Theory of Cryptography

Volume 5978 of the series Lecture Notes in Computer Science pp 327-342

Truly Efficient String Oblivious Transfer Using Resettable Tamper-Proof Tokens

  • Vladimir KolesnikovAffiliated withAlcatel-Lucent Bell Laboratories


SFE requires expensive public key operations for each input bit of the function. This cost can be avoided by using tamper-proof hardware. However, all known efficient techniques require the hardware to have long-term secure storage and to be resistant to reset or duplication attacks. This is due to the intrinsic use of counters or erasures. Known techniques that use resettable tokens rely on expensive primitives, such as generic concurrent ZK, and are out of reach of practice.

We propose a truly efficient String Oblivious Transfer (OT) technique relying on resettable (actually, stateless) tamper-proof token. Our protocols require between 6 and 27 symmetric key operations, depending on the model. Our OT is secure against covert sender and malicious receiver, and is sequentially composable.

If the token is semi-honest (e.g. if it is provided by a trusted entity, but adversarily initialized), then our protocol is secure against malicious adversaries in concurrent execution setting.

Only one party is required to provide the token, which makes it appropriate for typical asymmetric client-server scenarios (banking, TV, etc.)