International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Revisiting OKVS-based OPRF and PSI: Cryptanalysis and Better Construction

Authors:
Kyoohyung Han , Samsung SDS
Seongkwang Kim , Samsung SDS
Byeonghak Lee , Samsung SDS
Yongha Son , Sungshin Women's University
Download:
Search ePrint
Search Google
Presentation: Slides
Conference: ASIACRYPT 2024
Abstract: Oblivious pseudorandom function (OPRF) is a two-party cryptographic protocol that allows the receiver to input $x$ and learn $F(x)$ for some PRF $F$, only known to the sender. For private set intersection (PSI) applications, OPRF protocols have evolved to enhance efficiency, primarily using symmetric key cryptography. Current state-of-the-art protocols, such as those by Rindal and Schoppmann (Eurocrypt~'21), leverage vector oblivious linear evaluation (VOLE) and oblivious key-value store (OKVS) constructions. In this work, we identify a flaw in an existing security proof, and present practical attacks in the malicious model, which results in additional PRF evaluations than the previous works' claim. In particular, the attack for malicious model is related to the concept of OKVS overfitting, whose hardness is conjectured in previous works. Our attack is the first one to discuss the concrete hardness of OKVS overfitting problem. As another flavour of contribution, we generalize OKVS-based OPRF constructions, suggesting new instantiations using a VOLE protocol with only Minicrypt assumptions. Our generalized construction shows improved performance in high-speed network environments, narrowing the efficiency gap between the OPRF constructions over Cryptomania and Minicrypt.
BibTeX
@inproceedings{asiacrypt-2024-34633,
  title={Revisiting OKVS-based OPRF and PSI: Cryptanalysis and Better Construction},
  publisher={Springer-Verlag},
  author={Kyoohyung Han and Seongkwang Kim and Byeonghak Lee and Yongha Son},
  year=2024
}