CryptoDB
A Weakness in Some Oblivious Transfer and Zero-Knowledge Protocols
| Authors: | |
|---|---|
| Download: | |
| Abstract: | We consider oblivious transfer protocols and their applications that use underneath semantically secure homomorphic encryption scheme (e.g. Paillier's). We show that some oblivious transfer protocols and their derivatives such as private matching, oblivious polynomial evaluation and private shared scalar product could be subject to an attack. The same attack can be applied to some non-interactive zero-knowledge arguments which use homomorphic encryption schemes underneath. The roots of our attack lie in the additional property that some semantically secure encryption schemes possess, namely, the decryption also reveals the random coin used for the encryption, and that the (sender's or prover's) inputs may belong to a space, that is very small compared to the plaintext space. In this case it appears that even a semi-honest chooser (verifier) can derive from the random coin bounds for all or some of the sender's (prover's) private inputs with non-negligible probability. We propose a fix which precludes the attacks. |
BibTeX
@misc{eprint-2006-21854,
title={A Weakness in Some Oblivious Transfer and Zero-Knowledge Protocols},
booktitle={IACR Eprint archive},
keywords={cryptographic protocols / Oblivious Transfer, Homomorphic Semantically Secure Cryptosystems, Paillier's Public-Key Cryptosystem, Non-Interactive Zero-Knowledge Arguments},
url={http://eprint.iacr.org/2006/363},
note={Full version of a paper from AsiaCrypt 2006 svetla.nikova@esat.kuleuven.be 13480 received 25 Oct 2006, withdrawn 28 Nov 2006},
author={Ventzislav Nikov and Svetla Nikova and Bart Preneel},
year=2006
}