Advertisement

Simulatable Adaptive Oblivious Transfer

  • Jan Camenisch
  • Gregory Neven
  • abhi shelat
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4515)

Abstract

We study an adaptive variant of oblivious transfer in which a sender has N messages, of which a receiver can adaptively choose to receive k one-after-the-other, in such a way that (a) the sender learns nothing about the receiver’s selections, and (b) the receiver only learns about the k requested messages. We propose two practical protocols for this primitive that achieve a stronger security notion than previous schemes with comparable efficiency. In particular, by requiring full simulatability for both sender and receiver security, our notion prohibits a subtle selective-failure attack not addressed by the security notions achieved by previous practical schemes.

Our first protocol is a very efficient generic construction from unique blind signatures in the random oracle model. The second construction does not assume random oracles, but achieves remarkable efficiency with only a constant number of group elements sent during each transfer. This second construction uses novel techniques for building efficient simulatable protocols.

Keywords

Signature Scheme Transfer Phase Random Oracle Blind Signature Random Oracle Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. [AIR01]
    Aiello, W(B.), Ishai, Y., Reingold, O.: Priced oblivious transfer: How to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. [ANN06]
    Abdalla, M., Namprempre, C., Neven, G.: On the (Im)possibility of blind message authentication codes. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 262–279. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. [BB04]
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. [BCR87]
    Brassard, G., Crépeau, C., Robert, J.M.: All-or-nothing disclosure of secrets. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 234–238. Springer, Heidelberg (1987)Google Scholar
  5. [BG92]
    Bellare, M., Goldreich, O.: On defining proofs of knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993)Google Scholar
  6. [BM90]
    Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547–557. Springer, Heidelberg (1990)Google Scholar
  7. [BNPS03]
    Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. J. Cryptology 16(3), 185–215 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  8. [Bol03]
    Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-diffie-hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. [BR93]
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM CCS 93, pp. 62–73 (1993)Google Scholar
  10. [Can00]
    Canetti, R.: Security and composition of multi-party cryptographic protocols. J. Cryptology 13(1), 143–202 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  11. [CDM00]
    Cramer, R.J.F., Damgård, I.B., MacKenzie, P.D.: Efficient zero-knowledge proofs of knowledge without intractability assumptions. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 354–373. Springer, Heidelberg (2000)Google Scholar
  12. [Cha88]
    Chaum, D.: Blind signature systems. U.S. Patent #4,759,063 (1988)Google Scholar
  13. [CK90]
    Crépeau, C., Kilian, J.: Weakening security assumptions and oblivious transfer. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 2–7. Springer, Heidelberg (1990)Google Scholar
  14. [CL04]
    Camenisch, J.L., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)Google Scholar
  15. [CNS07]
    Camenisch, J., Neven, G., Shelat, A.: Cryptology ePrint Archive (2007)Google Scholar
  16. [CPP07]
    Catalano, D., Pointcheval, D., Pornin, T.: Trapdoor hard-to-invert group isomorphisms and their application to password-based authentication. To appear in J. Cryptology (2007)Google Scholar
  17. [CS97]
    Camenisch, J.L., Stadler, M.A.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)Google Scholar
  18. [CT05]
    Chu, C.-K., Tzeng, W.-G.: Efficient k-out-of-n oblivious transfer schemes with adaptive and non-adaptive queries. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 172–183. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. [DNS04]
    Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. J. ACM 51(6), 851–898 (2004)zbMATHMathSciNetGoogle Scholar
  20. [DY05]
    Dodis, Y., Yampolskiy, A.: A verifiable random function with short proofs and keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. [EGL85]
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Communications of the ACM 28(6), 637–647 (1985)CrossRefMathSciNetGoogle Scholar
  22. [ElG85]
    ElGamal, T.: A public key cryptosystem and signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 469–472 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  23. [Gol04]
    Goldreich, O.: Foundations of Cryptography, Volume 2. Cambridge University Press, Cambridge (2004)CrossRefGoogle Scholar
  24. [GMW87]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game, or a completeness theorem for protocols with honest majority. In: 19th ACM STOC, pp. 218–229 (1987)Google Scholar
  25. [GO92]
    Goldwasser, S., Ostrovsky, R.: Invariant signatures and non-interactive zero-knowledge proofs are equivalent. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 228–245. Springer, Heidelberg (1993)Google Scholar
  26. [JLO97]
    Juels, A., Luby, M., Ostrovsky, R.: Security of blind digital signatures. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 150–164. Springer, Heidelberg (1997)Google Scholar
  27. [Kal05]
    Kalai, Y.T.: Smooth projective hashing and two-message oblivious transfer. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 78–95. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  28. [LL06]
    Laur, S., Lipmaa, H.: On security of sublinear oblivious transfer. Cryptology ePrint Archive (2006)Google Scholar
  29. [MS03]
    Malkhi, D., Sella, Y.: Oblivious transfer based on blind signatures. Technical Report 2003-31, Leibniz Center, Hebrew University (2003)Google Scholar
  30. [MSK02]
    Mitsunari, S., Sakai, R., Kasahara, M.: A new traitor tracing. IEICE Transactions Fundamentals E85-A(2), 481–484 (2002)Google Scholar
  31. [NP99a]
    Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. In: 31st ACM STOC, pp. 245–254 (1999)Google Scholar
  32. [NP99b]
    Naor, M., Pinkas, B.: Oblivious transfer with adaptive queries. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 573–590. Springer, Heidelberg (1999)Google Scholar
  33. [NP01]
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: 12th SODA, pp. 448–457 (2001)Google Scholar
  34. [NP05]
    Naor, M., Pinkas, B.: Computationally secure oblivious transfer. J. Cryptology 18 (2005)Google Scholar
  35. [OK04]
    Ogata, W., Kurosawa, K.: Oblivious keyword search. J. Complexity 20(2-3), 356–371 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  36. [Oka06]
    Okamoto, T.: Efficient blind and partially blind signatures without random oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 80–99. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  37. [OS04]
    Ogata, W., Sasahara, R.: k out of n oblivious transfer without random oracles. IEICE Transactions 87-A(1), 147–151 (2004)Google Scholar
  38. [PS96]
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)Google Scholar
  39. [Rab81]
    Rabin, M.: How to exchange secrets by oblivious transfer. Technical Report TR-81, Harvard Aiken Computation Laboratory (1981)Google Scholar
  40. [Wie83]
    Wiesner, S.: Conjugate Coding. SIGACT News 15, 78–88 (1983)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Jan Camenisch
    • 1
  • Gregory Neven
    • 2
    • 3
  • abhi shelat
    • 1
  1. 1.Zurich Research LaboratoryIBM ResearchRüschlikon
  2. 2.Dept. of Electrical EngineeringKatholieke Universiteit LeuvenHeverlee
  3. 3.Département d’InformatiqueEcole Normale SupérieureParis Cedex 05

Personalised recommendations