### Equational Security Proofs of Oblivious Transfer Protocols

Baiyu Li and Daniele Micciancio

##### Abstract

We exemplify and evaluate the use of the equational framework of Micciancio and Tessaro (ITCS 2013) by analyzeing a number of concrete Oblivious Transfer protocols: a classic OT transformation to increase the message size, and the recent (so called simplest'') OT protocol in the random oracle model of Chou and Orlandi (Latincrypt 2015), together with some simple variants. Our analysis uncovers subtle timing bugs or shortcomings in both protocols, or the OT definition typically employed when using them. In the case of the OT length extension transformation, we show that the protocol can be formally proved secure using a revised OT definition and a simple protocol modification. In the case of the simplest'' OT protocol, we show that it cannot be proved secure according to either the original or revised OT definition, in the sense that for any candidate simulator (expressible in the equational framework) there is an environment that distinguishes the real from the ideal system.

Note: Revision for PKC2018

Available format(s)
Category
Cryptographic protocols
Publication info
Keywords
Equational securityuniversal composabilityoblivious transferasynchronoussimulation-based
Contact author(s)
baiyu @ cs ucsd edu
History
2018-01-10: revised
See all versions
Short URL
https://ia.cr/2016/624

CC BY

BibTeX

@misc{cryptoeprint:2016/624,
author = {Baiyu Li and Daniele Micciancio},
title = {Equational Security Proofs of Oblivious Transfer Protocols},
howpublished = {Cryptology ePrint Archive, Paper 2016/624},
year = {2016},
note = {\url{https://eprint.iacr.org/2016/624}},
url = {https://eprint.iacr.org/2016/624}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.