should be learned by the User Oblivious The authority should not learn which line was requested O. Blazy (Xlim) Generic OT 5 / 20

  11. Global Framework 1 Cryptographic Tools 2 Encryption Scheme Chameleon Hash Scheme Smooth Projective Hash Function 1-out-of- t Oblivious Transfer 3 Instantiation 4 Conclusion 5 O. Blazy (Xlim) Generic OT 6 / 20

  12. Definition (Encryption Scheme) E = ( Setup , KeyGen , Encrypt , Decrypt ) : Setup ( K ) : param; KeyGen ( param ) : public encryption key pk, private decryption key dk; Encrypt ( pk , m ; r ) : ciphertext c on m ∈ M and pk; Decrypt ( dk , c ) : decrypts c under dk. Indistinguishability under Chosen Ciphertext Attack O. Blazy (Xlim) Generic OT 7 / 20

  13. Definition (Chameleon Hash Scheme) CH = ( Setup , KeyGen , CH , Coll ) : Setup ( K ) : param; KeyGen ( param ) : outputs the chameleon hash key ck and the trapdoor tk; CH ( ck , m ; r ) : Picks r , and outputs the hash a ; Coll ( ck , m , r , m ′ , tk ) : Takes tk, ( m , r ) and m ′ , and outputs r ′ such that CH ( ck , m ; r ) = CH ( ck , m ′ ; r ′ ) . Extra Procedures (Verification) VKeyGen ( ck ) : Outputs vk and vtk. ⊥ or public if publicly verifiable. Valid ( ck , vk , m , a , d , vtk ) : Allows to check that d opens a to m . Collision Resistance ∗ O. Blazy (Xlim) Generic OT 8 / 20

  14. Definition (Chameleon Hash Scheme) CH = ( Setup , KeyGen , CH , Coll ) : Setup ( K ) : param; KeyGen ( param ) : outputs the chameleon hash key ck and the trapdoor tk; CH ( ck , m ; r ) : Picks r , and outputs the hash a and verification value d ; Coll ( ck , m , r , m ′ , tk ) : Takes tk, ( m , r ) and m ′ , and outputs r ′ such that CH ( ck , m ; r ) = CH ( ck , m ′ ; r ′ ) . Extra Procedures (Verification) VKeyGen ( ck ) : Outputs vk and vtk. ⊥ or public if publicly verifiable. Valid ( ck , vk , m , a , d , vtk ) : Allows to check that d opens a to m . Collision Resistance ∗ O. Blazy (Xlim) Generic OT 8 / 20

  15. Definition (Smooth Projective Hash Functions) [CS02] Let { H } be a family of functions: X , domain of these functions L , subset (a language) of this domain such that, for any point x in L , H ( x ) can be computed by using either a secret hashing key hk: H ( x ) = Hash L ( hk ; x ) ; or a public projected key hp: H ′ ( x ) = ProjHash L ( hp ; x , w ) Public mapping hk �→ hp = ProjKG L ( hk , x ) O. Blazy (Xlim) Generic OT 9 / 20

  16. Properties For any x ∈ X , H ( x ) = Hash L ( hk ; x ) For any x ∈ L , H ( x ) = ProjHash L ( hp ; x , w ) w witness that x ∈ L Smoothness For any x �∈ L , H ( x ) and hp are independent Pseudo-Randomness For any x ∈ L , H ( x ) is pseudo-random, without a witness w O. Blazy (Xlim) Generic OT 10 / 20

  17. Properties For any x ∈ X , H ( x ) = Hash L ( hk ; x ) For any x ∈ L , H ( x ) = ProjHash L ( hp ; x , w ) w witness that x ∈ L Smoothness For any x �∈ L , H ( x ) and hp are independent Pseudo-Randomness For any x ∈ L , H ( x ) is pseudo-random, without a witness w O. Blazy (Xlim) Generic OT 10 / 20

