[IKNP03] Extending Oblivious Transfers Efficiently
论文简介
论文题目: Extending Oblivious Transfers Efficiently
作者: Yuval Ishai, Joe Kilian, Kobbi Nissim, and Erez Petrank
论文出处: CRYPTO [2003]
方案(半诚实)
方案的一些解释
步骤三中 q i q^i qi的解释
q i q^i qi表示矩阵 Q Q Q的第 i i i列。
q i = ( s i ⋅ r ) ⊕ t i q^i=(s_i\cdot r)\oplus t^i qi=(si⋅r)⊕ti
- When S i = 0 S_i=0 Si=0, q i = ( 0 ⋅ r ) ⊕ t i = 0 ⊕ t i = t i q^i=(0\cdot r)\oplus t^i=0\oplus t^i=t^i qi=(0⋅r)⊕ti=0⊕ti=ti.
- When S i = 1 S_i=1 Si=1, q i = ( 1 ⋅ r ) ⊕ t i = r ⊕ t i q^i=(1\cdot r)\oplus t^i=r\oplus t^i qi=(1⋅r)⊕ti=r⊕ti.
步骤三中 q j q_j qj的解释
q j q_j qj表示矩阵 Q Q Q的第 j j j行; q j i q^i_j qji表示矩阵第 i i i列第 j j j行。根据 q i q^i qi将Q展开可得。
Q = [ q 1 1 q 0 2 q 1 3 . . . q 1 k q 2 1 q 1 2 q 2 3 . . . q 2 k q 3 1 q 3 2 q 3 3 . . . q 3 k ⋮ ⋮ ⋮ ⋮ q m 1 q m 2 q m 3 . . . q m k ] = [ ( s 1 ⋅ r 1 ) ⊕ t 1 1 ( s 2 ⋅ r 1 ) ⊕ t 1 2 ( s 3 ⋅ r 1 ) ⊕ t 1 3 . . . ( s k ⋅ r 1 ) ⊕ t 1 k ( s 1 ⋅ r 2 ) ⊕ t 2 1 ( s 2 ⋅ r 2 ) ⊕ t 2 2 ( s 3 ⋅ r 2 ) ⊕ t 2 3 . . . ( s k ⋅ r 2 ) ⊕ t 2 k ( s 1 ⋅ r 3 ) ⊕ t 3 1 ( s 2 ⋅ r 3 ) ⊕ t 3 2 ( s 3 ⋅ r 3 ) ⊕ t 3 3 . . . ( s k ⋅ r 3 ) ⊕ t 3 k ⋮ ⋮ ⋮ ⋮ ( s 1 ⋅ r m ) ⊕ t m 1 ( s 2 ⋅ r m ) ⊕ t m 2 ( s 3 ⋅ r m ) ⊕ t m 3 . . . ( s k ⋅ r m ) ⊕ t m k ] Q=\begin{gathered} \begin{bmatrix} q^1_1 & q^2_0 & q^3_1 & ... & q^{k}_1\\ q^1_2 & q^2_1 & q^3_2 & ... & q^k_2\\ q^1_3 & q^2_3 & q^3_3 & ... & q^k_3\\ \vdots & \vdots & \vdots & & \vdots\\ q^1_m & q^2_m & q^3_m & ... & q^k_m \end{bmatrix} \end{gathered}= \begin{gathered} \begin{bmatrix}(s_1\cdot r_1)\oplus t^1_1 & (s_2\cdot r_1)\oplus t^2_1 & (s_3\cdot r_1)\oplus t^3_1 & ... & (s_k\cdot r_1)\oplus t^k_1\\ (s_1\cdot r_2)\oplus t^1_2 & (s_2\cdot r_2)\oplus t^2_2 & (s_3\cdot r_2)\oplus t^3_2 & ... & (s_k\cdot r_2)\oplus t^k_2\\ (s_1\cdot r_3)\oplus t^1_3 & (s_2\cdot r_3)\oplus t^2_3 & (s_3\cdot r_3)\oplus t^3_3 & ... & (s_k\cdot r_3)\oplus t^k_3\\ \vdots & \vdots & \vdots & & \vdots\\ (s_1\cdot r_m)\oplus t^1_m & (s_2\cdot r_m)\oplus t^2_m & (s_3\cdot r_m)\oplus t^3_m & ... & (s_k\cdot r_m)\oplus t^k_m \end{bmatrix} \end{gathered} Q=⎣⎢⎢⎢⎢⎢⎡q11q21q31⋮qm1q02q12q32⋮qm2q13q23q33⋮qm3............q1kq2kq3k⋮qmk⎦⎥⎥⎥⎥⎥⎤=⎣⎢⎢⎢⎢⎢⎡(s1⋅r1)⊕t11(s1⋅r2)⊕t21(s1⋅r3)⊕t31⋮(s1⋅rm)⊕tm1(s2⋅r1)⊕t12(s2⋅r2)⊕t22(s2⋅r3)⊕t32⋮(s2⋅rm)⊕tm2(s3⋅r1)⊕t13(s3⋅r2)⊕t23(s3⋅r3)⊕t33⋮(s3⋅rm)⊕tm3............(sk⋅r1)⊕t1k(sk⋅r2)⊕t2k(sk⋅r3)⊕t3k⋮(sk⋅rm)⊕tmk⎦⎥⎥⎥⎥⎥⎤
很显然,可以总结出, q j = ( r j ⋅ s ) ⊕ t j q_j=(r_j\cdot s)\oplus t_j qj=(rj⋅s)⊕tj
步骤四解释(正确性证明)
- 当 r j = 0 r_j=0 rj=0时, q j = ( r j ⋅ s ) ⊕ t j = t j q_j=(r_j\cdot s)\oplus t_j=t_j qj=(rj⋅s)⊕tj=tj,
