### Compact, Efficient and UC-Secure Isogeny-Based Oblivious Transfer

##### Abstract

Oblivious transfer (OT) is an essential cryptographic tool that can serve as a building block for almost all secure multiparty functionalities. The strongest security notion against malicious adversaries is universal composability (UC-secure). An important goal is to have post-quantum OT protocols. One area of interest for post-quantum cryptography is isogeny-based crypto. Isogeny-based cryptography has some similarities to Diffie-Hellman, but lacks some algebraic properties that are needed for discrete-log-based OT protocols. Hence it is not always possible to directly adapt existing protocols to the isogeny setting. We propose the first practical isogeny-based UC-secure oblivious transfer protocol in the presence of malicious adversaries. Our scheme uses the CSIDH framework and does not have an analogue in the Diffie-Hellman setting. The scheme consists of a constant number of isogeny computations. The underlying computational assumption is a problem that we call the computational reciprocal CSIDH problem, and that we prove polynomial-time equivalent to the computational CSIDH problem.

Note: This is the full version of a paper accepted to EUROCRYPT 2021

Available format(s)
Category
Cryptographic protocols
Publication info
A minor revision of an IACR publication in EUROCRYPT 2021
Keywords
oblivious transfer isogeny-based cryptography
Contact author(s)
27182818284fu lai @ gmail com
s galbraith @ auckland ac nz
cyprien delpechdesaintguilhem @ kuleuven be
History
2022-11-11: last of 5 revisions
See all versions
Short URL
https://ia.cr/2020/1012

CC BY

BibTeX

@misc{cryptoeprint:2020/1012,
author = {Yi-Fu Lai and Steven D.  Galbraith and Cyprien Delpech de Saint Guilhem},
title = {Compact, Efficient and UC-Secure Isogeny-Based Oblivious Transfer},
howpublished = {Cryptology ePrint Archive, Paper 2020/1012},
year = {2020},
note = {\url{https://eprint.iacr.org/2020/1012}},
url = {https://eprint.iacr.org/2020/1012}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.