  18. Properties For any x ∈ X , H ( x ) = Hash L ( hk ; x ) For any x ∈ L , H ( x ) = ProjHash L ( hp ; x , w ) w witness that x ∈ L Smoothness For any x �∈ L , H ( x ) and hp are independent Pseudo-Randomness For any x ∈ L , H ( x ) is pseudo-random, without a witness w O. Blazy (Xlim) Generic OT 10 / 20

  19. Global Framework 1 Cryptographic Tools 2 1-out-of- t Oblivious Transfer 3 Definition Our Generic Construction Security Instantiation 4 Conclusion 5 O. Blazy (Xlim) Generic OT 11 / 20

  20. Oblivious Transfer [Rab81] A user U wants to access a line ℓ in a database D composed of t of them: U learns nothing more than the value of the line ℓ D does not learn which line was accessed by U Correctness: if U request a single line, he learns it Security Notions Oblivious: D does not know learn which line was accessed ; Semantic Security: U does not learn any information about the other lines. O. Blazy (Xlim) Generic OT 12 / 20

  21. Oblivious Transfer [Rab81] A user U wants to access a line ℓ in a database D composed of t of them: U learns nothing more than the value of the line ℓ D does not learn which line was accessed by U Correctness: if U request a single line, he learns it Security Notions Oblivious: D does not know learn which line was accessed ; Semantic Security: U does not learn any information about the other lines. O. Blazy (Xlim) Generic OT 12 / 20

  22. Oblivious Transfer [Rab81] A user U wants to access a line ℓ in a database D composed of t of them: U learns nothing more than the value of the line ℓ D does not learn which line was accessed by U Correctness: if U request a single line, he learns it Security Notions Oblivious: D does not know learn which line was accessed ; Semantic Security: U does not learn any information about the other lines. O. Blazy (Xlim) Generic OT 12 / 20

  23. Generic bit UC Commitment User picks a bit b , random r , d 1 − b ,� s , and computes ( a , d b ) = CH ( ck , b ; r ) He then computes C = Encrypt ( d 0 , d 1 ; � s ) . SPHF Compatibility If the encryption is SPHF friendly, then one can build an SPHF on the language of valid encryption of a chameleon information. L b = { c |∃ d 1 − b , s , Valid ( ck , vk , b , a , d b , vtk ) ∧ c = Encrypt ( d 0 , d 1 ; s ) } O. Blazy (Xlim) Generic OT 13 / 20

  24. Generic bit UC Commitment User picks a bit b , random r , d 1 − b ,� s , and computes ( a , d b ) = CH ( ck , b ; r ) He then computes C = Encrypt ( d 0 , d 1 ; � s ) . SPHF Compatibility If the encryption is SPHF friendly, then one can build an SPHF on the language of valid encryption of a chameleon information. L b = { c |∃ d 1 − b , s , Valid ( ck , vk , b , a , d b , vtk ) ∧ c = Encrypt ( d 0 , d 1 ; s ) } O. Blazy (Xlim) Generic OT 13 / 20

  25. Generic bit UC Commitment User picks a bit b , random r , d 1 − b ,� s , and computes ( a , d b ) = CH ( ck , b ; r ) He then computes C = Encrypt ( d 0 , d 1 ; � s ) . SPHF Compatibility If the encryption is SPHF friendly, then one can build an SPHF on the language of valid encryption of a chameleon information. L b = { c |∃ d 1 − b , s , Valid ( ck , vk , b , a , d b , vtk ) ∧ c = Encrypt ( d 0 , d 1 ; s ) } O. Blazy (Xlim) Generic OT 13 / 20

  26. Generic bit UC Commitment User picks a bit b , random r , d 1 − b ,� s , and computes ( a , d b ) = CH ( ck , b ; r ) He then computes C = Encrypt ( d 0 , d 1 ; � s ) . SPHF Compatibility If the encryption is SPHF friendly, then one can build an SPHF on the language of valid encryption of a chameleon information. L b = { c |∃ d 1 − b , s , Valid ( ck , vk , b , a , d b , vtk ) ∧ c = Encrypt ( d 0 , d 1 ; s ) } O. Blazy (Xlim) Generic OT 13 / 20

