Equivocable Oblivious Transfer

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1070)


We analyze and enhance Oblivious Transfer (OT) protocols to accommodate security against adaptive attacks. Previous analysis has been static in nature, treating the security of Alice and the security of Bob as separate cases, determined in advance. It remains unclear whether existing protocols are provably secure against adaptive attacks, but we provide enhancements to make them provably secure against attacks by adaptive 1-adversaries, who can choose at any time whether to corrupt Alice or Bob. We determine circumstances under which OT can be ex- ecuted “in the open,” without encrypting the messages, thereby giving simple alternatives to encrypting an entire interaction. We isolate equivocation properties that provide enough flexibility for a simulator to handle adaptive attacks. These properties also provide a means for classifying OT protocols and understanding the subtle demands of security against adaptive adversaries, as well as designing protocols that can be proven secure against adaptive attacks.


Encryption Scheme Specification Protocol Oblivious Transfer Secure Multiparty Computation Probabilistic Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [B92]
    D. Beaver. “How to Break a’ secure’ Oblivious Transfer Protocol.” Advances in Cryptology — Eurocrypt’ 92 Proceedings, Springer-Verlag LNCS 658, 1993, 285–296.CrossRefGoogle Scholar
  2. [B96]
    D. Beaver. “Adaptively Secure Encryption.” Penn State Univ. Tech Report PSU-CSE-96-031, February 7, 1996.Google Scholar
  3. [BH92]
    D. Beaver, S. Haber. “Cryptographic Protocols Provably Secure Against Dynamic Adversaries.” Advances in Cryptology — Eurocrypt’ 92 Proceedings, Springer-Verlag LNCS 658, 1993, 307–323.CrossRefGoogle Scholar
  4. [BM89]
    M. Bellare, S. Micali. “Non-Interactive Oblivious Transfer and Applications.” Advances in Cryptology — Crypto’ 89 Proceedings, Springer-Verlag LNCS 435, 1990, 547–557.CrossRefGoogle Scholar
  5. [BCR86a]
    G. Brassard, C. Crépeau, J. Robert. “All or Nothing Disclosure of Secrets.” Advances in Cryptology — Crypto’ 86 Proceedings, Springer-Verlag LNCS 263, 1987, 234–238.Google Scholar
  6. [BCR86b]
    G. Brassard, C. Crépeau, J. Robert. “Information Theoretic Reductions among Disclosure Problems.” Proceedings of the 27 th FOCS, IEEE, 1986, 168–173.Google Scholar
  7. [BCC88]
    G. Brassard, D. Chaum, C. Crépeau. “Minimum Disclosure Proofs of Knowledge.” J. Comput. Systems Sci. 37, 1988, 156–189.CrossRefzbMATHGoogle Scholar
  8. [CFGN96]
    R. Canetti, U. Feige, O. Goldreich, M. Naor. “Adaptively Secure Multiparty Computation.” To appear, Proceedings of the 28 th STOC, ACM, 1996.Google Scholar
  9. [C87]
    C. Crépeau. “Equivalence Between Two Flavours of Oblivious Transfers.” Advances in Cryptology — Crypto’ 87 Proceedings, Springer-Verlag LNCS 293, 1988, 350–354.Google Scholar
  10. [Boe91]
    B. den Boer. “Oblivious Transfer Protecting Secrecy.” Advances in Cryptology — Eurocrypt’ 91 Proceedings, Springer-Verlag LNCS 547, 1991, 31–45.Google Scholar
  11. [DH76]
    W. Diffie, M. Hellman. “New Directions in Cryptography.” IEEE Transactions on Information Theory IT-22, November 1976, 644–654.CrossRefMathSciNetGoogle Scholar
  12. [EGL82]
    S. Even, O. Goldreich, A. Lempel. “A Randomized Protocol for Signing Contracts.” Comm. of the ACM 28:6, 1985, 637–647. (Early version: Proceedings of Crypto 1982, Springer-Verlag, 1983, 205–210.)CrossRefMathSciNetGoogle Scholar
  13. [GM84]
    S. Goldwasser, S. Micali. “Probabilistic Encryption.” J. Comput. Systems Sci. 28, 1984, 270–299.CrossRefzbMATHMathSciNetGoogle Scholar
  14. [GMR89]
    S. Goldwasser, S. Micali, C. Rackoff. “The Knowledge Complexity of Interactive Proof Systems.” SIAM J. on Computing 18:1, 1989, 186–208.CrossRefzbMATHMathSciNetGoogle Scholar
  15. [HL90]
    L. Harn, H. Lin. “Noninteractive Oblivious Transfer.” Electronics Letters 26:10, May 1990, 635–636.CrossRefGoogle Scholar
  16. [KMO89]
    J. Kilian, S. Micali, R. Ostrovsky. “Minimum Resource Zero-Knowledge Proofs.” Proceedings of the 30 th FOCS, IEEE, 1989, 1989, 474–479.Google Scholar
  17. [Rab81]
    M.O. Rabin. “How to Exchange Secrets by Oblivious Transfer.” TR-81, Harvard, 1981.Google Scholar
  18. [RSA78]
    R. Rivest, A. Shamir, L. Adleman. “A Method for Obtaining Digital Signatures and Public Key Cryptosystems.” Communications of the ACM 21:2, 1978, 120–126.CrossRefzbMATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  1. 1.Transarc Corp.Pittsburgh

Personalised recommendations