Analysis And Design Of Lattice-based Oblivious Transfer Protocols

Cryptography serves as the theoretical layer and key technique in the field of information security.In the current era of the rapidly developing internet technologies,cryptographic tools provide reliable and technical guarantees for data encryption,message authentication,access control and some other applications in the cyber network.However,threatened by the huge progress in quantum computing,those public-key cryptosystems built upon classical number-theoretic problems(e.g.,solving discrete logarithm or factoring)can break down directly in the quantum setting.With this concern,post-quantum cryptography(PQC)has attracted widespread attentions from cryptographers,national institutes of standards and governments.As a branch of PQC,lattice-based cryptography holds an important status,due to its advantageous properties when compared with other PQC subarea.However,most of lattice-based schemes are built for realizing cryptographic primitives such as encryption and signature,but there has limited research work on constructing protocols.In addition,as a fundamentally cryptographic functionality,oblivious transfer(OT)has been widely utilized in secure multi-party computation and some high-level protocols.However,most OT protocols rely on the hardness of solving discrete logarithm or factoring problem,while the study on constructing OTs via post-quantum cryptosystems is still far behind.Thus,it is of great significance to construct lattice-based OT protocols during the course of developing modern cryptography.In this thesis,we mainly focus on analyzing and designing lattice-based OT protocols,and present our contribution by the following four related works:1.In order to solve the problem that most post-quantum cryptographic schemes are often lack of quantum security proofs,we analyze the security of an efficient lattice-based OT protocol in the quantum setting.Since most post-quantum cryptosystems only show their security proofs in the presence of classical adversaries instead of quantum adversaries,we close this gap using the quantum lifting theorem and some related lemmas to show the security of this lattice-based OT in the context of quantum adversaries.2.Due to the highly generality of universal composability(UC)model,it is hard to use this UC formalization to specify and analyze concrete protocols in practice.Therefore,we analyze a UC-secure lattice-based OT protocol in a more concise and rational analysis model,and study its fully composability.The highly generality of the UC model makes it difficult to specify protocols and analyze the composability between protocols in practice.However,targeting to solving this problem,a novel framework,called equation security model,can provide a concrete mathematical model of communication,and a concise syntax to describe protocol in terms of a set of mathematical equations.Thus,we analyze a UC-secure lattice-based OT protocol in the equation security model.Initially,we intend to prove the equational security of this lattice-based OT protocol to claim its usability in a fully asynchronous environment.However,we found a timing bug during the security proof of this lattice-based OT protocol in the equational security framework.Although we accordingly make twice modifications on its traditional OT functionality,we still cannot obtain the equational security of this lattice-based OT protocol.3.Aiming at constructing UC-secure OT protocols upon post-quantum cryptosystems,we propose several UC-secure OT protocols via lattice mechanism.We first build an efficient UC-secure 1-out-of-2 OT protocol relying on the hardness of ring learning with errors(RLWE)problem,and directly extend it into a general case,i.e.,a UC-secure1-out-of-N OT.On the basis of the above OT structure,we obtain an improved RLWEbased OT using a more efficient RLWE-based key exchange protocol.Furthermore,we apply an LWE-based key exchange protocol to this structure for achieving an LWEbased version of OT.In order to show that our OT proposal can perform better,we make a comparison with the other two UC-secure OTs which are both based on lattice problems.4.For the sake of developing other lattice-based cryptographic schemes,we present an improved hash proof systems(HPS).We first extend an LWE-based key exchange protocol so that it can be applicable to arbitrary modulus.Then using the behind reconciliation mechanism of this extended key exchange protocol,we can improve an efficient lattice-based HPS scheme and let it generate multiple encapsulated bits.We show that our proposal can perform better in both computation and storage costs than other related works.In addition,we utilize this extended reconciliation mechanism(for arbitrary modulus)to refine two applications of the original lattice-based HPS,i.e.,identity-based hash proof system(IB-HPS)and updatable hash proof system(UHPS),with some minor modifications for higher efficiency.