Oblivious transfer protocols for securing electronic commerce

Zhang, Jun Qi, University of Western Sydney, College of Science, Technology and Environment, School of Computing and Information Technology

January 2002

Security is a major issue for electronic commerce. Crytography is the foundation of security and oblivious transfer (OT) protocols are one primitive of modern cryptography. The main goal of this dissertation is to develop new and more efficient OT protocols and explore their applications in electronic commerce. A new m out of n OT scheme is proposed, its implementation, security and efficiency are discussed, and it is compared with a previous OT scheme. The analysis shows that the previous OT protocol can be regarded as a special case of the new proposed OT scheme. The new OT scheme's applicability in blind signatures is explored. A new non-interactive m out of n OT scheme is proposed that includes a newly developed public keys generation algorithm based on the discrete log problem and an OT protocol based on the Diffie-Hellman problem. The security of this scheme is discussed. A new buying digital goods scheme is proposed using the new m out of n priced OT which is based on the priced OT protocol developed by Bill Aiello, Yuval Isahai, and Omer Reingold. Tools used in this scheme are discussed and its security is analyzed. A concrete homomorphic protocol is given / Master of Science (Hons)

oblivious transfer protocols

cryptography

computer security

electronic commerce

Exploring Trusted Platform Module Capabilities: A Theoretical and Experimental Study

Gunupudi, Vandana

05 1900

Trusted platform modules (TPMs) are hardware modules that are bound to a computer's motherboard, that are being included in many desktops and laptops. Augmenting computers with these hardware modules adds powerful functionality in distributed settings, allowing us to reason about the security of these systems in new ways. In this dissertation, I study the functionality of TPMs from a theoretical as well as an experimental perspective. On the theoretical front, I leverage various features of TPMs to construct applications like random oracles that are impossible to implement in a standard model of computation. Apart from random oracles, I construct a new cryptographic primitive which is basically a non-interactive form of the standard cryptographic primitive of oblivious transfer. I apply this new primitive to secure mobile agent computations, where interaction between various entities is typically required to ensure security. I prove these constructions are secure using standard cryptographic techniques and assumptions. To test the practicability of these constructions and their applications, I performed an experimental study, both on an actual TPM and a software TPM simulator which has been enhanced to make it reflect timings from a real TPM. This allowed me to benchmark the performance of the applications and test the feasibility of the proposed extensions to standard TPMs. My tests also show that these constructions are practical.

random oracles

Trusted computing

oblivious transfer

Embedded computer systems.

Fast Actively Secure OT Extension for Short Secrets

Ajith, S

January 2017

Oblivious Transfer (OT) is one of the most fundamental cryptographic primitives with wide-spread application in general secure multi-party computation (MPC) as well as in a number of tailored and special-purpose problems of interest such as private set intersection (PSI), private information retrieval (PIR), contract signing to name a few. Often the instantiations of OT require prohibitive communication and computation complexity. OT extension protocols are introduced to compute a very large number of OTs referred as extended OTs at the cost of a small number of OTs referred as seed OTs. We present a fast OT extension protocol for small secrets in active setting. Our protocol when used to produce 1-out-of-n OTs outperforms all the known actively secure OT extensions. Our protocol is built on the semi-honest secure extension protocol of Kolesnikov and Kumaresan of CRYPTO'13 (referred as KK13 protocol henceforth) which is the best known OT extension for short secrets. At the heart of our protocol lies an efficient consistency checking mechanism that relies on the linearity of Walsh-Hadamard (WH) codes. Asymptotically, our protocol adds a communication overhead of O( log ) bits over KK13 protocol irrespective of the number of extended OTs, where and refer to computational and statistical security parameter respectively. Concretely, our protocol when used to generate a large enough number of OTs adds only 0:011-0:028% communication overhead and 4-6% runtime overhead both in LAN and WAN over KK13 extension. The runtime overheads drop below 2% when in addition the number of inputs of the sender in the extended OTs is large enough. As an application of our proposed extension protocol, we show that it can be used to obtain the most efficient PSI protocol secure against a malicious receiver and a semi-honest sender.

