[IKNP03] Extending Oblivious Transfers Efficiently
论文简介
论文题目: Extending Oblivious Transfers Efficiently
作者: Yuval Ishai, Joe Kilian, Kobbi Nissim, and Erez Petrank
论文出处: CRYPTO [2003]
方案(半诚实)
方案的一些解释
步骤三中 q i q^i qi的解释
q i q^i qi表示矩阵 Q Q Q的第 i i i列。
q i = ( s i ⋅ r ) ⊕ t i q^i=(s_i\cdot r)\oplus t^i qi=(si⋅r)⊕ti
- When S i = 0 S_i=0 Si=0, q i = ( 0 ⋅ r ) ⊕ t i = 0 ⊕ t i = t i q^i=(0\cdot r)\oplus t^i=0\oplus t^i=t^i qi=(0⋅r)⊕ti=0⊕ti=ti.
- When S i = 1 S_i=1 Si=1, q i = ( 1 ⋅ r ) ⊕ t i = r ⊕ t i q^i=(1\cdot r)\oplus t^i=r\oplus t^i qi=(1⋅r)⊕ti=r⊕ti.
步骤三中 q j q_j qj的解释
q j q_j qj表示矩阵 Q Q Q的第 j j j行; q j i q^i_j qji表示矩阵第 i i i列第 j j j行。根据 q i q^i qi将Q展开可得。
Q = [ q 1 1 q 0 2 q 1 3 . . . q 1 k q 2 1 q 1 2 q 2 3 . . . q 2 k q 3 1 q 3 2 q 3 3 . . . q 3 k ⋮ ⋮ ⋮ ⋮ q m 1 q m 2 q m 3 . . . q m k ] = [ ( s 1 ⋅ r 1 ) ⊕ t 1 1 ( s 2 ⋅ r 1 ) ⊕ t 1 2 ( s 3 ⋅ r 1 ) ⊕ t 1 3 . . . ( s k ⋅ r 1 ) ⊕ t 1 k ( s 1 ⋅ r 2 ) ⊕ t 2 1 ( s 2 ⋅ r 2 ) ⊕ t 2 2 ( s 3 ⋅ r 2 ) ⊕ t 2 3 . . . ( s k ⋅ r 2 ) ⊕ t 2 k ( s 1 ⋅ r 3 ) ⊕ t 3 1 ( s 2 ⋅ r 3 ) ⊕ t 3 2 ( s 3 ⋅ r 3 ) ⊕ t 3 3 . . . ( s k ⋅ r 3 ) ⊕ t 3 k ⋮ ⋮ ⋮ ⋮ ( s 1 ⋅ r m ) ⊕ t m 1 ( s 2 ⋅ r m ) ⊕ t m 2 ( s 3 ⋅ r m ) ⊕ t m 3 . . . ( s k ⋅ r m ) ⊕ t m k ] Q=\begin{gathered} \begin{bmatrix} q^1_1 & q^2_0 & q^3_1 & ... & q^{k}_1\\ q^1_2 & q^2_1 & q^3_2 & ... & q^k_2\\ q^1_3 & q^2_3 & q^3_3 & ... & q^k_3\\ \vdots & \vdots & \vdots & & \vdots\\ q^1_m & q^2_m & q^3_m & ... & q^k_m \end{bmatrix} \end{gathered}= \begin{gathered} \begin{bmatrix}(s_1\cdot r_1)\oplus t^1_1 & (s_2\cdot r_1)\oplus t^2_1 & (s_3\cdot r_1)\oplus t^3_1 & ... & (s_k\cdot r_1)\oplus t^k_1\\ (s_1\cdot r_2)\oplus t^1_2 & (s_2\cdot r_2)\oplus t^2_2 & (s_3\cdot r_2)\oplus t^3_2 & ... & (s_k\cdot r_2)\oplus t^k_2\\ (s_1\cdot r_3)\oplus t^1_3 & (s_2\cdot r_3)\oplus t^2_3 & (s_3\cdot r_3)\oplus t^3_3 & ... & (s_k\cdot r_3)\oplus t^k_3\\ \vdots & \vdots & \vdots & & \vdots\\ (s_1\cdot r_m)\oplus t^1_m & (s_2\cdot r_m)\oplus t^2_m & (s_3\cdot r_m)\oplus t^3_m & ... & (s_k\cdot r_m)\oplus t^k_m \end{bmatrix} \end{gathered} Q=⎣⎢⎢⎢⎢⎢⎡q11q21q31⋮qm1q02q12q32⋮qm2q13q23q33⋮qm3............q1kq2kq3k⋮qmk⎦⎥⎥⎥⎥⎥⎤=⎣⎢⎢⎢⎢⎢⎡(s1⋅r1)⊕t11(s1⋅r2)⊕t21(s1⋅r3)⊕t31⋮(s1⋅rm)⊕tm1(s2⋅r1)⊕t12(s2⋅r2)⊕t22(s2⋅r3)⊕t32⋮(s2⋅rm)⊕tm2(s3⋅r1)⊕t13(s3⋅r2)⊕t23(s3⋅r3)⊕t33⋮(s3⋅rm)⊕tm3............(sk⋅r1)⊕t1k(sk⋅r2)⊕t2k(sk⋅r3)⊕t3k⋮(sk⋅rm)⊕tmk⎦⎥⎥⎥⎥⎥⎤
很显然,可以总结出, q j = ( r j ⋅ s ) ⊕ t j q_j=(r_j\cdot s)\oplus t_j qj=(rj⋅s)⊕tj
步骤四解释(正确性证明)
- 当 r j = 0 r_j=0 rj=0时, q j = ( r j ⋅ s ) ⊕ t j = t j q_j=(r_j\cdot s)\oplus t_j=t_j qj=(rj⋅s)⊕tj=tj,
z j = y j 0 ⊕ H ( j , t j ) = x j 0 ⊕ H ( j , q j ) ⊕ H ( j , t j ) = x j 0 ⊕ H ( j , t j ) ⊕ H ( j , t j ) = x j 0 \begin{aligned} z_j&= y_{j0}\oplus H(j,t_j)\\ &= x_{j0}\oplus H(j,q_j)\oplus H(j,t_j) \\ &= x_{j0}\oplus H(j,t_j)\oplus H(j,t_j) \\ &= x_{j0}\\ \end{aligned} zj=yj0⊕H(j,tj)=xj0⊕H(j,qj)⊕H(j,tj)=xj0⊕H(j,tj)⊕H(j,tj)=xj0 - 当 r j = 1 r_j=1 rj=1时, q j = s ⊕ t j q_j=s\oplus t_j qj=s⊕tj,
