These protocols are based on a semi-honest model: no mechanism prevents a group of malicious servers from disrupting the protocol such that the secret obtained by the receiver does not correspond to the chosen secret. Actually, to verify the information transmitted by the servers seems to require some properties difficult to reconcile: on one hand the receiver has to collect more information from the servers to discard the incorrect data generated by the malicious servers; on the other hand, if the receiver is allowed to gather more information from the servers, the sender's security may be compromised.
We study the first unconditionally secure DOT protocol in the presence of an active adversary who may corrupt up to $k - 1$ servers. In addition to the active adversary, we also assume that the sender may (passively) corrupt up to $k - 1$ servers to learn the choice of the receiver. Similarly, the receiver may (passively) corrupt up to $k - 1$ servers to learn more than the chosen secret. However, we assume that the sender, receiver, and active adversary do not collaborate with each other. Our DOT protocol allows the receiver to contact $4k - 3$ servers to obtain one secret, while the required security is maintained.Category / Keywords: cryptographic protocols / Privacy and Security, Distributed Oblivious Transfer, Verifiable Oblivious Transfer Publication Info: The ongoing work related to this paper was presented in a poster session at ACISP 2011 Date: received 6 Feb 2013 Contact author: chris corniaux at my jcu edu au Available format(s): PDF | BibTeX Citation Version: 20130212:094310 (All versions of this report) Short URL: ia.cr/2013/063 Discussion forum: Show discussion | Start new discussion