Fast Oblivious Transfer Application

Secure Multi-Party Computation

Walsh-Hadamard Codes

KK13 Protocol

OT Extension Protocol

Short Secrets

Computer Science

Sécurité polynomiale en cryptographie

Fiedler, Heinz

08 1900

Dans ce mémoire, nous proposons des protocoles cryptographiques d'échange de clef, de mise en gage, et de transfert équivoque. Un premier protocole de transfert équivoque, primitive cryptographique universelle pour le calcul multi-parties, s'inspire du protocole d'échange de clef par puzzle de Merkle, et améliore les résultats existants. Puis, nous montrons qu'il est possible de construire ces mêmes primitives cryptographiques sans l'hypothèse des fonctions à sens unique, mais avec le problème 3SUM. Ce problème simple ---dans une liste de n entiers, en trouver trois dont la somme a une certaine valeur--- a une borne inférieure conjecturée de Omega(n^2). / In this work, we propose cryptographic protocols for key exchange, bit commitment and oblivious transfer. Our oblivious transfer protocol, universal cryptographic primitive for multipartie computation, is inspired from Merkle's key exchange protocol with puzzles, and improves on existing results. Then, we show that it's possible to build those same cryptographic primitives without the hypothesis of one-way functions, but with the 3SUM problem. This simple problem ---in a list of n integers, find three that sum is a desired value--- has a conjectured lower bound of Omega(n^2).

Cryptographie

Echange de clef

Transfert équivoque

Mise en gage

Problème 3SUM

Cryptography

Key exchange

Oblivious transfer

Bit commitment

3SUM problem

Sécurité polynomiale en cryptographie

Fiedler, Heinz

08 1900

Dans ce mémoire, nous proposons des protocoles cryptographiques d'échange de clef, de mise en gage, et de transfert équivoque. Un premier protocole de transfert équivoque, primitive cryptographique universelle pour le calcul multi-parties, s'inspire du protocole d'échange de clef par puzzle de Merkle, et améliore les résultats existants. Puis, nous montrons qu'il est possible de construire ces mêmes primitives cryptographiques sans l'hypothèse des fonctions à sens unique, mais avec le problème 3SUM. Ce problème simple ---dans une liste de n entiers, en trouver trois dont la somme a une certaine valeur--- a une borne inférieure conjecturée de Omega(n^2). / In this work, we propose cryptographic protocols for key exchange, bit commitment and oblivious transfer. Our oblivious transfer protocol, universal cryptographic primitive for multipartie computation, is inspired from Merkle's key exchange protocol with puzzles, and improves on existing results. Then, we show that it's possible to build those same cryptographic primitives without the hypothesis of one-way functions, but with the 3SUM problem. This simple problem ---in a list of n integers, find three that sum is a desired value--- has a conjectured lower bound of Omega(n^2).

Cryptographie

Echange de clef

Transfert équivoque

Mise en gage

Problème 3SUM

Cryptography

Key exchange

Oblivious transfer

Bit commitment

3SUM problem

Identity-based cryptography / Cryptographie de l'identité

Germouty, Paul

12 September 2018

Dans cette thèse nous étudions les possibilités que les chiffrements basés sur l’identité offrent quand ils sont utilisés dans un but différent qu’un simple chiffrement. Nous avons pu généraliser différents types de chiffrement basés sur l’identité en une nouvelle primitive nommé Downgradable Identity-based Encryption (DIBE). Nous avons trouvé un moyen générique de transformer de simple IBE en des IBE en blanc, dans le cas où l’IBE est affine nous rendons le coût de communication très faible (de linéaire à logarithmique). Ces deux primitives ont donné lieux à différentes applications : les chiffrements basés sur les attributs pour la première et le transfère inconscient pour la deuxième. Une autre application est l’utilisation d’IBE hiérarchiques pour créer des signatures à vérifieur désigné basées sur l’identité. Ensuite nous avons regardé le transfère inconscient seul et avons réussi à le généraliser en un nouveau protocole nommé Oblivious Language-based Envelope. Finalement, nous avons construit une transformation d’un protocole à un autre, d’un échange authentifié de clés par mot de passe nous avons construit un transfère inconscient. En prenant une instanciation particulière nous obtenons un protocole plus efficace que tous les précédents pour le même niveau de sécurité. La primitive chiffrement basé sur l’identité est notre outil principal pour réaliser nos constructions. Nous avons donc besoin d’une instanciation efficace de cette primitive. Nous avons utilisé celle de Blazy Kiltz et Pan à CRYPTO’14 qui est très efficace mais possède aussi une structure particulière dite affine. / During this Thesis we investigated the possibilities that Identity-based Encryption offers when used out of their original purpose. We managed to generalize a whole class of different identity-based encryption schemes into Downgradable Identity-based Encryptions. We found a generic way to construct Blind Identity-based Encryptions. These two works leads both to applications that are not a priori linked with IBE: Attribute-based Encryption from Downgradable IBE and Oblivious Transfer for Blind IBE, in the case of Affine IBE we manage to reduce the communication cost from a linear to logarithmic. As application we also find a way to use Hierarchical IBE to construct a special type of signature called Identity-based Designated Verifier Signature. We continue the research out of the context of IBE's application with Oblivious Transfer. We manage to generalize the concept of Oblivious Transfer into a new protocol called Oblivious Language-based Envelope encompassing many kind of protocols. Finally, in the image of the whole Thesis we construct Oblivious Transfer with a very different primitive called Password Authenticated Key Exchange. Surprisingly, with some optimizations this last transformation leads to a very efficient Oblivious Transfer Protocol. The Identity-based Encryption is our main basis of work, thus efficient instantiations of this primitive were the key of our own efficiency, thus we used the instanciation from the paper of Blazy et als at crypto 2014 which is efficient, tight secure and affine.

