ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2016, Vol. 53 ›› Issue (11): 2475-2481.doi: 10.7544/issn1000-1239.2016.20150505

• 信息安全 • 上一篇    下一篇

一个高效可完全模拟的n取1茫然传输协议

魏晓超,蒋瀚,赵川   

  1. (山东大学计算机科学与技术学院 济南 250101) (weixiaochao2008@163.com)
  • 出版日期: 2016-11-01
  • 基金资助: 
    国家自然科学基金项目(61173139); 教育部高等学校博士学科点专项科研基金项目(20110131110027) This work was supported by the National Natural Science Foundation of China (61173139) and the Specialized Research Fund for the Doctoral Program of Higher Education of China (20110131110027).

An Efficient 1-out-of-n Oblivious Transfer Protocol with Full Simulation

Wei Xiaochao, Jiang Han, Zhao Chuan   

  1. (School of Computer Science and Technology, Shandong University, Jinan 250101)
  • Online: 2016-11-01

摘要: 茫然传输(oblivious transfer, OT)是一个重要的密码学基础工具,可以被应用到许多密码学协议的构造中去,例如安全多方计算、隐私信息检索等.在n取1茫然传输场景中有2个参与方,即发送方S和接收方R.发送方有n个输入值,接收方希望得到其中某一个值.与此同时协议要保证发送方不知道接收方的选择信息,且接收方除了得到自己选择的值以外不知道其他输入值的相关信息.已有的OT\+1\-n协议仅能保证参与方的输入隐私性或实现单边模拟,均不能实现完全模拟.完全模拟意味着在理想/现实模拟范例中,当接收方或发送方被分别腐化时,协议都可以被模拟,较之于只保证隐私性和单边模拟,其安全性更强.首次在标准恶意敌手模型下,基于判定Diffie-Hellamn (decisional Diffie-Hellamn, DDH)困难问题假设构造了一个高效、可完全模拟的OT\+1\-n协议,该协议的思想主要基于双模式加密机制,并结合知识的零知识证明系统.协议具有常数轮交互复杂度,且计算和通信复杂度仅与n线性相关.

关键词: 茫然传输, 全模拟, 判定DDH假设, 安全两方计算, 双模式加密系统

Abstract: Oblivious transfer (OT) is an important basic cryptographic tool, which can be used in the constructions of many other cryptographic protocols, such as secure multi-party computation (SMPC) protocols, private information retrieval (PIR) and so on. The 1-out-of-n oblivious transfer (OT\+1\-n) setting involves two parties, the sender S and the receiver R. More specificly, the sender has n values and the receiver wants to obtain only one value from them. At the same time, the receiver’s choice is unknown to the sender and the receiver gets no extra information about the other values he doesn’t choose. In this paper, we firstly propose an efficient OT\+1\-n protocol based on the decisional Diffie-Hellman (DDH) hard problem assumption with full simulation in the standard malicious model. The full simulation means that the protocol can be simulated when the receiver and the sender are corrupted respectively under the ideal/real simulation paradigm, and also this is the highest security level in the standard stand-alone model. The idea behind the protocol mainly benefits from the dual-mode cryptosystem and the combination of zero-knowledge proof of knowledge (ZKPOK) of Diffie-Hellman tuples. The protocol has constant number of interactive complexity, and the computation and communication complexity is just liner of n.

Key words: oblivious transfer (OT), full simulation, decisional Diffie-Hellamn (DDH) assumption, secure two-party computation (STPC), dual-mode cryptosystem

中图分类号: