Universally Composable Oblivious Transfer from Lossy Encryption and the McEliece Assumptions

  • Bernardo Machado David
  • Anderson C. A. Nascimento
  • Jörn Müller-Quade
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7412)


Oblivious transfer (OT) is a primitive of great importance in two-party and multi-party computation. We introduce a general construction of universally composable (UC) oblivious transfer protocols based on lossy cryptosystems in the common reference string (CRS) model, yielding protocols under several assumptions. In order to achieve this, we show that for most known lossy encryption constructions it is possible to distinguish between lossy and injective public keys given the corresponding secret key, similarly to dual-mode encryption in messy mode.

Furthermore, we adapt the techniques of our general construction to obtain the first UC secure OT protocol based on the McEliece assumptions, which are coding theory based assumptions that until now have resisted quantum attacks, thus introducing the first UC secure OT protocol based on coding assumptions.

However, differently from previous results based on dual-mode encryption, our scheme does not require a trapdoor for opening lossy ciphertexts, relying instead on CRS manipulation and cut-and-choose techniques to construct the simulators. In both constructions we circumvent the need for universally composable string commitment schemes, which are required by previous black-box compilers.


Commitment Scheme Oblivious Transfer Common Reference String Oblivious Transfer Protocol Universal Composability 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dinh, H., Moore, C., Russell, A.: McEliece and Niederreiter Cryptosystems that Resist Quantum Fourier Sampling Attacks. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 761–779. Springer, Heidelberg (2011)Google Scholar
  2. 2.
    Aiello, W., Ishai, Y., Reingold, O.: Priced Oblivious Transfer: How to Sell Digital Goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Hofheinz, D., Yilek, S.: Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 1–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Micali, S.: Non-interactive Oblivious Transfer and Applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547–557. Springer, Heidelberg (1990)Google Scholar
  5. 5.
    Berlekamp, E.R., McEliece, R., van Tilborg, H.C.A.: On the inherent intractability of certain coding problems (corresp). IEEE Transactions on Information Theory (24) (1978)Google Scholar
  6. 6.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings of the 42nd IEEE symposium on Foundations of Computer Science, FOCS 2001, pp. 136–145. IEEE Computer Society, Washington, DC (2001)Google Scholar
  7. 7.
    Canetti, R., Fischlin, M.: Universally Composable Commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: Proceedings of the Thiry-Fourth Annual ACM Symposium on Theory of Computing, STOC 2002, pp. 494–503. ACM, New York (2002)CrossRefGoogle Scholar
  9. 9.
    Canetti, R., Rabin, T.: Universal Composition with Joint State. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265–281. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Choi, S.G., Dachman-Soled, D., Malkin, T., Wee, H.: Simple, Black-Box Constructions of Adaptively Secure Protocols. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 387–402. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Cramer, R., Shoup, V.: Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Crépeau, C., van de Graaf, J., Tapp, A.: Committed Oblivious Transfer and Private Multi-Party Computation. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 110–123. Springer, Heidelberg (1995)Google Scholar
  13. 13.
    Damgård, I., Kilian, J., Salvail, L.: On the (im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 56–73. Springer, Heidelberg (1999)Google Scholar
  14. 14.
    Damgård, I., Nielsen, J.B., Orlandi, C.: Essentially Optimal Universally Composable Oblivious Transfer. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 318–335. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    David, B.M., Nascimento, A.C.A.: Efficient fully simulatable oblivious transfer from the mceliece assumptions. In: Information Theory Workshop (ITW), pp. 638–642. IEEE (October 2011)Google Scholar
  16. 16.
    Dowsley, R., van de Graaf, J., Müller-Quade, J., Nascimento, A.C.A.: Oblivious Transfer Based on the Mceliece Assumptions. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 107–117. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. In: CRYPTO 1982, pp. 205–210 (1982)Google Scholar
  18. 18.
    Faugère, J.C., Gauthier, V., Otmani, A., Perret, L., Tillich, J.P.: A distinguisher for high rate mceliece cryptosystems. Cryptology ePrint Archive. Report 2010/331 (2010)Google Scholar
  19. 19.
    Garay, J.A., Mackenzie, P., Yang, K.: Efficient and Universally Composable Committed Oblivious Transfer and Applications. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 297–316. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  20. 20.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: STOC 1987: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM, New York (1987)CrossRefGoogle Scholar
  21. 21.
    Green, M., Hohenberger, S.: Universally Composable Adaptive Oblivious Transfer. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 179–197. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Haitner, I.: Semi-Honest to Malicious Oblivious Transfer—the Black-Box Way. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 412–426. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Hemenway, B., Libert, B., Ostrovsky, R., Vergnaud, D.: Lossy Encryption: Constructions from General Assumptions and Efficient Selective Opening Chosen Ciphertext Security. In: Lee, D.H. (ed.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 70–88. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  24. 24.
    Ishai, Y., Kushilevitz, E., Lindell, Y., Petrank, E.: Black-box constructions for secure computation. In: Proceedings of the Thirty-Eighth Annual ACM Symposium on Theory of Computing, STOC 2006, pp. 99–108. ACM, New York (2006), CrossRefGoogle Scholar
  25. 25.
    Jarecki, S., Shmatikov, V.: Efficient Two-Party Secure Computation on Committed Inputs. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 97–114. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  26. 26.
    Kalai, Y.T.: Smooth Projective Hashing and Two-Message Oblivious Transfer. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 78–95. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  27. 27.
    Kilian, J.: Founding crytpography on oblivious transfer. In: STOC 1988: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 20–31. ACM, New York (1988)CrossRefGoogle Scholar
  28. 28.
    Lindell, A.Y.: Efficient Fully-Simulatable Oblivious Transfer. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 52–70. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  29. 29.
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. dsn progress report. In: Jet Propulsion Laboratories, CALTECH, pp. 42–44 (1978)Google Scholar
  30. 30.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proceedings of the Twelfth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2001, Society for Industrial and Applied Mathematics, Philadelphia, PA, USA, pp. 448–457 (2001)Google Scholar
  31. 31.
    Nojima, R., Imai, H., Kobara, K., Morozov, K.: Semantic security for the mceliece cryptosystem without random oracles. Des. Codes Cryptography 49(1-3), 289–305 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  32. 32.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A Framework for Efficient and Composable Oblivious Transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008)Google Scholar
  33. 33.
    Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, STOC 2008, pp. 187–196. ACM, New York (2008)CrossRefGoogle Scholar
  34. 34.
    Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical Memo TR-81. Aiken Computation Laboratory, Harvard University (1981)Google Scholar
  35. 35.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC 2005: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, pp. 84–93. ACM, New York (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Bernardo Machado David
    • 1
  • Anderson C. A. Nascimento
    • 1
  • Jörn Müller-Quade
    • 2
  1. 1.Department of Electrical EngineeringUniversity of BrasiliaBrazil
  2. 2.Institute of Cryptography and Security, Faculty of InformaticsKarlsruhe Institute of TechnologyGermany

Personalised recommendations