Chiffrement basé sur l'identité

SPHF

Cryptographie

Transfère oublieux

Signature

Identity-based encryption

NIZK proof

SPHF

Cryptography

Oblivious Transfer

Signature

005.824

Privacy-preserving cryptography from pairings and lattices / Cryptographie protégeant la vie privée à base de couplages et de réseaux

Mouhartem, Fabrice

18 October 2018

Dans cette thèse, nous étudions les constructions cryptographiques prouvées pour la protection de la vie privée. Pour cela nous nous sommes intéressés aux preuves et arguments à divulgation nulles de connaissance et leurs applications. Un exemple de ces constructions est la signature de groupe. Ce protocole a pour but de permettre à un utilisateur de s'authentifier comme appartenant à un groupe, sans révéler son identité. Afin que les utilisateurs restent responsable de leurs agissements, une autorité indépendante est capable de lever l'anonymat d'un utilisateur en cas de litige. Une telle construction peut ainsi être utilisée, par exemple, dans les systèmes de transport en commun. Un utilisateur qui rentre dans un bus prouve ainsi son appartenance aux utilisateurs possédant un abonnement valide, sans révéler qui il est, et évitant ainsi que la société de transport ne le trace. En revanche, en cas d'incident sur le réseau, la société peut faire appel à la police pour lever l'anonymat des usagers présents au moment de l'incident. Nous avons proposé deux constructions de ces signatures de groupe, prouvées sûres sous des hypothèses simples dans le monde des couplages et des réseaux euclidiens. Dans la continuité de ces travaux, nous avons aussi proposé la première construction de chiffrement de groupe (l'équivalent de la signature de groupe pour le chiffrement) à base de réseaux euclidiens. Finalement, ces travaux nous ont amené à la construction d'un schéma de transfert inconscient adaptatif avec contrôle d'accès à base de réseaux euclidiens. Ces constructions à base de réseaux ont été rendues possibles par des améliorations successives de l'expressivité du protocole de Stern, qui reposait initialement sur la difficulté du problème du décodage de syndrome. / In this thesis, we study provably secure privacy-preserving cryptographic constructions.We focus on zero-knowledge proofs and their applications.Group signatures are an example of such constructions.This primitive allows users to sign messages on behalf of a group (which they formerly joined), while remaining anonymous inside this group.Additionally, users remain accountable for their actions as another independent authority, a judge, is empowered with a secret information to lift the anonymity of any given signature.This construction has applications in anonymous access control, such as public transportations.Whenever someone enters a public transportation, he signs a timestamp. Doing this proves that he belongs to the group of people with a valid subscription.In case of problem, the transportation company hands the record of suspicious signatures to the police, which is able to un-anonymize them.We propose two constructions of group signatures for dynamically growing groups. The first is based on pairing-related assumptions and is fairly practical. The second construction is proven secure under lattice assumptions for the sake of not putting all eggs in the same basket.Following the same spirit, we also propose two constructions for privacy-preserving cryptography.The first one is a group encryption scheme, which is the encryption analogue of group signatures. Here, the goal is to hide the recipient of a ciphertext who belongs to a group, while proving some properties on the message, like the absence of malwares. The second is an adaptive oblivious transfer protocol, which allows a user to anonymously query an encrypted database, while keeping the unrequested messages hidden.These constructions were made possible through a series of work improving the expressiveness of Stern's protocol, which was originally based on the syndrome decoding problem.

