Abstract
Oblivious Transfer (\(\textsf{OT}\)) is a fundamental cryptographic primitive, becoming a crucial component of a practical secure protocol. \(\textsf{OT}\) is typically implemented in software, and one way to accelerate its running time is by using hardware implementations. However, such implementations are vulnerable to side-channel attacks (SCAs). On the other hand, protecting interactive protocols against SCA is highly challenging because of their longer secrets (which include inputs and randomness), more complicated design, and running multiple instances. Consequently, there are no truly practical leakage-resistant \(\textsf{OT}\) protocols yet.
In this paper, we introduce two tailored indistinguishability-based security definitions for leakage-resilient \(\textsf{OT}\), focusing on protecting the sender’s state. Second, we propose a practical semi-honest secure \(\textsf{OT}\) protocol that achieves these security levels while minimizing the assumptions on the protocol’s building blocks and the use of a secret state. Finally, we extend our protocol to support sequential composition and explore efficiency-security tradeoffs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Recall that in the security definitions of encryption schemes with leakage, we assume that the adversary knows the challenge ciphertext but has at most some leakage information about the key, here the adversary knows the key and has some information about the challenge ciphertext.
- 2.
For example, if the oracle implements an encryption scheme \(\textsf{Enc}_k(m)\), and the adversary plays a \(\textsf{CPA}\)-game with leakage, the public input is m, chosen by the adversary, while the secret input is the key k. Thus, \(\mathcal {I}^{sec}=\mathcal {K}\), the key-space of the encryption scheme, while \(\mathcal {I}^{pub}=\mathcal {M}\), the message space.
- 3.
Should not be confuse with secret-sharing, here a share merely describe part of the message.
- 4.
In our model, these values are not deleted, but since the corresponding memory cells are not accessed anymore, they cannot be leaked.
- 5.
It is well known that computation with asymmetric primitives leaks far more on each secret-bit of (say) the key as compared to symmetric primitives.
- 6.
We are also inspired by the definition of security in the presence of leakage of the XOR of a pseudorandom value with a message block [9], where we give the leakage of the generation of the random block.
- 7.
If k is unpredictable, then passing through an ideal cipher gives random outputs.
- 8.
It is enough to XOR z with one share and keep all other shares to have an additive output sharing.
References
Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_28
Barwell, G., Martin, D.P., Oswald, E., Stam, M.: Authenticated encryption in the face of protocol and side channel leakage. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 693–723. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_24
Beaver, D.: Precomputing oblivious transfer. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 97–109. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_8
Beaver, D.: Correlated pseudorandomness and the complexity of private computations. In: STOC (1996)
Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_25
Bellizia, D., et al.: Spook: sponge-based leakage-resistant authenticated encryption with a masked tweakable block cipher. IACR Trans. Symmetric Cryptol. S1, 295–349 (2020)
Bellizia, D., et al.: Mode-level vs. implementation-level physical security in symmetric cryptography. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12170, pp. 369–400. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56784-2_13
Berti, F., Guo, C., Pereira, O., Peters, T., Standaert, F.-X.: Strong authenticity with leakage under weak and falsifiable physical assumptions. In: Liu, Z., Yung, M. (eds.) Inscrypt 2019. LNCS, vol. 12020, pp. 517–532. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42921-8_31
Berti, F., Guo, C., Pereira, O., Peters, T., Standaert, F.: Tedt, a leakage-resist AEAD mode for high physical security applications. IACR Trans. Cryptogr. Hardw. Embed. Syst. 1, 256–320 (2020)
Berti, F., Guo, C., Peters, T., Shen, Y., Standaert, F.: Secure message authentication in the presence of leakage and faults. IACR Trans. Symmetric Cryptol. 2023(1), 288–315 (2023)
