Practical Oblivious Transfer Protocols

We consider 1-out-N Oblivious Transfer (OT) for strings. Oblivious Transfer is a primitive used in a variety of cryptographic protocols and applications (e.g. [11, 1, 10, 17, 12, 13]).We present a new highly efficient two-pass (one-round) protocol for 1- out-N OT. Our protocol has a constant online computational complexity (for the chooser as well as for the sender). This is a surprising property, since in our protocol the sender's computational complexity does not depend on the number N of strings. The privacy of chooser and sender is protected computational under the Decisional Diffie-Hellman assumption. We also sketch how to apply the techniques of [1] to our protocol to get a protocol for priced OT.

[1]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[2]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[3]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[4]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[5]  Donald Beaver,et al.  How to Break a "Secure" Oblivious Transfer Protocol , 1992, EUROCRYPT.

[6]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[7]  Ran Canetti,et al.  Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information , 1997, CRYPTO.

[8]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[9]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[10]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[11]  Moni Naor,et al.  Magic functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[12]  Wen-Guey Tzeng,et al.  Efficient 1-Out-n Oblivious Transfer Schemes , 2002, Public Key Cryptography.

[13]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[14]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[15]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[16]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.