基于密文混淆的不经意传输协议

doi:10.19678/j.issn.1000-3428.0069792

计算机工程 ›› 2026, Vol. 52 ›› Issue (1): 293-302. doi: 10.19678/j.issn.1000-3428.0069792

基于密文混淆的不经意传输协议

李晓东¹^,², 朱晓鹏², 张健毅¹^,*(), 吴庸¹, 窦一萌¹

1. 北京电子科技学院网络空间安全系, 北京 100070
2. 西安电子科技大学计算机科学与技术学院, 陕西西安 710000

收稿日期:2024-04-26 修回日期:2024-09-03 出版日期:2026-01-15 发布日期:2024-11-11
通讯作者: 张健毅
作者简介:
李晓东, 男, 副教授、博士, 主研方向为同态加密、安全多方计算
朱晓鹏, 硕士
张健毅(通信作者)，副教授、博士
吴庸, 硕士
窦一萌, 硕士
基金资助:
北京电子科技学院-北京隐算科技有限公司合作项目资金(20230008H113)

Ciphertext Obfuscation-based Oblivious Transfer Protocol

LI Xiaodong¹^,², ZHU Xiaopeng², ZHANG Jianyi¹^,*(), WU Yong¹, DOU Yimeng¹

1. Department of Cyberspace Security, Beijing Electronic Science and Technology Institute, Beijing 100070, China
2. School of Computer Science and Technology, Xidian University, Xi'an 710000, Shaanxi, China

Received:2024-04-26 Revised:2024-09-03 Online:2026-01-15 Published:2024-11-11
Contact: ZHANG Jianyi

摘要/Abstract

摘要：

不经意传输(OT)协议是一种保护隐私的两方通信协议, 也是构建安全多方计算的重要模块。该协议通常基于RSA(Rivest—Shamir—Adleman)或DH(Diffie—Hellman)密码系统来交换对称密钥, 在消息的加密阶段使用对称密钥进行加密。然而, 在现有的OT协议中, 多对公私钥生成以及数据计算非常耗时。在同一密文域中, 采用双射函数对密文进行变换, 可以确保密文解密后的不可区分性, 同时减少计算量。在半诚实模型上, 提出一种基于密文混淆的OT协议框架, 并在该框架下基于RSA和DH实例化OT协议。相较基于RSA的加密方案, 所提协议只需要一对公私钥, 同时, 当公私钥减少为一对时, 接收方可以利用发送方数字证书中的公钥, 实现具有身份认证功能的OT协议。对比基于DH密钥交换的OT协议, 该协议具有数据传输量小、计算复杂度低的优势。实验结果表明, 与现有OT协议相比, 实例化的协议在密钥交换阶段的效率至少可提高30%。此外, 该协议还可以用于隐私集合求交、混淆电路和OT扩展协议中的基础协议。

关键词: 不经意传输, 双射函数, 密文混淆, 身份认证, 安全多方计算

Abstract:

The Oblivious Transfer (OT) protocol is a privacy-preserving two-way communication protocol important for building secure multiparty computations. To exchange symmetric keys, this protocol is typically based on the Rivest—Shamir—Adleman (RSA) or Diffie—Hellman (DH) cryptographic systems, which are used for encryption during the message-encryption phase. However, in existing OT protocols, the generation of multiple pairs of public and private keys and data computations are time-consuming. Using bijective functions to transform the ciphertext within the same ciphertext domain can ensure indistinguishability after decryption and reduce the computational complexity. In the semi-honest model, a ciphertext obfuscation-based OT protocol framework is proposed and OT protocols are instantiated based on RSA and DH within this framework. Compared with RSA-based encryption schemes, the proposed protocol requires only one pair of public and private keys. When the number of public and private keys is reduced to one, the receiver can use the public key in the digital certificate of the sender to implement the OT protocol using an identity authentication function. Compared with the OT protocol based on the DH key exchange, this protocol has a small data transmission volume and low computational complexity. Experimental results show that, compared with existing OT protocols, the efficiency of instantiated protocols in the key exchange stage can be improved by at least 30%. Moreover, this protocol can be used as a basic protocol for privacy set intersections, obfuscation circuits, and OT extension protocols.

