Security and efficiency analysis of the Hamming distance computation protocol based on oblivious transfer

In Financial Cryptography 2013, Bringer, Chabanne and Patey proposed two cryptographic protocols for the computation of Hamming distance in the two-party setting. Their first scheme uses Oblivious Transfer and provides security in the semi-honest model. The other scheme uses Committed Oblivious Transfer (COT) and is claimed to provide full security in the malicious case. The proposed protocols have direct implications to biometric authentication schemes between a prover and a verifier where the verifier has biometric data of the users in plain form. In this paper, we show that their protocol against malicious adversaries is not actually secure. Namely, we show a generic attack such that a malicious user can compute a Hamming distance which is different from the actual value. For biometric authentication systems, this attack allows a malicious adversary to pass the authentication without knowledge of the honest user’s input with at most O(n) complexity instead of O(2), where n is the input length. We propose an enhanced version of their protocol where this attack is eliminated. The security of our modified protocol is proved using simulation-based paradigm. Also as for efficiency concerns, the modified protocol utilizes Verifiable Oblivious Transfer (VOT) which excludes the commitments to outputs (as they exist in COT). We show that the use of VOT does not reduce the security of the protocol but improves the efficiency significantly.