z j = y j 1 ⊕ H ( j , t j ) = x j 1 ⊕ H ( j , q j ⊕ s ) ⊕ H ( j , t j ) = x j 1 ⊕ H ( j , s ⊕ t j ⊕ s ) ⊕ H ( j , t j ) = x j 0 ⊕ H ( j , t j ) ⊕ H ( j , t j ) = x j 1 \begin{aligned} z_j&= y_{j1}\oplus H(j,t_j)\\ &= x_{j1}\oplus H(j,q_j\oplus s)\oplus H(j,t_j) \\ &= x_{j1}\oplus H(j,s\oplus t_j\oplus s)\oplus H(j,t_j) \\ &= x_{j0}\oplus H(j,t_j)\oplus H(j,t_j) \\ &= x_{j1}\\ \end{aligned} zj=yj1⊕H(j,tj)=xj1⊕H(j,qj⊕s)⊕H(j,tj)=xj1⊕H(j,s⊕tj⊕s)⊕H(j,tj)=xj0⊕H(j,tj)⊕H(j,tj)=xj1
[IKNP03] Extending Oblivious Transfers Efficiently相关推荐
- OT Extension 基础概念
补一下相关基础,主要关于OT Extension的相关概念和实现,苦于网上的博客大多过于宏观或者片面,所以这里做一个基础的总结: OT Extension的提出背景: OT是针对于多次OT如何下降传输 ...
- signature=b93e4b2d4026f44a8795ac6d5857e863,Feebly secure cryptographic primitives
1. E. Allender, "Circuit complexity before the dawn of the new millennium," in Proceedings ...
- Efficient Batched Oblivious PRF -Private Set Intersection
论文分享!<Efficient Batched Oblivious PRF with Applications to Private Set Intersection>--<高效批处 ...
- Qt5官方demo分析集29——Extending QML - Property Value Source Example
此系列的所有文章都可以在这里查看http://blog.csdn.net/cloud_castle/article/category/2123873 接上文Qt5官方demo解析集28--Extend ...
- [转]Extending the User Interface in Outlook 2010
本文转自:https://msdn.microsoft.com/en-us/library/office/ee692172%28v=office.14%29.aspx#OfficeOLExtendin ...
- 利用DNS Zone Transfers漏洞工具dnswalk
利用DNS Zone Transfers漏洞工具dnswalk DNS Zone Transfers(DNS区域传输)是指一台备用服务器使用来自主服务器的数据刷新自己的域(zone)数据库.当主服务器 ...
- 扩展Ext2类 Extending Ext2 Class
Tutorial:Extending Ext2 Class (Chinese) From Learn About the Ext JavaScript Library Jump to: navigat ...
- cakephp视图用php文件,CakePHP - 扩展视图( Extending Views)
CakePHP - 扩展视图( Extending Views) 很多时候,在制作网页时,我们希望在其他页面中重复某些页面. CakePHP具有这样的功能,可以在另一个视图中扩展视图,为此,我们不需要 ...
- Python常见问题(5):Python扩展与嵌入 Extending/Embedding FAQ
Contents Extending/Embedding FAQ Can I create my own functions in C? Can I create my own functions i ...
最新文章
- 我哭了,工业界AI项目落地有多难?
- 【译】Object Dumper: 函数式程序设计编码中的强大工具
- Kubernetes安装之十:配置node节点之kube-proxy
- SQL Server 阻止了对组件 'Ad Hoc Distributed Queries' 的 STATEMENT'OpenRowset/OpenDatasource' 的访问的解决方案...
- 电脑任务栏跑到右边去了_为什么程序员下班后只关显示器从不关电脑?
- 我在项目中用到的vue FullCalendar的内置函数以及配置项
- 【Codeforces Round #438 C】 Qualification Rounds
- 还在迷茫于前端如何入门和进阶?万字指南让你不再迷茫!
- Cleaning Bad Data in R R语言数据清理教程 Lynda课程中文字幕
- 计算机组成原理(第3版)唐朔飞著 知识点总结 第四章存储器
- 全国idc 机房大全
- 【radon变换原理讲解及利用python库函数快速实现】
- TCP协议--复位报文段
- 设计一可控同步四进制可逆计数器, 其由输入X1,X2控制, 用D触发器和74153及必要的门电路实现
- 最优化方法(学习笔记)-第七章统计估计
- 工信部电信投诉网站入口
- Windows 是一个系统--不应该作为品牌,微软到了抛弃Windows的时候了
- foss测试_FOSS粉丝的15个播客
- 联想笔记本安装PHP环境,联想笔记本装系统步骤 教你如何正确安装笔记本系统...
- “杰林码”技术及应用