Key words: Oblivious Transfer (OT), bijective function, ciphertext obfuscation, identity authentication, secure multi-party computation

李晓东, 朱晓鹏, 张健毅, 吴庸, 窦一萌. 基于密文混淆的不经意传输协议[J]. 计算机工程, 2026, 52(1): 293-302.

LI Xiaodong, ZHU Xiaopeng, ZHANG Jianyi, WU Yong, DOU Yimeng. Ciphertext Obfuscation-based Oblivious Transfer Protocol[J]. Computer Engineering, 2026, 52(1): 293-302.

https://www.ecice06.com/CN/Y2026/V52/I1/293

图/表 11

图1 2选1不经意传输协议示意图

Fig.1 Schematic diagram of oblivious transfer protocol of 1 out of 2

图2 2选1(NP01)OT协议过程

Fig.2 Process of 1 out of 2 (NP01) OT protocol

图3 OT_n¹协议框架

Fig.3 Framework of OT_n¹ protocol

图4 2种密钥交换示意图

Fig.4 Schematic diagram of two types of key exchange

图5 密文混淆

Fig.5 Ciphertext obfuscation

图6 基于DH的N选1协议效率对比

Fig.6 Efficiency comparison of 1 out of N protocol based on DH

图7 N选1 OT协议在不同消息长度下的效率

Fig.7 Efficiency under different message lengths of the 1 out of N OT protocol

参考文献 32

1	RABIN M O. How to exchange secrets with oblivious transfer[EB/OL]. [2024-02-05]. https://eprint.iacr.org/2005/187.pdf.
2	EVEN S, GOLDREICH O, LEMPEL A. A randomized protocol for signing contracts[EB/OL]. [2024-02-05]. https://dl.acm.org/doi/10.1145/3812.3818.
3	CRÉPEAU C. Equivalence between two flavours of oblivious transfers[EB/OL]. [2024-02-05]. https://link.springer.com/chapter/10.1007/3-540-48184-2_30.
4	GORDON S D, KATZ J, KOLESNIKOV V, et al. Secure two-party computation in sublinear (amortized) time[C]//Proceedings of the 2012 ACM Conference on Computer and Communications Security. New York, USA: ACM Press, 2012: 513-524.
5	BOYLE E, COUTEAU G, GILBOA N, et al. Efficient pseudorandom correlation generators: silent OT extension and more[EB/OL]. [2024-02-05]. https://link.springer.com/chapter/10.1007/978-3-030-26954-8_16.
6	GERTNER Y, KANNAN S, MALKIN T, et al. The relationship between public key encryption and oblivious transfer[EB/OL]. [2024-02-05]. https://ieeexplore.ieee.org/document/892121.
7	NAOR M, PINKAS B. Efficient oblivious transfer protocols[EB/OL]. [2024-02-05]. https://dl.acm.org/doi/10.5555/365411.365502.
8	CHOU T, ORLANDI C. The simplest protocol for oblivious transfer[EB/OL]. [2024-02-05]. https://eprint.iacr.org/2015/267.pdf.
9	MANSY D, RINDAL P. Endemic oblivious transfer[C]//Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York, USA: ACM Press, 2019: 309-326.
10	ISHAI Y, KILIAN J, NISSIM K, et al. Extending oblivious transfers efficiently[EB/OL]. [2024-02-05]. https://link.springer.com/chapter/10.1007/978-3-540-45146-4_9.
11	ASHAROV G, LINDELL Y, SCHNEIDER T, et al. More efficient oblivious transfer and extensions for faster secure computation[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. New York, USA: ACM Press, 2013: 535-548.
12	魏晓超, 蒋瀚, 赵川. 一个高效可完全模拟的n取1茫然传输协议. 计算机研究与发展, 2016, 53 (11): 2475- 2481.
	WEI X C , JIANG H , ZHAO C . An efficient and fully simulatable n-1 oblivious transfer protocol. Journal of Computer Research and Development, 2016, 53 (11): 2475- 2481.
13	CANETTI R, SARKAR P, WANG X. Blazing fast OT for three-round UC OT extension[EB/OL]. [2024-02-05]. https://eprint.iacr.org/2020/110.pdf.
