Download presentation
Presentation is loading. Please wait.
Published byΕλένη Βαμβακάς Modified over 5 years ago
1
A Light-weight Oblivious Transfer Protocol Based on Channel Noise
Albert Guan
2
Outline Introduction Related Work Oblivious Transfer Protocol
Comparison Conclusions
3
Introduction Design fundamental tools in cryptography Applications
Oblivious transfer (OT) Applications Secure multiparty computation Private information retrieval
4
Secure Multiparty Computation
Millionaires problem Suppose A has wealth x, B has wealth y They want to know whom is richer Without revealing their actual wealth f (x, y) = 1, if x > y f (x, y) = 0, otherwise
5
Secure Multiparty Computation
Parties P1,…,Pn Parties Pi has private input xi The parties want to jointly compute a function y = f(x1,…, xn) Each parties Pi knows only y, nothing else.
6
Private Information Retrieval
Server holds x1, x2,…, xn User wants to retrieve xi Server can’t learn which xi is retrieved. User only learn xi , nothing else.
7
Definition of the problem
Oblivious-Transfer (OT) A: sender has two secrets m0 and m1 B: receiver has choice c Goal: B learns only mc, A doesn’t know c
8
Security Models Computationally secure Statistically secure
Attacker does not have enough computing resources to break the system. If quantum computers are available, most of the commonly used public key cryptosystems (e. g. RSA) can be broken. Statistically secure The probability for the attacker to break the system is negligible even with unlimited computing resources. Our protocol is statistically secure.
9
Related Work Rabin's oblivious transfer protocol [Rabin 83]
Based on computational hard problem Factoring large integer Computationally secure Heavy computation long integer arithmetic
10
Related Work Erasure channel model [Imai et al. 06]
receiver either receives the bit or it was not received Channel delay model [Cheong et al. 11] Packets deliver with some delay Security doesn’t depend on computationally hard problems
11
Our Work Design protocols
Security does not depends on computationally hard problems Only need XOR and hash operations Suitable for sensors or any devices with low computational power
12
Our Work Based on noise in communication channel
Channel noise is a good random source Unpredictable
13
Binary Symmetric Channel
b, with prob. 1 – p BSp(b) = 1 – b, with prob. p Pr[b’ = 0 | b = 0] = Pr[b’ = 1 | b = 1] = 1 – p Pr[b’ = 1 | b = 0] = Pr[b’ = 0 | b = 1] = p
14
Oblivious Transfer (OT)
Beacon node M = A B X = Y = Z Z = { |1 ≤ i ≤ n/2} if |{i | }| < n/4 abort , , {1, 2,…, n/2} ∩ = ϕ, | | = | | = n/4 Sc = {i | }
15
Oblivious Transfer (OT)
A B f, ,
16
Security of the oblivious transfer protocol
Theorem 1 A has no information about B’s choice c. Proof This follows from the fact that the sets and give A no information on c since the bits are flipped by the channel independently. The sender A cannot control the bits received by B.
17
Security of the oblivious transfer protocol
Theorem 2 B has no information about , the other secret he does not choose. Proof since the secret correspond to the index set , which is contain some inconsistent parity bits, thus B can’t reconstruct the string
18
Comparison (oblivious transfer)
scheme Hao’s Cheong’s Crepeau’s Our Message 1 bit 1 bit 1 bit multi-bit Based on noise delay noise noise Overhead O(n²) O(n log n) O(n³) O(n) n : security parameter
19
Conclusions Design efficient and lightweight protocols for oblivious transfer. Security does not depends on computationally hard problems Suitable for sensors or any devices with low computational power
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.