tlsnotary/docs-mdbook
1
0
Fork 0
mirror of https://github.com/tlsnotary/docs-mdbook.git synced 2026-01-09 20:57:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

Use original construction for ROLE without PRGs.

Browse Source
This commit is contained in:
th4s
2024-02-15 18:14:21 +01:00
parent ab9e969dc2
commit 01019fa44b
1 changed files with 18 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
research/ole-flavors.typ
View File

@@ -21,42 +21,26 @@ Define the functionality $cal(F)_"ROT"$:
== Random OLE == Random OLE
=== Functionality $cal(F)_"ROLE"$ === Functionality $cal(F)_"ROLE"$
Define the functionality $cal(F)_"ROLE"$ which maintains a counter $k$ and Define the functionality $cal(F)_"ROLE"$ where
which allows to call an $"Extend"_k$ command multiple times. - $P_A$ receives $(a, x)$
- When calling $"Initialize"$ set up the functionality for subsequent calls to - $P_B$ receives $(b, y)$
$"Extend"_k$. such that $ y = a dot b + x$
- When calling $"Extend"_k$: $P_A$ receives $(a_k, x_k)$ and $P_B$ receives
$(b_k, y_k)$.
such that $ y_k = a_k dot b_k + x_k$
=== Protocol $Pi_"ROLE"$ === Protocol $Pi_"ROLE"$
+ Initialization: + $P_B$ randomly samples $d arrow.l bb(F)$ and $f arrow.l bb(F)$.
- $P_B$ randomly samples $f arrow.l bb(F)$. + $P_A$ randomly samples $c arrow.l bb(F)$ and $e arrow.l bb(F)$.
- Both parties call $cal(F)_"ROT" (f)$, so $P_A$ knows + For each $i = 1, ... , l$ where $l = |f|$: Both parties call
$t_0^i, t_1^i$ and $P_B$ knows $t_(f_i)$. $cal(F)_"ROT" (f)$, so $P_A$ knows $t_0^i, t_1^i$ and $P_B$ knows $t_(f_i)$.
- With some PRF define: $s_(i,0)^k := "PRF"(t^i_0, k)$, $s_(i,1)^k := + $P_A$ sends $e$ and $u_i = t_(i,0) - t_(i,1) + c$ to $P_B$.
"PRF"(t^i_1, k)$ + $P_B$ defines $b = e + f$ and sends $d$ to $P_A$.
- $P_A$ randomly samples $e_1 arrow.l bb(F)$ and $P_B$ randomly + $P_A$ defines $a = c + d$ and outputs
samples $e_2 arrow.l bb(F)$. $x = sum 2^i t_(i,0) - a dot e$
- $P_A$ sends $e_1$ to $P_B$ and $P_B$ sends $e_2$ to $P_A$ using a + $P_B$ computes $ y_i
commit-reveal scheme. &= f_i (u_i + d) + t_(i,f_i) \
- Both parties define $e_k = "PRF"(e_1 xor e_2, k)$. &= f_i (t_(i,0) - t_(i,1) + c + d) + t_(i,f_i) \
&= f_i dot a + t_(i,0) $
+ $"Extend"_k$: This can be batched or/and repeated several times. and outputs $y = 2^i y_i$
- $P_A$ samples randomly $c_k arrow.l bb(F)$. + Now it holds that $y = a dot b + x$.
- $P_B$ samples randomly $d_k arrow.l bb(F)$.
- $P_A$ sends $u_i^k = s_(i,0)^k - s_(i,1)^k + c_k$ to $P_B$.
- $P_B$ defines $b_k = e_k + f$ and sends $d_k$ to $P_A$.
- $P_A$ defines $a_k = c_k + d_k$ and outputs
$x_k = sum 2^i s_(i,0)^k - a_k dot e_k$
- $P_B$ computes $ y^k_i
&= f_i (u^k_i + d_k) + s_(i,f_i)^k \
&= f_i (s_(i,0)^k - s_(i,1)^k + c_k + d_k) + s_(i,f_i)^k \
&= f_i dot a_k + s_(i,0)^k $
and outputs $y_k = 2^i y^k_i$
+ Now it holds that $y_k = a_k dot b_k + x_k$.
== Vector OLE == Vector OLE
=== Functionality $cal(F)_"VOLE"$ === Functionality $cal(F)_"VOLE"$