CryptoDB
Simulatable Adaptive Oblivious Transfer
Authors: | |
---|---|
Download: | |
Abstract: | We study an adaptive variant of oblivious transfer in which a sender has N messages, of which a receiver can adaptively choose to receive k one-after-the-other, in such a way that (a) the sender learns nothing about the receivers selections, and (b) the receiver only learns about the k requested messages. We propose two practical protocols for this primitive that achieve a stronger security notion than previous schemes with comparable efficiency. In particular, by requiring full simulatability for both sender and receiver security, our notion prohibits a subtle selective-failure attack not addressed by the security notions achieved by previous practical schemes. Our first protocol is a very efficient generic construction from unique blind signatures in the random oracle model. The second construction does not assume random oracles, but achieves remarkable efficiency with only a constant number of group elements sent during each transfer. This second construction uses novel techniques for building efficient simulatable protocols. |
BibTeX
@misc{eprint-2008-17691, title={Simulatable Adaptive Oblivious Transfer}, booktitle={IACR Eprint archive}, keywords={cryptographic protocols /}, url={http://eprint.iacr.org/2008/014}, note={An extended abstract of this paper appears in Moni Naor, editor, Advances in Cryptology EUROCRYPT 2007, volume 4515 of Lecture Notes in Computer Science, pages 573590, Springer-Verlag, 2007. This is the full version. Gregory.Neven@esat.kuleuven.be 1388}, author={Jan Camenisch and Gregory Neven and abhi shelat}, year=2008 }