Cryptographie

Vie Privée

Signatures

Chiffrement

Transfert Inconscient

Primitives cryptographiques

Accréditations anonyme

Cryptography

Privacy

Signatures

Encryption

Oblivious Transfer

Cryptographic Primitives

Anonymous Credentials

Zero-Knowledge Proofs

Practical and Foundational Aspects of Secure Computation

Ranellucci, Samuel

02 1900

Il y a des problemes qui semblent impossible a resoudre sans l'utilisation d'un tiers parti honnete. Comment est-ce que deux millionnaires peuvent savoir qui est le plus riche sans dire a l'autre la valeur de ses biens ? Que peut-on faire pour prevenir les collisions de satellites quand les trajectoires sont secretes ? Comment est-ce que les chercheurs peuvent apprendre les liens entre des medicaments et des maladies sans compromettre les droits prives du patient ? Comment est-ce qu'une organisation peut ecmpecher le gouvernement d'abuser de l'information dont il dispose en sachant que l'organisation doit n'avoir aucun acces a cette information ? Le Calcul multiparti, une branche de la cryptographie, etudie comment creer des protocoles pour realiser de telles taches sans l'utilisation d'un tiers parti honnete. Les protocoles doivent etre prives, corrects, efficaces et robustes. Un protocole est prive si un adversaire n'apprend rien de plus que ce que lui donnerait un tiers parti honnete. Un protocole est correct si un joueur honnete recoit ce que lui donnerait un tiers parti honnete. Un protocole devrait bien sur etre efficace. Etre robuste correspond au fait qu'un protocole marche meme si un petit ensemble des joueurs triche. On demontre que sous l'hypothese d'un canal de diusion simultane on peut echanger la robustesse pour la validite et le fait d'etre prive contre certains ensembles d'adversaires. Le calcul multiparti a quatre outils de base : le transfert inconscient, la mise en gage, le partage de secret et le brouillage de circuit. Les protocoles du calcul multiparti peuvent etre construits avec uniquements ces outils. On peut aussi construire les protocoles a partir d'hypoth eses calculatoires. Les protocoles construits a partir de ces outils sont souples et peuvent resister aux changements technologiques et a des ameliorations algorithmiques. Nous nous demandons si l'efficacite necessite des hypotheses de calcul. Nous demontrons que ce n'est pas le cas en construisant des protocoles efficaces a partir de ces outils de base. Cette these est constitue de quatre articles rediges en collaboration avec d'autres chercheurs. Ceci constitue la partie mature de ma recherche et sont mes contributions principales au cours de cette periode de temps. Dans le premier ouvrage presente dans cette these, nous etudions la capacite de mise en gage des canaux bruites. Nous demontrons tout d'abord une limite inferieure stricte qui implique que contrairement au transfert inconscient, il n'existe aucun protocole de taux constant pour les mises en gage de bit. Nous demontrons ensuite que, en limitant la facon dont les engagements peuvent etre ouverts, nous pouvons faire mieux et meme un taux constant dans certains cas. Ceci est fait en exploitant la notion de cover-free families . Dans le second article, nous demontrons que pour certains problemes, il existe un echange entre robustesse, la validite et le prive. Il s'effectue en utilisant le partage de secret veriable, une preuve a divulgation nulle, le concept de fantomes et une technique que nous appelons les balles et les bacs. Dans notre troisieme contribution, nous demontrons qu'un grand nombre de protocoles dans la litterature basee sur des hypotheses de calcul peuvent etre instancies a partir d'une primitive appelee Transfert Inconscient Veriable, via le concept de Transfert Inconscient Generalise. Le protocole utilise le partage de secret comme outils de base. Dans la derniere publication, nous counstruisons un protocole efficace avec un nombre constant de rondes pour le calcul a deux parties. L'efficacite du protocole derive du fait qu'on remplace le coeur d'un protocole standard par une primitive qui fonctionne plus ou moins bien mais qui est tres peu couteux. On protege le protocole contre les defauts en utilisant le concept de privacy amplication . / There are seemingly impossible problems to solve without a trusted third-party. How can two millionaires learn who is the richest when neither is willing to tell the other how rich he is? How can satellite collisions be prevented when the trajectories are secret? How can researchers establish correlations between diseases and medication while respecting patient confidentiality? How can an organization insure that the government does not abuse the knowledge that it possesses even though such an organization would be unable to control that information? Secure computation, a branch of cryptography, is a eld that studies how to generate protocols for realizing such tasks without the use of a trusted third party. There are certain goals that such protocols should achieve. The rst concern is privacy: players should learn no more information than what a trusted third party would give them. The second main goal is correctness: players should only receive what a trusted third party would give them. The protocols should also be efficient. Another important property is robustness, the protocols should not abort even if a small set of players is cheating. Secure computation has four basic building blocks : Oblivious Transfer, secret sharing, commitment schemes, and garbled circuits. Protocols can be built based only on these building blocks or alternatively, they can be constructed from specific computational assumptions. Protocols constructed solely from these primitives are flexible and are not as vulnerable to technological or algorithmic improvements. Many protocols are nevertheless based on computational assumptions. It is important to ask if efficiency requires computational assumptions. We show that this is not the case by building efficient protocols from these primitives. It is the conclusion of this thesis that building protocols from black-box primitives can also lead to e cient protocols. This thesis is a collection of four articles written in collaboration with other researchers. This constitutes the mature part of my investigation and is my main contributions to the field during that period of time. In the first work presented in this thesis we study the commitment capacity of noisy channels. We first show a tight lower bound that implies that in contrast to Oblivious Transfer, there exists no constant rate protocol for bit commitments. We then demonstrate that by restricting the way the commitments can be opened, we can achieve better efficiency and in particular cases, a constant rate. This is done by exploiting the notion of cover-free families. In the second article, we show that for certain problems, there exists a trade-off between robustness, correctness and privacy. This is done by using verifiable secret sharing, zero-knowledge, the concept of ghosts and a technique which we call \balls and bins". In our third contribution, we show that many protocols in the literature based on specific computational assumptions can be instantiated from a primitive known as Verifiable Oblivious Transfer, via the concept of Generalized Oblivious Transfer. The protocol uses secret sharing as its foundation. In the last included publication, we construct a constant-round protocol for secure two-party computation that is very efficient and only uses black-box primitives. The remarkable efficiency of the protocol is achieved by replacing the core of a standard protocol by a faulty but very efficient primitive. The fault is then dealt with by a non-trivial use of privacy amplification.

