Paper 2017/370

"The Simplest Protocol for Oblivious Transfer'' Revisited

Ziya Alper Genç, Vincenzo Iovino, and Alfredo Rial

Abstract

In 2015, Chou and Orlandi presented an oblivious transfer protocol that already drew a lot of attention both from theorists and practitioners due to its extreme simplicity and high efficiency. Chou and Orlandi claimed that their protocol is UC-secure in the random oracle model under dynamic corruptions, which is a very strong security guarantee. Unfortunately, in this work we point out a flaw in their security proof for the case of sender corruption. We define a decisional problem and we prove that, if a correct proof is provided, then this problem can be solved correctly with overwhelming probability. Therefore, the protocol by Chou and Orlandi cannot be instantiated securely with groups for which our decisional problem cannot be solved correctly with overwhelming probability. Our decisional problem can be solved with overwhelming probability when a DDH oracle is provided. Therefore, it seems likely that the protocol by Chou and Orlandi can be instantiated securely with gap-DH groups.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
oblivious transferuniversal composability
Contact author(s)
vinciovino @ gmail com
History
2017-05-24: last of 3 revisions
2017-04-28: received
See all versions
Short URL
https://ia.cr/2017/370
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2017/370,
      author = {Ziya Alper Genç and Vincenzo Iovino and Alfredo Rial},
      title = {"The Simplest Protocol for Oblivious Transfer'' Revisited},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/370},
      year = {2017},
      url = {https://eprint.iacr.org/2017/370}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.