  27. Generic 1-out-of- t Oblivious Transfer User U picks ℓ : For each bit, picks random r i , d 1 − ℓ i , i , and computes ( a i , d ℓ i , i ) = CH ( ck , ℓ i ; r i ) He then computes C = Encrypt ( � d ; � s ) and sends C , � a . For each line L j , server S computes hk j , hp j , and H j = Hash L j ( hk j , C ) , M j = H j ⊕ L j and sends M j , hp j . For the line ℓ , user computes H ′ ℓ = ProjHash L ℓ ( hp ℓ , C ,� s ℓ ) , and then L ℓ = M ℓ ⊕ H ′ ℓ O. Blazy (Xlim) Generic OT 14 / 20

  28. Generic 1-out-of- t Oblivious Transfer User U picks ℓ : For each bit, picks random r i , d 1 − ℓ i , i , and computes ( a i , d ℓ i , i ) = CH ( ck , ℓ i ; r i ) He then computes C = Encrypt ( � d ; � s ) and sends C , � a . For each line L j , server S computes hk j , hp j , and H j = Hash L j ( hk j , C ) , M j = H j ⊕ L j and sends M j , hp j . For the line ℓ , user computes H ′ ℓ = ProjHash L ℓ ( hp ℓ , C ,� s ℓ ) , and then L ℓ = M ℓ ⊕ H ′ ℓ O. Blazy (Xlim) Generic OT 14 / 20

Recommend

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng Zhou University of Connecticut Joint work with Juan Garay (AT&T) and Daniel Wichs (NYU) CRYPTO 2009 Outline Background New Approach

789 views • 36 slides
A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan

A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan

A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan 2 Brent Waters 1 1 SRI International 2 MIT CRYPTO 2008 1 / 10 Oblivious Transfer [R81,EGL85,BCR86,C87,K88,CK88,C89,CS91,CGT95,DCP95,FMR96,BC97,. .

1.02k views • 50 slides
Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H.

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H.

Perfectly S Secure O Oblivious A s Algorithms s in t the M Multi-Server S Setting T-H. Hubert Chan, Jonathan Katz, Ka Kartik Nay ayak, Antigoni Polychroniadou, Elaine Shi Defini De ning ng an n Obl Oblivious us RAM Example request

812 views • 33 slides
Secure indexes and other oblivious search structures (Privaatne otsing: indeksid ning

Secure indexes and other oblivious search structures (Privaatne otsing: indeksid ning

Secure indexes and other oblivious search structures (Privaatne otsing: indeksid ning alternatiivid) Sven Laur swen@math.ut.ee Helsinki University of Technology Basic motivation Secure storage problem Client Alice does not have skills for

428 views • 16 slides
ON THE FEASIBILITY OF EXTENDING OBLIVIOUS TRANSFER Yehuda Lindell Yehuda Lindell Hila Zarosim

ON THE FEASIBILITY OF EXTENDING OBLIVIOUS TRANSFER Yehuda Lindell Yehuda Lindell Hila Zarosim

ON THE FEASIBILITY OF EXTENDING OBLIVIOUS TRANSFER Yehuda Lindell Yehuda Lindell Hila Zarosim Hila Zarosim TCC 2013 Obli i Oblivious Transfer T f The other message message remains secret to the the receiver Obli i Oblivious

757 views • 38 slides
Building Secure Block Ciphers on Generic Attacks Assumptions Jacques Patarin and Yannick Seurin

Building Secure Block Ciphers on Generic Attacks Assumptions Jacques Patarin and Yannick Seurin

Building Secure Block Ciphers on Generic Attacks Assumptions Jacques Patarin and Yannick Seurin University of Versailles and Orange Labs SAC 2008 August 14-15, 2008 intro the Russian Dolls construction generic attacks application to

