Skip to main content
SpringerLink
Log in

Universally composable oblivious transfer from ideal lattice

  • Research Article
  • Published:
Frontiers of Computer Science Aims and scope Submit manuscript

Abstract

As a fundamental cryptographic primitive, oblivious transfer (OT) is developed for the sake of efficient usability and combinational feasibility. However, most OT protocols are built upon some quantum non-immune cryptosystems by assuming the hardness of discrete logarithm or factoring problem, whose security will break down directly in the quantum setting. Therefore, as a subarea of post-quantum cryptography, lattice-based cryptography is viewed as a promising alternative and cornerstone to support for building post-quantum protocols since it enjoys some attractive properties, such as provable security against quantum adversaries and lower asymptotic complexity.

In this paper, we first build an efficient 1-out-of-2 OT protocol upon the hardness of ring learning with errors (RLWE) problem, which is at least as hard as some worst-case ideal lattice problems. We show that this 1-out-of-2 OT protocol can be universally composable and secure against static corruptions in the random oracle model. Then we extend it to a general case, i.e., 1-out-of-N OT with achieving the same level of security. Furthermore, on the basis of the above OT structure, we obtain two improved OT protocols using two improved lattice-based key exchange protocols (respectively relying on the RLWE problem and learning with errors (LWE) problem, and both achieving better efficiency by removing the Gaussian sampling for saving cost) as building blocks. To show that our proposed OT protocol indeed achieves comparable security and efficiency, we make a comparison with another two lattice-based OT protocols in the end of the paper.

With concerning on the potential threat from quantum computing and expecting on the practical use of OT with high efficiency, an efficient post-quantum OT protocol is pressing needed. As shown in this paper, our proposed OT protocols may be considered as post-quantum OT candidates since they can both preserve provable security relying on lattice problems and enjoy practical efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Rabin O. How to exchange secrets with oblivious transfer. IACR Cryptology ePrint Archive, 2005, 2005: 187

    Google Scholar 

  2. Even S, Goldreich O, Lempel A. A randomized protocol for signing contracts. Communications of the ACM, 1985, 28(6): 637–647

    Article  MathSciNet  MATH  Google Scholar 

  3. Kilian J. Founding crytpography on oblivious transfer. In: Proceedings of the 20th Annual ACM Symposium on Theory of Computing. 1988, 20–31

    Google Scholar 

  4. Nielsen B, Nordholt P S, Orlandi C, Burra S S. A new approach to practical active-secure two-party computation. In: Proceedings of the 32nd Annual International Cryptology Conference. 2012, 681–700

    Google Scholar 

  5. Burra S, Larraia E, Nielsen J B, Nordholt P S, Orlandi C, Orsini E, Scholl P, Smart N P. High performance multi-party computation for binary circuits based on oblivious transfer. IACR Cryptology ePrint Archive, 2015, 2015: 472

    Google Scholar 

  6. Bellare M, Micali S. Non-interactive oblivious transfer and applications. In: Proceedings of the 9th CRYPTO Meeting. 1989, 547–557

    Google Scholar 

  7. Naor M, Pinkas B. Efficient oblivious transfer protocols. In: Proceedings of the 12th Annual ACM-SIAM Symposium on Discrete Algorithms. 2001, 448–457

    Google Scholar 

  8. Damgård I, Nielsen J B, Orlandi C. Essentially optimal universally composable oblivious transfer. In: Proceedings of the 11th International Conference on Information Security and Cryptology. 2008, 318–335

    Google Scholar 

  9. Lindell Y. Efficient fully-simulatable oblivious transfer. In: Proceedings of the Cryptographers’ Track at the RSA Conference. 2008, 52–70

    Google Scholar 

  10. Lindell Y. How to simulate it-a tutorial on the simulation proof technique. IACR Cryptology ePrint Archive, 2016, 2016: 46

    Google Scholar 

  11. Canetti R. Universally composable security: a new paradigm for cryptographic protocols. In: Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science. 2001, 136–145

    Chapter  Google Scholar 

  12. Shor W. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Review, 1999, 41(2): 303–332

    Article  MathSciNet  MATH  Google Scholar 

  13. Bernstein D J. Post-quantum Cryptography. Encyclopedia of Cryptography and Security, Springer, Boston, MA, 2011: 949–950

  14. Micciancio D. Lattice-based Cryptography. Encyclopedia of Cryptography an Security. Springer, Boston, MA, 2011, 713–715

    Google Scholar 

  15. Peikert C. Some recent progress in lattice-based cryptography. In: Proceedings of the 6th Theory of Cryptography Conference. 2009, 72

    Chapter  Google Scholar 

  16. Sendrier N. Code-based Cryptography. Encyclopedia of Cryptography and Security. Springer, Boston, MA, 2011, 215–216

    Google Scholar 

  17. Zhang J, Zhang Z, Ding J, Snook M, Dagdelen Ö. Authenticated key exchange from ideal lattices. In: Proceedings of the 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2015, 719–751

