Public Key Cryptography – PKC 2011

Volume 6571 of the series Lecture Notes in Computer Science pp 192-209

Oblivious Transfer with Hidden Access Control Policies

  • Jan CamenischAffiliated withIBM Research - Zurich
  • , Maria DubovitskayaAffiliated withIBM Research - Zurich
  • , Gregory NevenAffiliated withIBM Research - Zurich
  • , Gregory M. ZaveruchaAffiliated withCerticom Research


Consider a database where each record has different access control policies. These policies could be attributes, roles, or rights that the user needs to have in order to access the record. Here we provide a protocol that allows the users to access the database record while: (1) the database does not learn who queries a record; (2) the database does not learn which record is being queried, nor the access control policy of that record; (3) the database does not learn whether a user’s attempt to access a record was successful or not; (4) the user can only obtain a single record per query; (5) the user can only access those records for which she has the correct permissions; (6) the user does not learn any other information about the database structure and the access control policies other than whether he was granted access to the queried record, and if so, the content of the record; and (7) the users’ credentials can be revoked.

Our scheme builds on the one by Camenisch, Dubovitskaya and Neven (CCS’09), who consider oblivious transfer with access control when the access control policies are public.


Privacy Oblivious Transfer Anonymous Credentials Access Control