Paper 2017/958

Two-Message, Oblivious Evaluation of Cryptographic Functionalities

Nico Döttling, Nils Fleischhacker, Johannes Krupp, and Dominique Schröder

Abstract

We study the problem of two round oblivious evaluation of cryptographic functionalities. In this setting, one party P1 holds a private key sk for a provably secure instance of a cryptographic functionality F and the second party P2 wishes to evaluate F_sk on a value x. Although it has been known for 22 years that general functionalities cannot be computed securely in the presence of malicious adversaries with only two rounds of communication, we show the existence of a round-optimal protocol that obliviously evaluates cryptographic functionalities. Our protocol is provably secure against malicious receivers under standard assumptions and does not rely on heuristic (setup) assumptions. Our main technical contribution is a novel nonblack-box technique, which makes nonblack-box use of the security reduction of F_sk. Specifically, our proof of malicious receiver security uses the code of the reduction, which reduces the security of F_sk to some hard problem, in order to break that problem directly. Instantiating our framework, we obtain the first two-round oblivious pseudorandom function that is secure in the standard model. This question was left open since the invention of OPRFs in 1997.

Metadata
Available format(s)
PDF
Publication info
A minor revision of an IACR publication in CRYPTO 2016
Contact author(s)
nico doettling @ gmail com
History
2017-09-29: received
Short URL
https://ia.cr/2017/958
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/958,
      author = {Nico Döttling and Nils Fleischhacker and Johannes Krupp and Dominique Schröder},
      title = {Two-Message, Oblivious Evaluation of Cryptographic Functionalities},
      howpublished = {Cryptology ePrint Archive, Paper 2017/958},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/958}},
      url = {https://eprint.iacr.org/2017/958}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.