Oblivious Transfer with Adaptive Queries

  • Moni Naor
  • Benny Pinkas
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1666)


We provide protocols for the following two-party problem: One party, the sender, has N values and the other party, the receiver, would like to learn k of them, deciding which ones in an adaptive manner (i.e. the ith value may depend on the first i-1 values). The sender does not want the receiver to obtain more than k values. This is a variant of the well known Oblivious Transfer (OT) problem and has applications in protecting privacy in various settings.

We present efficient protocols for the problem that require an O(N) computation in the preprocessing stage and fixed computation (independent of k) for each new value the receiver obtains. The on-line computation involves roughly log N invocations of a 1-out-2 OT protocol. The protocols are based on a new primitive, sum consistent synthesizers.


Data Element Transfer Phase Random Oracle Commitment Scheme Oblivious Transfer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Bellare and S. Micali, Non-interactive oblivious transfer and applications, Proc. Advances in Cryptology-Crypto’ 89, Springer-Verlag LNCS 435 (1990), 547–557.CrossRefGoogle Scholar
  2. 2.
    D. Boneh, The Decision Diffe-Hellman Problem, Proc. of the Third Algorithmic Number Theory Symposium, Springer-Verlag LNCS 1423 (1998) 48–63.CrossRefGoogle Scholar
  3. 3.
    G. Brassard, C. Crépeau and J.-M. Robert Information Theoretic Reduction Among Disclosure Problems, 27th Annual Symposium on Foundations of Computer Science, 1986, 168–173.Google Scholar
  4. 4.
    G. Brassard, C. Crépeau and J.-M. Robert, All-or-Nothing Disclosure of Secrets, Proc. Advances in Cryptology-Crypto’ 86, Springr-Verlag LNCS 263 (1987), 234–238.Google Scholar
  5. 5.
    C. Cachin, S. Micali and M. Stadler, Computationally Private Information Retrieval With Polylogarithmic Communication, Proc. Advances in Cryptology-Eurocrypt’ 99, Springr-Verlag LNCS 1592 (1999), 402–414.Google Scholar
  6. 6.
    D. Chaum, E. van Heijst, and B. Pfitzmann, Cryptographically strong undeniable signatures, unconditionally secure for the signer, Proc. Advances in Cryptology-Crypto’ 91.Google Scholar
  7. 7.
    B. Chor, N. Gilboa, and M. Naor, Private information retrieval by keywords, manuscript, 1998.Google Scholar
  8. 8.
    B. Chor, O. Goldreich, E. Kushilevitz and M. Sudan, Private Information Retrieval, JACM 45 (1998), 965–981. Preliminary version appeared in Proc. 36th IEEE Symposium on Foundations of Computer Science, 1995.Google Scholar
  9. 9.
    R. Cramer, I. Damgrd, B. Schoenmakers, Proofs of partial knowledge and simplified design of witness hiding protocols, Proc. Advances in Cryptology-Crypto’ 94, Springr-Verlag LNCS 839 (1994), 174–187.Google Scholar
  10. 10.
    R. Cramer and V. Shoup, A practical public key cryptosystem provably secure against adaptove chosen ciphertext attacks, Proc. Advances in Cryptology-Crypto’ 98, Springr-Verlag LNCS 1462 (1998), 13–25.CrossRefGoogle Scholar
  11. 11.
    W. Diffe and M. Hellman, New directions in cryptography, IEEE Trans. Inform. Theory, vol. 22(6), 1976, 644–654.CrossRefGoogle Scholar
  12. 12.
    Y. Dodis and S. Micali, Lower bounds for oblivious transfer reductions, Proc. Advances in Cryptology-Eurocrypt’ 99, Springr-Verlag LNCS 1592 (1999), 42–54.Google Scholar
  13. 13.
    C. Dwork, M. Naor, O. Reingold and L. Stockmeyer, Magic functions, manuscript, 1999.Google Scholar
  14. 14.
    T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, Proc. Advances in Cryptology-Crypto’ 84, Springr-Verlag LNCS 196 (1985), 10–18.Google Scholar
  15. 15.
    M. L. Fredman, J. Komlos and R. Szemeredi, Storing a sparse table with O(1) worst case access time, JACM 31 (1984), 538–544.zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    S. Even, O. Goldreich and A. Lempel, A Randomized Protocol for Signing Contracts, Communications of the ACM 28, 1985, 637–647.CrossRefMathSciNetGoogle Scholar
  17. 17.
    Y. Gertner, Y. Ishai, E. Kushilevitz, and T. Malkin, Protecting Data Privacy in Private Information Retrieval Schemes, Proc. of the 30th ACMSymp. on the Theory of Computing, 1998.Google Scholar
  18. 18.
    O. Goldreich, Secure Multi-Party Computation (working draft) Version 1.1, 1998. Available at
  19. 19.
    R. Impagliazzo and S. Rudich, Limits on the Provable Consequences of One-Way Permutations, Proc. of the 20th ACM Symp. on the Theory of Computing, 1988.Google Scholar
  20. 20.
    E. Kushilevitz and R. Ostrovsky, Replication Is Not Needed: Single Database, Computationally-Private Information Retrieval, Proc. 38th IEEE Symp. on Foundations of Computer Science, 1997Google Scholar
  21. 21.
    A. J. Menezes, P. C. van Oorschot and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996.Google Scholar
  22. 22.
    M. Naor, Bit Commitment Using Pseudo-Randomness, Journal of Cryptology, vol. 4, 1991, 151–158.zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    M. Naor and B. Pinkas, Oblivious Transfer and Polynomial Evaluation, Proc. 31th ACM Symp. on Theory of Computing, 1999, 245–254.Google Scholar
  24. 24.
    M. Naor and O. Reingold, Synthesizers and their application to the parallel construction of pseudo-random functions, Proc. 36th IEEE Symp. on Foundations of Computer Science, 1995, 170–181.Google Scholar
  25. 25.
    M. Naor and O. Reingold, Number-Theoretic constructions of efficient pseudorandom functions, Proc. 38th IEEE Symp. on Foundations of Computer Science, 1997, 458–467.Google Scholar
  26. 26.
    M. O. Rabin, How to exchange secrets by oblivious transfer, Tech. Memo TR-81, Aiken Computation Laboratory, 1981.Google Scholar
  27. 27.
    M. Stadler, Publicly verifiable secret sharing, Proc. Advances in Cryptology-Eurocrypt’ 96, Springr-Verlag LNCS 1070 (1996), 190–199.Google Scholar
  28. 28.
    S. Wiesner, Conjugate coding, SIGACT News 15, 1983, 78–88.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Moni Naor
    • 1
  • Benny Pinkas
    • 1
  1. 1.Dept. of Computer Science and Applied MathematicsWeizmann Institute of ScienceRehovotIsrael

Personalised recommendations