Improved Non-committing Encryption with Applications to Adaptively Secure Protocols
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Non-committing Encryptions Based on Oblivious Naor-Pinkas Cryptosystems
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Bi-deniable public-key encryption
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Lower and upper bounds for deniable public-key encryption
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Efficient password authenticated key exchange via oblivious transfer
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Constant-round adaptive zero-knowledge proofs for NP
Information Sciences: an International Journal
| Hi-index | 0.00 |
Designing efficient cryptographic protocols tolerating adaptive adversaries, who are able to corrupt parties on the fly as the computation proceeds, has been an elusive task. In this paper we make progress in this area. First, we introduce a new notion called semi-adaptive security which is slightly stronger than static security but significantly weaker than fully adaptive security. The main difference between adaptive and semi-adaptive security is that semi-adaptive security allows for the case where one party starts out corrupted and the other party becomes corrupted later on, but not the case where both parties start out honest and become corrupted later on. As such, semi-adaptive security is much easier to achieve than fully adaptive security. We then give a simple, generic protocol compiler which transforms any semi-adaptively secure protocol into a fully adaptively secure one. The compilation effectively decomposes the problem of adaptive security into two (simpler) problems which can be tackled separately: the problem of semi-adaptive security and the problem of realizing a weaker variant of secure channels.We solve the latter problem by means of a new primitive that we call somewhat non-committing encryption resulting in significant efficiency improvements over the standard method for realizing secure channels using (fully) non-committing encryption. Somewhat non-committing encryption has two parameters: an equivocality parameter 驴 (measuring the number of ways that a ciphertext can be "opened") and the message sizes k. Our implementation is very efficient for small values 驴, even when k is large. This translates into a very efficient compilation of semi-adaptively secure protocols for tasks with small input/output domains (such as bit-OT) into fully adaptively secure protocols.Indeed, we showcase our methodology by applying it to the recent Oblivious Transfer protocol by Peikert etal [Crypto 2008], which is only secure against static corruptions, to obtain the first efficient, adaptively secure and composable OT protocol. In particular, to transfer an n-bit message, we use a constant number of rounds and O(n) public key operations.