## Cryptology ePrint Archive: Report 2017/1165

Efficient, Round-optimal, Universally-Composable Oblivious Transfer and Commitment Scheme with Adaptive Security

Megha Byali and Arpita Patra and Divya Ravi and Pratik Sarkar

Abstract: Adaptive security embodies one of the strongest notions of security that allows an adversary to corrupt parties at any point during protocol execution and gain access to its internal state. Since it models real-life situations such as "hacking", adaptively-secure multiparty computation (MPC) protocols are desirable. Such protocols demand primitives such as oblivious transfer (OT) and commitment schemes that are adaptively-secure as building blocks. Efficient realisations of these primitives have been found to be challenging when no erasures is assumed. In this paper, we provide efficient constructions for these primitives that are Universally-Composable.

$Adaptively-Secure$ $Oblivious$ $Transfer.$ We present the first $round$ $optimal$ adaptively-secure OT based on the 2-round static OT protocol of $Peikert$ et al. (Crypto 2008). Our protocol is in the programmable random oracle (PRO) model. It incurs a minimal communication overhead of one $\kappa$ bit string and computational overhead of 5 random oracle queries over its static counterpart, where $\kappa$ is the security parameter. Additionally, we present a construction of adaptively-secure 1-out-of-$N$ OT by extending the result of $Naor$ et al. (Journal of Cryptology 2005) that transforms $\log N$ copies of 1-out-of-2 OTs to one 1-out-of-$N$ OT. Based on PRO assumption, we prove that the transformation is adaptively-secure at the expense of $\mathcal{O}(\log N)$ exponentiations whereas, the existing state-of-the-art protocols for adaptively-secure 1-out-of-$N$ OT incur at least $\mathcal{O}(N)$ exponentiations. Interestingly, it can be established that our transformation continues to be adaptively-secure, despite replacing the adaptively-secure 1-out-of-2 OTs in the above result with statically-secure OTs, that support equivocation of receiver's view irrespective of equivocation of sender's view.

$Adaptively-Secure$ $Commitment$ $Scheme.$ We provide a $round$ $optimal$ non-interactive commitment scheme (NICOM) based on the observable random oracle (ORO) assumption in the CRS model. Our construction incurs communication of 4$\kappa$ bit strings and computation of 4 exponentiations and 2 random oracle queries for committing to an arbitrary length message. Additionally, we present a statically-secure scheme for one-time generation of CRS that can be reused for multiple commitments. This eliminates the need of a trusted CRS setup for the commitment scheme, thereby reducing the assumptions solely to ORO. The static version of our NICOM finds applications in secure two-party computation (2PC) protocols that adopt offline-online paradigm, where the CRS can be generated in the offline phase.

Category / Keywords: cryptographic protocols / Oblivious Transfer, Commitment Schemes, Universal Composability, Adaptive Security, Erasures

Date: received 30 Nov 2017, last revised 30 Nov 2017

Contact author: divyar at iisc ac in, megha@iisc ac in, meghabyali@gmail com, pratiks@iisc ac in, iampratiksarkar@gmail com, arpita@iisc ac in, arpitapatra10@gmail com

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2017/1165

[ Cryptology ePrint archive ]