Cryptology ePrint Archive: Report 2017/993

A Framework for Efficient Adaptively Secure Composable Oblivious Transfer in the ROM

Paulo S. L. M. Barreto and Bernardo David and Rafael Dowsley and Kirill Morozov and Anderson C. A. Nascimento

Abstract: Oblivious Transfer (OT) is a fundamental cryptographic protocol that finds a number of applications, in particular, as an essential building block for two-party and multi-party computation. We construct a universally composable (UC) protocol for oblivious transfer secure against active adaptive adversaries from any OW-CPA secure public-key encryption scheme with certain properties in the random oracle model (ROM). In terms of computation, our protocol only requires the generation of a public/secret-key pair, six encryption operations and two decryption operation, apart from a few calls to the random oracle. In~terms of communication, our protocol only requires the transfer of one public-key, four ciphertexts, six binary strings of size equal to the security parameter, and two binary strings of size equal to the OT's messages. Next, we show how to instantiate our construction under the low noise LPN, McEliece, QC-MDPC, and CDH assumptions. Our instantiations based on the low noise LPN, McEliece, and QC-MDPC assumptions are the first UC-secure OT protocols based on coding assumptions to achieve: 1) adaptive security, 2) low round complexity, 3) low communication and computational complexities. Previous results in this setting only achieved static security and used costly cut-and-choose techniques. Our CDH-based instantiation is the first UC-secure OT protocol based on this assumption.

Category / Keywords: cryptographic protocols /

Date: received 9 Oct 2017, last revised 21 Dec 2017

Contact author: rafael at cs au dk

Available format(s): PDF | BibTeX Citation

Note: Fixed an issue in the security proof identified by the anonymous reviewers of PKC 2018, making public a solution that had been privately communicated to the reviewers early in the review process.

Version: 20171221:151843 (All versions of this report)

Short URL: ia.cr/2017/993


[ Cryptology ePrint archive ]