Abstract
Because of the concise functionality of oblivious transfer (OT) protocols, they have been widely used as building blocks in secure multiparty computation and high-level protocols. The security of OT protocols built upon classical number theoretic problems, such as the discrete logarithm and factoring, however, is threatened as a result of the huge progress in quantum computing. Therefore, post-quantum cryptography is needed for protocols based on classical problems, and several proposals for post-quantum OT protocols exist. However, most post-quantum cryptosystems present their security proof only in the context of classical adversaries, not in the quantum setting. In this paper, we close this gap and prove the security of the lattice-based OT protocol proposed by Peikert et al. (CRYPTO, 2008), which is universally composably secure under the assumption of learning with errors hardness, in the quantum setting. We apply three general quantum security analysis frameworks. First, we apply the quantum lifting theorem proposed by Unruh (EUROCRYPT, 2010) to prove that the security of the lattice-based OT protocol can be lifted into the quantum world. Then, we apply two more security analysis frameworks specified for post-quantum cryptographic primitives, i.e., simple hybrid arguments (CRYPTO, 2011) and game-preserving reduction (PQCrypto, 2014).
Similar content being viewed by others
References
Bernstein, D.J., Buchamann, J., Dahmen, E., 2009. Post-Quantum Cryptography. Springer, Berlin. https://doi.org/10.1007/978-3-540-88702-7
Canetti, R., 2001. Universally composable security: a new paradigm for cryptographic protocols. Proc. 42nd IEEE Symp. on Foundations of Computer Science, p.136–145. https://doi.org/10.1109/SFCS.2001.959888
Damgård, I., Funder, J., Nielsen, J.B., et al., 2014. Superposition attacks on cryptographic protocols. LNCS, 8317:142–161. https://doi.org/10.1007/978-3-319-04268-8_9
Even, S., Goldreich, O., Lempel, A., 1985. A randomized protocol for signing contracts. Commun. ACM, 28(6):637–647. https://doi.org/10.1145/3812.3818
Fehr, S., Katz, J., Song, F., et al., 2013. Feasibility and completeness of cryptographic tasks in the quantum world. LNCS, 7785:281–296. https://doi.org/10.1007/978-3-642-36594-2_16
Gentry, C., Peikert, C., Vaikuntanathan, V., 2008. Trapdoors for hard lattices and new cryptographic constructions. Proc. 40th Annual ACM Symp. on Theory of Computing, p.197–206. https://doi.org/10.1145/1374376.1374407
Gilboa, N., 1999. Two party RSA key generation. LNCS, 1666:116–129. https://doi.org/10.1007/3-540-48405-1_8
Hallgren, S., Smith, A., Song, F., 2011. Classical cryptographic protocols in a quantum world. LNCS, 6841:411–428. https://doi.org/10.1007/978-3-642-22792-9_23
Hallgren, S., Smith, A., Song, F., 2015. Classical cryptographic protocols in a quantum world. Cryptology ePrint Archive, 2015/687. http://eprint.iacr.org/2015/687
Ishai, Y., Kilian, J., Nissim, K., et al., 2003. Extending oblivious transfers efficiently. LNCS, 2729:145–161. https://doi.org/10.1007/978-3-540-45146-4_9
Lai, R.W.F., Cheung, H.K.F., Chow, S.S.M., 2014. Trapdoors for ideal lattices with applications. LNCS, 8957:239–256. https://doi.org/10.1007/978-3-319-16745-9_14
Lyubashevsky, V., Peikert, C., Regev, O., 2013. On ideal lattices and learning with errors over rings. J. ACM, 60(6):43. https://doi.org/10.1145/2535925
Micciancio, D., Regev, O., 2009. Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (Eds.), Post-Quantum Cryptography. Springer, Berlin, p.147–191. https://doi.org/10.1007/978-3-540-88702-7_5
Nielsen, M.A., Chuang, I.L., 2010. Quantum Computation and Quantum Information. Cambridge University Press, Cambridge.
Peikert, C., 2009. Some recent progress in lattice-based cryptography. LNCS, 5444:72. https://doi.org/10.1007/978-3-642-00457-5_5
Peikert, C., Vaikuntanathan, V., Waters, B., 2008. A framework for efficient and composable oblivious transfer. LNCS, 5157:554-571. https://doi.org/10.1007/978-3-540-85174-5_31
Rabin, M.O., 1981. How to Exchange Secrets with Oblivious Transfer. Technical Report No. TR-81, Aiken Computation Lab, Harvard University, Cambridge, MA. http://eprint.iacr.org/2005/187
Regev, O., 2005. On lattices, learning with errors, random linear codes, and cryptography. Proc. 37th Annual ACM Symp. on Theory of Computing, p.84–93. https://doi.org/10.1145/1060590.1060603
Sendrier, N., 2011. Code-based cryptography. In: van Tilborg, H.C.A., Jajodia, S. (Eds.), Encyclopedia of Cryptography and Security. Springer, New York, p.215–216. https://doi.org/10.1007/978-1-4419-5906-5_378
Shor, P.W., 1997. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput., 26(5):1484–1509. https://doi.org/10.1137/S0097539795293172
Song, F., 2014. A note on quantum security for post-quantum cryptography. LNCS, 8772:246–265. https://doi.org/10.1007/978-3-319-11659-4_15
Unruh, D., 2010. Universally composable quantum multiparty computation. LNCS, 6110:486–505. https://doi.org/10.1007/978-3-642-13190-5_25
Unruh, D., 2012. Quantum proofs of knowledge. LNCS, 7237:135–152. https://doi.org/10.1007/978-3-642-29011-4_10
Watrous, J., 2009. Zero-knowledge against quantum attacks. SIAM J. Comput., 39(1):25–58. https://doi.org/10.1137/060670997
Zhandry, M., 2012. How to construct quantum random functions. IEEE 53rd Annual Symp. on Foundations of Computer Science, p.679–687. https://doi.org/10.1109/FOCS.2012.37
Author information
Authors and Affiliations
Corresponding author
Additional information
Project supported by the National Key R&D Program of China (No. 2017YFB0802000), the National Natural Science Foundation of China (Nos. 61672412, 61472309, and 61572390), and the China Scholarship Council (No. 201406960041)
Rights and permissions
About this article
Cite this article
Liu, Mm., Krämer, J., Hu, Yp. et al. Quantum security analysis of a lattice-based oblivious transfer protocol. Frontiers Inf Technol Electronic Eng 18, 1348–1369 (2017). https://doi.org/10.1631/FITEE.1700039
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1631/FITEE.1700039