Universally Composable Adaptive Priced Oblivious Transfer

An adaptive k -out-of-N Priced Oblivious Transfer (POT) scheme is a two-party protocol between a vendor and a buyer. The vendor sells a set of messages m 1 , . . . ,m N with prices p 1 , . . . , p N . In each transfer phase i = 1, . . . , k , the buyer chooses a selection value *** i *** {1, . . . ,N } and interacts with the vendor to buy message m *** i in such a way that the vendor does not learn *** i and the buyer does not get any information about the other messages. We present a POT scheme secure under pairing-related assumptions in the standard model. Our scheme is universally composable and thus, unlike previous results, preserves security when it is executed with multiple protocol instances that run concurrently in an adversarially controlled way. Furthermore, after an initialization phase of complexity O (N ), each transfer phase is optimal in terms of rounds of communication and it has constant computational and communication cost. To achieve these properties, we design the first efficient non-interactive proof of knowledge that a value lies in a given interval we are aware of.

[1]  Matthew Green,et al.  Controlling Access to an Oblivious Database Using Stateful Anonymous Credentials , 2009, Public Key Cryptography.

[2]  Hung-Min Sun,et al.  Towards Privacy Preserving Digital Rights Management Using Oblivious Transfer , 2006 .

[3]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[4]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[5]  Richard E. Overill,et al.  Foundations of Cryptography: Basic Tools , 2002, J. Log. Comput..

[6]  Im-Yeong Lee,et al.  A study on contents distribution using electronic cash system , 2004, IEEE International Conference on e-Technology, e-Commerce and e-Service, 2004. EEE '04. 2004.

[7]  Yehuda Lindell,et al.  Lower Bounds for Concurrent Self Composition , 2004, TCC.

[8]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[9]  Ran Canetti,et al.  Universal Composition with Joint State , 2003, CRYPTO.

[10]  Markulf Kohlweiss,et al.  Compact E-Cash and Simulatable VRFs Revisited , 2009, Pairing.

[11]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[12]  P. Korgaonkar A Multivariate Analysis of Web Usage , 1999 .

[13]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[14]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[15]  Hannes Federrath,et al.  Project “anonymity and unobservability in the Internet” , 2000, CFP '00.

[16]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[17]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[18]  Markulf Kohlweiss,et al.  P-signatures and Noninteractive Anonymous Credentials , 2008, TCC.

[19]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[20]  Matthew Green,et al.  Blind Identity-Based Encryption and Simulatable Oblivious Transfer , 2007, ASIACRYPT.

[21]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[22]  Alessandro Acquisti,et al.  The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study , 2011, WEIS.

[23]  David Wagner,et al.  Advances in Cryptology - CRYPTO 2008, 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008. Proceedings , 2008, CRYPTO.

[24]  Christian Tobias Practical Oblivious Transfer Protocols , 2002, Information Hiding.

[25]  Matthew Green,et al.  Universally Composable Adaptive Oblivious Transfer , 2008, IACR Cryptol. ePrint Arch..

[26]  Yuval Ishai,et al.  Private simultaneous messages protocols with applications , 1997, Proceedings of the Fifth Israeli Symposium on Theory of Computing and Systems.

[27]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[28]  Giovanni Di Crescenzo,et al.  Necessary and Sufficient Assumptions for Non-iterative Zero-Knowledge Proofs of Knowledge for All NP Relations , 2000, ICALP.

[29]  Ian F. Blake,et al.  Strong Conditional Oblivious Transfer and Computing on Intervals , 2004, ASIACRYPT.

[30]  Moni Naor,et al.  Oblivious Transfer with Adaptive Queries , 1999, CRYPTO.

[31]  Ran Canetti,et al.  Obtaining Universally Compoable Security: Towards the Bare Bones of Trust , 2007, ASIACRYPT.

[32]  K. Srinathan,et al.  Alternative Protocols for Generalized Oblivious Transfer , 2008, ICDCN.

[33]  Jan Camenisch,et al.  Untraceable RFID tags via insubvertible encryption , 2005, CCS '05.

[34]  Rüdiger Grimm,et al.  Privacy protection for signed media files: a separation-of-duty approach to the lightweight DRM (LWDRM) system , 2004, MM&Sec '04.

[35]  Ivan Damgård,et al.  Essentially Optimal Universally Composable Oblivious Transfer , 2009, ICISC.

[36]  Bart Preneel,et al.  Efficient Oblivious Augmented Maps: Location-Based Services with a Payment Broker , 2007, Privacy Enhancing Technologies.

[37]  Abhi Shelat,et al.  Simulatable Adaptive Oblivious Transfer , 2007, EUROCRYPT.

[38]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[39]  Rafail Ostrovsky,et al.  Conditional Oblivious Transfer and Timed-Release Encryption , 1999, EUROCRYPT.

[40]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[41]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[42]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[43]  Javier Herranz Restricted adaptive oblivious transfer , 2011, Theor. Comput. Sci..

[44]  Abhi Shelat,et al.  Efficient Protocols for Set Membership and Range Proofs , 2008, ASIACRYPT.