Reference : "The Simplest Protocol for Oblivious Transfer'' Revisited
 Document type : Scientific journals : Article Discipline(s) : Engineering, computing & technology : Computer science Focus Areas : Security, Reliability and Trust To cite this reference: http://hdl.handle.net/10993/44182
 Title : "The Simplest Protocol for Oblivious Transfer'' Revisited Language : English Author, co-author : Genç, Ziya Alper [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >] Iovino, Vincenzo [University of Salerno] Rial, Alfredo [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >] Publication date : 2020 Journal title : Information Processing Letters Publisher : Elsevier Peer reviewed : Yes (verified by ORBilu) Audience : International ISSN : 0020-0190 Country : Netherlands Keywords : [en] oblivious transfer ; universal composability ; cryptography Abstract : [en] In 2015, Chou and Orlandi presented an oblivious transfer protocol that already drew a lot of attention both from theorists and practitioners due to its extreme simplicity and high efficiency. Chou and Orlandi claimed that their protocol is universally composable secure (UC-secure) in the random oracle model under dynamic corruptions. UC-security is a very strong security guarantee that assures that, not only the protocol in itself is secure, but can be also used safely in larger protocols. Unfortunately, in this work we point out a flaw in their security proof for the case of a corrupt sender. In more detail, we define a decisional problem and we prove that, if a correct security proof for the Chou and Orlandi's protocol is provided, then this problem can be solved correctly with overwhelming probability. Therefore, the protocol of Chou and Orlandi cannot be instantiated securely with groups for which our decisional problem cannot be solved correctly with overwhelming probability. Consequently, the protocol of Chou and Orlandi cannot be instantiated with {\em all} groups $\G$ in which the CDH problem is intractable, but only with groups in which both the CDH problem is intractable and our decisional problem can be solved with overwhelming probability. After the appearance of our work, Chou and Orlandi acknowledged the problems we pointed out in their security proof and subsequent works showed additional issues, removing the claims of UC security of their protocol. Permalink : http://hdl.handle.net/10993/44182 DOI : 10.1016/j.ipl.2020.105975 Other URL : https://www.sciencedirect.com/science/article/abs/pii/S0020019020300624 FnR project : FnR ; FNR11650748 > Alfredo Rial > SZK > Stateful Zero-Knowledge > 01/03/2018 > 28/02/2021 > 2017

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
main.pdfPublisher postprint265.8 kBView/Open

All documents in ORBilu are protected by a user license.