Cryptology ePrint Archive: Report 2017/370

"The Simplest Protocol for Oblivious Transfer'' Revisited

Ziya Alper Genç and Vincenzo Iovino and Alfredo Rial

Abstract: In 2015, Chou and Orlandi presented an oblivious transfer protocol that already drew a lot of attention both from theorists and practitioners due to its extreme simplicity and high efficiency. Chou and Orlandi claimed that their protocol is UC-secure in the random oracle model under dynamic corruptions, which is a very strong security guarantee. Unfortunately, in this work we point out a flaw in their security proof for the case of sender corruption. We define a decisional problem and we prove that, if a correct proof is provided, then this problem can be solved correctly with overwhelming probability. Therefore, the protocol by Chou and Orlandi cannot be instantiated securely with groups for which our decisional problem cannot be solved correctly with overwhelming probability. Our decisional problem can be solved with overwhelming probability when a DDH oracle is provided. Therefore, it seems likely that the protocol by Chou and Orlandi can be instantiated securely with gap-DH groups.

Category / Keywords: oblivious transfer, universal composability

Date: received 24 Apr 2017, last revised 24 May 2017

Contact author: vinciovino at gmail com

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2017/370

[ Cryptology ePrint archive ]