Results 1  10
of
27
Efficient unconditional oblivious transfer from almost any noisy channel
 Proceedings of Fourth Conference on Security in Communication Networks (SCN) ’04, LNCS
, 2004
"... Abstract. Oblivious transfer (OT) is a cryptographic primitive of central importance, in particular in two and multiparty computation. There exist various protocols for different variants of OT, but any such realization from scratch can be broken in principle by at least one of the two involved pa ..."
Abstract

Cited by 35 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Oblivious transfer (OT) is a cryptographic primitive of central importance, in particular in two and multiparty computation. There exist various protocols for different variants of OT, but any such realization from scratch can be broken in principle by at least one of the two involved parties if she has sufficient computing power—and the same even holds when the parties are connected by a quantum channel. We show that, on the other hand, if noise—which is inherently present in any physical communication channel—is taken into account, then OT can be realized in an unconditionally secure way for both parties, i.e., even against dishonest players with unlimited computing power. We give the exact condition under which a general noisy channel allows for realizing OT and show that only “trivial ” channels, for which OT is obviously impossible to achieve, have to be excluded. Moreover, our realization of OT is efficient: For a security parameter α> 0—an upper bound on the probability that the protocol fails in any way—the required number of uses of the noisy channel is of order O(log(1/α) 2+ε) for any ε> 0. 1
Oblivious Transfer is Symmetric
 In EUROCRYPT 2006, Springer (LNCS 4004
, 2006
"... Abstract. We show that oblivious transfer of bits from A to B can be obtained from a single instance of the same primitive from B to A. Our reduction is perfect and shows that oblivious transfer is in fact a symmetric functionality. This solves an open problem posed by Crépeau and Sántha in 1991. 1 ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We show that oblivious transfer of bits from A to B can be obtained from a single instance of the same primitive from B to A. Our reduction is perfect and shows that oblivious transfer is in fact a symmetric functionality. This solves an open problem posed by Crépeau and Sántha in 1991. 1
I.: On Oblivious Transfer Capacity
 Proc. ISIT 2007
, 2007
"... Abstract. Upper and lower bounds to the oblivious transfer (OT) capacity of discrete memoryless channels and multiple sources are obtained, for 1 of 2 strings OT with honest but curious participants. The upper bounds hold also for onestring OT. The results provide the exact value of OT capacity for ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Upper and lower bounds to the oblivious transfer (OT) capacity of discrete memoryless channels and multiple sources are obtained, for 1 of 2 strings OT with honest but curious participants. The upper bounds hold also for onestring OT. The results provide the exact value of OT capacity for a specified class of models, and the necessary and sufficient condition of its positivity, in general. This paper is based on the ISIT07 contribution [2]. The authors did intend to write up a full version and devoted substantial amount of work to that project, but abandoned it as other obligations delayed completion and the elapsed time caused loss of novelty. Still, the second author considers it proper to publish this paper in this volume, paying tribute to the memory of Rudolph Ahlswede. The results in [2] are completed by some previously unpublished ones which originated from the authors ’ discussions during their work towards a full version of [2]. 1
On the efficiency of classical and quantum oblivious transfer reductions
 In Advances in Cryptology — CRYPTO ’10, Lecture Notes in Computer Science
, 2010
"... Abstract. Due to its universality oblivious transfer (OT) is a primitive of great importance in secure multiparty computation. OT is impossible to implement from scratch in an unconditionally secure way, but there are many reductions of OT to other variants of OT, as well as other primitives such a ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Due to its universality oblivious transfer (OT) is a primitive of great importance in secure multiparty computation. OT is impossible to implement from scratch in an unconditionally secure way, but there are many reductions of OT to other variants of OT, as well as other primitives such as noisy channels. It is important to know how efficient such unconditionally secure reductions can be in principle, i.e., how many instances of a given primitive are at least needed to implement OT. For perfect (errorfree) implementations good lower bounds are known, e.g. the bounds by Beaver (STOC ’96) or by Dodis and Micali (EUROCRYPT ’99). However, in practice one is usually willing to tolerate a small probability of error and it is known that these statistical reductions can in general be much more efficient. Thus, the known bounds have only limited application. In the first part of this work we provide bounds on the efficiency of secure (onesided) twoparty computation of arbitrary finite functions from distributed randomness in the statistical case. From these results we derive bounds on the efficiency of protocols that use (different variants of) OT as a blackbox. When applied to implementations of OT, our bounds generalize known results to the statistical case. Our results hold in particular for transformations between a finite number of primitives and for any error. Furthermore, we provide bounds on the efficiency of protocols implementing Rabin OT.
