椭圆曲线上高效可完全模拟的不经意传输协议

doi:10.11959/j.issn.2096-109x.2023012

网络与信息安全学报 ›› 2023, Vol. 9 ›› Issue (1): 158-166.doi: 10.11959/j.issn.2096-109x.2023012

椭圆曲线上高效可完全模拟的不经意传输协议

宋佳烁, 李祯祯, 丁海洋, 李子臣

北京印刷学院数字版权保护技术研究中心，北京 102600

修回日期:2022-10-13 出版日期:2023-02-25 发布日期:2023-02-01
作者简介:宋佳烁（1998- ），男，河北廊坊人，北京印刷学院硕士生，主要研究方向为密码学
李祯祯（1991- ），女，河南驻马店人，北京印刷学院讲师，主要研究方向为信息安全、网络安全和量子密码学
丁海洋（1979- ），男，河南郑州人，博士，北京印刷学院副教授，主要研究方向为信息隐藏、半色调信息隐藏、数字图像处理
李子臣（1965- ），男，河南温县人，北京印刷学院教授、博士生导师，主要研究方向为信息安全、数字水印、数字签名、密码学
基金资助:
国家自然科学基金(61370188);北京市教委科研计划(KM202010015009);北京市教委科研计划(KM202110015004);北京印刷学院博士启动金项目(27170120003/020);北京印刷学院科研创新团队项目(Eb202101);北京印刷学院校内学科建设项目(21090121021);北京印刷学院重点教改项目(22150121033/009);北京印刷学院科研基础研究一般项目(Ec202201)

Efficient and fully simulated oblivious transfer protocol on elliptic curve

Jiashuo SONG, Zhenzhen LI, Haiyang DING, Zichen LI

Digital Rights Management Research Center, Beijing Institute of Graphic Communication , Beijing 102600, China

Revised:2022-10-13 Online:2023-02-25 Published:2023-02-01
Supported by:
The National Natural Science Foundation of China(61370188);Beijing Municipal Education Commission Scientific Research Project(KM202010015009);Beijing Municipal Education Commission Scientific Research Project(KM202110015004);Beijing Institute of Graphic Communication Doctoral Funding Project(27170120003/020);Beijing Institute of Graphic Communication Research Innovation Team Project(Eb202101);Intramural Discipline Construction Project of Beijing Institute of Graphic Communication(21090121021);Key Educational Reform Project of Beijing Institute of Graphic Communication(22150121033/009);General Research Project of Basic Research of Beijing Institute of Graphic Communication(Ec202201)

摘要/Abstract

摘要：

不经意传输协议是安全多方计算的一个关键技术，是当前网络与信息安全研究的热点。基于双线性对及椭圆曲线上的困难问题，分别设计了半诚实模型下和标准恶意模型下的安全高效N选1不经意传输协议。，在半诚实模型下设计了一个椭圆曲线上的不经意传输协议，该协议只需2轮交互，接收方需要2次双线性对运算和1次椭圆曲线倍点运算，发送方需要n次椭圆曲线倍点运算和n次模幂运算，协议的安全可规约到椭圆曲线上的离散对数问题；构建了基于椭圆曲线上双线性对的零知识证明方案，并设计了一个恶意模型下的不经意传输协议，该协议只需3轮交互，接收者需要3次双线性对运算和3次椭圆曲线倍点运算，发送者需要n+1次椭圆曲线倍点运算和n+1次模幂运算，协议能在标准恶意模型下抵抗参与者的恶意攻击行为。实验结果得到在半诚实模型下协议平均运行时间需要0.787 9 s，在标准恶意模型下协议平均运行时间需要1.205 6 s，进一步论证协议的速度。

关键词: 不经意传输, 完全模拟, 双线性对, 零知识证明, 安全多方计算

Abstract:

Oblivious transfer protocol, an important technology in secure multi-party computation, is the research hotspot on network and information security.Based on the bilinear pairs and the difficult problems on elliptic curves, an efficient 1-out-of-N oblivious transfer protocol in the semi-honest model and in the standard malicious model were proposed respectively.The protocol in semi-honest model was designed.It only needed two rounds of interaction.The receiver needed two times of bilinear pair arithmetic and one time of multi point arithmetic, and the sender needed n times of multi point arithmetic and n times of modular exponentiation.The security of the protocol was based on the discrete logarithm problem on elliptic curves.A zero-knowledge proof protocol and the oblivious transfer protocol in the standard malicious model were proposed respectively.The oblivious transfer protocol only needed four rounds of interaction.The receiver needed three times of bilinear pair arithmetic and three times of multi point arithmetic, and the sender needed n+1 times of multi point arithmetic and n+1 times of modular exponentiation.Besides, it can resist malicious behaviors of the party.The results show that the average running time of the protocol in the semi-honest model and in the standard malicious model were 0.787 9 s and 1.205 6 s respectively, which can further demonstrate the efficiency of the protocol.

