Paper 2008/220

Essentially Optimal Universally Composable Oblivious Transfer

Ivan Damgård, Jesper Buus Nielsen, and Claudio Orlandi

Abstract

Oblivious transfer is one of the most important cryptographic primitives, both for theoretical and practical reasons and several protocols were proposed during the years. We provide the first oblivious transfer protocol which is simultaneously optimal on the following list of parameters: Security: it has universal composition. Trust in setup assumptions: only one of the parties needs to trust the setup and some setup is needed for UC security. Trust in computational assumptions: only one of the parties needs to trust a computational assumption. Round complexity: it uses only two rounds. Communication complexity: it communicates O(1) group elements to transfer one out of two group elements. The Big-O notation hides 32, meaning that the communication is probably not optimal, but is essentially optimal in that the overhead is at least constant. Our construction is based on pairings, and we assume the presence of a key registration authority.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. Presented at ICISC 2008
Keywords
Oblivious TransferUniversally Composable Security
Contact author(s)
orlandi @ daimi au dk
History
2008-12-17: revised
2008-05-25: received
See all versions
Short URL
https://ia.cr/2008/220
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2008/220,
      author = {Ivan Damgård and Jesper Buus Nielsen and Claudio Orlandi},
      title = {Essentially Optimal Universally Composable Oblivious Transfer},
      howpublished = {Cryptology ePrint Archive, Paper 2008/220},
      year = {2008},
      note = {\url{https://eprint.iacr.org/2008/220}},
      url = {https://eprint.iacr.org/2008/220}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.