Berti, F., Hazay, C., Levi, I.: LR-OT: leakage-resilient oblivious transfer. Cryptology ePrint Archive, Paper 2024/1143
Bitansky, N., Canetti, R., Halevi, S.: Leakage-tolerant interactive protocols. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 266–284. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28914-9_15
Alpirez Bock, E., Brzuska, C., Michiels, W., Treff, A.: On the ineffectiveness of internal encodings - revisiting the DCA attack on white-box cryptography. In: Preneel, B., Vercauteren, F. (eds.) ACNS 2018. LNCS, vol. 10892, pp. 103–120. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93387-0_6
Bogdanov, A., Ishai, Y., Srinivasan, A.: Unconditionally secure computation against low-complexity leakage. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 387–416. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_14
Boyle, E., et al.: Efficient two-round OT extension and silent non-interactive secure computation. In: SIGSAC (2019)
Boyle, E., Goldwasser, S., Jain, A., Kalai, Y.T.: Multiparty computation secure against continual memory leakage. In: STOC (2012)
Cassiers, G., Grégoire, B., Levi, I., Standaert, F.-X.: Hardware private circuits: from trivial composition to full verification. IEEE Trans. Comput. 70(10), 1677–1690 (2020)
Coron, J.-S., Patarin, J., Seurin, Y.: The random oracle model and the ideal cipher model are equivalent. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 1–20. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_1
Costes, N., Stam, M.: Pincering SKINNY by exploiting slow diffusion enhancing differential power analysis with cluster graph inference. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2023)
Couteau, G., Rindal, P., Raghuraman, S.: Silver: silent VOLE and oblivious transfer from hardness of decoding structured LDPC codes. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12827, pp. 502–534. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_17
Degabriele, J.P., Janson, C., Struck, P.: Sponges resist leakage: the case of authenticated encryption. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11922, pp. 209–240. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34621-8_8
Dobraunig, C., Eichlseder, M., Mangard, S., Mendel, F., Unterluggauer, T.: ISAP - towards side-channel secure authenticated encryption. IACR Trans. Symmetric Cryptol. 1, 80–105 (2017)
Dodis, Y., Steinberger, J.: Message authentication codes from unpredictable block ciphers. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 267–285. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_16
Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS (2008)
Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology, pp. 205–210. Springer, Boston, MA (1983). https://doi.org/10.1007/978-1-4757-0602-4_19
Goldreich, O.: The Foundations of Cryptography. Basic Applications, vol. 2 (2004)
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or A completeness theorem for protocols with honest majority. In: STOC (1987
Guo, C., Pereira, O., Peters, T., Standaert, F.-X.: Authenticated encryption with nonce misuse and physical leakage: definitions, separation results and first construction. In: Schwabe, P., Thériault, N. (eds.) LATINCRYPT 2019. LNCS, vol. 11774, pp. 150–172. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30530-7_8
Halderman, J.A., et al.: Lest we remember: cold boot attacks on encryption keys. In: USENIX (2008)
Hazay, C., Lindell, Y.: Efficient Secure Two-Party Protocols - Techniques and Constructions. Information Security and Cryptography (2010)
Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: STOC
Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_9
Ishai, Y., Prabhakaran, M., Sahai, A.: Founding cryptography on oblivious transfer – efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_32
Järvinen, K., Balasch, J.: Single-trace side-channel attacks on scalar multiplications with precomputations. In: Lemke-Rust, K., Tunstall, M. (eds.) CARDIS 2016. LNCS, vol. 10146, pp. 137–155. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54669-8_9
Kabin, I., Dyka, Z., Klann, D., Langendoerfer, P.: Horizontal attacks against ECC: from simulations to ASIC. In: Fournaris, A.P., et al. (eds.) IOSEC/MSTEC/FINSEC -2019. LNCS, vol. 11981, pp. 64–76. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42051-2_5
