• PDF / 959,977 Bytes
• 26 Pages / 439.37 x 666.142 pts Page_size
• 50 Downloads / 224 Views

DOWNLOAD

REPORT

alborg University, Aalborg, Denmark [email protected] 2 Aarhus University, Aarhus, Denmark [email protected] 3 Universitat Rovira i Virgili, Tarragona, Spain [email protected] 4 University of Maryland, College Park, USA [email protected] 5 George Mason University, Fairfax, USA

Abstract. An OT-combiner takes n candidate implementations of the oblivious transfer (OT) functionality, some of which may be faulty, and produces a secure instance of oblivious transfer as long as a large enough number of the candidates are secure. We see an OT-combiner as a 2-party protocol that can make several black-box calls to each of the n OT candidates, and we want to protect against an adversary that can corrupt one of the parties and a certain number of the OT candidates, obtaining their inputs and (in the active case) full control of their outputs. In this work we consider perfectly (unconditionally, zero-error) secure OT-combiners and we focus on minimizing the number of calls to the candidate OTs. First, we construct a single-use (one call per OT candidate) OTcombiner which is perfectly secure against active adversaries corrupting one party and a constant fraction of the OT candidates. This extends a previous result by Ishai et al. (ISIT 2014) that proves the same fact for passive adversaries. Second, we consider a more general asymmetric corruption model where an adversary can corrupt different sets of OT candidates depending on whether it is Alice or Bob who is corrupted. We give sufficient and necI. Cascudo—Acknowledges support from the Danish Council for Independent Research, grant no. DFF-4002-00367. I. Damg˚ ard—This project has received funding from the European Research Council (ERC) under the European Unions’s Horizon 2020 research and innovation programme under grant agreement No 669255 (MPCPRO). O. Farr` as—Supported by the European Union through H2020-ICT-2014-1-644024 and H2020-DS-2015-1-700540, and by the Spanish Government through TIN201457364-C2-1-R. S. Ranellucci—Supported by NSF grants #1564088 and #1563722. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation. c International Association for Cryptologic Research 2017  Y. Kalai and L. Reyzin (Eds.): TCC 2017, Part II, LNCS 10678, pp. 461–486, 2017. https://doi.org/10.1007/978-3-319-70503-3_15

462

I. Cascudo et al. essary conditions for the existence of an OT combiner with a given number of calls to the candidate OTs in terms of the existence of secret sharing schemes with certain access structures and share-lengths. This allows in some cases to determine the optimal number of calls to the OT candidates which are needed to construct an OT combiner secure against a given adversary.

1

Introduction

1-out-of-2 bit oblivious transfer [EGL82] (OT) is a well-known cryptographic primitive between two parties, a sender Alice and a receiver Bob, in which the sender has as input two one-bit messages and the receiver chooses to learn one of the

Recommend Documents

Continuous Group Key Agreement with Active Security

170 61 29MB

iO Combiners and Universal Constructions

207 114 2MB

Ledger Combiners for Fast Settlement

146 103 14MB

UC-Secure OT from LWE, Revisited

125 83 16MB

Space Security and Legal Aspects of Active Debris Removal

104 92 2MB

Concretely Efficient Large-Scale MPC with Active Security (or, TinyKeys for TinyOT)

168 79 3MB

AE-OT-GAN: Training GANs from Data Specific Latent Distribution

136 69 186MB

Active Objects with Deterministic Behaviour

169 12 19MB

Integrating Planning with Active Illumination

201 12 39MB

Moment maps and isoparametric hypersurfaces of OT-FKM type

158 28 179KB

Traumatic Stress and Long-Term Recovery Coping with Disasters and Ot

150 44 13MB

Security Games with Insider Threats

181 84 32MB