Key words: oblivious transfer, fully simulation, bilinear pairing, zero-knowledge proof, secure multi-party computation

中图分类号:

TP309

宋佳烁, 李祯祯, 丁海洋, 李子臣. 椭圆曲线上高效可完全模拟的不经意传输协议[J]. 网络与信息安全学报, 2023, 9(1): 158-166.

Jiashuo SONG, Zhenzhen LI, Haiyang DING, Zichen LI. Efficient and fully simulated oblivious transfer protocol on elliptic curve[J]. Chinese Journal of Network and Information Security, 2023, 9(1): 158-166.

图/表 3

图1

图2

表1

参考文献 28

[1]	YAO A C , . Protocols for secure computations[C]// Proceedings of 23rd Annual Symposium on Foundations of Computer Science (SFCS 1982). 2008: 160-164.
[2]	RABIN M . How to exchange secrets with oblivious transfer[J]. IACR Cryptology ePrint Archive. 2005.187.
[3]	SHIMON E , ODED G , LEMPEL A . A randomized protocol for signing contracts[R]. 1985.
[4]	BEAVER D . Precomputing oblivious transfer[M]// Advances in Cryptology — CRYPT0’ 95. Berlin Heidelberg: Springer, 1995: 97-109.
[5]	BURRA S S , LARRAIA E , NIELSEN J B ,et al. High-performance multi-party computation for binary circuits based on oblivious transfer[J]. Journal of Cryptology, 2021,34(3): 34.
[6]	RAO C K , SINGH K , KUMAR A . Oblivious stable sorting protocol and oblivious binary search protocol for secure multi-party computation[J]. Journal of High Speed Networks, 2021,27(1): 67-82.
[7]	JANNATI H , BAHRAK B . An oblivious transfer protocol based on elgamal encryption for preserving location privacy[J]. Wireless Personal Communications, 2017,97(2): 3113-3123.
[8]	YANG Y G , SUN S J , PAN Q X ,et al. Reductions between private information retrieval and oblivious transfer at the quantum level[J]. Optik, 2015,126(21): 3206-3209.
[9]	ASHAROV G , LINDELL Y , SCHNEIDER T ,et al. More efficient oblivious transfer extensions[J]. Journal of Cryptology, 2017,30(3): 805-858.
[10]	CHOU Y H , TSAI I M , KO C M ,et al. Quantum oblivious transfer and fair digital transactions[C]// Proceedings of 2006 12th Pacific Rim International Symposium on Dependable Computing (PRDC'06). 2006: 121-128.
[11]	曲亚东, 侯紫峰, 韦卫 . 基于不经意传输的合同签订协议[J]. 计算机研究与发展, 2003(4): 615-619.
	QU Y D , HOU Z F , WEI W . A Protocol for Signing Contracts Based on Oblivious Transfer[J]. Journal of Computer Research and Development, 2003(4): 615-619.
[12]	STANEKOVá L , STANEK M . Fast contract signing with batch oblivious transfer[M]. Communications and Multimedia Security. Berlin Heidelberg: Springer. 2005: 1-10.
[13]	TIANTIAN LI . FAPS:a fair,autonomous and privacy-preserving scheme for big data exchange based on oblivious transfer,Ether Cheque and smart contracts[J]. Information Sciences, 2021,544: 469-484.
[14]	HUSSAIN S , GUO H , LI T ,et al. COPS:a complete oblivious processing system[J]. Microprocessors and Microsystems, 2021,85:104295.
[15]	BRASSARD G , CREPEAU C , ROBERT J M . All or nothing disclosure of secrets[C]// Advances in Cryptology—CRYPTO’ 86. 2007: 234-238.
[16]	NAOR M , PINKAS B . Efficient oblivious transfer protocols[C]// Proceedings of the Twelfth Annual ACM-SIAM Symposium on Discrete Algorithms. 2001: 448-457.
[17]	AIELLO B , ISHAI Y , REINGOLD O . Priced oblivious transfer:How to sell digital goods[M]// Lecture Notes in Computer Science. Berlin Heidelberg: Springer. 2001: 119-135.
[18]	LINDELL Y , PINKAS B . An efficient protocol for secure two-party computation in the presence of malicious adversaries[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin Heidelberg:Springer. 2007: 52-78.
[19]	CHEN Y L , CHOU J S , HOU X W . A novel k-out-of-n oblivious transfer protocols based on bilinear pairings[J]. IACR Cryptol EPrint Arch,2010, 2010:27.
[20]	徐彦蛟, 李顺东, 陈振华 . 基于双线性对的高效不经意传输协议[J]. 计算机工程, 2013,39(6): 166-169,173.
	XU Y J , LI S D , CHEN Z H . Efficient oblivious transfer protocol based on bilinear pairing[J]. Computer Engineering, 2013,39(6): 166-169,173.
[21]	ESMAEILZADE S , PAKNIAT N , ESLAMI Z . A generic construction to build simple oblivious transfer protocols from homomorphic encryption schemes[J]. The Journal of Supercomputing, 2022,78(1): 72-92.
[22]	BELLARE M , MICALI S . Non-interactive oblivious transfer and applications[M]// Advances in Cryptology — CRYPTO’ 89 Proceedings. 2007: 547-557.
[23]	BELLARE M , ROGAWAY P . Random oracles are practical:A paradigm for designing efficient protocols[C]// Proceedings of the 1st ACM Conference on Computer and Communications Security. 1993: 62-73.
[24]	TZENG W G . Efficient 1-out-of-n oblivious transfer schemes with universally usable parameters[J]. IEEE Transactions on Computers, 2004,53(2): 232-240.
[25]	GARAY J A , ISHAI Y , KUMARESAN R ,et al. On the complexity of UC commitments[M]// Advances in Cryptology – EUROCRYPT 2014. Berlin Heidelberg: Springer. 2014: 677-694.
[26]	魏晓超, 蒋瀚, 赵川 . 一个高效可完全模拟的n取1茫然传输协议[J]. 计算机研究与发展, 2016,53(11): 2475-2481.
	WEI X C , JIANG H , ZHAO C . An efficient 1-out-of-n oblivious transfer protocol with full simulation[J]. Journal of Computer Research and Development, 2016,53(11): 2475-2481.
[27]	赵川, 蒋瀚, 魏晓超 ,等. Cut-and-Choose双向不经意传输[J]. 软件学报, 2017,28(2): 352-360.
	ZHAO C , JIANG H , WEI X C ,et al. Cut-and-choose bilateral oblivious transfer[J]. Journal of Software, 2017,28(2): 352-360.
[28]	赵川, 徐俊 . 基于Cut-and-Choose技术的安全多方计算[J]. 计算机研究与发展, 2022,59(8): 1800-1818.
	CHUAN Z , JUN X . Secure multi-party computation based on Cut-and-Choose technology[J]. Journal of Computer Research and Development, 2022,59(8): 1800-1818.