Kalai, Y.T., Reyzin, L.: A survey of leakage-resilient cryptography. On the Work of Shafi Goldwasser and Silvio Micali. ACM, In Providing Sound Foundations for Cryptography (2019)
Katz, J., Lindell, Y.: Introduction to Modern Cryptography, Second Edition (2014)
Kilian, J.: Founding cryptography on oblivious transfer. In: STOC (1988)
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25
Levi, I., Hazay, C.: Garbled circuits from an SCA perspective free XOR can be quite expensive. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2023)
Longo, J., Martin, D.P., Oswald, E., Page, D., Stam, M., Tunstall, M.J.: Simulatable leakage: analysis, pitfalls, and new constructions. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 223–242. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_12
Micali, S., Reyzin, L.: Physically observable cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24638-1_16
Pereira, O., Standaert, F., Vivek, S.: Leakage-resilient authentication and encryption from symmetric cryptographic primitives. In: CCS, pp. 96–108 (2015)
Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_31
Quisquater, J.-J., Samyde, D.: ElectroMagnetic analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45418-7_17
Rabin, M.O.: How to exchange secrets with oblivious transfer. Technical report, Harvard Center for Research in Computer Technology (1981)
Raghuraman, S., Rindal, P., Tanguy, T.: Expand-convolute codes for pseudorandom correlation generators from LPN. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO 2023. LNCS, vol. 14084, pp. 602–632. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-38551-3_19
Ravi, P., Poussier, R., Bhasin, S., Chattopadhyay, A.: On configurable SCA countermeasures against single trace attacks for the NTT. In: Batina, L., Picek, S., Mondal, M. (eds.) SPACE 2020. LNCS, vol. 12586, pp. 123–146. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-66626-2_7
Roy, L.: Softspokenot: Communication-computation tradeoffs in OT extension. IACR Cryptol. ePrint Arch, p. 192 (2022)
Roy, P.S., Adhikari, A.: One-sided leakage-resilient privacy only two-message oblivious transfer. J. Inf. Secur. Appl. 295–300 (2014)
Salomon, D., Levi, I.: MaskSIMD-lib: on the performance gap of a generic C optimized assembly and wide vector extensions for masked software with an Ascon-p test case. J. Cryptogr. Eng. 13(3), 325–342 (2023)
Salomon, D., Weiss, A., Levi, I.: Improved filtering techniques for single-and multi-trace side-channel analysis. Cryptography 5(3), 24 (2021)
Staib, M., Moradi, A.: Deep learning side-channel collision attack. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2023)
Tang, Y., Gong, Z., Chen, J., Xie, N.: Higher-order DCA attacks on white-box implementations with masking and shuffling countermeasures. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2023)
Wolf, S., Wullschleger, J.: Oblivious transfer is symmetric. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 222–232. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_14
Yao, A.C.: How to generate and exchange secrets (extended abstract). In: FOCS (1986)
You, S., Kuhn, M.G., Sarkar, S., Hao, F.: Low trace-count template attacks on 32-bit implementations of ASCON AEAD. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2023)
Yu, Y., Standaert, F., Pereira, O., Yung, M.: Practical leakage-resilient pseudorandom generators. In: CCS, pp. 141–151 (2010)
Acknowledgments
Francesco Berti and Itamar Levi were founded by the Israel Science Foundation (ISF) grant 2569/21. Carmit Hazay was partially supported by the Algorand Centres of Excellence programme managed by Algorand Foundation. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Algorand Foundation, and the United States-Israel Binational Science Foundation (BSF) through Grant No. 2020277.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Berti, F., Hazay, C., Levi, I. (2024). \(\textsf{LR}\)-\(\textsf{OT}\): Leakage-Resilient Oblivious Transfer. In: Galdi, C., Phan, D.H. (eds) Security and Cryptography for Networks. SCN 2024. Lecture Notes in Computer Science, vol 14973. Springer, Cham. https://doi.org/10.1007/978-3-031-71070-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-71070-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-71069-8
Online ISBN: 978-3-031-71070-4
eBook Packages: Computer ScienceComputer Science (R0)