Black-Box

Oblivious Transfer

Secret Sharing

Commitment scheme

Garbling scheme

Robustness

Correctness

Privacy

Boite-noire

Transfert inconscient

Partage de Secret

Mise en Gage

Circuit Brouillé

Robustesse

Validité

Privé

雙方相等性驗證機制的設計及其應用 / A study on the design of Two-Party equality testing protocol and its applications

吳承峰, Wu, Cheng Feng

Unknown Date

雙方相等性驗證即是在不洩漏任何自身私密資訊的情況下，進行秘密計算來了解彼此的資訊是否相等。然而在大多數的現有協議之中，多數為不公平的協定，也就是說其中的一方(被告知方)只能相信另一方(告知方)所告知的比較結果，而無從驗證。雖然邱等學者在2011 年提出的〝具隱私保護功能之兩方相等性驗證機制之提案〞已經提供了具雙方驗證的協定，但此方案因為在加密演算法上的限制導致實作較為困難。因此，在本論文中，將利用ElGamal 的加密機制，提出了一套新的雙方相等性驗證的協議，具備相同的雙方相等性驗證的功能，但對加密演算法的限制較少，實作及運算也較為有效率。另外，搭配模糊傳輸的協定，讓使用者藉由本研究所提出的協定跟伺服器端溝通，來獲得所欲取得的資料，並同時保障使用者以及伺服器端的隱私。同時除了理論的證明安全性及正確性之外，也撰寫程式模擬並證實協定的正確性及討論其效能。 / Two-party equality testing protocol allows two entities to compare their secrete information without leaking any information except the comparison result. In previous works, the comparison result can only be obtained by one entity (ie. informer) and then the entity informs the result to the other entity (ie. receiver). The receiver has to accept the received result since he has no way to verify its correctness. Ciou et al. in 2011 first mentioned this problem and proposed a new protocol to solve the aforementioned problem. However, their protocol has some specific restrictions which making it unpractical. In this paper, based on the ElGamal encryption, we propose a new two-party equality testing protocol. Our protocol has the same feature (ie. allows the two entries to test the correctness of the comparison result) as Ciou et al.’s protocol but is more efficient and practical than theirs. On the other hand, combining our protocol with an oblivious transfer protocol can let users communicate with servers and to get the data in a private way. It is useful on the issue of privacy protection. Finally, the security and correctness are discussed and proved. The efficiency of the protocol is also provided.

密碼學

ElGamal加密系統

同態加密

模糊傳輸

秘密計算

Cryptography

ElGamal encryption

Homomorphic encryption

Oblivious transfer

Secure computing

Vers une plateforme holistique de protection de la vie privée dans les services géodépendants

Sahnoune, Zakaria

04 1900

No description available.

Services géodépendants

Mesure de confiance

Quantification de risques

Position jumelle

Position indicatrice

Réseaux pair-à-pair

Transfert inconscient

Information mutuelle

Logique floue

Location-based services

Location privacy

Location privacy-preserving mechanism

Risk quantification

Trust measurement

Twin positions

Telltale positions

P2P networks

Oblivious transfer

Mutual information

Fuzzy logic