Security analysis of three oblivious transfer protocols

Security analysis of three oblivious transfer protocols

An m out of n oblivious transfer (OT) protocol is a cryptographic protocol for a sender to transfer m out of n messages to a receiver such that the sender has no idea which m messages are obtained by the receiver (receiver security) and at the same time the receiver cannot obtain more than m message...

Full description

Saved in:
Bibliographic Details
Main Authors: YAO, Gang, BAO, Feng, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2004
Subjects:
Security Analysis
Advance Encryption Standard
Discrete Logarithm Problem
Oblivious Transfer
Encrypt Message
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/832
https://doi.org/10.1007/978-3-0348-7865-4_27
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-1831
record_format dspace
spelling sg-smu-ink.sis_research-18312019-03-08T09:23:38Z Security analysis of three oblivious transfer protocols YAO, Gang BAO, Feng DENG, Robert H. An m out of n oblivious transfer (OT) protocol is a cryptographic protocol for a sender to transfer m out of n messages to a receiver such that the sender has no idea which m messages are obtained by the receiver (receiver security) and at the same time the receiver cannot obtain more than m messages (sender security). Three such protocols are proposed in [1], which have the advantage that the communication overhead of the protocols is much smaller than that of mimplementations of a 1 out of n OT protocol. In this paper we give a security analysis of the three protocols. First we show that the first protocol cannot guarantee both the sender security and the receiver security simultaneously. Next, we point out an obvious security flaw in the second protocol which allows the receiver to obtain all the n messages. The third protocol is nicely designed to be non-interactive. However, we show that the security of the protocol is based on a sort of parallel discrete logarithm problem, instead of the discrete logarithm problem as claimed in the paper. Using the technique of “generalized birthday attack”, the former problem can be solved with a computation complexity much smaller than that required to solve the discrete logarithm problem. 2004-01-01T08:00:00Z text https://ink.library.smu.edu.sg/sis_research/832 info:doi/10.1007/978-3-0348-7865-4_27 https://doi.org/10.1007/978-3-0348-7865-4_27 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Security Analysis Advance Encryption Standard Discrete Logarithm Problem Oblivious Transfer Encrypt Message Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Security Analysis
Advance Encryption Standard
Discrete Logarithm Problem
Oblivious Transfer
Encrypt Message
Information Security
spellingShingle Security Analysis
Advance Encryption Standard
Discrete Logarithm Problem
Oblivious Transfer
Encrypt Message
Information Security
YAO, Gang
BAO, Feng
DENG, Robert H.
Security analysis of three oblivious transfer protocols
description An m out of n oblivious transfer (OT) protocol is a cryptographic protocol for a sender to transfer m out of n messages to a receiver such that the sender has no idea which m messages are obtained by the receiver (receiver security) and at the same time the receiver cannot obtain more than m messages (sender security). Three such protocols are proposed in [1], which have the advantage that the communication overhead of the protocols is much smaller than that of mimplementations of a 1 out of n OT protocol. In this paper we give a security analysis of the three protocols. First we show that the first protocol cannot guarantee both the sender security and the receiver security simultaneously. Next, we point out an obvious security flaw in the second protocol which allows the receiver to obtain all the n messages. The third protocol is nicely designed to be non-interactive. However, we show that the security of the protocol is based on a sort of parallel discrete logarithm problem, instead of the discrete logarithm problem as claimed in the paper. Using the technique of “generalized birthday attack”, the former problem can be solved with a computation complexity much smaller than that required to solve the discrete logarithm problem.
format text
author YAO, Gang
BAO, Feng
DENG, Robert H.
author_facet YAO, Gang
BAO, Feng
DENG, Robert H.
author_sort YAO, Gang
title Security analysis of three oblivious transfer protocols
title_short Security analysis of three oblivious transfer protocols
title_full Security analysis of three oblivious transfer protocols
title_fullStr Security analysis of three oblivious transfer protocols
title_full_unstemmed Security analysis of three oblivious transfer protocols
title_sort security analysis of three oblivious transfer protocols
publisher Institutional Knowledge at Singapore Management University
publishDate 2004
url https://ink.library.smu.edu.sg/sis_research/832
https://doi.org/10.1007/978-3-0348-7865-4_27
_version_ 1770570732147834880

Similar Items