Oblivious-Transfer Amplification

JE Wullschleger

doi:10.1007/978-3-540-72540-4_32

Oblivious-Transfer Amplification

JE Wullschleger

School of Mathematics

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

44 Citations (Scopus)

Abstract

Oblivious transfer (OT) is a primitive of paramount importance in cryptography or, more precisely, two- and multi-party computation due to its universality. Unfortunately, OT cannot be achieved in an unconditionally secure way for both parties from scratch. Therefore, it is a natural question what information-theoretic primitives or computational assumptions OT can be based on. The results in our paper are threefold. First, we give an optimal proof for the standard protocol to realize unconditionally secure OT from a weak variant of OT called universal OT, for which a malicious receiver can virtually obtain any possible information he wants, as long as he does not get all the information. This result is based on a novel distributed leftover hash lemma which is of independent interest. Second, we give conditions for when OT can be obtained from a faulty variant of OT called weak OT, for which it can occur that any of the parties obtains too much information, or the result is incorrect. These bounds and protocols, which correct on previous results by DamgÃ¥rd et. al., are of central interest since in most known realizations of OT from weak primitives, such as noisy channels, a weak OT is constructed first. Finally, we carry over our results to the computational setting and show how a weak OT that is sometimes incorrect and is only mildly secure against computationally bounded adversaries can be strengthened.

Translated title of the contribution	Oblivious-Transfer Amplification
Original language	English
Title of host publication	Advances in Cryptology - EUROCRYPT 2007
Subtitle of host publication	26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007. Proceedings
Publisher	Springer Berlin Heidelberg
Pages	555-572
Number of pages	18
ISBN (Electronic)	9783540725404
ISBN (Print)	9783540725398
DOIs	https://doi.org/10.1007/978-3-540-72540-4_32
Publication status	Published - 23 Jun 2007

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer Berlin Heidelberg
Volume	4515

Bibliographical note

Editors: Moni Naor
ISBN: 9783540725398
Publisher: Springer
Name and Venue of Conference: Advances in Cryptology - EUROCRYPT 2007: 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007
Conference Organiser: Moni Naor

Access to Document

10.1007/978-3-540-72540-4_32

Cite this

Wullschleger, JE. (2007). Oblivious-Transfer Amplification. In Advances in Cryptology - EUROCRYPT 2007: 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007. Proceedings (pp. 555-572). (Lecture Notes in Computer Science; Vol. 4515). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-540-72540-4_32

@inproceedings{640d2b77d3604d63970462805ab78014,

title = "Oblivious-Transfer Amplification",

abstract = "Oblivious transfer (OT) is a primitive of paramount importance in cryptography or, more precisely, two- and multi-party computation due to its universality. Unfortunately, OT cannot be achieved in an unconditionally secure way for both parties from scratch. Therefore, it is a natural question what information-theoretic primitives or computational assumptions OT can be based on. The results in our paper are threefold. First, we give an optimal proof for the standard protocol to realize unconditionally secure OT from a weak variant of OT called universal OT, for which a malicious receiver can virtually obtain any possible information he wants, as long as he does not get all the information. This result is based on a novel distributed leftover hash lemma which is of independent interest. Second, we give conditions for when OT can be obtained from a faulty variant of OT called weak OT, for which it can occur that any of the parties obtains too much information, or the result is incorrect. These bounds and protocols, which correct on previous results by Damg{\~A}¥rd et. al., are of central interest since in most known realizations of OT from weak primitives, such as noisy channels, a weak OT is constructed first. Finally, we carry over our results to the computational setting and show how a weak OT that is sometimes incorrect and is only mildly secure against computationally bounded adversaries can be strengthened.",

author = "JE Wullschleger",

note = "Editors: Moni Naor ISBN: 9783540725398 Publisher: Springer Name and Venue of Conference: Advances in Cryptology - EUROCRYPT 2007: 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007 Conference Organiser: Moni Naor",

