1 / 13

Rational Oblivious Transfer

Rational Oblivious Transfer. KaRTIK nAYAk , XIONG fan. What we learnt. One cannot use Game Theory as a tool! It is not easy to assign utilities to players and have an interpretation for these utilities. Outline. What is oblivious transfer? A 1 out of 2 oblivious transfer protocol

tosca
Download Presentation

Rational Oblivious Transfer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Rational Oblivious Transfer KaRTIKnAYAk, XIONG fan

  2. What we learnt • One cannot use Game Theory as a tool! • It is not easy to assign utilities to players and have an interpretation for these utilities.

  3. Outline • What is oblivious transfer? • A 1 out of 2 oblivious transfer protocol • Applications and motivation • Define rational oblivious transfer using ideal world/real world paradigm • Bayesian Game for efficient 1 out of 2 Oblivious Transfer

  4. Oblivious transfer Sell this information to a third party Info related to wearable computing (mσ1,…,mσk) Private database Organization (m0, m1 … mn-1) Indices σ1…σk

  5. Oblivious transfer • Bob does not know σ • Alice does not know x1-σ Protocol π xσ (x0, x1) σ = 0 or 1

  6. Fully honest sender/receiver • Bob receives σ, sends xσ and then forgets σ • Bob sends all its messages to Alice and Alice just picks the value she wants

  7. A 1 out of 2 Oblivious transfer protocol m0, m1 σ k Choice bit σ, random k Input messages RSA key pair d N, e N, e r0, r1 r0, r1 Random strings v = (rσ + ke) mod N v k0 = (v – r0)d mod N k1 = (v – r1)d mod N m'0 = m0 + k0 m'0 m'1 = m1 + k1 m'1 mσ = m'σ - k Involves exponentiations! Sender (Bob) Receiver (Alice)

  8. History of oblivious transfer • How to exchange secrets – Rabin [81] • A randomized protocol for signing contracts – Even et. al. [85] • Simulatable Adaptive Oblivious Transfer – Camenisch et. al. [08] • Efficient Fully-Simulatable Oblivious Transfer – Lindell et. al. [08]

  9. Generalizations • 1 out of n OT: The sender can have n messages instead of 2 messages (Brassard et. al. [87]) • k out of n OT: The receiver can select k out of n messages (Ishai et. al. [03])

  10. Applications in secure computation • What is Secure Computation? • A set of parties with private inputs wish to compute some joint function of their inputs. • Parties wish to preserve some security properties. e.g., privacy and correctness. • Yao’s Garbled circuit - Yao [86] • Receiver uses 1 out of 2 OT to obliviously obtain keys corresponding to his inputs • GMW protocol – Goldreich et.al. [87] • To evaluate AND gate outputs (intermediate outputs of circuits)

  11. Rational cryptography • Cryptographic definitions allowed arbitrary deviations for adversaries • Rational Cryptography considers incentives while defining adversaries’ actions • The protocols under this model tend to be more efficient • Helps to circumvent some lower bounds (Rational Fairness - Groce et. al.)

  12. Bayesian games • Information about characteristics of the other players is incomplete • Players cannot compute their own payoffs and play based on “belief” about other players • G = <N, <Ai, ui, Ti, pi>iϵ N > • N: set of players • Ti: type of the player i • Ai: available actions for player i • ui: payoff function of player i (depends on Ai and Ti) • pi: view of the distribution over types of the other players • Each player plays action Ai conditioned on his belief about the type of other players

  13. Thank You!

More Related