Cryptology ePrint Archive: Report 2008/014

Simulatable Adaptive Oblivious Transfer

Jan Camenisch and Gregory Neven and abhi shelat

Abstract: We study an adaptive variant of oblivious transfer in which a sender has N messages, of which a receiver can adaptively choose to receive k one-after-the-other, in such a way that (a) the sender learns nothing about the receiver’s selections, and (b) the receiver only learns about the k requested messages. We propose two practical protocols for this primitive that achieve a stronger security notion than previous schemes with comparable efficiency. In particular, by requiring full simulatability for both sender and receiver security, our notion prohibits a subtle selective-failure attack not addressed by the security notions achieved by previous practical schemes.

Our first protocol is a very efficient generic construction from unique blind signatures in the random oracle model. The second construction does not assume random oracles, but achieves remarkable efficiency with only a constant number of group elements sent during each transfer. This second construction uses novel techniques for building efficient simulatable protocols.

Category / Keywords: cryptographic protocols /

Publication Info: An extended abstract of this paper appears in Moni Naor, editor, Advances in Cryptology – EUROCRYPT 2007, volume 4515 of Lecture Notes in Computer Science, pages 573–590, Springer-Verlag, 2007. This is the full version.

Date: received 9 Jan 2008

Contact author: Gregory Neven at esat kuleuven be

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20080114:111629 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]