Skip to main content
SpringerLink
Log in

From Attack on Feige-Shamir to Construction of Oblivious Transfer

  • Conference paper
  • First Online:
Information Security and Cryptology (Inscrypt 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10726))

Included in the following conference series:

  • 1181 Accesses

Abstract

Following the work of [Deng, Eurocrypt 2017], under the assumption of the existence of injective one way function, we prove that at least one of the following statements is true:

  • (Infinitely-often) Oblivious transfer exists.

  • For every inverse polynomial \(\epsilon \), the 4-round Feige-Shamir protocol is \(\epsilon \)-distributional concurrent zero knowledge for any hard distribution over sparse OR-relation.

Both these statements have been shown to be unprovable [Gertner et al. FOCS 2000; Canetti et al. STOC 2001] via black-box reductions.

We show how to transform the magic adversary who breaks the \(\epsilon \)-distributional concurrent zero knowledge of the classic Feige-Shamir protocols into oblivious transfer under the existence of injective one way function. As a key ingredient, we introduce the concept of distributional witness encryption to achieve the encryption scheme in which “public keys” can be sampled separately of “private keys”, and show that if there exists a magic adversary breaking the \(\epsilon \)-distributional concurrent zero knowledge of Feige-Shamir protocols over a hard distribution, it can be transformed to an (infinitely-often) distributional witness encryption based on injective one way function.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In this setting, \(\{(X_n\times D^x_n,D^w_n)\}_{n\in \mathbb {N}}=\{((X_n\times D^x_n)\cup (D^x_n\times X_n),D^w_n)\}_{n\in \mathbb {N}}\).

  2. 2.

    The joint distribution \((D^x_n\times D^x_n,D_n^w,Z_n)\) (resp. \((X_n\times D^x_n,D_n^w,Z_n)\)) over \(R^n_{L_{OR}}\times \{0,1\}^*\) is sampled in the natural way: sample \((x_1,x_2,w)\leftarrow (D^x_n\times D^x_n,D^w_n)\) (resp. \((X_n\times D^x_n,D_n^w)\)) and \(z\leftarrow Z_n\); output \((x_1,x_2,w,z)\).

References

  1. Abusalah, H., Fuchsbauer, G., Pietrzak, K.: Offline witness encryption. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 285–303. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_16

    Google Scholar 

  2. Badrinarayanan, S., Garg, S., Ishai, Y., Sahai, A., Wadia, A.: Two-message witness indistinguishability and secure computation in the plain model from new assumptions. In: Advances in Cryptology - ASIACRYPT 2017 (2017, to appear)

    Google Scholar 

  3. Barak, B.: How to go beyond the black-box simulation barrier. In: Proceedings of the 42th Annual IEEE Symposium on Foundations of Computer Science - FOCS 2001, pp. 106–115. IEEE Computer Society (2001)

    Google Scholar 

  4. Blum, M.: How to prove a theorem so no one else can claim it. In: Proceedings of International Congress of Mathematicians - ICM 1986 (1986)

    Google Scholar 

  5. Canetti, R., Kilian, J., Petrank, E., Rosen, A.: Black-box concurrent zero-knowledge requires omega(log n) rounds. In: Proceedings of the 33rd Annual ACM Symposium Theory of Computing - STOC 2001, pp. 570–579. ACM Press (2001)

    Google Scholar 

  6. Chen, Y., Zhang, Z., Lin, D., Cao, Z.: Generalized (identity-based) hash proof system and its applications. Secur. Commun. Netw. 9(12), 1698–1716 (2016)

    Article  Google Scholar 

  7. Chung, K.-M., Lin, H., Pass, R.: Constant-round concurrent zero-knowledge from indistinguishability obfuscation. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 287–307. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_14

    Chapter  Google Scholar 

  8. Chung, K.-M., Lui, E., Pass, R.: From weak to strong zero-knowledge and applications. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 66–92. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_4

    Google Scholar 

  9. Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_4

    Chapter  Google Scholar 

  10. Deng, Y.: Magic adversaries versus individual reduction: science wins either way. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 351–377. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_12

    Chapter  Google Scholar 

  11. Derler, D., Slamanig, D.: Practical witness encryption for algebraic languages and how to reply an unknown whistleblower. IACR Cryptology ePrint Arch. 2015, 1073 (2015)

