Security and Efficiency Analysis of the Hamming Distance Computation Protocol Based on Oblivious Transfer

Kiraz, Mehmet Sabır; Genç, Ziya Alper; Kardaş, Süleyman

doi:10.1002/sec.1329

Reference : Security and Efficiency Analysis of the Hamming Distance Computation Protocol Based o...


	Document type :	Scientific journals : Article
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust; Computational Sciences
	To cite this reference:	http://hdl.handle.net/10993/29892

Title :	Security and Efficiency Analysis of the Hamming Distance Computation Protocol Based on Oblivious Transfer
Language :	English
Author, co-author :	Kiraz, Mehmet Sabır [TÜBİTAK > BİLGEM > UEKAE]
	Genç, Ziya Alper [TÜBİTAK > BİLGEM > UEKAE]
	Kardaş, Süleyman [TÜBİTAK > BİLGEM > UEKAE]
Publication date :	21-Aug-2015
Journal title :	Security and Communication Networks
Publisher :	Wiley
Volume :	8
Issue/season :	18
Pages :	4123-4135
Peer reviewed :	Yes (verified by ORBi^lu)
Audience :	International
ISSN :	1939-0114
e-ISSN :	1939-0122
Keywords :	[en] Biometric Identification ; Authentication ; Hamming distance ; Privacy ; Committed Oblivious Transfer
Abstract :	[en] Bringer et al. proposed two cryptographic protocols for the computation of Hamming distance. Their first scheme uses Oblivious Transfer and provides security in the semi-honest model. The other scheme uses Committed Oblivious Transfer and is claimed to provide full security in the malicious case. The proposed protocols have direct implications to biometric authentication schemes between a prover and a verifier where the verifier has biometric data of the users in plain form. In this paper, we show that their protocol is not actually fully secure against malicious adversaries. More precisely, our attack breaks the soundness property of their protocol where a malicious user can compute a Hamming distance which is different from the actual value. For biometric authentication systems, this attack allows a malicious adversary to pass the authentication without knowledge of the honest user’s input with at most O(n) complexity instead of O(2n), where n is the input length. We propose an enhanced version of their protocol where this attack is eliminated. The security of our modified protocol is proven using the simulation-based paradigm. Furthermore, as for efficiency concerns, the modified protocol utilizes Verifiable Oblivious Transfer which does not require the commitments to outputs which improves its efficiency significantly.
Research centres :	TÜBİTAK BİLGEM UEKAE
Funders :	COST Action CRYPTACUS (IC1403)
Name of the research project :	Cloud Computing and Big Data Research Lab Project
Target :	Researchers ; Professionals ; Students ; General public ; Others
Permalink :	http://hdl.handle.net/10993/29892
DOI :	10.1002/sec.1329
Other URL :	http://onlinelibrary.wiley.com/doi/10.1002/sec.1329/abstract

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	security_analysis_shade.pdf		Author postprint	317.13 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices