Transactions on Cryptographic Hardware and Embedded Systems, Volume 2021
ROTed: Random Oblivious Transfer for embedded devices
P. Branco
Instituto de Telecomunicações, Instituto Superior Técnico, Universidade de Lisboa, Lisbon, Portugal
L. Fiolhais
INESC-ID, Instituto Superior Técnico, Universidade de Lisboa, Lisbon, Portugal
M. Goulão
Instituto de Telecomunicações, Instituto Superior Técnico, Universidade de Lisboa, Lisbon, Portugal
P. Martins
INESC-ID, Instituto Superior Técnico, Universidade de Lisboa, Lisbon, Portugal
P. Mateus
Instituto de Telecomunicações, Instituto Superior Técnico, Universidade de Lisboa, Lisbon, Portugal
L. Sousa
INESC-ID, Instituto Superior Técnico, Universidade de Lisboa, Lisbon, Portugal
Keywords: Oblivious Transfer, Embedded Systems, Private Set Intersection, Universal Composability, Post-Quantum Cryptography
Abstract
Oblivious Transfer (OT) is a fundamental primitive in cryptography, supporting protocols such as Multi-Party Computation and Private Set Intersection (PSI), that are used in applications like contact discovery, remote diagnosis and contact tracing. Due to its fundamental nature, it is utterly important that its execution is secure even if arbitrarily composed with other instances of the same, or other protocols. This property can be guaranteed by proving its security under the Universal Composability model. Herein, a 3-round Random Oblivious Transfer (ROT) protocol is proposed, which achieves high computational efficiency, in the Random Oracle Model. The security of the protocol is based on the Ring Learning With Errors assumption (for which no quantum solver is known). ROT is the basis for OT extensions and, thus, achieves wide applicability, without the overhead of compiling ROTs from OTs. Finally, the protocol is implemented in a server-class Intel processor and four application-class ARM processors, all with different architectures. The usage of vector instructions provides on average a 40% speedup. The implementation shows that our proposal is at least one order of magnitude faster than the state-of-the-art, and is suitable for a wide range of applications in embedded systems, IoT, desktop, and servers. From a memory footprint perspective, there is a small increase (16%) when compared to the state-of-the-art. This increase is marginal and should not prevent the usage of the proposed protocol in a multitude of devices. In sum, the proposal achieves up to 37k ROTs/s in an Intel server-class processor and up to 5k ROTs/s in an ARM application-class processor. A PSI application, using the proposed ROT, is up to 6.6 times faster than related art.
Publication
Transactions of Cryptographic Hardware and Embedded Systems, Volume 2021, Issue 4
PaperArtifact
Artifact number
tches/2021/a15
Artifact published
September 10, 2021
License
This work is licensed under the MIT License.
Some files in this archive are licensed under a different license. See the contents of this archive for more information.
BibTeX How to cite
Branco, P., Fiolhais, L., Goulão, M., Martins, P., Mateus, P., & Sousa, L. (2021). ROTed: Random Oblivious Transfer for embedded devices. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(4), 215–238. https://doi.org/10.46586/tches.v2021.i4.215-238. Artifact at https://artifacts.iacr.org/tches/2021/a15.