Computationally Secure Oblivious Transfer

We describe new computationally secure protocols of 1-out-of-N oblivious transfer, k-out-of-N oblivious transfer, and oblivious transfer with adaptive queries. The protocols are very efficient compared with solutions based on generic two-party computation or on information-theoretic security. The 1-out-of-N oblivious transfer protocol requires only log N executions of a 1-out-of-2 oblivious transfer protocol. The k-out-of-N protocol is considerably more efficient than k repetitions of 1-out-of-N oblivious transfer, as is the construction for oblivious transfer with adaptive queries. The efficiency of the new oblivious transfer protocols makes them useful for many applications. A direct corollary of the 1-out-of-N oblivious transfer protocol is an efficient transformation of any Private Information Retrieval protocol to a Symmetric PIR protocol.     

无条件安全的量子茫然传送

茫然传送作为安全多方计算的基础协议具有重要的理论研究和实用价值.目前已有的经典环境中的各茫然传送协议大都基于公钥密码学或一些附加的计算困难性假设,而这些基础在量子计算机制下将变得相当脆弱.本文根据量子贝尔态的特性,提出了一种新的量子茫然传送协议,对其正确性与安全性进行了分析与证明.该协议可同时抵抗通信信道中噪声和可能存在的窃听,在安全性、健壮性、窃听检测等方面均优于经典计算环境下的各种茫然传送协议.     

UC 安全的高效不经意传输协议

非承诺加密机制是语义安全的,不能抵抗选择密文攻击.在non-erase模型的安全假设下,基于非承诺加密机制的不经意传输协议不能实现自适应攻击者UC(Universally Composable)安全的定义.利用可否认加密体制和可验证平滑投影哈希函数,提出了一个新的不经意传输协议,可否认加密体制通过陷门承诺的双陷门解密技术实现,新协议方案是可证明UC安全的,基于公共参考串模型,安全性可以归约为确定性复合剩余假设.新协议参与方能够处理指数空间的消息,计算效率得到改善,通过两次协议交互可以实现string-OT协议,与bit-OT协议相比单轮通信效率提高O(n)倍.     

Verifiable Distributed Oblivious Transfer and Mobile Agent Security

The mobile agent is a fundamental building block of the mobile computing paradigm. In mobile agent security, oblivious transfer (OT) from a trusted party can be used to protect the agent’s privacy and the hosts’ privacy. In this paper, we introduce a new cryptographic primitive called Verifiable Distributed Oblivious Transfer (VDOT), which allows us to replace a single trusted party with a group of threshold trusted servers. The design of VDOT uses a novel technique called consistency verification of encrypted secret shares. VDOT protects the privacy of both the sender and the receiver against malicious attacks of the servers. We also show the design of a system to apply VDOT to protect the privacy of mobile agents. Our design partitions an agent into the general portion and the security-sensitive portion. We also implement the key components of our system. As far as we know, this is the first effort to implement a system that protects the privacy of mobile agents. Our preliminary evaluation shows that protecting mobile agents not only is possible, but also can be implemented efficiently. This work was supported in part by the DoD University Research Initiative (URI) program administered by the Office of Naval Research under grant N00014-01-1-0795. Sheng Zhong was supported by ONR grant N00014-01-1-0795 and NSF grants ANI-0207399 and CCR-TC-0208972. Yang Richard Yang was supported in part by NSF grant ANI-0207399. A preliminary version of this paper was presented at the DialM-POMC Joint Workshop on Foundations of Mobile Computing in 2003. Sheng Zhong received his Ph.D. in computer science from Yale University in the year of 2004. He holds an assistant professor position at SUNY Buffalo and is currently on leave for postdoctoral research at the Center for Discrete Mathematics and Theoretical Computer Science (DIMACS). His research interests, on the practical side, are security and incentives in data mining, databases, and wireless networks. On the theoretical side, he is interested in cryptography and game theory. Yang Richard Yang is an Assistant Professor of Computer Science at Yale University. His research interests include computer networks, mobile computing, wireless networking, sensor networks, and network security. He leads the LAboratory of Networked Systems (LANS) at Yale. His recent awards include a Schlumberger Fellowship and a CAREER Award from the National Science Foundation. He received his B.E. degree from Tsinghua University (1993), and his M.S. and Ph.D. degrees from the University of Texas at Austin (1998 and 2001).     

Translucent Cryptography—An Alternative to Key Escrow, and Its Implementation via Fractional Oblivious Transfer

We present an alternative to the controversial ``key-escrow' techniques for enabling law enforcement and national security access to encrypted communications. Our proposal allows such access with probability p for each message, for a parameter p between 0 and 1 to be chosen (say, by Congress) to provide an appropriate balance between concerns for individual privacy, on the one hand, and the need for such access by law enforcement and national security, on the other. (For example, with p=0.4 , a law-enforcement agency conducting an authorized wiretap which records 100 encrypted conversations would expect to be able to decrypt (approximately) 40 of these conversations; the agency would not be able to decrypt the remaining 60 conversations at all.) Our scheme is remarkably simple to implement, as it requires no prior escrowing of keys. We implement translucent cryptography based on noninteractive oblivious transfer. Extending the schemes of Bellare and Micali [2], who showed how to transfer a message with probability ?, we provide schemes for noninteractive fractional oblivious transfer, which allow a message to be transmitted with any given probability p . Our protocol is based on the Diffie—Hellman assumption and uses just one El Gamal encryption (two exponentiations), regardless of the value of the transfer probability p . This makes the implementation of translucent cryptography competitive, in efficiency of encryption, with current suggestions for software key escrow. Received 19 September 1996 and revised 1 November 1997     

An efficient t‐out‐of‐n oblivious transfer for information security and privacy protection

In t‐out‐of‐n oblivious transfer (OT), the receiver can only receive t messages out of n messages sent by the sender, and the sender has no idea about which ones have been received. Majority of the existence of previous efficient OT schemes require t calls of 1‐out‐of‐n OT to construct the t‐out‐of‐n OT. Its computational requirements and bandwidth consumption are quite demanding. On the basis of the elliptic curves cryptography, we propose a new t‐out‐of‐n OT protocol for private information retrieval in this article. It is more suitable for the smart cards or mobile units. Copyright © 2013 John Wiley & Sons, Ltd.     

Linking information reconciliation and privacy amplification

Information reconciliation allows two parties knowing correlated random variables, such as a noisy version of the partner's random bit string, to agree on a shared string. Privacy amplification allows two parties sharing a partially secret string about which an opponent has some partial information, to distill a shorter but almost completely secret key by communicating only over an insecure channel, as long as an upper bound on the opponent’s knowledge about the string is known. The relation between these two techniques has not been well understood. In particular, it is important to understand the effect of side-information, obtained by the opponent through an initial reconciliation step, on the size of the secret key that can be distilled safely by subsequent privacy amplification. The purpose of this paper is to provide the missing link between these techniques by presenting bounds on the reduction of the Rényi entropy of a random variable induced by side-information. We show that, except with negligible probability, each bit of side-information reduces the size of the key that can be safely distilled by at most two bits. Moreover, in the important special case of side-information and raw key data generated by many independent repetitions of a random experiment, each bit of side-information reduces the size of the secret key by only about one bit. The results have applications in unconditionally secure key agreement protocols and in quantum cryptography. This research was supported by the Swiss National Science Foundation. A preliminary version of this paper was presented at Eurocrypt '94, May 9–12, Perugia, Italy.