Simulatable Adaptive Oblivious Transfer

Jan Camenisch; Gregory Neven; abhi shelat

Paper 2008/014

Simulatable Adaptive Oblivious Transfer

Jan Camenisch, Gregory Neven, and abhi shelat

Abstract

We study an adaptive variant of oblivious transfer in which a sender has N messages, of which a receiver can adaptively choose to receive k one-after-the-other, in such a way that (a) the sender learns nothing about the receiver’s selections, and (b) the receiver only learns about the k requested messages. We propose two practical protocols for this primitive that achieve a stronger security notion than previous schemes with comparable efficiency. In particular, by requiring full simulatability for both sender and receiver security, our notion prohibits a subtle selective-failure attack not addressed by the security notions achieved by previous practical schemes. Our first protocol is a very efficient generic construction from unique blind signatures in the random oracle model. The second construction does not assume random oracles, but achieves remarkable efficiency with only a constant number of group elements sent during each transfer. This second construction uses novel techniques for building efficient simulatable protocols.

Metadata

Available format(s): PDF PS
Category: Cryptographic protocols
Publication info: Published elsewhere. An extended abstract of this paper appears in Moni Naor, editor, Advances in Cryptology – EUROCRYPT 2007, volume 4515 of Lecture Notes in Computer Science, pages 573–590, Springer-Verlag, 2007. This is the full version.
Contact author(s): Gregory Neven @ esat kuleuven be
History: 2008-01-14: received
Short URL: https://ia.cr/2008/014
License: CC BY

BibTeX

@misc{cryptoeprint:2008/014,
      author = {Jan Camenisch and Gregory Neven and abhi shelat},
      title = {Simulatable Adaptive Oblivious Transfer},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/014},
      year = {2008},
      url = {https://eprint.iacr.org/2008/014}
}