Nothing Special   »   [go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2023/225

A Post-Quantum Round-Optimal Oblivious PRF from Isogenies

Andrea Basso, University of Bristol, University of Birmingham
Abstract

An oblivious pseudorandom function, or OPRF, is an important primitive that is used to build many advanced cryptographic protocols. Despite its relevance, very few post-quantum solutions exist. In this work, we propose a novel OPRF protocol that is post-quantum, verifiable, round-optimal, and moderately compact. Our protocol is based on a previous SIDH-based construction by Boneh, Kogan, and Woo, which was later shown to be insecure due to an attack on its one-more unpredictability. We first propose an efficient countermeasure against this attack by redefining the PRF function to use irrational isogenies. This prevents a malicious user from independently evaluating the PRF. The SIDH-based construction by Boneh, Kogan, and Woo is also vulnerable to the recent attacks on SIDH. We thus demonstrate how to efficiently incorporate the countermeasures against such attacks to obtain a secure OPRF protocol. To achieve this, we also propose the first proof of isogeny knowledge that is compatible with masked torsion points, which may be of independent interest. Lastly, we design a novel non-interactive proof of knowledge of parallel isogenies, which reduces the number of communication rounds of the OPRF to the theoretically-optimal two. Putting everything together, we obtain the most compact post-quantum verifiable OPRF protocol.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
Oblivious Pseudorandom FunctionsIsogeniesSIDH
Contact author(s)
andrea basso @ bristol ac uk
History
2023-02-20: approved
2023-02-19: received
See all versions
Short URL
https://ia.cr/2023/225
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/225,
      author = {Andrea Basso},
      title = {A Post-Quantum Round-Optimal Oblivious {PRF} from Isogenies},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/225},
      year = {2023},
      url = {https://eprint.iacr.org/2023/225}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.