Paper 2012/348

Oblivious Transfer with Hidden Access Control from Attribute-Based Encryption

Jan Camenisch, Maria Dubovitskaya, Robert R. Enderlein, and Gregory Neven


The notion of oblivious transfer with hidden access control policies (HACOT) was recently proposed by Camenisch et al.~(Public-Key Cryptography~2011). This primitive allows a user to anonymously query a database where each record is protected by a hidden attribute-based access control policy. At each query, the user either learns the value of a single record if the attributes in his key satisfy the policy, or the mere fact that his attributes do not satisfy the policy. The database, even when colluding with the key issuer, learns nothing about the identity of the user, the index or the access policy of the record, or whether access was granted or denied. At the same time, the database can keep an eye on the overall access frequency to prevent the data from being ``crawled''. In this paper, we present a new HACOT scheme which is more efficient and offers more expressive policies than the scheme presented by Camenisch et al. We construct our HACOT protocol based on a hidden ciphertext-policy attribute-based encryption (HP-ABE) scheme by Nishide et al.: users are issued HACOT decryption keys based on HP-ABE attributes and HACOT records are encrypted under HP-ABE policies. However, as we will see, this simple approach does not work and we need to extend the Nishide et al.\ scheme as follows. First, we add protocols that allows users to verify that the public key of the issuer and ciphertexts are correctly formed. Second, we reserve one attribute and give the corresponding decryption key only to the database. Thereby users can no longer decrypt records by themselves but require the help of the database. Third, we provide a joint decryption protocol between the user and the database, so that the database does not learn which ciphertext is decrypted. The latter will also allow one to optionally add revocation of the users' access. We prove our construction secure by a reduction to the security of Nishide et al.'s scheme, the Symmetric External Diffie-Hellman (SXDH) and Simultaneous Flexible Pairing (SFP) assumptions.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. This is the full version of a paper due to appear in SCN 2012.
PrivacyOblivious TransferAttribute-Based Encryption
Contact author(s)
eprint @ e7n ch
2016-01-07: last of 2 revisions
2012-06-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jan Camenisch and Maria Dubovitskaya and Robert R.  Enderlein and Gregory Neven},
      title = {Oblivious Transfer with Hidden Access Control from Attribute-Based Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2012/348},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.