    Google Scholar 

  18. Krawczyk H. HMQV: a high-performance secure Diffie-Hellman protocol. In: Proceedings of the 25th Annual International Cryptology Conference. 2005, 546–566

    Google Scholar 

  19. Chou T, Orlandi C. The simplest protocol for oblivious transfer. In: Proceedings of the 4th International Conference on Cryptology and Information Security. 2015, 40–58

    Google Scholar 

  20. Ding J, Xie X, Lin X. A simple provably secure key exchange scheme based on the learning with errors problem. IACR Cryptology ePrint Archive, 2012, 2012: 688

    Google Scholar 

  21. Regev O. On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM (JACM), 2009, 56(6): 34

    Article  MathSciNet  MATH  Google Scholar 

  22. Lyubashevsky V, Peikert C, Regev O. On ideal lattices and learning with errors over rings. In: Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2010, 1–23

    Google Scholar 

  23. Dowsley R, van de Graaf J, Müller-Quade J, Nascimento A C A. Oblivious transfer based on the McEliece assumptions. In: Proceedings of the 3rd International Conference on Information Theoretic Security. 2008, 107–117

    Chapter  Google Scholar 

  24. Kobara K, Morozov K, Overbeck R. Coding-based Oblivious Transfer. Mathematical Methods in Computer Science, Springer, Berlin, Heidelberg, 2008, 142–156

    Chapter  Google Scholar 

  25. David M, Nascimento A C A, Nogueira R B. Oblivious transfer based on the mceliece assumptions with unconditional security for the sender. In: Proceedings of X Simposio Brasileiro de Segurança da Informaç ao e de Sistemas Computacionais. 2010

    Google Scholar 

  26. Vasant S, Venkatesan S, Rangan P. A code-based 1-out-of-N oblivious transfer based on mceliece assumptions. In: Proceedings of the 8th International Conference on Information Security Practice and Experience. 2012, 144–157

    Google Scholar 

  27. David M, Nascimento A C A, De Sousa R T. Efficient fully simulatable oblivious transfer from the mceliece assumptions. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2012, 95(11): 2059–2066

    Article  Google Scholar 

  28. McEliece J. A public-key cryptosystem based on algebraic. Coding Thv, 1978, 4244: 114–116

    Google Scholar 

  29. David M, Nascimento A C A, Müller-Quade J. Universally composable oblivious transfer from lossy encryption and the mceliece assumptions. In: Proceedings of the 6th International Conference on Information Theoretic Security. 2012, 80–99

    Chapter  Google Scholar 

  30. Peikert C, Vaikuntanathan V, Waters B. A framework for efficient and composable oblivious transfer. In: Proceedings of the 28th Annual International Cryptology Conference. 2008, 554–571

    Google Scholar 

  31. Lyubashevsky V, Palacio A, Segev G. Public-key cryptographic primitives provably as secure as subset sum. In: Proceedings of the 7th Theory of Cryptography Conference. 2010, 382–400

    Chapter  Google Scholar 

  32. Crépeau C, Kazmi R A. Oblivious transfer from weakly random selfreducible public-key cryptosystem. In: Proceedings of the 40th International Symposium on Mathematical Foundations of Computer Science. 2015, 261–273

    Google Scholar 

  33. Zeng B, Tang X, Hsu C. A framework for fully-simulatable h-out-of-n oblivious transfer. 2010, arXiv preprint arXiv:1005.0043

    Google Scholar 

  34. Blazy O, Chevalier C. Generic construction of uc-secure oblivious transfer. In: Proceedings of the 13th International Conference on Applied Cryptography and Network Security. 2015, 65–86

    Chapter  Google Scholar 

  35. Peikert C. Lattice cryptography for the internet. In: Proceedings of the 6th International Workshop on Post-Quantum Cryptography. 2014, 197–219

    Chapter  Google Scholar 

  36. Bos W, Costello C, Naehrig M, Stebila D. Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: Proceedings of 2015 IEEE Symposium on Security and Privacy. 2015, 553–570

    Chapter  Google Scholar 

  37. Lyubashevsky V, Peikert C, Regev O. A toolkit for ring-LWE cryptography. In: Proceedings of the 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2013, 35–54

    Google Scholar 

  38. Nisan N, Zuckerman D. Randomness is linear in space. Journal of Computer and System Sciences, 1996, 52(1): 43–52

    Article  MathSciNet  MATH  Google Scholar 

  39. Canetti R, Friege U, Goldreich O, Naor M. Adaptively secure multiparty computation. In: Proceedings of the 28th Annual ACM Symposium on Theory of Computing. 1996, 639–648

    Google Scholar 

  40. Fluhrer R. Cryptanalysis of ring-LWE based key exchange with key share reuse. IACR Cryptology ePrint Archive, 2016, 2016: 85