Assisted common information with an application to secure twoparty sampling
 IEEE Transactions on Information Theory
"... Abstract—Secure multiparty computation is a central problem in modern cryptography. An important subclass of this are problems of the following form: Alice and Bob desire to produce sample(s) of a pair of jointly distributed random variables. Each party must learn nothing more about the other part ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
Abstract—Secure multiparty computation is a central problem in modern cryptography. An important subclass of this are problems of the following form: Alice and Bob desire to produce sample(s) of a pair of jointly distributed random variables. Each party must learn nothing more about the other party’s output than what its own output reveals. To aid in this, they have available a set up — correlated random variables whose distribution is different from the desired distribution — as well as unlimited noiseless communication. In this paper we present an upperbound on how efficiently a given set up can be used to produce samples from a desired distribution. The key tool we develop is a generalization of the concept of common information of two dependent random variables [GácsKörner, 1973]. Our generalization — a threedimensional region — remedies some of the limitations of the original definition which captured only a limited form of dependence. It also includes as a special case Wyner’s common information [Wyner, 1975]. To derive the cryptographic bounds, we rely on a monotonicity property of this region: the region of the “views” of Alice and Bob engaged in any protocol can only monotonically expand and not shrink. Thus, by comparing the regions for the target random variables and the given random variables, we obtain our upperbound. I.
Assisted common information: Further results
 in Proc. International Symposium on Information Theory (ISIT
, 2011
"... Abstract—We presented assisted common information as a generalization of GácsKörner (GK) common information at ISIT 2010. The motivation for our formulation was to improve upperbounds on the efficiency of protocols for secure twoparty sampling (which is a form of secure multiparty computation). ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
Abstract—We presented assisted common information as a generalization of GácsKörner (GK) common information at ISIT 2010. The motivation for our formulation was to improve upperbounds on the efficiency of protocols for secure twoparty sampling (which is a form of secure multiparty computation). Our upperbound was based on a monotonicity property of a rateregion (called the assisted residual information region) associated with the assisted common information formulation. In this note we present further results. We explore the connection of assisted common information with the GrayWyner system. We show that the assisted residual information region and the GrayWyner region are connected by a simple relationship: the assisted residual information region is the increasing hull of the GrayWyner region under an affine map. Several known relationships between GK common information and GrayWyner system fall out as consequences of this. Quantities which arise in other source coding contexts acquire new interpretations. In previous work we showed that assisted common information can be used to derive upperbounds on the rate at which a pair of parties can securely sample correlated random variables, given correlated random variables from another distribution. Here we present an example where the bound derived using assisted common information is much better than previously known bounds, and in fact is tight. This example considers correlated random variables defined in terms of standard variants of oblivious transfer, and is interesting on its own as it answers a natural question about these cryptographic primitives. I.
Efficient Oblivious Transfer Protocols Achieving a NonZero Rate from Any NonTrivial Noisy Correlation
"... Oblivious transfer (OT) is a twoparty primitive which is one of the cornerstones of modern cryptography. We focus on providing informationtheoretic security for both parties, hence building OT assuming noisy resources (channels or correlations) available to them. This primitive is about transmitti ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Oblivious transfer (OT) is a twoparty primitive which is one of the cornerstones of modern cryptography. We focus on providing informationtheoretic security for both parties, hence building OT assuming noisy resources (channels or correlations) available to them. This primitive is about transmitting two strings such that the receiver can obtain one (and only one) of them, while the sender remains ignorant of this choice. Recently, Winter and Nascimento proved that oblivious transfer capacity is positive for any nontrivial discrete memoryless channel or correlation in the case of passive cheaters. Their construction was inefficient. The OT capacity characterizes the maximal efficiency of constructing OT using a particular noisy primitive. Building on their result, we extend it in two ways: 1) we construct efficient passivelysecure protocols achieving the same rates; 2) we show that an important class of noisy correlations actually allows to build OT with nonzero rate secure against active cheating (before, positive rates were only achieved for the erasure channel). Keywords: Informationtheoretical security, oblivious transfer, noisy resources 1
Converses For Secret Key Agreement and Secure Computing
, 2015
"... We consider information theoretic secret key agreement and secure function computation by multiple parties observing correlated data, with access to an interactive public communication channel. Our main result is an upper bound on the secret key length, which is derived using a reduction of binary ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
We consider information theoretic secret key agreement and secure function computation by multiple parties observing correlated data, with access to an interactive public communication channel. Our main result is an upper bound on the secret key length, which is derived using a reduction of binary hypothesis testing to multiparty secret key agreement. Building on this basic result, we derive new converses for multiparty secret key agreement. Furthermore, we derive converse results for the oblivious transfer problem and the bit commitment problem by relating them to secret key agreement. Finally, we derive a necessary condition for the feasibility of secure computation by trusted parties that seek to compute a function of their collective data, using an interactive public communication that by itself does not give away the value of the function. In many cases, we strengthen and improve upon previously known converse bounds. Our results are singleshot and use only the given joint distribution of the correlated observations. For the case when the correlated observations consist of independent and identically distributed (in time) sequences, we derive strong versions of previously known converses.
Secure bit commitment from relativistic constraints
 IEEE Trans. Inf. Theo
, 2013
"... ar ..."
(Show Context)