Cryptology ePrint Archive: Report 2008/220

Essentially Optimal Universally Composable Oblivious Transfer

Ivan Damgård and Jesper Buus Nielsen and Claudio Orlandi

Abstract: Oblivious transfer is one of the most important cryptographic primitives, both for theoretical and practical reasons and several protocols were proposed during the years. We provide the first oblivious transfer protocol which is simultaneously optimal on the following list of parameters: Security: it has universal composition. Trust in setup assumptions: only one of the parties needs to trust the setup and some setup is needed for UC security. Trust in computational assumptions: only one of the parties needs to trust a computational assumption. Round complexity: it uses only two rounds. Communication complexity: it communicates O(1) group elements to transfer one out of two group elements. The Big-O notation hides 32, meaning that the communication is probably not optimal, but is essentially optimal in that the overhead is at least constant. Our construction is based on pairings, and we assume the presence of a key registration authority.

Category / Keywords: cryptographic protocols / Oblivious Transfer, Universally Composable Security

Publication Info: Presented at ICISC 2008

Date: received 15 May 2008, last revised 17 Dec 2008

Contact author: orlandi at daimi au dk

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20081217:155654 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]