协议	安全等级	困难问题	轮数	R→S数据大小/bit	S→R数据大小/bit	计算复杂度
Brassard^[15]	单边模拟	QRA	3	1 024+ n?ML?1024	n?ML?1 024	O(n)
Naor^[16]	单边模拟	DDH	2	1024	n?ML+1024(n+1)	O(n)
Garay^[21]	UC	DDH	3	1024	1 024n	O(n)
Tzeng^[25]	保护隐私	DDH	3	1024	2 048n	O(n)
Chou^[26]	保护隐私	BCDH	3	160×3	160+n?ML	O(n)
徐彦蛟^[27]	保护隐私	BCDH	2	160×3	n.ML	O(n)
魏晓超^[28]	完全模拟	DDH	3	2 048n+1 024	2 048n	O(n)
本文协议	完全模拟	ECDDH	5	480	160+320?n	O(n)
注：① 将安全系数统一为密钥长度1 024 bit的RSA加密或者160 bit的ECC加密。
② 对于k-out-of-n OT协议，本文对比时将k的值设置为1。

椭圆曲线上高效可完全模拟的不经意传输协议

Efficient and fully simulated oblivious transfer protocol on elliptic curve

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 3

参考文献 28

相关文章 5

Metrics

推荐阅读 0

[1]	刘旭红, 孙晨. 保护隐私的有理数科学计算[J]. 网络与信息安全学报, 2022, 8(3): 97-110.
[2]	杨冠群, 刘荫, 徐浩, 邢宏伟, 张建辉, 李恩堂. 基于区块链的电网可信分布式身份认证系统[J]. 网络与信息安全学报, 2021, 7(6): 88-98.
[3]	吴炜,刘儿兀,杨昌鑫,王睿. 基于区块链的零知识位置证明系统设计[J]. 网络与信息安全学报, 2020, 6(2): 67-76.
[4]	张兴兰,郑炜. 基于博弈论的安全多方计算的研究[J]. 网络与信息安全学报, 2018, 4(1): 52-56.
[5]	李梦慧,田有亮,冯金明. 常数轮公平理性秘密共享方案[J]. 网络与信息安全学报, 2017, 3(1): 61-67.