14	LAI Y F, GALBRAITH S D, DELPECH DE SAINT GUILHEM C. Compact, efficient and UC-secure isogeny-based oblivious transfer[EB/OL]. [2024-02-05]. https://link.springer.com/chapter/10.1007/978-3-030-77870-5_8.
15	AGARWAL A, BARTUSEK J, KHURANA D, et al. A new framework for quantum oblivious transfer[EB/OL]. [2024-02-05]. https://eprint.iacr.org/2022/1191.pdf.
16	SONG J S , WANG D F , ZHANG Z Z , et al. Universally composable oblivious transfer with low communication. Applied Sciences, 2023, 13 (4): 2090. doi: 10.3390/app13042090
17	LI S S, ZHANG C, LIN D D. Oblivious transfer from rerandomizable PKE[EB/OL]. [2024-02-05]. https://eprint.iacr.org/2023/1002.pdf.
18	GERTNER Y, MALKIN T, REINGOLD O. On the impossibility of basing trapdoor functions on trapdoor predicates[C]//Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science. Washington D.C., USA: IEEE Press, 2001: 126-135.
19	PEIKERT C, VAIKUNTANATHAN V, WATERS B. A framework for efficient and composable oblivious transfer[EB/OL]. [2024-02-05]. https://eprint.iacr.org/2007/348.pdf.
20	ZHU X P, WU Y, LI X D, et al. A new ciphertext based OT protocol in cloud computing[C]//Proceedings of the 4th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT). Washington D.C., USA: IEEE Press, 2023: 408-413.
21	高莹, 李寒雨, 王玮, 等. 不经意传输协议研究综述. 软件学报, 2023, 34 (4): 1879- 1906.
	GAO Y , LI H Y , WANG W , et al. A review of research on oblivious transfer protocols. Journal of Software, 2023, 34 (4): 1879- 1906.
22	张爱娈, 李祯祯, 丁海洋, 等. 基于OT的多方匿名身份查询协议. 计算机应用研究, 2022, 39 (4): 1190- 1194.
	ZHANG A L , LI Z Z , DING H Y , et al. Multi-party anonymous identity query protocol based on OT. Application Research of Computers, 2022, 39 (4): 1190- 1194.
23	YAO A C. Protocols for secure computations[C]//Proceedings of the 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982). Washington D.C., USA: IEEE Press, 1982: 160-164.
24	YAO A C. How to generate and exchange secrets[C]//Proceedings of the 27th Annual Symposium on Foundations of Computer Science (sfcs 1986). Washington D.C., USA: IEEE Press, 1986: 162-167.
25	KOLESNIKOV V, KUMARESAN R, ROSULEK M, et al. Efficient batched oblivious PRF with applications to private set intersection[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York, USA: ACM Press, 2016: 818-829.
26	HUNT R. PKI and digital certification infrastructure[EB/OL]. [2024-02-05]. https://ieeexplore.ieee.org/document/962346.
27	MU Y , ZHANG J Q , VARADHARAJAN V , et al. Robust non-interactive oblivious transfer. IEEE Communications Letters, 2003, 7 (4): 153- 155. doi: 10.1109/LCOMM.2003.811213
28	MCQUOID I, ROSULEK M, ROY L. Batching base oblivious transfers[EB/OL]. [2024-02-05]. https://eprint.iacr.org/2021/682.pdf.
29	BEAVER D. Precomputing oblivious transfer[EB/OL]. [2024-02-05]. https://link.springer.com/chapter/10.1007/3-540-44750-4_8.
30	KOLESNIKOV V, KUMARESAN R. Improved OT extension for transferring short secrets[EB/OL]. [2024-02-05]. https://eprint.iacr.org/2013/491.pdf.
31	ORRÙ M, ORSINI E, SCHOLL P. Actively secure 1-out-of-N OT extension with application to private set intersection[EB/OL]. [2024-02-05]. https://eprint.iacr.org/2016/933.pdf.
32	ROY L. SoftSpokenOT: communication-computation tradeoffs in OT extension[EB/OL]. [2024-02-05]. https://eprint.iacr.org/2022/192.pdf.

