"The Simplest Protocol for Oblivious Transfer'' Revisited

Genç, Ziya Alper; Iovino, Vincenzo; Rial, Alfredo

doi:10.1016/j.ipl.2020.105975

Reference : "The Simplest Protocol for Oblivious Transfer'' Revisited


	Document type :	Scientific journals : Article
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/44182

Title :	"The Simplest Protocol for Oblivious Transfer'' Revisited
Language :	English
Author, co-author :	Genç, Ziya Alper [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Iovino, Vincenzo [University of Salerno]
	Rial, Alfredo [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Publication date :	2020
Journal title :	Information Processing Letters
Publisher :	Elsevier
Peer reviewed :	Yes (verified by ORBi^lu)
Audience :	International
ISSN :	0020-0190
Country :	Netherlands
Keywords :	[en] oblivious transfer ; universal composability ; cryptography
Abstract :	[en] In 2015, Chou and Orlandi presented an oblivious transfer protocol that already drew a lot of attention both from theorists and practitioners due to its extreme simplicity and high efficiency. Chou and Orlandi claimed that their protocol is universally composable secure (UC-secure) in the random oracle model under dynamic corruptions. UC-security is a very strong security guarantee that assures that, not only the protocol in itself is secure, but can be also used safely in larger protocols. Unfortunately, in this work we point out a flaw in their security proof for the case of a corrupt sender. In more detail, we define a decisional problem and we prove that, if a correct security proof for the Chou and Orlandi's protocol is provided, then this problem can be solved correctly with overwhelming probability. Therefore, the protocol of Chou and Orlandi cannot be instantiated securely with groups for which our decisional problem cannot be solved correctly with overwhelming probability. Consequently, the protocol of Chou and Orlandi cannot be instantiated with {\em all} groups $\G$ in which the CDH problem is intractable, but only with groups in which both the CDH problem is intractable and our decisional problem can be solved with overwhelming probability. After the appearance of our work, Chou and Orlandi acknowledged the problems we pointed out in their security proof and subsequent works showed additional issues, removing the claims of UC security of their protocol.
Permalink :	http://hdl.handle.net/10993/44182
DOI :	10.1016/j.ipl.2020.105975
Other URL :	https://www.sciencedirect.com/science/article/abs/pii/S0020019020300624
FnR project :	FnR ; FNR11650748 > Alfredo Rial > SZK > Stateful Zero-Knowledge > 01/03/2018 > 28/02/2021 > 2017

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	main.pdf		Publisher postprint	265.8 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices