Results 1 
7 of
7
Unconditional security from noisy quantum storage
, 2009
"... We consider the implementation of twoparty cryptographic primitives based on the sole assumption that no largescale reliable quantum storage is available to the cheating party. We construct novel protocols for oblivious transfer and bit commitment, and prove that realistic noise levels provide sec ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
(Show Context)
We consider the implementation of twoparty cryptographic primitives based on the sole assumption that no largescale reliable quantum storage is available to the cheating party. We construct novel protocols for oblivious transfer and bit commitment, and prove that realistic noise levels provide security even against the most general attack. Such unconditional results were previously only known in the socalled boundedstorage model which is a special case of our setting. Our protocols can be implemented with presentday hardware used for quantum key distribution. In particular, no quantum storage is required for the honest parties.
On the efficiency of classical and quantum oblivious transfer reductions
 In Advances in Cryptology — CRYPTO ’10, Lecture Notes in Computer Science
, 2010
"... Abstract. Due to its universality oblivious transfer (OT) is a primitive of great importance in secure multiparty computation. OT is impossible to implement from scratch in an unconditionally secure way, but there are many reductions of OT to other variants of OT, as well as other primitives such a ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Due to its universality oblivious transfer (OT) is a primitive of great importance in secure multiparty computation. OT is impossible to implement from scratch in an unconditionally secure way, but there are many reductions of OT to other variants of OT, as well as other primitives such as noisy channels. It is important to know how efficient such unconditionally secure reductions can be in principle, i.e., how many instances of a given primitive are at least needed to implement OT. For perfect (errorfree) implementations good lower bounds are known, e.g. the bounds by Beaver (STOC ’96) or by Dodis and Micali (EUROCRYPT ’99). However, in practice one is usually willing to tolerate a small probability of error and it is known that these statistical reductions can in general be much more efficient. Thus, the known bounds have only limited application. In the first part of this work we provide bounds on the efficiency of secure (onesided) twoparty computation of arbitrary finite functions from distributed randomness in the statistical case. From these results we derive bounds on the efficiency of protocols that use (different variants of) OT as a blackbox. When applied to implementations of OT, our bounds generalize known results to the statistical case. Our results hold in particular for transformations between a finite number of primitives and for any error. Furthermore, we provide bounds on the efficiency of protocols implementing Rabin OT.
Simple protocols for oblivious transfer and secure identification in the noisyquantumstorage model
 Phys. Rev. A
"... ar ..."
(Show Context)
Achieving Oblivious Transfer Capacity of Generalized Erasure Channels in the Malicious Model
, 2009
"... Informationtheoretically secure string oblivious transfer (OT) can be constructed based on discrete memoryless channel (DMC). The oblivious transfer capacity of a channel characterizes – similarly to the (standard) information capacity – how efficiently it can be exploited for secure oblivious tran ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Informationtheoretically secure string oblivious transfer (OT) can be constructed based on discrete memoryless channel (DMC). The oblivious transfer capacity of a channel characterizes – similarly to the (standard) information capacity – how efficiently it can be exploited for secure oblivious transfer of strings. The OT capacity of a Generalized Erasure Channel (GEC) – which is a combination of a (general) DMC with the erasure channel – has been established by Ahlswede and Csizar at ISIT’07 in the case of passive adversaries. In this paper, we present the protocol that achieves this capacity against malicious adversaries for GEC with erasure probability at least 1/2. Our construction is based on the protocol of Crépeau and Savvides from Eurocrypt’06 which uses interactive hashing (IH). We solve an open question posed by the above paper, by basing it upon a constant round IH scheme (previously proposed by Ding et al at TCC’04). As a side result, we show that Ding et al IH protocol can deal with transmission errors.
1 SIMPL Systems as a Keyless Cryptographic and Security Primitive
"... Abstract—We discuss a recent cryptographic primitive termed ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Abstract—We discuss a recent cryptographic primitive termed
Computational Oblivious Transfer and Interactive Hashing
, 2009
"... We use interactive hashing to achieve the most efficient OT protocol to date based solely on the assumption that trapdoor permutations (TDP) exist. Our protocol can be seen as the following (simple) modification of either of the two famous OT constructions: 1) In the one by Even et al (1985), a rece ..."
Abstract
 Add to MetaCart
(Show Context)
We use interactive hashing to achieve the most efficient OT protocol to date based solely on the assumption that trapdoor permutations (TDP) exist. Our protocol can be seen as the following (simple) modification of either of the two famous OT constructions: 1) In the one by Even et al (1985), a receiver must send a random domain element to a sender through IH; 2) In the one by Ostrovsky et al (1993), the players should use TDP instead of oneway permutation. A similar approach is employed to achieve oblivious transfer based on the security of the McEliece cryptosystem. In this second protocol, the receiver inputs a public key into IH, while privately keeping the corresponding secret key. Two different versions of IH are used: the computationally secure one in the first protocol, and the informationtheoretically secure one in the second.
Interactive Hashing: An Information Theoretic Tool (Invited Talk)
"... Abstract. Interactive Hashing has featured as an essential ingredient in protocols realizing a large variety of cryptographic tasks, notably Oblivious Transfer in the bounded memory model. In Interactive Hashing, a sender transfers a bit string to a receiver such that two strings are received, the ..."
Abstract
 Add to MetaCart
Abstract. Interactive Hashing has featured as an essential ingredient in protocols realizing a large variety of cryptographic tasks, notably Oblivious Transfer in the bounded memory model. In Interactive Hashing, a sender transfers a bit string to a receiver such that two strings are received, the original string and a second string that appears to be chosen at random among those distinct from the first. This paper starts by formalizing the notion of Interactive Hashing as a cryptographic primitive, disentangling it from the specifics of its various implementations. To this end, we present an applicationindependent set of information theoretic conditions that all Interactive Hashing protocols must ideally satisfy. We then provide a standard implementation of Interactive Hashing and use it to reduce a very standard version of Oblivious Transfer to another one which appears much weaker. 1