Cryptology ePrint Archive: Report 2001/073
Efficient oblivious transfer schemes
Wen-Guey Tzeng
Abstract: In this paper we propose a very efficient
(string) $OT_n^1$ scheme
for any $n\geq 2$.
We build our $OT_n^1$ scheme from fundamental cryptographic
techniques directly.
It achieves optimal efficiency in the number of rounds
and the total number of exchanged messages for the case
that the receiver's
choice is unconditionally secure.
The computation time of our $OT_n^1$ scheme is very
efficient, too.
The receiver need compute 2 modular
exponentiations only no matter how large $n$ is,
and the sender need compute $2n$ modular exponentiations.
Furthermore, the system-wide parameters need not change
during the lifetime of the system and are {\em universally
usable}.
That is, all possible receivers and senders use the same
parameters and need no trapdoors specific to each of them.
For our $OT_n^1$ scheme, the privacy of the receiver's choice
is unconditionally secure and the privacy of
the un-chosen secrets is at least as strong as the hardness
of the decisional Diffie-Hellman problem.
\par
We extend our $OT_n^1$ scheme to distributed oblivious
transfer schemes.
Our distributed $OT_n^1$ scheme takes full advantage of
the research results of secret sharing and is conceptually
simple.
It achieves better security than
Noar and Pinkas's scheme does in many aspects.
For example, our scheme is secure against collusion of $R$
and $t$-$1$ servers
and it need not restrict $R$ to contact at most $t$ servers,
which is difficult to enforce.
\par
For applications, we present a method of transforming any
single-database PIR
protocol into a symmetric PIR protocol with only one extra
unit of communication cost.
Category / Keywords: cryptographic protocols / oblivious transfer
Publication Info: manuscript
Date: received 23 Aug 2001
Contact author: tzeng at cis nctu edu tw
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation
Version: 20010825:065327 (All versions of this report)
Short URL: ia.cr/2001/073
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]