Advertisement

Adaptive Oblivious Transfer with Access Control from Lattice Assumptions

  • Benoît LibertEmail author
  • San Ling
  • Fabrice Mouhartem
  • Khoa Nguyen
  • Huaxiong Wang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10624)

Abstract

Adaptive oblivious transfer (OT) is a protocol where a sender initially commits to a database \(\{M_i\}_{i=1}^N\). Then, a receiver can query the sender up to k times with private indexes \(\rho _1,\ldots ,\rho _k\) so as to obtain \(M_{\rho _1},\ldots , M_{\rho _k}\) and nothing else. Moreover, for each \(i \in [k]\), the receiver’s choice \(\rho _i\) may depend on previously obtained messages \(\{M_{\rho _j}\}_{j <i}\). Oblivious transfer with access control (OT-AC) is a flavor of adaptive OT where database records are protected by distinct access control policies that specify which credentials a receiver should obtain in order to access each \(M_i\). So far, all known OT-AC protocols only support access policies made of conjunctions or rely on ad hoc assumptions in pairing-friendly groups (or both). In this paper, we provide an OT-AC protocol where access policies may consist of any branching program of polynomial length, which is sufficient to realize any access policy in \(\mathsf {NC1}\). The security of our protocol is proved under the Learning-with-Errors (\(\mathsf {LWE}\)) and Short-Integer-Solution (\(\mathsf {SIS}\)) assumptions. As a result of independent interest, we provide protocols for proving the correct evaluation of a committed branching program on a committed input.

Keywords

Lattice assumptions Standard assumptions Zero-knowledge arguments Adaptive oblivious transfer 

Notes

Acknowledgements

Part of this research was funded by Singapore Ministry of Education under Research Grant MOE2016-T2-2-014(S) and by the French ANR ALAMBIC project (ANR-16-CE39-0006).

