Interdisciplinary Research Group in Socio-technical Cybersecurity
“The simplest protocol for oblivious transfer” revisited
In 2015, Chou and Orlandi presented an oblivious transfer protocol that already drew a lot of attention both from theorists and practitioners due to its extreme simplicity and high efficiency. Chou and Orlandi claimed that their protocol is universally composable secure (UC-secure) in the random oracle model under dynamic corruptions. UC-security is a very strong security guarantee that assures that, not only the protocol in itself is secure, but can be also used safely in larger protocols. Unfortunately, in this work we point out a flaw in their security proof for the case of a corrupt sender. In more detail, we define a decisional problem and we prove that, if a correct security proof for the Chou and Orlandi's protocol is provided, then this problem can be solved correctly with overwhelming probability. Therefore, the protocol of Chou and Orlandi cannot be instantiated securely with groups for which our decisional problem cannot be solved correctly with overwhelming probability. Consequently, the protocol of Chou and Orlandi cannot be instantiated with all groups in which the CDH problem is intractable, but only with groups in which both the CDH problem is intractable and our decisional problem can be solved with overwhelming probability. After the appearance of our work, Chou and Orlandi acknowledged the problems we pointed out in their security proof and subsequent works showed additional issues, removing the claims of UC security of their protocol.
Ziya Alper Genç, Vincenzo Iovino, Alfredo Rial
Genç, Z. A., Iovino, V., & Rial, A. (2020). “The simplest protocol for oblivious transfer” revisited. Information Processing Letters, 161, 105975.
Get in touch with us
SnT – Interdisciplinary Centre for Security, Reliability and Trust
Maison du Nombre, 6, avenue de la Fonte L-4364 Esch-sur-Alzette