Efficient k-Out-of-n Oblivious Transfer Schemes with Adaptive and Non-adaptive Queries

  • Cheng-Kang Chu
  • Wen-Guey Tzeng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3386)


In this paper we propose efficient two-round k-out-of-n oblivious transfer schemes, in which R sends O(k) messages to S, and S sends O(n) messages back to R. The computation cost of R and S is reasonable. The choices of R are unconditionally secure. For the basic scheme, the secrecy of unchosen messages is guaranteed if the Decisional Diffie-Hellman problem is hard. When k=1, our basic scheme is as efficient as the most efficient 1-out-of-n oblivious transfer scheme. Our schemes have the nice property of universal parameters, that is each pair of R and S need neither hold any secret key nor perform any prior setup (initialization). The system parameters can be used by all senders and receivers without any trapdoor specification. Our k-out-of-n oblivious transfer schemes are the most efficient ones in terms of the communication cost, in both rounds and the number of messages.

Moreover, one of our schemes can be extended in a straightforward way to an adaptivek-out-of-n oblivious transfer scheme, which allows the receiver R to choose the messages one by one adaptively. In our adaptive-query scheme, S sends O(n) messages to R in one round in the commitment phase. For each query of R, only O(1) messages are exchanged and O(1) operations are performed. In fact, the number k of queries need not be pre-fixed or known beforehand. This makes our scheme highly flexible.


k-out-of-n Oblivious Transfer Adaptive Oblivious Transfer 


  1. [BBCS91]
    Bennett, C.H., Brassard, G., Crépeau, C., Skubiszewska, M.-H.: Practical quantum oblivious transfer. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 351–366. Springer, Heidelberg (1992)Google Scholar
  2. [BCR86]
    Brassard, G., Crépeau, C., Robert, J.M.: All-or-nothing disclosure of secrets. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 234–238. Springer, Heidelberg (1987)Google Scholar
  3. [BCR87]
    Brassard, G., Crépeau, C., Robert, J.-M.: Information theoretic re ductions among disclosure problems. In: Proceedings of 28th Annual Symposium on Foundations of Computer Science (FOCS 1987), pp. 427–437. IEEE, Los Alamitos (1987)Google Scholar
  4. [BCS96]
    Brassard, G., Crépeau, C., Sántha, M.: Oblivious transfers and intersecting codes. IEEE Transactions on Information Theory 42(6), 1769–1780 (1996)MATHCrossRefGoogle Scholar
  5. [BDSS02]
    Blundo, C., D’Arco, P., De Santis, A., Stinson, D.R.: New results on unconditionally secure distributed oblivious transfer. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 291–309. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. [BM89]
    Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547–557. Springer, Heidelberg (1990)Google Scholar
  7. [BNPS01]
    Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: Power of rsa inversion oracles and the security of Chaum’s RSAbased blind signature scheme. In: Proceedings of Financial Cryptography (FC 2001), pp. 319–338. Springer, Heidelberg (2001)Google Scholar
  8. [Bol03]
    Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-diffie-hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. [CCM98]
    Cachin, C., Crepeau, C., Marcil, J.: Oblivious transfer with a memory-bounded receiver. In: Proceedings of 39th Annual Symposium on Foundations of Computer Science (FOCS 1998), pp. 493–502. IEEE, Los Alamitos (1998)Google Scholar
  10. [CZ03]
    Chen, Z., Zhu, H.: Quantum m-out-of-n oblivious transfer. Technical report, arXiv:cs.CR/0311039 (2003)Google Scholar
  11. [Din01]
    Ding, Y.Z.: Oblivious transfer in the bounded storage model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 155–170. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. [EGL85]
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Communications of the ACM 28(6), 637–647 (1985)CrossRefMathSciNetGoogle Scholar
  13. [GV87]
    Goldreich, O., Vainish, R.: How to solve any protocol probleman efficiency improvement. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 73–86. Springer, Heidelberg (1988)Google Scholar
  14. [IKNP03]
    Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. [Kil88]
    Kilian, J.: Founding cryptography on oblivious transfer. In: Proceedings of the 20th Annual ACM Symposium on the Theory of Computing (STOC 1988), pp. 20–31. ACM, New York (1988)Google Scholar
  16. [Lip]
  17. [Lip04]
    Lipmaa, H.: An oblivious transfer protocol with log-squared communication. Technical report, Cryptology ePrint Archive: Report 2004/063 (2004)Google Scholar
  18. [MZV02]
    Mu, Y., Zhang, J., Varadharajan, V.: m out of n oblivious transfer. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 395–405. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. [NP99a]
    Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. In: Proceedings of the 31th Annual ACM Symposium on the Theory of Computing (STOC 1999), pp. 245–254. ACM, New York (1999)CrossRefGoogle Scholar
  20. [NP99b]
    Naor, M., Pinkas, B.: Oblivious transfer with adaptive queries. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 573–590. Springer, Heidelberg (1999)Google Scholar
  21. [NP00]
    Naor, M., Pinkas, B.: Distributed oblivious transfer. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 200–219. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  22. [NP01]
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proceedings of the 12th Annual Symposium on Discrete Algorithms (SODA 2001), pp. 448–457. ACM/SIAM (2001)Google Scholar
  23. [NR94]
    Niemi, V., Renvall, A.: Cryptographic protocols and voting. In: Karhumäki, J., Rozenberg, G., Maurer, H.A. (eds.) Results and Trends in Theoretical Computer Science. LNCS, vol. 812, pp. 307–317. Springer, Heidelberg (1994)Google Scholar
  24. [OK02]
    Ogata, W., Kurosawa, K.: Oblivious keyword search. Journal of Complexity 20(2-3), 356–371 (2004)MATHCrossRefMathSciNetGoogle Scholar
  25. [Rab81]
    Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical Report TR-81, Aiken Computation Laboratory, Harvard University (1981)Google Scholar
  26. [SS90]
    Salomaa, A., Santean, L.: Secret selling of secrets with several buyers. Bulletin of the European Association for Theoretical Computer Science (EATCS) 42, 178–186 (1990)MATHGoogle Scholar
  27. [Ste98]
    Stern, J.P.: A new and efficient all-or-nothing disclosure of secrets protocol. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 357–371. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  28. [Tze02]
    Tzeng, W.-G.: Efficient 1-out-n oblivious transfer schemes. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 159–171. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  29. [YBD03]
    Yao, G., Bao, F., Deng, R.: Security analysis of three oblivious transfer protocols. In: Workshop on Coding, Cryptography and Combinatorics, Huangshan City, China (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Cheng-Kang Chu
    • 1
  • Wen-Guey Tzeng
    • 1
  1. 1.Department of Computer and Information ScienceNational Chiao Tung UniversityHsinchuTaiwan

Personalised recommendations