Efficient oblivious transfer protocols

1 Introduction Oblivious Transfer (OT) protocols allow one party, the sender,to transmit part of its inputs to another party, the chooser, in amanner that protects both of them: the sender is assured that thechooser does not receive more information than it is entitled,while the chooser is assured that the sender does not learn whichpart of the inputs it received. OT is used as a key component inmany applications of cryptography. Its computational requirementsare quite demanding and they are likely to be the bottleneck inmany applications that invoke it. 1.1 Contributions. This paper presents several significant improvements tooblivious transfer (OT) protocols of strings, and in particular:(i) Improving the efficiency of applications which many invocationsof oblivious transfer. (ii) Providing the first two-round OTprotocol whose security analysis does not invoke the random oraclemodel.

[1]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[2]  Moni Naor,et al.  Zaps and their applications , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[3]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[4]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[5]  Ran Canetti,et al.  Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information , 1997, CRYPTO.

[6]  Kazue Sako,et al.  Secure Voting Using Partially Compatible Homomorphisms , 1994, CRYPTO.

[7]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[8]  Russell Impagliazzo,et al.  Limits on the Provable Consequences of One-way Permutations , 1988, CRYPTO.

[9]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[10]  Ran Canetti,et al.  An Efficient Threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack , 1999, EUROCRYPT.

[11]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[12]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[13]  Silvio Micali,et al.  Non-Interactive Oblivious Transfer and Applications , 1989, CRYPTO.

[14]  Giovanni Di Crescenzo,et al.  On monotone formula closure of SZK , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[15]  Moni Naor,et al.  Magic functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[16]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[17]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[18]  Moni Naor,et al.  Small-Bias Probability Spaces: Efficient Constructions and Applications , 1993, SIAM J. Comput..

[19]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, Journal of Cryptology.

[20]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[21]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[22]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[23]  Markus Stadler,et al.  Publicly Verifiable Secret Sharing , 1996, EUROCRYPT.

[24]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[25]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[26]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.