Cryptology ePrint Archive: Report 2020/545

Efficient and Round-Optimal Oblivious Transfer and Commitment with Adaptive Security

Ran Canetti and Pratik Sarkar and Xiao Wang

Abstract: We construct the most efficient two-round adaptively secure bit-OT in the Common Random String (CRS) model. The scheme is UC secure under the Decisional Diffie-Hellman (DDH) assumption. It incurs O(1) exponentiations and sends O(1) group elements, whereas the state of the art requires O(k^2) exponentiations and communicates poly(k) bits, where k is the computational security parameter. Along the way, we obtain several other efficient UC-secure OT protocols under DDH :

- The most efficient yet two-round adaptive string-OT protocol assuming programmable random oracle. Furthermore, the protocol can be made non-interactive in the simultaneous message setting, assuming random inputs for the sender.

- The first two-round string-OT with amortized constant exponentiations and communication overhead which is secure in the observable random oracle model.

- The first two-round receiver equivocal string-OT in the CRS model that incurs constant computation and communication overhead.

We also obtain the first non-interactive adaptive string UC-commitment in the CRS model which incurs a sublinear communication overhead in the security parameter. Specifically, we commit to polylog(k) bits while communicating O(k) bits. Moreover, it is additively homomorphic in nature.

We can also extend our results to the single CRS model where multiple sessions share the same CRS. As a corollary, we obtain a two-round adaptively secure MPC protocol in this model.

Category / Keywords: cryptographic protocols / round optimal, oblivious transfer, commitment scheme, adaptive corruptions, UC security, MPC

Date: received 9 May 2020, last revised 11 May 2020

Contact author: canetti at bu edu,pratik93@bu edu,wangxiao@cs northwestern edu

Available format(s): PDF | BibTeX Citation

Version: 20200515:094336 (All versions of this report)

Short URL: ia.cr/2020/545


[ Cryptology ePrint archive ]