1 / 19

A Light-weight Oblivious Transfer Protocol Based on Channel Noise

This research paper outlines a light-weight oblivious transfer protocol based on channel noise for efficient and secure data transfer. It introduces fundamental cryptographic tools, describes applications in secure multiparty computation and private information retrieval, and compares the protocol with existing schemes. The protocol is designed to be computationally secure and statistically secure, making it suitable for devices with low computational power. Compared to other schemes, it requires minimal overhead and provides robust security guarantees. The paper concludes by emphasizing the protocol's efficiency and security benefits for various applications.

anastaciac
Download Presentation

A Light-weight Oblivious Transfer Protocol Based on Channel Noise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Light-weight Oblivious Transfer Protocol Based on Channel Noise Albert Guan

  2. Outline • Introduction • Related Work • Oblivious Transfer Protocol • Comparison • Conclusions

  3. Introduction • Design fundamental tools in cryptography • Oblivious transfer (OT) • Applications • Secure multiparty computation • Private information retrieval

  4. Secure Multiparty Computation • Millionaires problem • Suppose A has wealth x, B has wealth y • They want to know whom is richer • Without revealing their actual wealth f (x, y) = 1, if x > y f (x, y) = 0, otherwise

  5. Secure Multiparty Computation • Parties P1,…,Pn • Parties Pi has private input xi • The parties want to jointly compute a function y = f(x1,…, xn) • Each parties Piknows only y, nothing else.

  6. Private Information Retrieval • Server holds x1, x2,…, xn • User wants to retrieve xi • Server can’t learn which xi is retrieved. • User only learn xi , nothing else.

  7. Definition of the problem • Oblivious-Transfer (OT) • A: sender has two secrets m0 and m1 • B: receiver has choice c • Goal: • B learns only mc, • A doesn’t know c

  8. Security Models • Computationally secure • Attacker does not have enough computing resources to break the system. • If quantum computers are available, most of the commonly used public key cryptosystems (e. g. RSA) can be broken. • Statistically secure • The probability for the attacker to break the system is negligible even with unlimited computing resources. • Our protocol is statistically secure.

  9. Related Work • Rabin's oblivious transfer protocol [Rabin 83] • Based on computational hard problem • Factoring large integer • Computationally secure • Heavy computation • long integer arithmetic

  10. Related Work • Erasure channel model [Imai et al. 06] • receiver either receives the bit or itwas not received • Channel delay model [Cheong et al. 11] • Packets deliver with some delay • Security doesn’t depend on computationally hard problems

  11. Our Work • Design protocols • Security does not depends on computationally hard problems • Only need XOR and hash operations • Suitable for sensors or any devices with low computational power

  12. Our Work • Based on noise in communication channel • Channel noise is a good random source • Unpredictable

  13. Binary Symmetric Channel b, with prob. 1 – p BSp(b) = 1 – b, with prob. p Pr[b’ = 0 | b = 0] = Pr[b’ = 1 | b = 1] = 1 – p Pr[b’ = 1 | b = 0] = Pr[b’ = 0 | b = 1] = p

  14. Oblivious Transfer (OT) Beacon node M = AB X = Y = Z Z = { |1 ≤ i≤ n/2} if |{i| }| < n/4 abort ,, {1, 2,…, n/2} ∩ = ϕ, || = || = n/4 Sc = {i| }

  15. Oblivious Transfer (OT) AB f, , ,

  16. Security of the oblivious transfer protocol Theorem1A has no information about B’s choice c. Proof This follows from the fact that the sets and give Ano information on c since the bits are flipped by the channelindependently.The sender A cannot control the bits received by B.

  17. Security of the oblivious transfer protocol Theorem2B has no information about , the othersecret he does not choose. Proof sincethe secret correspond to the index set , which is contain some inconsistent parity bits, thus B can’t reconstruct the string

  18. Comparison (oblivious transfer) schemeHao’s Cheong’s Crepeau’s Our Message 1 bit 1 bit 1 bit multi-bit Based on noise delay noise noise Overhead O(n²) O(n log n) O(n³) O(n) n : security parameter

  19. Conclusions • Design efficient and lightweight protocols for oblivious transfer. • Security does not depends on computationally hard problems • Suitable for sensors or any devices with low computational power

More Related