Simple Oblivious Transfer Protocols Compatible with Supersingular Isogenies

  • Vanessa VitseEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11627)


The key exchange protocol of Diffie and Hellman, which can be defined for any group, has the special feature of using only exponentiations. In particular, it can also be instantiated in Kummer varieties, which are not groups, and in the post-quantum isogeny-based setting.

In this article, we propose a new simple oblivious transfer (OT) protocol, based on Diffie–Hellman key exchange, that only uses exponentiations; we also revisit the older Wu–Zhang–Wang scheme. Both protocols can be directly instantiated on fast Kummer varieties; more importantly, they can also be transposed in the isogeny setting. The semantic security of our proposals relies on the hardness of non-standard versions of the (supersingular) DH problem, that are investigated within this article. To the best of our knowledge, these protocols are the simplest discrete-log based OT schemes using only exponentiations, and the first isogeny-based OT schemes.


Oblivious transfer Diffie–Hellman key exchange Supersingular isogeny Post-quantum cryptography 



This work has been supported in part by the European Union’s H2020 Programme under grant agreement number ERC-669891. The author would like to thank Luca de Feo, Charles Bouillaguet, Damien Vergnaud and Antoine Joux for their helpful discussions, and anonymous referees for their relevant remarks and for pointing us the article of Wu, Zhang and Wang.


  1. 1.
    Bao, F., Deng, R.H., Zhu, H.F.: Variations of Diffie-Hellman problem. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 301–312. Springer, Heidelberg (2003). Scholar
  2. 2.
    Barreto, P., Oliveira, G., Benits, W.: Supersingular isogeny oblivious transfer. Cryptology ePrint Archive, Report 2018/459 (2018).
  3. 3.
    Beaver, D.: Precomputing oblivious transfer. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 97–109. Springer, Heidelberg (1995). Scholar
  4. 4.
    Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547–557. Springer, New York (1990). Scholar
  5. 5.
    Bernstein, D.J., Chuengsatiansup, C., Lange, T., Schwabe, P.: Kummer strikes back: new DH speed records. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 317–337. Springer, Heidelberg (2014). Scholar
  6. 6.
    Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000). Scholar
  7. 7.
    Camenisch, J., Neven, G., Shelat, A.: Simulatable adaptive oblivious transfer. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 573–590. Springer, Heidelberg (2007). Scholar
  8. 8.
    Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). Scholar
  9. 9.
    Childs, A., Jao, D., Soukharev, V.: Constructing elliptic curve isogenies in quantum subexponential time. J. Math. Cryptol. 8(1), 1–29 (2014)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Chou, T., Orlandi, C.: The simplest protocol for oblivious transfer. In: Lauter, K., Rodríguez-Henríquez, F. (eds.) LATINCRYPT 2015. LNCS, vol. 9230, pp. 40–58. Springer, Cham (2015). Scholar
  11. 11.
    Couveignes, J.-M.: Hard homogeneous spaces. Cryptology ePrint Archive, Report 2006/291 (2006).
  12. 12.
    De Feo, L., Jao, D., Plût, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Math. Cryptol. 8(3), 209–247 (2014)MathSciNetzbMATHGoogle Scholar
  13. 13.
    Delpech de Saint Guilhem, C., Orsini, E., Petit, C., Smart, N.P.: Secure oblivious transfer from semi-commutative masking. Cryptology ePrint Archive, Report 2018/648 (2018).
  14. 14.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. In: Advances in cryptology–CRYPTO 1982. Plenum Press, New York (1983)CrossRefGoogle Scholar
  15. 15.
    Kazmi, R.A.: Cryptography from post-quantum assumptions. Cryptology ePrint Archive, Report 2015/376 (2015).
  16. 16.
    Kilian, J.: Founding cryptography on oblivious transfer. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing–STOC 1988, pp. 20–31. ACM (1988)Google Scholar
  17. 17.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proceedings of the 12th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA 2001), pp. 448–457. SIAM, ACM (2001)Google Scholar
  18. 18.
    Naor, M., Pinkas, B.: Computationally secure oblivious transfer. J. Cryptology 18(1), 1–35 (2005)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). Scholar
  20. 20.
    Petit, C.: Faster algorithms for isogeny problems using torsion point images. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 330–353. Springer, Cham (2017). Scholar
  21. 21.
    Rabin, M.O.: How to exchange secrets by Oblivious Transfer. Technical report TR-81. Harvard Aiken Computation Laboratory (1981)Google Scholar
  22. 22.
    Renes, J., Schwabe, P., Smith, B., Batina, L.: \(\mu \)Kummer: efficient hyperelliptic signatures and key exchange on microcontrollers. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 301–320. Springer, Heidelberg (2016). Scholar
  23. 23.
    Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies. Cryptology ePrint Archive, Report 2006/145 (2006).
  24. 24.
    Stolbunov, A.: Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves. Adv. Math. Commun. 4(2), 215–235 (2010)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Tani, S.: Claw finding algorithms using quantum walk. Theoret. Comput. Sci. 410(50), 5285–5297 (2009)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Urbanik, D., Jao,D.: SoK: the problem landscape of SIDH. In: Proceedings of the 5th ACM on ASIA Public-Key Cryptography Workshop – APKC 2018, pp. 53–60. ACM, New York (2018)Google Scholar
  27. 27.
    Wu, Q.-H., Zhang, J.-H., Wang, Y.-M.: Practical t-out-n oblivious transfer and its applications. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 226–237. Springer, Heidelberg (2003). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Univ. Grenoble Alpes, CNRS, Institut FourierGrenobleFrance

Personalised recommendations