90 likes | 107 Views
Explore alternative approaches for 1-out-of-2 Oblivious Transfer with improved security features and reduced communication rounds, focusing on weak string erasure, privacy amplification, and interactive hashing. Discover how Min-Entropy Splitting enhances protocol security in noisy storage models.
E N D
Simple Protocolsfor OT and Secure Identification in theNoisy-Storage Model(arxiv: 1002.1495) Amsterdam, Netherlands Workshop on Cryptography from Storage Imperfections Institute for Quantum Information, Caltech, USA Christian Schaffner 22 March 2010
Goal: 1-out-of-2 Oblivious Transfer s0 , s1 c sc 1-2 OT
Previous Approach (KWW ‘09) weakstringerasure • Privacy Amplifi-cation • Inter-active Hashing • Min-entropy sampling 1-2 OT works well only on blocksofbits standardprotocol (NOVY 98) requiresmanycommunicationrounds • results in complicated post-processingandpoorerrorparameters • so far: nosecureidentification
Alternative Approach weakstringerasure • Privacy Amplifi-cation • Min-Entropy Splitting • Inter-active Hashing • Min-entropy sampling 1-2 OT • easieranalysisandbettersecurityerror • canonicalprotocols • allowsforsecureidentification • requiresnoisierstorage, i.e. secureforsmallerclassofadversaries
Standard Protocol for 1-2 OT [Wiesner ~70, Bennett Brassard Crepeau Skubiszewska 92] S0 , S1 C 1-2 OT SC weakstringerasure • secureidentification: protocol (aspresentedby Serge) works
Rate Comparison • goal: 1-2 OT of - bitstrings • scenario: n=1010 (ca. 30 sec), securityerror < 10-8 • storagenoise: where Simple Protocol Interactive Hashing, Min-Entropy Sampling [KWW 09]
Rate Comparison • goal: 1-2 OT of - bitstrings • scenario: n=1015 (ca. 30 days), securityerror < 10-8 • storagenoise: where Simple Protocol Interactive Hashing, Min-Entropy Sampling [KWW 09]
Min-Entropy Splitting • classicalversion: (Wullschleger, Damgaard Fehr Renner Salvail S) • prooffor Shannon entropy: • (prooffor min-entropy: 3 lines) • withquantumsideinformation? • wrong in general, but weakerversion? • Min-Entropy Splitting • Privacy Amplification 1-2 OT
Summary • take-homemessagesforexperimentalists: • interactivehashingisnot strictlynecessary • original simple protocolsremainsecure in thenoisy-storage model • take-homemessagesfortheorists: • min-entropysplittingis an alternative wayofprovingsecurity in thenoisy-storage model • doesit hold withquantumsideinformation? http://arxiv.org/abs/1002.1495