Interactive Hashing: An Information Theoretic Tool (Invited Talk)
ICITS '08 Proceedings of the 3rd international conference on Information Theoretic Security
On the efficiency of classical and quantum oblivious transfer reductions
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Efficient computational oblivious transfer using interactive hashing
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
SIMPL systems as a keyless cryptographic and security primitive
Cryptography and Security
Practical security analysis of PUF-based two-player protocols
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Hi-index | 0.00 |
Interactive Hashing has featured as an essential ingredient in protocols realizing a large variety of cryptographic tasks. We present a study of this important cryptographic tool in the information theoretic context. We start by presenting a security definition which is independent of any particular setting or application. We then show that a standard implementation of Interactive Hashing satisfies all the conditions of our definition. Our proof of security improves upon previous ones in several ways. Despite its generality, it is considerably simpler. Moreover, it establishes a tighter upper bound on the cheating probability of a dishonest sender. Specifically, we prove that if the fraction of good strings for a dishonest sender is f, then the probability that both outputs will be good is no larger than 15.6805· f. This upper bound is valid for any f and is tight up to a small constant since a sender acting honestly would get two good outputs with probability very close to f. We illustrate the potential of Interactive Hashing as a cryptographic primitive by demonstrating efficient reductions of String Oblivious Transfer with string length k to Bit Oblivious Transfer and several weaker variants. Our reductions incorporate tests based on Interactive Hashing that allow the sender to verify the receiver's adherence to the protocol without compromising the latter's privacy. This allows a much more efficient use of the available entropy without any appreciable impact on security. As a result, for Bit OT and most of its variants n = (1 + ε) k executions suffice, improving efficiency by a factor of two or more compared to the most efficient reductions that do not use Interactive Hashing. As it is theoretically impossible to achieve an expansion factor n/k smaller than 1, our reductions are in fact asymptotically optimal. They are also more general since they place no restrictions on the types of 2-universal hash families used for Privacy Amplification. Lastly, we present a direct reduction of String OT to Rabin OT which uses similar methods to achieve an expansion factor of 2 + ε which is again asymptotically optimal.