Adaptive Oblivious Transfer with Access Control from Lattice Assumptions

Libert, Benôıt; Ling, San; Mouhartem, Fabrice; Nguyen, Khoa; Wang, Huaxiong

doi:10.1007/978-3-319-70694-8_19

Cited by 13 publications

(6 citation statements)

References 59 publications

(163 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition to POT and PPB, (non-)updatable databases are implicitly used as building blocks of other protocols. For example, many oblivious transfer with access control [1,8,16,30] protocols and other privacy preserving access control protocols [28] use a database that associates the index i of messages m i with an access control policy ACP i (∀i ∈ [1, N]). As another example, privacy-preserving client-side profiling protocols [18] use a database that stores a codification of a profiling algorithm.…”

Section: Discussionmentioning

confidence: 99%

UC Updatable Databases and Applications

Damodaran

Rial

2020

Progress in Cryptology - AFRICACRYPT 2020

View full text Add to dashboard Cite

We define an ideal functionality FUD and a construction ΠUD for an updatable database (UD). UD is a two-party protocol between an updater and a reader. The updater sets the database and updates it at any time throughout the protocol execution. The reader computes zeroknowledge (ZK) proofs of knowledge of database entries. These proofs prove that a value is stored at a certain position in the database, without revealing the position or the value.(Non-)updatable databases are implicitly used as building block in priced oblivious transfer, privacy-preserving billing and other privacypreserving protocols. Typically, in those protocols the updater signs each database entry, and the reader proves knowledge of a signature on a database entry. Updating the database requires a revocation mechanism to revoke signatures on outdated database entries.Our construction ΠUD uses a non-hiding vector commitment (NHVC) scheme. The updater maps the database to a vector and commits to the database. This commitment can be updated efficiently at any time without needing a revocation mechanism. ZK proofs for reading a database entry have communication and amortized computation cost independent of the database size. Therefore, ΠUD is suitable for large databases. We implement ΠUD and our timings show that it is practical.In existing privacy-preserving protocols, a ZK proof of a database entry is intertwined with other tasks, e.g., proving further statements about the value read from the database or the position where it is stored. FUD allows us to improve modularity in protocol design by separating those tasks. We show how to use FUD as building block of a hybrid protocol along with other functionalities.

show abstract

Section: Discussionmentioning

confidence: 99%

UC Updatable Databases and Applications

Damodaran

Rial

2020

Progress in Cryptology - AFRICACRYPT 2020

View full text Add to dashboard Cite

show abstract

“…ere exist some cryptographic protocols based on lattice's assumption, which can resist quantum attack with the specific construction of lattice. Reduction from worst case to average case in lattice, trapdoors algorithm and some lattice theory are mentioned in [29][30][31][32].…”

Section: Related Referencementioning

confidence: 99%

Postquantum Cut-and-Choose Oblivious Transfer Protocol Based on LWE

Hangchao

Han

2021

Security and Communication Networks

View full text Add to dashboard Cite

We propose postquantum universal composable (UC) cut-and-choose oblivious transfer (CCOT) protocol under the malicious adversary model. In secure two-party computation, we construct s copies’ garbled circuits, including half check circuit and half evaluation circuit. The sender can transfer the key to the receiver by CCOT protocol. Compared to PVW-OT [6] framework, we invoke WQ-OT [35] framework with reusability of common random string ( crs ) and better security. Relying on LWE’s assumption and the property of the Rounding function, we construct an UC-CCOT protocol, which can resist quantum attack in secure two-party computation.

show abstract

“…Π OTAC supports any policies that can be represented by tuples of values. In [23], policies are represented by branching programs. If the ZK proof for a policy committed in com i,j ∀j∈[1,L] requires R k to hide the indices j that are used from the policy, the proof for F R ACP ZK can follow an approach similar to Π UUD to compute an OR proof.…”

Section: Instantiation and Efficiency Analysismentioning

confidence: 99%

“…In the initialization phase, U computes N ciphertexts c i that encrypt m i . Some OTAC [8,1,23] use a signature that binds ACP i to c i , while others [30,31,32,27] use fuzzy identity-based encryption (IBE) or ciphertext-policy attribute-based encryption (CP-ABE) to encrypt m i under ACP i . The receivers obtain (c i , ACP i ) ∀i∈ [1,N ] .…”

Section: Introductionmentioning

confidence: 99%

Unlinkable Updatable Databases and Oblivious Transfer with Access Control

Damodaran

Rial

2020

Information Security and Privacy

View full text Add to dashboard Cite

An oblivious transfer with access control protocol (OTAC) allows us to protect privacy of accesses to a database while enforcing access control policies. Existing OTAC have several shortcomings. First, their design is not modular. Typically, to create an OTAC, an adaptive oblivious transfer protocol (OT) is extended ad-hoc. Consequently, the security of the OT is reanalyzed when proving security of the OTAC, and it is not possible to instantiate the OTAC with any secure OT. Second, existing OTAC do not allow for policy updates. Finally, in practical applications, many messages share the same policy. However, existing OTAC cannot take advantage of that to improve storage efficiency. We propose an UC-secure OTAC that addresses the aforementioned shortcomings. Our OTAC uses as building blocks the ideal functionalities for OT, for zero-knowledge (ZK) and for an unlinkable updatable database (UUD), which we define and construct. UUD is a protocol between an updater U and multiple readers R k . U sets up a database and updates it. R k can read the database by computing UC ZK proofs of an entry in the database, without disclosing what entry is read. In our OTAC, UUD is used to store and read the policies. We construct an UUD based on subvector commitments (SVC). We extend the definition of SVC with update algorithms for commitments and openings, and we provide an UC ZK proof of a subvector. Our efficiency analysis shows that our UUD is practical.

show abstract

Adaptive Oblivious Transfer with Access Control from Lattice Assumptions

Cited by 13 publications

References 59 publications

UC Updatable Databases and Applications

UC Updatable Databases and Applications

Postquantum Cut-and-Choose Oblivious Transfer Protocol Based on LWE

Unlinkable Updatable Databases and Oblivious Transfer with Access Control

Contact Info

Product

Resources

About