    Google Scholar 

  12. Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.J.: Magic functions. J. ACM 50(6), 852–921 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  13. Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. In: Proceedings of the 30rd Annual ACM Symposium Theory of Computing- STOC 1998, pp. 409–418. ACM Press (1998)

    Google Scholar 

  14. Feige, U., Shamir, A.: Zero knowledge proofs of knowledge in two rounds. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 526–544. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_46

    Chapter  Google Scholar 

  15. Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. SIAM J. Comput. 45(3), 882–929 (2016)

    Article  MathSciNet  MATH  Google Scholar 

  16. Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: Proceedings of the Forty-Fifth Annual ACM Symposium on Theory of Computing, pp. 467–476. ACM (2013)

    Google Scholar 

  17. Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The relationship between public key encryption and oblivious transfer. In: 2000 Proceedings of the 41st Annual Symposium on Foundations of Computer Science, pp. 325–335. IEEE (2000)

    Google Scholar 

  18. Goldreich, O.: A uniform-complexity treatment of encryption and zero-knowledge. J. Cryptology 6(1), 21–53 (1993)

    Article  MathSciNet  MATH  Google Scholar 

  19. Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. J. Cryptology 9(3), 167–190 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  20. Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Proceedings of the 21th Annual ACM Symposium on the Theory of Computing - STOC 1989, pp. 44–61. ACM Press (1989)

    Google Scholar 

  21. Ishai, Y., Kushilevitz, E., Lindell, Y., Petrank, E.: Black-box constructions for secure computation. In: Proceedings of the Thirty-Eighth Annual ACM Symposium on Theory of Computing, pp. 99–108. ACM (2006)

    Google Scholar 

  22. Jain, A., Kalai, Y.T., Khurana, D., Rothblum, R.: Distinguisher-dependent simulation in two rounds and its applications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 158–189. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_6

    Chapter  Google Scholar 

  23. Lindell, A.Y.: Efficient fully-simulatable oblivious transfer. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 52–70. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79263-5_4

    Chapter  Google Scholar 

  24. Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_31

    Chapter  Google Scholar 

  25. Prabhakaran, M., Rosen, A., Sahai, A.: Concurrent zero knowledge with logarithmic round-complexity. In: Proceedings of the 43th Annual IEEE Symposium on Foundations of Computer Science - FOCS 2002, pp. 366–375. IEEE Computer Society (2002)

    Google Scholar 

  26. Simon, D.R.: Finding collisions on a one-way street: can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054137

    Google Scholar 

  27. Zhandry, M.: How to avoid obfuscation using witness PRFs. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 421–448. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49099-0_16

    Chapter  Google Scholar 

Download references

Acknowledgements

We thank Yanyan Liu, Shunli Ma, Hailong Wang for discussions and careful proofreading. We also thank the anonymous reviewers and editors for helpful comments.

The first and second authors were supported in part by the National Natural Science Foundation of China (Grant No. 61379141). The third author was supported in part by the National Key Research and Development Plan (Grant No. 2016YFB0800403), the National Natural Science Foundation of China (Grant No. 61772522) and Youth Innovation Promotion Association CAS. All authors were also supported by Key Research Program of Frontier Sciences, CAS (Grant No. QYZDB-SSW-SYS035), and the Open Project Program of the State Key Laboratory of Cryptology.

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Jingyue Yu, Yi Deng & Yu Chen

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, 100093, China

    Jingyue Yu, Yi Deng & Yu Chen

  3. State Key Laboratory of Cryptology, P.O. Box 5159, Beijing, 100878, China

    Jingyue Yu, Yi Deng & Yu Chen

Authors
  1. Jingyue Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yi Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jingyue Yu .

Editor information

Editors and Affiliations

  1. Xidian University, Xi’an, China

    Xiaofeng Chen

  2. SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Dongdai Lin

  3. Columbia University, New York, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yu, J., Deng, Y., Chen, Y. (2018). From Attack on Feige-Shamir to Construction of Oblivious Transfer. In: Chen, X., Lin, D., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2017. Lecture Notes in Computer Science(), vol 10726. Springer, Cham. https://doi.org/10.1007/978-3-319-75160-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-75160-3_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-75159-7

  • Online ISBN: 978-3-319-75160-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation