Exploratory designs of unconditionally secure distributed oblivious transfer protocols

Corniaux, Christian L.F. (2016) Exploratory designs of unconditionally secure distributed oblivious transfer protocols. PhD thesis, James Cook University.

[img]
Preview
PDF (Thesis)
Download (1MB) | Preview
 
66


Abstract

The security of digital goods buyers and sellers is unbalanced. Of course, the property of sellers is protected; for example, when customers acquire digital books or films from Internet's merchants, they only receive the products they have paid for. Unfortunately, the buyers' privacy is rarely respected: purchases are often — without the buyers' knowledge — monitored, recorded, analysed, and sometimes sold to marketing companies. As a consequence, even if the customers do not intend to acquire additional products, their computer screens are later invaded with targeted advertisements.

The main purpose of this thesis is to propose some methods to restore the balance and guarantee the buyers' privacy, while protecting the interests of the sellers. To this end, it is worth looking into the area of cryptography and more specifically, it is worth studying and designing some protocols called distributed oblivious transfer (DOT) protocols. A DOT protocol allows a party A to obtain one of the secret pieces of information (a secret for short) held by a party B so that the following two fundamental conditions are satisfied:

• A chooses the secrets she wishes to obtain and does not obtain anything on the secrets she has not chosen, • B does not learn which secret was obtained by A.

Furthermore, to improve the availability of the information, the protocol is distributed. That is, the party B transmits his secret information to m servers and the party A needs to contact at least k of these servers to obtain the chosen secret. The servers are not fully trusted, neither by A, nor by B. Therefore, from the information exchanged with A and B, no coalition of servers should be able to learn the secrets of B or the choice of A.

The results of a preliminary literature review are surprising. In fact, the number of publications on DOT protocols is small (fewer than 20) compared to, for example, the number of publications on a similar concept, secret sharing (100s of publications). And yet, oblivious transfer is a fundamental component of more complex cryptographic protocols such as multi-party computation protocols, which allow a group of participants to securely calculate any function of their joint secret inputs. So, one could expect many variants, for example of the original DOT protocol introduced in 2002 by Naor and Pinkas [74], to fulfil the requirements of specific scenarios.

The design of variants of DOT protocols in traditional cryptography has been the guiding thread of my research. My contribution mainly consists in (a) a critical analysis of the existing protocols, demonstrating their limitations, weaknesses, and in some cases, flaws; and (b) the design of the following protocols,well adapted to some specific situations:

A Strongly Secure DOT Protocol. This DOT protocol addresses the most important weakness of unconditionally secure, one-round, polynomial interpolation-based DOT protocols: after the protocol has been executed, if the party A corrupts only one server, she can learn all the secrets of the party B. The protocol is secure even if A corrupts up to k - 1 servers.

A Verifiable DOT Protocol. The party A should obtain the secret she has chosen, even when some servers are controlled by a malicious adversary whose objective is to sabotage the protocol. This is the case with this protocol, assuming that the adversary cannot control more than k - 1 servers.

A Multiple Secrets DOT Protocol. When the party A wishes to obtain n > 1 secrets, the current protocols have to be executed n times. In this context, they are inefficient. The DOT protocol introduced here allows the party A, by contacting in the same session k - 1 + n servers, to collect n secrets.

Adaptive DOT Protocols. The previous protocol allows the party A to request several secrets. However, the request of one secret may depend on the values of secrets already obtained. Two efficient protocols are presented in this scenario. The first one allows A to receive a limited number of secrets and therefore, is well adapted to a single receiver. For several receivers, a second protocol is proposed. This second protocol accepts an unlimited number of queries, but requires communications amongst the servers.

A Threshold DOT protocol. Most existing DOT protocols rely on threshold secret sharing schemes. In a k-threshold protocol or scheme, security is guaranteed not only when k parties are contacted, but also when more than k parties are contacted. However, the existing DOT protocols based on k-threshold secret sharing schemes require an additional mechanism to control that exactly k servers are contacted, which is an under-utilisation of the underlying functionality. The proposed protocol is the first k-threshold DOT protocol which allows the party A to contact as many servers as she wishes to obtain the chosen secret, provided that at least k servers are contacted. This research is limited to unconditionally secure protocols, i.e., protocols whose security does not depend on mathematical (unproven) assumptions; within the limits of the given security models, the protocols are secure even against an adversary with unlimited computing power and time. In brief, the results presented in this thesis are a significant advance to the state of the art research on DOT protocols because on one hand, they point out the weaknesses of the DOT protocols most commonly accepted by the cryptographic community and on the other hand, they contribute to the cryptographic field through the design of new protocols, secure and efficient.

Item ID: 43771
Item Type: Thesis (PhD)
Keywords: buyer protection; coding; consumer protection; cryptography; cryptology; data encryption; distributed oblivious transfer protocols; DOT protocols; e-commerce; encryption; oblivious data structures; secret sharing; secret splitting; secure communication; security
Related URLs:
Additional Information:

Publications arising from this thesis are available from the Related URLs field. The publications are:

Chapter 3: Corniaux, Christian L.F., and Ghodosi, Hossein (2015) Security analysis of polynomial interpolation-based Distributed Oblivious Transfer protocols. In: Lecture Notes in Computer Science (8949), pp. 363-380. From: ICISC 2014: 17th International Conference on Information Security and Cryptology, 3-5 December 2014, Seoul, South Korea.

Chapter 4: Corniaux, Christian L.F., and Ghodosi, Hossein (2011) Scalar product-based distributed oblivious transfer. Lecture Notes in Computer Science, 6829. pp. 338-354.

Chapter 5: Corniaux, Christian L.F., and Ghodosi, Hossein (2011) A verifiable distributed oblivious transfer protocol. Lecture Notes in Computer Science, 6812. pp. 444-450.

Chapters 6 & 7: Corniaux, Christian L.F., and Ghodosi, Hossein (2012) T-out-of-n distributed oblivious transfer protocols in non-adaptive and adaptive settings. In: Information Security Practice and Experience Conference (ISPEC) 2012 (7232), pp. 123-143. From: 8th International Conference on Information Security Practice and Experience , 9-12 April, Hangzhou, China.

Chapter 8: Corniaux, Christian L.F., and Ghodosi, Hossein (2013) An information-theoretically secure threshold distributed oblivious transfer protocol. In: Lecture Notes in Computer Science (7839), pp. 184-201. From: 15th International Conference on Information Security and Cryptology, 28-30 November 2012, Seoul, Korea.

Appendix A: Corniaux, Christian L.F., and Ghodosi, Hossein (2014) An entropy-based demonstration of the security of Shamir's secret sharing scheme. In: Proceedings of the International Conference on Information Science, Electronics and Electrical Engineering (1), pp. 46-48. From: ISEEE 2014: International Conference on Information Science, Electronics and Electrical Engineering, 26-28 April 2014, Sapporo, Japan.

Date Deposited: 17 May 2016 00:23
FoR Codes: 08 INFORMATION AND COMPUTING SCIENCES > 0802 Computation Theory and Mathematics > 080202 Applied Discrete Mathematics @ 34%
08 INFORMATION AND COMPUTING SCIENCES > 0804 Data Format > 080401 Coding and Information Theory @ 33%
08 INFORMATION AND COMPUTING SCIENCES > 0804 Data Format > 080402 Data Encryption @ 33%
SEO Codes: 97 EXPANDING KNOWLEDGE > 970108 Expanding Knowledge in the Information and Computing Sciences @ 100%
Downloads: Total: 66
Last 12 Months: 2
More Statistics

Actions (Repository Staff Only)

Item Control Page Item Control Page