Robuster combiners for oblivious transfer

  • Authors:

  • Remo Meier;Bartosz Przydatek;Jürg Wullschleger

  • Affiliations:

  • Department of Computer Science, ETH Zurich, Zurich, Switzerland;Department of Computer Science, ETH Zurich, Zurich, Switzerland;Department of Computer Science, ETH Zurich, Zurich, Switzerland

  • Venue:
  • TCC'07 Proceedings of the 4th conference on Theory of cryptography
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

A (k; n)-robust combiner for a primitive F takes as input n candidate implementations of F and constructs an implementation of F, which is secure assuming that at least k of the input candidates are secure. Such constructions provide robustness against insecure implementations and wrong assumptions underlying the candidate schemes. In a recent work Harnik et al. (Eurocrypt 2005) have proposed a (2; 3)-robust combiner for oblivious transfer (OT), and have shown that (1; 2)-robust OT-combiners of a certain type are impossible. In this paper we propose new, generalized notions of combiners for two-party primitives, which capture the fact that in many two-party protocols the security of one of the parties is unconditional, or is based on an assumption independent of the assumption underlying the security of the other party. This fine-grained approach results in OT-combiners strictly stronger than the constructions known before. In particular, we propose an OT-combiner which guarantees secure OT even when only one candidate is secure for both parties, and every remaining candidate is flawed for one of the parties. Furthermore, we present an efficient uniform OT-combiner, i.e., a single combiner which is secure simultaneously for a wide range of candidates' failures. Finally, our definition allows for a very simple impossibility result, which shows that the proposed OT-combiners achieve optimal robustness.