Cut-and-choose bilateral oblivious transfer protocol based on DDH assumption

作     者：Jiang, Han Xu, Qiuliang Liu, Changyuan Zheng, Zhihua Tang, Yi Wang, Mingqiang 

作者机构：School of Computer Science and Technology ShanDong University Jinan China ShanDong Dazhong News Group Jinan China School of Information Science and Engineering Shandong Normal University Jinan China Department of Mathematics Guangzhou University Guangzhou China School of Mathematics ShanDong University Jinan China 

出 版 物：《Journal of Ambient Intelligence and Humanized Computing》 (J. Ambient Intell. Humanized Comput.)

年 卷 期：2024年第15卷第2期

页      面：1327-1337页

核心收录：

学科分类：0711[理学-系统科学] 07[理学] 08[工学] 070105[理学-运筹学与控制论] 081101[工学-控制理论与控制工程] 071101[理学-系统理论] 0811[工学-控制科学与工程] 0701[理学-数学] 

基　　金：This work is supported by the National Natural Science Foundation of China under Grant no. 61572294  Natural Science Foundation of Shandong Province under Grant no. ZR2017MF021  State Key Program of National Natural Science of China under Grant no. 61632020  and the Fundamental Research Funds of Shandong University under Grant no. 2017JC019 and 2016JC029 

主　　题：Secure two-party computation Round complexity Cut-and-choose inverse OT Cut-and-choose bilateral OT 

摘      要：In secure two-party computation protocols, the cut-and-choose paradigm is used to prevent the malicious party who constructs the garbled circuits from cheating. In previous realization of the cut-and-choose technique on the garbled circuits, the delivery of the random keys is divided into multiple stages. Thus, the round complexity is high and the consistency of cut-and-choose challenge should be proved. Based on DDH assumption, we build a so-called cut-and-choose bilateral oblivious transfer protocol, which transfers all necessary keys of garbled circuits in one process. Specifically, in our oblivious transfer protocol, the sender inputs two pairs (k01,k11), (k02,k12) and a bit τ;the receiver inputs two bits σ and j. After the protocol execution, the receiver obtains kτ1,kσ2 for j=1, and k01,k11,k02,k12 for j=0. The protocol inherit the cut-and-choose OT protocol in Lindell and Pinkas (Proceedings of the 8th conference on theory of cryptography, Springer, 2011), and can be applied into the state-of-the-art cut-and-choose secure two party computation protocol without any obstacles. By the cut-and-choose bilateral oblivious transfer protocol, the cut-and-choose challenge j is no need to be opened anymore, therefore the consistency proof of j is omitted, and the round complexity of secure two-party computation protocol can be decreased. © Springer-Verlag GmbH Germany, part of Springer Nature 2018.