[1]	邓淼磊, 马晴雨, 宋庆, 张春燕, 左志斌. 增强的无线传感器网络认证密钥协商协议[J]. 计算机工程, 2025, 51(11): 186-193.
[2]	王以良, 周鹏, 叶卫, 戚伟强. 基于金字塔网络的非侵入式负荷辨识及其隐私保护方案[J]. 计算机工程, 2024, 50(5): 182-189.
[3]	郑云涛, 叶家炜. 基于茫然传输协议的FATE联邦迁移学习方案[J]. 计算机工程, 2023, 49(2): 24-30.
[4]	王静怡, 刘百祥, 方宁, 彭凌祺. 基于区块链与属性密码体制的匿名数据共享访问控制[J]. 计算机工程, 2023, 49(10): 41-52.
[5]	刘新, 胡翔瑜, 徐刚, 陈秀波. 区块链数据保密查询的不经意传输协议[J]. 计算机工程, 2022, 48(10): 13-20.
[6]	王元庆, 刘百祥. 一种去中心化的隐私保护匿名问卷方案[J]. 计算机工程, 2021, 47(6): 123-131.
[7]	吴甜甜, 杨亚芳, 赵运磊. 一种面向车联网通信的条件隐私保护认证协议[J]. 计算机工程, 2021, 47(6): 14-22.
[8]	张静, 何铮, 葛炳辉, 汤永利, 叶青. 一种高效的百万富翁问题协议及其应用[J]. 计算机工程, 2021, 47(2): 168-175.
[9]	刘期烈, 陈澄. 基于区块链的V2G匿名身份认证方案[J]. 计算机工程, 2021, 47(11): 22-28.
[10]	牛淑芬, 杨平平, 谢亚亚, 王彩芬, 杜小妮. 电子邮件系统中指定服务器的关键字搜索加密方案[J]. 计算机工程, 2020, 46(10): 137-142,150.
[11]	王泽,陈永乐,王潇健. 基于CSI的WLAN认证及攻击定位方案[J]. 计算机工程, 2019, 45(6): 181-187.
[12]	刘卓,马敏耀,邱克娥,冯君. 一种安全两群体认证协议[J]. 计算机工程, 2018, 44(9): 141-148.
[13]	蒋存波,孔祥丽,金红,焦阳. 具有射频识别功能的嵌入式低功耗智能钥匙设计[J]. 计算机工程, 2017, 43(7): 54-59.
[14]	俞庆英,罗永龙,陈付龙,郑孝遥. 一种保护私有信息的空间离群点检测方法[J]. 计算机工程, 2017, 43(3): 163-171.
[15]	杨小东,安发英,杨平,刘婷婷,王彩芬. 基于无证书签名的云端跨域身份认证方案[J]. 计算机工程, 2017, 43(11): 128-133,145.

选择文件类型/文献管理软件名称

选择包含的内容

基于密文混淆的不经意传输协议

Ciphertext Obfuscation-based Oblivious Transfer Protocol

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 32

相关文章 15

编辑推荐

Metrics

本文评价

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

基于密文混淆的不经意传输协议

Ciphertext Obfuscation-based Oblivious Transfer Protocol

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 32

相关文章 15

编辑推荐

Metrics

本文评价