You are looking at a specific version 20171130:234147 of this paper. See the latest version.

Paper 2017/1165

Efficient, Round-optimal, Universally-Composable Oblivious Transfer and Commitment Scheme with Adaptive Security

Megha Byali and Arpita Patra and Divya Ravi and Pratik Sarkar

Abstract

Adaptive security embodies one of the strongest notions of security that allows an adversary to corrupt parties at any point during protocol execution and gain access to its internal state. Since it models real-life situations such as "hacking", adaptively-secure multiparty computation (MPC) protocols are desirable. Such protocols demand primitives such as oblivious transfer (OT) and commitment schemes that are adaptively-secure as building blocks. Efficient realisations of these primitives have been found to be challenging when no erasures is assumed. In this paper, we provide efficient constructions for these primitives that are Universally-Composable. $Adaptively-Secure$ $Oblivious$ $Transfer.$ We present the first $round$ $optimal$ adaptively-secure OT based on the 2-round static OT protocol of $Peikert$ et al. (Crypto 2008). Our protocol is in the programmable random oracle (PRO) model. It incurs a minimal communication overhead of one $\kappa$ bit string and computational overhead of 5 random oracle queries over its static counterpart, where $\kappa$ is the security parameter. Additionally, we present a construction of adaptively-secure 1-out-of-$N$ OT by extending the result of $Naor$ et al. (Journal of Cryptology 2005) that transforms $\log N$ copies of 1-out-of-2 OTs to one 1-out-of-$N$ OT. Based on PRO assumption, we prove that the transformation is adaptively-secure at the expense of $\mathcal{O}(\log N)$ exponentiations whereas, the existing state-of-the-art protocols for adaptively-secure 1-out-of-$N$ OT incur at least $\mathcal{O}(N)$ exponentiations. Interestingly, it can be established that our transformation continues to be adaptively-secure, despite replacing the adaptively-secure 1-out-of-2 OTs in the above result with statically-secure OTs, that support equivocation of receiver's view irrespective of equivocation of sender's view. $Adaptively-Secure$ $Commitment$ $Scheme.$ We provide a $round$ $optimal$ non-interactive commitment scheme (NICOM) based on the observable random oracle (ORO) assumption in the CRS model. Our construction incurs communication of 4$\kappa$ bit strings and computation of 4 exponentiations and 2 random oracle queries for committing to an arbitrary length message. Additionally, we present a statically-secure scheme for one-time generation of CRS that can be reused for multiple commitments. This eliminates the need of a trusted CRS setup for the commitment scheme, thereby reducing the assumptions solely to ORO. The static version of our NICOM finds applications in secure two-party computation (2PC) protocols that adopt offline-online paradigm, where the CRS can be generated in the offline phase.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
Oblivious TransferCommitment SchemesUniversal ComposabilityAdaptive SecurityErasures
Contact author(s)
divyar @ iisc ac in
megha @ iisc ac in
meghabyali @ gmail com
pratiks @ iisc ac in
iampratiksarkar @ gmail com
arpita @ iisc ac in
arpitapatra10 @ gmail com
History
2018-03-21: last of 4 revisions
2017-11-30: received
See all versions
Short URL
https://ia.cr/2017/1165
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.