year = "2007",

month = jun,

day = "23",

doi = "10.1007/978-3-540-72540-4_32",

language = "English",

isbn = "9783540725398",

series = "Lecture Notes in Computer Science",

publisher = "Springer Berlin Heidelberg",

pages = "555--572",

booktitle = "Advances in Cryptology - EUROCRYPT 2007",

address = "Germany",

}

Wullschleger, JE 2007, Oblivious-Transfer Amplification. in Advances in Cryptology - EUROCRYPT 2007: 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007. Proceedings. Lecture Notes in Computer Science, vol. 4515, Springer Berlin Heidelberg, pp. 555-572. https://doi.org/10.1007/978-3-540-72540-4_32

Oblivious-Transfer Amplification. / Wullschleger, JE.

Advances in Cryptology - EUROCRYPT 2007: 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007. Proceedings. Springer Berlin Heidelberg, 2007. p. 555-572 (Lecture Notes in Computer Science; Vol. 4515).

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

TY - GEN

T1 - Oblivious-Transfer Amplification

AU - Wullschleger, JE

N1 - Editors: Moni Naor ISBN: 9783540725398 Publisher: Springer Name and Venue of Conference: Advances in Cryptology - EUROCRYPT 2007: 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007 Conference Organiser: Moni Naor

PY - 2007/6/23

Y1 - 2007/6/23

N2 - Oblivious transfer (OT) is a primitive of paramount importance in cryptography or, more precisely, two- and multi-party computation due to its universality. Unfortunately, OT cannot be achieved in an unconditionally secure way for both parties from scratch. Therefore, it is a natural question what information-theoretic primitives or computational assumptions OT can be based on. The results in our paper are threefold. First, we give an optimal proof for the standard protocol to realize unconditionally secure OT from a weak variant of OT called universal OT, for which a malicious receiver can virtually obtain any possible information he wants, as long as he does not get all the information. This result is based on a novel distributed leftover hash lemma which is of independent interest. Second, we give conditions for when OT can be obtained from a faulty variant of OT called weak OT, for which it can occur that any of the parties obtains too much information, or the result is incorrect. These bounds and protocols, which correct on previous results by DamgÃ¥rd et. al., are of central interest since in most known realizations of OT from weak primitives, such as noisy channels, a weak OT is constructed first. Finally, we carry over our results to the computational setting and show how a weak OT that is sometimes incorrect and is only mildly secure against computationally bounded adversaries can be strengthened.

AB - Oblivious transfer (OT) is a primitive of paramount importance in cryptography or, more precisely, two- and multi-party computation due to its universality. Unfortunately, OT cannot be achieved in an unconditionally secure way for both parties from scratch. Therefore, it is a natural question what information-theoretic primitives or computational assumptions OT can be based on. The results in our paper are threefold. First, we give an optimal proof for the standard protocol to realize unconditionally secure OT from a weak variant of OT called universal OT, for which a malicious receiver can virtually obtain any possible information he wants, as long as he does not get all the information. This result is based on a novel distributed leftover hash lemma which is of independent interest. Second, we give conditions for when OT can be obtained from a faulty variant of OT called weak OT, for which it can occur that any of the parties obtains too much information, or the result is incorrect. These bounds and protocols, which correct on previous results by DamgÃ¥rd et. al., are of central interest since in most known realizations of OT from weak primitives, such as noisy channels, a weak OT is constructed first. Finally, we carry over our results to the computational setting and show how a weak OT that is sometimes incorrect and is only mildly secure against computationally bounded adversaries can be strengthened.

U2 - 10.1007/978-3-540-72540-4_32

DO - 10.1007/978-3-540-72540-4_32

M3 - Conference Contribution (Conference Proceeding)

SN - 9783540725398

T3 - Lecture Notes in Computer Science

SP - 555

EP - 572

BT - Advances in Cryptology - EUROCRYPT 2007

PB - Springer Berlin Heidelberg

ER -

Oblivious-Transfer Amplification

Abstract

Publication series

Bibliographical note

Access to Document

Fingerprint

Cite this