Universally composable oblivious transfer from ideal lattice
| Autor: | Momeng Liu, Yupu Hu |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
Provable security
Cryptographic primitive Theoretical computer science General Computer Science Oblivious transfer business.industry Computer science Lattice problem 020207 software engineering Cryptography 02 engineering and technology Theoretical Computer Science Random oracle Discrete logarithm 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing business Learning with errors |
| Zdroj: | Frontiers of Computer Science. 13:879-906 |
| ISSN: | 2095-2236 2095-2228 |
| DOI: | 10.1007/s11704-018-6507-4 |
| Popis: | As a fundamental cryptographic primitive, oblivious transfer (OT) is developed for the sake of efficient usability and combinational feasibility. However, most OT protocols are built upon some quantum non-immune cryptosystems by assuming the hardness of discrete logarithm or factoring problem, whose security will break down directly in the quantum setting. Therefore, as a subarea of post-quantum cryptography, lattice-based cryptography is viewed as a promising alternative and cornerstone to support for building post-quantum protocols since it enjoys some attractive properties, such as provable security against quantum adversaries and lower asymptotic complexity. In this paper, we first build an efficient 1-out-of-2 OT protocol upon the hardness of ring learning with errors (RLWE) problem, which is at least as hard as some worst-case ideal lattice problems. We show that this 1-out-of-2 OT protocol can be universally composable and secure against static corruptions in the random oracle model. Then we extend it to a general case, i.e., 1-out-of-N OT with achieving the same level of security. Furthermore, on the basis of the above OT structure, we obtain two improved OT protocols using two improved lattice-based key exchange protocols (respectively relying on the RLWE problem and learning with errors (LWE) problem, and both achieving better efficiency by removing the Gaussian sampling for saving cost) as building blocks. To show that our proposed OT protocol indeed achieves comparable security and efficiency, we make a comparison with another two lattice-based OT protocols in the end of the paper. With concerning on the potential threat from quantum computing and expecting on the practical use of OT with high efficiency, an efficient post-quantum OT protocol is pressing needed. As shown in this paper, our proposed OT protocols may be considered as post-quantum OT candidates since they can both preserve provable security relying on lattice problems and enjoy practical efficiency. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full text from SpringerLink