Cryptology ePrint Archive: Report 2014/499
Security and Efficiency Analysis of The Hamming Distance Computation Protocol Based On Oblivious Transfer
Mehmet Sabır Kiraz and Ziya Alper Genç and Süleyman Kardaş
Abstract: Abstract—In Financial Cryptography 2013, Bringer, Chabanne
and Patey proposed two cryptographic protocols for the computation
of Hamming distance in the two-party setting. Their first scheme uses Oblivious Transfer and provides security in the semi-honest model. The other scheme uses Committed Oblivious Transfer (COT) and is claimed to provide full security in the malicious case. The proposed protocols have direct implications to biometric authentication schemes between a prover and a verifier where the verifier has biometric data of the users in plain form. In this paper, we show that their protocol against malicious adversaries is not actually secure. Namely, we show a generic attack such that a malicious user can compute a Hamming distance which is different from the actual value. For biometric authentication systems, this attack allows a malicious adversary to pass the authentication without knowledge of the honest user's input with at most O(n) complexity instead of O(2^n), where n is the input length. We propose an enhanced version of their protocol where this attack is eliminated. The security of our modified protocol is proved using simulation-based paradigm. Also as for efficiency concerns, the modified protocol utilizes Verifiable Oblivious Transfer (VOT) which excludes the commitments to outputs (as they exist in COT). We show that the use of VOT does not reduce the security of the protocol but improves the efficiency significantly.
Category / Keywords: Biometric Identification, Authentication, Hamming distance, Privacy, Committed Oblivious Transfer
Date: received 23 Jun 2014, last revised 22 Jan 2015
Contact author: mehmet kiraz at tubitak gov tr
Available format(s): PDF | BibTeX Citation
Note: Quality has been improved.
Version: 20150123:054459 (All versions of this report)
Short URL: ia.cr/2014/499
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]