539 views • 17 slides
SFE: Yaos Garbled Circuit Oblivious Transfer IDEAL World Pick one out of two, without

SFE: Yaos Garbled Circuit Oblivious Transfer IDEAL World Pick one out of two, without

SFE: Yaos Garbled Circuit Oblivious Transfer IDEAL World Pick one out of two, without revealing which Intuitive property: OT transfer partial A:up, B:down A up I need just information All 2 of one them! But cant

432 views • 20 slides
Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai Eyal K ushilevitz Rafail O

Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai Eyal K ushilevitz Rafail O

Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai Eyal K ushilevitz Rafail O strovsky Manoj P rabhakaran Amit S ahai Jrg W ullschleger Tuesday, August 23, 2011 Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai

1.25k views • 95 slides
Extending Oblivious Transfers Efficiently Yuval Ishai Technion Joe Kilian Kobbi Nissim

Extending Oblivious Transfers Efficiently Yuval Ishai Technion Joe Kilian Kobbi Nissim

Extending Oblivious Transfers Efficiently Yuval Ishai Technion Joe Kilian Kobbi Nissim Erez Petrank NEC Microsoft Technion Motivation x y f(x,y) How (in)efficient is generic secure computation?

431 views • 25 slides
Optimistic Fair Priced Oblivious Transfer A. Rial B. Preneel Katholieke Universiteit Leuven -

Optimistic Fair Priced Oblivious Transfer A. Rial B. Preneel Katholieke Universiteit Leuven -

Motivation Efficient Priced Oblivious Transfer Optimistic Fair POT Optimistic Fair Priced Oblivious Transfer A. Rial B. Preneel Katholieke Universiteit Leuven - ESAT-COSIC IBBT Africacrypt 2010 A. Rial Optimistic Fair POT Motivation

1.08k views • 78 slides
A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S.

A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S.

Intro vORAM HIRB Results A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S. Roche Adam J. Aviv Seung Geol Choi Computer Science Department United States Naval Academy Annapolis, Maryland, USA

395 views • 37 slides
More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad Asharov Hebrew University Yehuda Lindell Bar-Ilan University Thomas Schneider Darmstadt Michael Zohner Darmstadt EUROCRYPT 2015 From Theory to

498 views • 37 slides
The Simplest Protocol for Oblivious Transfer Tung Chou Technische Universiteit Eindhoven, The

The Simplest Protocol for Oblivious Transfer Tung Chou Technische Universiteit Eindhoven, The

The Simplest Protocol for Oblivious Transfer Tung Chou Technische Universiteit Eindhoven, The Netherlands August 24, 2015 Latincrypt 2015, Guadalajara, Mexico Joint work with Claudio Orlandi 2 OTs 1 Sender Receiver 2 OTs

930 views • 28 slides
k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits Fabrice Benhamouda Huijia (Rachel) Lin IBM Research / Columbia University, US University of California, Santa Barbara, US Eurocrypt 2018, May 1,

1.03k views • 85 slides
Experimental realisation of quantum oblivious transfer Ryan Amiri 1 , Robert Strek 2 , Michal

Experimental realisation of quantum oblivious transfer Ryan Amiri 1 , Robert Strek 2 , Michal

Experimental realisation of quantum oblivious transfer Ryan Amiri 1 , Robert Strek 2 , Michal Miuda 2 , Ladislav Mita 2 , Jr., Miloslav Duek 2 , Petros Wallden 3 , and Erika Andersson 1 1 SUPA, Institute of Photonics and Quantum Sciences,

752 views • 29 slides
Two Round Oblivious Transfer from CDH or LPN Eurocrypt 2020 Nico Dttling Sanjam Garg Mohammad

Two Round Oblivious Transfer from CDH or LPN Eurocrypt 2020 Nico Dttling Sanjam Garg Mohammad

