Kirill Morozov

Efficient unconditional oblivious transfer from almost any noisy channel

Oblivious transfer (OT) is a cryptographic primitive of central importance, in particular in two- and multi-party computation. There exist various protocols for different variants of OT, but any such realization from scratch can be broken in principle by at least one of the two involved parties if she has sufficient computing power—and the same even holds when the parties are connected by a quantum channel. We show that, on the other hand, if noise—which is inherently present in any physical communication channel—is taken into account, then OT can be realized in an unconditionally secure way for both parties, i.e., even against dishonest players with unlimited computing power. We give the exact condition under which a general noisy channel allows for realizing OT and show that only “trivial” channels, for which OT is obviously impossible to achieve, have to be excluded. Moreover, our realization of OT is efficient: For a security parameter α > 0—an upper bound on the probability that the protocol fails in any way—the required number of uses of the noisy channel is of order O(log(1/ α)2+e) for any e > 0.

Semantic security for the McEliece cryptosystem without random oracles

In this paper, we formally prove that padding the plaintext with a random bit-string provides the semantic security against chosen plaintext attack (IND-CPA) for the McEliece (and its dual, the Niederreiter) cryptosystems under the standard assumptions. Such padding has recently been used by Suzuki, Kobara and Imai in the context of RFID security. Our proof relies on the technical result by Katz and Shin from Eurocrypt ’05 showing “pseudorandomness” implied by the learning parity with noise (LPN) problem. We do not need the random oracles as opposed to the known generic constructions which, on the other hand, provide a stronger protection as compared to our scheme—against (adaptive) chosen ciphertext attack, i.e., IND-CCA(2). In order to show that the padded version of the cryptosystem remains practical, we provide some estimates for suitable key sizes together with corresponding workload required for successful attack.

On the Oblivious Transfer Capacity of the Erasure Channel

One of the most important primitives in two-party distrustful cryptography is oblivious transfer, a complete primitive for two-party computation. Recently introduced, the oblivious transfer capacity of a noisy channel measures an efficiency of information theoretical reductions from 1-out-of-k, l-string oblivious transfer to noisy channels. It is defined as the maximal achievable ratio l/n, where l is the length of the strings which are to be transferred and n is the number of times the noisy channel is invoked. This quantity is unknown in a general case. For discrete memoryless channels, it is known to be non-negligible for honest-but-curious players, but the non-zero rates have not ever been proved achievable in the case of malicious players. Here, we show that in the particular case of the erasure channel, more precise answers can be obtained. We compute the OT capacity of the erasure channel for the case of honest-but-curious players and, for the fully malicious players, we give its lower bound

Efficient Protocols Achieving the Commitment Capacity of Noisy Correlations

Bit commitment is an important tool for constructing zero-knowledge proofs and multi-party computation. Unconditionally secure bit commitment can be based, in particular, on noisy channel or correlation where noise considered a valuable resource. Recently, Winter, Nascimento and Imai introduced the concept of commitment capacity, the maximal ratio between the length of a string which the sender commits to and the number of times the noisy channel/correlation is used. They also proved that for any discrete memoryless channel there exists a secure protocol achieving its commitment capacity however, no particular construction was given. Solving their open question, we provide an efficient protocol for achieving the commitment capacity of discrete memoryless systems (noisy channels and correlations)

On Cheater Identifiable Secret Sharing Schemes Secure against Rushing Adversary

At EUROCRYPT 2011, Obana proposed a k-out-of-n secret sharing scheme capable of identifying up to t cheaters with probability 1 − e under the condition t < k/3. In that scheme, the share size |V i | satisfies |V i | = |S|/e, which is almost optimal. However, Obana’s scheme is known to be vulnerable to attacks by rushing adversary who can observe the messages sent by the honest participants prior to deciding her own messages. In this paper, we present a new scheme, which is secure against rushing adversary, with |V i | = |S|/e n − t + 1, assuming t < k/3. We note that the share size of our proposal is substantially smaller compared to |V i | = |S|(t + 1)3n /e 3n in the scheme by Choudhury at PODC 2012 when the secret is a single field element. A modification of the later scheme is secure against rushing adversary under a weaker t < k/2 condition. Therefore, our scheme demonstrates an improvement in share size achieved for the price of strengthening the assumption on t.

Efficient Oblivious Transfer Protocols Achieving a Non-zero Rate from Any Non-trivial Noisy Correlation

Oblivious transfer (OT) is a two-party primitive which is one of the cornerstones of modern cryptography. We focus on providing information-theoretic security for both parties, hence building OT assuming noisy resources (channels or correlations) available to them. This primitive is about transmitting two strings such that the receiver can obtain one (and only one) of them, while the sender remains ignorant of this choice. Recently, Winter and Nascimento proved that oblivious transfer capacity is positive for any non-trivial discrete memoryless channel or correlation in the case of passive cheaters. Their construction was inefficient. The OT capacity characterizes the maximal efficiency of constructing OT using a particular noisy primitive. Building on their result, we extend it in two ways: 1) we construct efficient passively-secure protocols achieving the same rates; 2) we show that an important class of noisy correlations actually allows to build OT with non-zero rate secure against active cheating (before, positive rates were only achieved for the erasure channel).

Cheater identifiable secret sharing schemes via multi-receiver authentication

We introduce two publicly cheater identifiable secret sharing (CISS) schemes with efficient reconstruction, tolerating t < k/2 cheaters. Our constructions are based on (k,n) threshold Shamir scheme, and they feature a novel application of multi-receiver authentication codes to ensure integrity of shares.

An Efficient Robust Secret Sharing Scheme with Optimal Cheater Resiliency

In this paper, we consider the problem of (t, δ) robust secret sharing secure against rushing adversary. We design a simple t-out-of-n secret sharing scheme, which can reconstruct the secret in presence of t cheating participants except with probability at most δ, provided t < n/2. The later condition on cheater resilience is optimal for the case of public reconstruction of the secret, on which we focus in this work.

Zero-knowledge protocols for the mceliece encryption

We present two zero-knowledge protocols for the code-based McEliece public key encryption scheme in the standard model. Consider a prover who encrypted a plaintext m into a ciphertext c under the public key pk. The first protocol is a proof of plaintext knowledge (PPK), where the prover convinces a polynomially bounded verifier on a joint input (c,pk) that he knows m without actually revealing it. This construction uses code-based Verons zero-knowledge identification scheme. The second protocol, which builds on the first one, is a verifiable McEliece encryption, were the prover convinces a polynomially bounded verifier on a joint input (c,pk,m) that c is a valid encryption of m, without performing decryption. These protocols are the first PPK and the first verifiable encryption for code-based cryptosystems.

Privacy-Preserving k-Nearest Neighbour Query on Outsourced Database

Cloud computing brought a shift from the traditional client-server model to DataBase as a Service DBaaS, where the data owner outsources her database as well as the data management function to the cloud service provider. Although cloud services relieve the clients from the data management burdens, a significant concern about the data privacy remains. In this work, we focus on privacy-preserving k-nearest neighbour k-NN query, and provide the first sublinear solution with preprocessing with computational complexity