z j = y j 0 ⊕ H ( j , t j ) = x j 0 ⊕ H ( j , q j ) ⊕ H ( j , t j ) = x j 0 ⊕ H ( j , t j ) ⊕ H ( j , t j ) = x j 0 \begin{aligned} z_j&= y_{j0}\oplus H(j,t_j)\\ &= x_{j0}\oplus H(j,q_j)\oplus H(j,t_j) \\ &= x_{j0}\oplus H(j,t_j)\oplus H(j,t_j) \\ &= x_{j0}\\ \end{aligned} zj=yj0⊕H(j,tj)=xj0⊕H(j,qj)⊕H(j,tj)=xj0⊕H(j,tj)⊕H(j,tj)=xj0 - 当 r j = 1 r_j=1 rj=1时, q j = s ⊕ t j q_j=s\oplus t_j qj=s⊕tj,
z j = y j 1 ⊕ H ( j , t j ) = x j 1 ⊕ H ( j , q j ⊕ s ) ⊕ H ( j , t j ) = x j 1 ⊕ H ( j , s ⊕ t j ⊕ s ) ⊕ H ( j , t j ) = x j 0 ⊕ H ( j , t j ) ⊕ H ( j , t j ) = x j 1 \begin{aligned} z_j&= y_{j1}\oplus H(j,t_j)\\ &= x_{j1}\oplus H(j,q_j\oplus s)\oplus H(j,t_j) \\ &= x_{j1}\oplus H(j,s\oplus t_j\oplus s)\oplus H(j,t_j) \\ &= x_{j0}\oplus H(j,t_j)\oplus H(j,t_j) \\ &= x_{j1}\\ \end{aligned} zj=yj1⊕H(j,tj)=xj1⊕H(j,qj⊕s)⊕H(j,tj)=xj1⊕H(j,s⊕tj⊕s)⊕H(j,tj)=xj0⊕H(j,tj)⊕H(j,tj)=xj1
[IKNP03] Extending Oblivious Transfers Efficiently相关推荐
- OT Extension 基础概念
补一下相关基础,主要关于OT Extension的相关概念和实现,苦于网上的博客大多过于宏观或者片面,所以这里做一个基础的总结: OT Extension的提出背景: OT是针对于多次OT如何下降传输 ...
- signature=b93e4b2d4026f44a8795ac6d5857e863,Feebly secure cryptographic primitives
1. E. Allender, "Circuit complexity before the dawn of the new millennium," in Proceedings ...
- Efficient Batched Oblivious PRF -Private Set Intersection
论文分享!<Efficient Batched Oblivious PRF with Applications to Private Set Intersection>--<高效批处 ...
- Qt5官方demo分析集29——Extending QML - Property Value Source Example
此系列的所有文章都可以在这里查看http://blog.csdn.net/cloud_castle/article/category/2123873 接上文Qt5官方demo解析集28--Extend ...
- [转]Extending the User Interface in Outlook 2010
本文转自:https://msdn.microsoft.com/en-us/library/office/ee692172%28v=office.14%29.aspx#OfficeOLExtendin ...
- 利用DNS Zone Transfers漏洞工具dnswalk
利用DNS Zone Transfers漏洞工具dnswalk DNS Zone Transfers(DNS区域传输)是指一台备用服务器使用来自主服务器的数据刷新自己的域(zone)数据库.当主服务器 ...
- 扩展Ext2类 Extending Ext2 Class
Tutorial:Extending Ext2 Class (Chinese) From Learn About the Ext JavaScript Library Jump to: navigat ...
- cakephp视图用php文件,CakePHP - 扩展视图( Extending Views)
CakePHP - 扩展视图( Extending Views) 很多时候,在制作网页时,我们希望在其他页面中重复某些页面. CakePHP具有这样的功能,可以在另一个视图中扩展视图,为此,我们不需要 ...
- Python常见问题(5):Python扩展与嵌入 Extending/Embedding FAQ
Contents Extending/Embedding FAQ Can I create my own functions in C? Can I create my own functions i ...
最新文章
- binary hacks读数笔记(共享库)
- 从需求出发来看关系模型与非关系模型–关系模型与非关系模型概述
- 接雨水—leetcode42
- windows下看端口占用
- 一个小型数据库的核心组件
- localdatetime 默认时间_datetime-local设置初始值
- 使用NAT网关轻松为单台云服务器设置多个公网IP
- 阿里云centos 6.9安装oracle10g
- java给一个类添加属性_给java虚拟机增加一个属性,java -D
- prettytensor 的使用
- 搞懂Vision Transformer 原理和代码,看这篇技术综述就够了(三)
- CSS完美实现垂直居中-测试页
- 编程中常见的安全算法
- git push解决办法: ! [remote rejected] master -> master (pre-receive hook declined)
- 计算机管理员绩效指标,网络管理员绩效kpi考核标准..doc
- Clojure学习笔记(一)——介绍、安装和语法
- 力扣第四十六题(全排列)详解
- 超级玛丽2号max即将停售定期?是谣言还是确有其事,有啥影响
- 大数据后从此再无隐私_大数据时代没有个人隐私?
- DDN公司为日本最新人工智能基础设施ABGCI提供大容量存储解决方案