Two Round Oblivious Transfer from CDH or LPN Eurocrypt 2020 Nico Dttling Sanjam Garg Mohammad Hajiabadi Daniel Masny Daniel Wichs CISPA Helmholtz Center for Information Security UC Berkeley Visa Research Northeastern University

425 views • 13 slides
Adaptive Oblivious Transfer And Generalization Olivier Blazy, C eline Chevalier, Paul Germouty

Adaptive Oblivious Transfer And Generalization Olivier Blazy, C eline Chevalier, Paul Germouty

Adaptive Oblivious Transfer And Generalization Olivier Blazy, C eline Chevalier, Paul Germouty December 5, 2016 O. Blazy, C. Chevalier, P . Germouty December 5, 2016 1 / 31 Oblivious Transfer 1 OLBE: A Natural Generalization 2 Adaptive

1.51k views • 88 slides
July 23, 2016 STM 2016 Outline Background Additively homomorphic encryption Beacon

July 23, 2016 STM 2016 Outline Background Additively homomorphic encryption Beacon

July 23, 2016 STM 2016 Outline Background Additively homomorphic encryption Beacon search by Oblivious transfer Genome sequence search Overview of the proposed method Recursive oblivious transfer Burrows Wheeler

974 views • 70 slides
1 Definition of a simple generic class Why generic programming (cont.) class Pair <T> {

1 Definition of a simple generic class Why generic programming (cont.) class Pair <T> {

Topics background and goals of generic programming basics of generic classes = parameterized types generic methods for general algorithms inheritance rules for generic types Generic programming in Java bounded type parameters

261 views • 5 slides
Verifiable Homomorphic Oblivious Transfer and Private Equality Test Helger Lipmaa Helsinki

Verifiable Homomorphic Oblivious Transfer and Private Equality Test Helger Lipmaa Helsinki

Verifiable Homomorphic Oblivious Transfer and Private Equality Test Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger Asiacrypt 2003, 03.12.2003 Verifiable Homomorphic OT and PET, Helger Lipmaa 1 Overview of

891 views • 29 slides
ObliDB: Oblivious Query Processing for Secure Databases Saba Eskandarian Matei Zaharia Stanford

ObliDB: Oblivious Query Processing for Secure Databases Saba Eskandarian Matei Zaharia Stanford

ObliDB: Oblivious Query Processing for Secure Databases Saba Eskandarian Matei Zaharia Stanford University Stanford University Private Data in the Cloud Compromised cloud can: Read data Read queries Alter data Hardware Enclaves A trusted

438 views • 31 slides
FrodoKEM practical quantum-secure key encapsulation from generic lattices Erdem Alkim Joppe W.

FrodoKEM practical quantum-secure key encapsulation from generic lattices Erdem Alkim Joppe W.

FrodoKEM practical quantum-secure key encapsulation from generic lattices Erdem Alkim Joppe W. Bos L eo Ducas Patrick Longa Ilya Mironov Michael Naehrig Valeria Nikolaenko Chris Peikert Ananth Raghunathan Douglas Stebila 1 / 11

950 views • 49 slides
FrodoKEM practical quantum-secure key encapsulation from generic lattices Erdem Alkim Joppe W. Bos

FrodoKEM practical quantum-secure key encapsulation from generic lattices Erdem Alkim Joppe W. Bos

FrodoKEM practical quantum-secure key encapsulation from generic lattices Erdem Alkim Joppe W. Bos L eo Ducas Patrick Longa Ilya Mironov Michael Naehrig Valeria Nikolaenko Chris Peikert Ananth Raghunathan Douglas Stebila 1 / 11 Concrete

897 views • 52 slides
Secure, Managed File Transfer and Automation _ Moving

Secure, Managed File Transfer and Automation _ Moving

Secure, Managed File Transfer and Automation _ Moving Files is Business-critical Legal Documents Loan Information XML Data Files X-Rays Purchase Orders Patient Records Insurance Test Results Large

632 views • 37 slides

More recommend