    Google Scholar 

  41. Ding J, Alsayigh S, Saraswathy V, Fluhrer S. Leakage of signal function with reused keys in RLWE key exchange. IACR Cryptology ePrint Archive, 2016, 2016: 1176

    Google Scholar 

  42. Alkim E, Ducas L, Pöppelmann T, Schwabe P. Post-quantum key exchange-a new hope. IACR Cryptology ePrint Archive, 2015, 2015: 1092

    Google Scholar 

  43. Ding J, Alsayigh S, Lancrenon J, Saraswathy, V, Snook M. Provably secure password authenticated key exchange based on RLWE for the post-quantum world. In: Proceedings of the Cryptographers’ Track at the RSA Conference. 2017, 183–204

    Google Scholar 

  44. Pritzker P, Gallagher D. SHA-3 standard: permutation-based hash and extendable-output functions. Information Tech Laboratory National Institute of Standards and Technology, 2014, 1–35

    Google Scholar 

  45. Brakerski Z, Langlois A, Peikert C, Regev O. Stehlé D. Classical hardness of learning with errors. In: Proceedings of the 45th Annual ACM Symposium on Theory of Computing. 2013, 575–584

    Google Scholar 

  46. Bos J, Costello C, Ducas L, Mironov I, Naehrig M, Nikolaenko V, Raghunathan A, Stebila D. Frodo: take off the ring! practical, quantum-secure key exchange from LWE. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016, 1006–1018

    Google Scholar 

  47. Garay A, Wichs D, Zhou H S. Somewhat non-committing encryption and efficient adaptively secure oblivious transfer. In: Proceedings of the 29th Annual International Cryptology Conference. 2009, 505–523

    Google Scholar 

  48. Farshim P, Orlandi C, Rosie R. Security of symmetric primitives under incorrect usage of keys. IACR Transactions on Symmetric Cryptology, 2017, 2017(1): 449–473

    Google Scholar 

  49. Abdalla M, Bellare M, Neven G. Robust encryption. In: Proceedings of the 7th Theory of Cryptography Conference. 2010, 480–497

    Chapter  Google Scholar 

  50. Farshim P, Libert B, Paterson G, Quaglia E A. Robust encryption, revisited. In: Proceedings of the 16th International Conference on Practice and Theory in Public-Key Cryptography. 2013, 352–368

    Google Scholar 

  51. Lindner R, Peikert C. Better key sizes (and attacks) for LWE-based encryption. In: Proceedings of the Cryptographers’ Track at the RSA Conference. 2011, 319–339

    Google Scholar 

  52. Laarhoven T, Mosca M. Van De Pol J. Finding shortest lattice vectors faster using quantum search. Designs, Codes and Cryptography, 2015, 77(2–3): 375–400

    Article  MathSciNet  MATH  Google Scholar 

  53. Peikert C. An efficient and parallel Gaussian sampler for lattices. In: Proceddings of the 30th Annual Cryptology Conference. 2010, 80–97

    Google Scholar 

  54. Albrecht R, Player R, Scott S. On the concrete hardness of learning with errors. Journal of Mathematical Cryptology, 2015, 9(3): 169–203

    Article  MathSciNet  MATH  Google Scholar 

  55. Damgård I, Nielsen J B. Adaptive versus static security in the UC model. In: Proceedings of the 8th International Conference on Provable Security. 2014, 10–28

    Google Scholar 

Download references

Acknowledgements

This work is supported by the National Key R&D Program of China (2017YFB0802000), the National Natural Science Foundations of China (Grant Nos. 61472309, No.61672412), the National Cryptography Development Fund (MMJJ20170104), and the China Scholarship Council (201406960041).

Author information

Authors and Affiliations

  1. State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an, 710071, China

    Momeng Liu & Yupu Hu

Authors
  1. Momeng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yupu Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Momeng Liu.

Additional information

Momeng Liu is a PhD student who is supervised by Professor Yupu Hu at Xidian University, China. She earned her MS degree in cryptography from Xidian University, China in 2013 and her BS in telecommunications from Xi’an University, China in 2010. Her research interests mainly focus on analysing and designing schemes built upon lattice-based cryptography.

Yupu Hu is a professor and doctoral supervisor in the School of Telecommunications Engineering, Xidian University, China. He earned his doctorate in cryptography from Xidian University, China in 1999, and earned his MS and BS in mathematics from Xidian University, China in 1999 and 1987, respectively. His research interests focus on analysing and constructing schemes built upon lattice-based cryptography, multi-linear map and fully homomorphic encryption schemes.

Electronic supplementary material

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Liu, M., Hu, Y. Universally composable oblivious transfer from ideal lattice. Front. Comput. Sci. 13, 879–906 (2019). https://doi.org/10.1007/s11704-018-6507-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11704-018-6507-4

Keywords

Search

Navigation