Top Banner
  Oblivious transfer Robert Sicoie robert.sicoie [at] gmail.com
13

Oblivious Transfer

Aug 08, 2015

Download

Technology

robertsicoie
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Oblivious Transfer

  

Oblivious transfer

Robert Sicoierobert.sicoie [at] gmail.com

Page 2: Oblivious Transfer

  

Cuprins

Introducere Rabin Oblivious Transfer 1­2 Oblivious Transfer 1­n Oblivious Transfer k­n Oblivious Transfer

Page 3: Oblivious Transfer

  

Introducere

Protocol prin care un emiţător trimite nişte informaţii receptorului, dar emiţătorul nu reţine ce informaţie a primit receptorul.

Page 4: Oblivious Transfer

  

Rabin Oblivious Transfer

Emiţătorul generează un modul public RSA N=pq unde p şi q sunt numere prime mari şi un exponent e prim cu (p­1)(q­1)

Emiţătorul criptează mesajul m: me mod N

Page 5: Oblivious Transfer

  

Rabin Oblivious Transfer

E trimite N, e şi me mod N către R R alege aleator un număr x modulo N şi trimite x2 

mod N către E E găseşte o rădăcină pătrată y a lui x2 mod N pe care 

o trimite către R Dacă y=x mod N sau y=­x mod N atunci R nu va 

putea decripta mesajul m. Probabilitate 1/2 Altfel R va putea decripta mesajul. Probabilitate 1/2

Page 6: Oblivious Transfer

  

Rabin Oblivious Transfer

OTE Rb

b

#

Probabilitatea ca R să primească mesajul b este de 50%. Oricum, E nu va şti dacă R a primit sau nu mesajul.

Page 7: Oblivious Transfer

  

1­2 Oblivious Transfer E are două mesaje m0 şi m1 iar R are un bit b, iar R 

vrea să primească mb fără ca E să reţină b

E vrea să se asigure că R va primi doar unul din mesaje.

Protocolul este general, dar poate fi implementat folosind criptarea RSA 

Page 8: Oblivious Transfer

  

1­2 Oblivious Transfer E trimite o pereche ordonată de biţi (bo,b1) către 

maşina OT R trimite către maşina OT un bit i, indicând ce mesaj 

doreşte să primească

Maşina trimite bi către R şi distruge mesajul b1­i  

E ştie că R a primit doar unul din mesaje, dar nu ştie care din ele. 

OTE R

b0

bib1

i

Page 9: Oblivious Transfer

  

1­n Oblivious Transfer

O generalizare a protocolului 1­2 OT E trimite către maşina OT n mesaje  R trimite un indice i şi doreşte să primească al i­lea 

mesaj fără ca E să reţină care mesaj a fost cerut. E doreşte ca un singur mesaj din cele n să ajungă la 

R

Page 10: Oblivious Transfer

  

k­n Oblivious Transfer

Protocolul 1­n OT a fost mai apoi generalizat la noţiunea de k­n OT

R va primit un set de k mesaje dintre cele n Cele k mesaje pot fi primte simultan, sau pot fi 

cerute consecuiv, fiecare cerere bazându­se pe mesajul anterior primit.

Page 11: Oblivious Transfer

  

Aplicaţii

Secure Multi­party computation

Page 12: Oblivious Transfer

  

Referinţe

Benny Pinkas, Oblivious Transfer, http://www.pinkas.net/ot.html

Wikipedia, http://en.wikipedia.org/wiki/Oblivious_transfer

Rafail Ostrovsky, Foundations of Cryptography, Lecture 10

B. Pinkas, M. Naor, Efficient Oblivious Transfer

http://www.pinkas.net/ot.html
http://en.wikipedia.org/wiki/Oblivious_transfer
Page 13: Oblivious Transfer

  

Sfârşit

Vă mulţumesc pentru atenţie Întrebări?


Related Documents
More Efficient Oblivious Transfer and Extensions …More Efficient Oblivious Transfer and Extensions for Faster Secure Computation Gilad Asharov, Yehuda Lindell Cryptography Research

More Efficient Oblivious Transfer and Extensions …More...

Category: Documents
Cache-Oblivious Algorithms

Cache-Oblivious Algorithms

Category: Documents
Consistency Oblivious Programming

Consistency Oblivious Programming

Category: Documents
More E cient Oblivious Transfer and Extensions for Faster

More E cient Oblivious Transfer and Extensions for Faster

Category: Documents
Laconic Oblivious Transfer and its Applications · 1.1 Laconic OT In this paper, we introduce the notion of laconic oblivious transfer (or laconic OT for short). La-conic OT allows

Laconic Oblivious Transfer and its Applications · 1.1...

Category: Documents
MASCOT: Faster Malicious Arithmetic Secure Computation ... · MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer Marcel Keller Emmanuela Orsiniy Peter

MASCOT: Faster Malicious Arithmetic Secure Computation...

Category: Documents
How to Exchange Secrets with Oblivious Transfer · 2015-10-06 · How to Exchange Secrets with Oblivious Transfer Michael O. Rabin May 20, 1981 1 Introduction Bob and Alice each have

How to Exchange Secrets with Oblivious Transfer ·...

Category: Documents
More E cient Oblivious Transfer Extensions with Security ...

More E cient Oblivious Transfer Extensions with Security ...

Category: Documents
On Unconditionally Secure Distributed Oblivious Transferpaodar/preprint/pdf/dot_JoC.pdf · 2006. 10. 4. · On Unconditionally Secure Distributed Oblivious Transfer∗ Carlo Blundo1

On Unconditionally Secure Distributed Oblivious...

Category: Documents
Slide 1 Vitaly Shmatikov CS 380S Oblivious Transfer and Secure Multi-Party Computation With Malicious Parties.

Slide 1 Vitaly Shmatikov CS 380S Oblivious Transfer and...

Category: Documents
Oblivious Transfer and Secure Multi-Party Computation With Malicious Parties

Oblivious Transfer and Secure Multi-Party Computation With...

Category: Documents
Constant Round Oblivious Transfer in the Bounded-Storage Model

Constant Round Oblivious Transfer in the Bounded-Storage...

Category: Documents