References

  1. 1.
    Abe, M., Camenisch, J., Dubovitskaya, M., Nishimaki, R.: Universally composable adaptive oblivious transfer (with access control) from standard assumptions. In: ACM Workshop on Digital Identity Management (2013)Google Scholar
  2. 2.
    Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_28 CrossRefGoogle Scholar
  3. 3.
    Aiello, B., Ishai, Y., Reingold, O.: Priced oblivious transfer: how to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_8 CrossRefGoogle Scholar
  4. 4.
    Alwen, J., Peikert, C.: Generating shorter bases for hard random lattices. In: STACS 2009 (2009)Google Scholar
  5. 5.
    Asharov, G., Jain, A., López-Alt, A., Tromer, E., Vaikuntanathan, V., Wichs, D.: Multiparty computation with low communication, computation and interaction via threshold FHE. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 483–501. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_29 CrossRefGoogle Scholar
  6. 6.
    Barrington, D.: Bounded-width polynomial-size branching programs recognize exactly those languages in NC1. In: STOC 1986 (1986)Google Scholar
  7. 7.
    Böhl, F., Hofheinz, D., Jager, T., Koch, J., Striecks, C.: Confined guessing: new signatures from standard assumptions. J. Cryptol. 28(1), 176–208 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_14 CrossRefGoogle Scholar
  9. 9.
    Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: On the classical hardness of learning with errors. In: STOC (2013)Google Scholar
  10. 10.
    Camenisch, J., Dubovitskaya, M., Enderlein, R.R., Neven, G.: Oblivious transfer with hidden access control from attribute-based encryption. In: Visconti, I., Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 559–579. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32928-9_31 CrossRefGoogle Scholar
  11. 11.
    Camenisch, J., Dubovitskaya, M., Neven, G.: Oblivious transfer with access control. In: ACM-CCS 2009 (2009)Google Scholar
  12. 12.
    Camenisch, J., Dubovitskaya, M., Neven, G., Zaverucha, G.M.: Oblivious transfer with hidden access control policies. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 192–209. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19379-8_12 CrossRefGoogle Scholar
  13. 13.
    Camenisch, J., Neven, G., Shelat, A.: Simulatable adaptive oblivious transfer. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 573–590. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-72540-4_33 CrossRefGoogle Scholar
  14. 14.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS 2001 (2001)Google Scholar
  15. 15.
    Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai trees, or how to delegate a lattice basis. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 523–552. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_27 CrossRefGoogle Scholar
  16. 16.
    Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: FOCS 1995 (1995)Google Scholar
  17. 17.
    Coull, S., Green, M., Hohenberger, S.: Controlling access to an oblivious database using stateful anonymous credentials. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 501–520. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00468-1_28 CrossRefGoogle Scholar
  18. 18.
    Crescenzo, G., Ostrovsky, R., Rajagopalan, S.: Conditional oblivious transfer and timed-release encryption. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 74–89. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_6 Google Scholar
  19. 19.
    Ducas, L., Stehlé, D.: Sanitization of FHE ciphertexts. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 294–310. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49890-3_12 CrossRefGoogle Scholar
  20. 20.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987).  https://doi.org/10.1007/3-540-47721-7_12 CrossRefGoogle Scholar
  22. 22.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC (2008)Google Scholar
  23. 23.
    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_5 CrossRefGoogle Scholar
  24. 24.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC (1987)Google Scholar
  25. 25.
    Gorbunov, S., Vinayagamurthy, D.: Riding on asymmetry: efficient ABE for branching programs. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 550–574. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_23 CrossRefGoogle Scholar
  26. 26.
    Green, M., Hohenberger, S.: Blind identity-based encryption and simulatable oblivious transfer. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 265–282. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-76900-2_16 CrossRefGoogle Scholar
  27. 27.
    Green, M., Hohenberger, S.: Universally composable adaptive oblivious transfer. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 179–197. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-89255-7_12 CrossRefGoogle Scholar
  28. 28.
    Green, M., Hohenberger, S.: Practical adaptive oblivious transfer from simple assumptions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 347–363. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19571-6_21 CrossRefGoogle Scholar
  29. 29.
    Herranz, J.: Restricted adaptive oblivious transfer. Theoret. Comput. Sci. 412(46), 6498–6506 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Hiromasa, R., Abe, M., Okamoto, T.: Packing messages and optimizing bootstrapping in GSW-FHE. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 699–715. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46447-2_31 Google Scholar
  31. 31.
    Jarecki, S., Liu, X.: Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 577–594. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00457-5_34 CrossRefGoogle Scholar
  32. 32.
    Kawachi, A., Tanaka, K., Xagawa, K.: Concurrently secure identification schemes based on the worst-case hardness of lattice problems. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 372–389. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-89255-7_23 CrossRefGoogle Scholar
  33. 33.
    Kurosawa, K., Nojima, R., Phong, L.T.: Generic fully simulatable adaptive oblivious transfer. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 274–291. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21554-4_16 CrossRefGoogle Scholar
  34. 34.
    Libert, B., Ling, S., Mouhartem, F., Nguyen, K., Wang, H.: Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 373–403. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53890-6_13 CrossRefGoogle Scholar
  35. 35.
    Libert, B., Ling, S., Mouhartem, F., Nguyen, K., Wang, H.: Zero-knowledge arguments for matrix-vector relations and lattice-based group encryption. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 101–131. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53890-6_4 CrossRefGoogle Scholar
  36. 36.
    Libert, B., Ling, S., Nguyen, K., Wang, H.: Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 1–31. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49896-5_1 CrossRefGoogle Scholar
  37. 37.
    Lindell, A.Y.: Efficient fully-simulatable oblivious transfer. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 52–70. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-79263-5_4 CrossRefGoogle Scholar
  38. 38.
    Ling, S., Nguyen, K., Stehlé, D., Wang, H.: Improved zero-knowledge proofs of knowledge for the ISIS problem, and applications. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 107–124. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36362-7_8 CrossRefGoogle Scholar
  39. 39.
    Ling, S., Nguyen, K., Wang, H.: Group signatures from lattices: simpler, tighter, shorter, ring-based. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 427–449. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46447-2_19 Google Scholar
  40. 40.
    Naor, M., Pinkas, B.: Oblivious transfer with adaptive queries. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 573–590. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_36 CrossRefGoogle Scholar
  41. 41.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: SODA (2001)Google Scholar
  42. 42.
    Naor, M., Pinkas, B.: Computationally secure oblivious transfer. J. Cryptol. 18(1), 1–35 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  43. 43.
    Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden encryptor-specified access structures. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 111–129. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68914-0_7 CrossRefGoogle Scholar
  44. 44.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_31 CrossRefGoogle Scholar
  45. 45.
    Rabin, M.: How to exchange secrets by oblivious transfer. Technical report TR-81, Aiken Computation Laboratory, Harvard University (1981)Google Scholar
  46. 46.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC (2005)Google Scholar
  47. 47.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_27 CrossRefGoogle Scholar
  48. 48.
    Stern, J.: A new paradigm for public key identification. IEEE Trans. Inf. Theory 42(6), 1757–1768 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  49. 49.
    Kalai, Y.T.: Smooth projective hashing and two-message oblivious transfer. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 78–95. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_5 CrossRefGoogle Scholar
  50. 50.
    Zhang, Y., Au, M.H., Wong, D.S., Huang, Q., Mamoulis, N., Cheung, D.W., Yiu, S.-M.: Oblivious transfer with access control: realizing disjunction without duplication. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 96–115. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17455-1_7 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Benoît Libert
    • 1
    • 2
    Email author
  • San Ling
    • 3
  • Fabrice Mouhartem
    • 2
  • Khoa Nguyen
    • 3
  • Huaxiong Wang
    • 3
  1. 1.CNRS, Laboratoire LIPLyonFrance
  2. 2.ENS de Lyon, Laboratoire LIP (U. Lyon, CNRS, ENSL, INRIA, UCBL)LyonFrance
  3. 3.School of Physical and Mathematical SciencesNanyang Technological UniversitySingaporeSingapore

Personalised recommendations