Essentially Optimal Universally Composable Oblivious Transfer

Oblivious transfer is one of the most important cryptographic primitives, both for theoretical and practical reasons and several protocols were proposed during the years. We propose a protocol which is simultaneously optimal on the following list of parameters: Security: it has universal composition. Trust in setup assumptions: only one of the parties needs to trust the setup (and some setup is needed for UC security). Trust in computational assumptions: only one of the parties needs to trust a computational assumption. Round complexity: it uses only two rounds. Communication complexity: it communicates $\mathcal{O}(1)$ group elements to transfer one out of two group elements. The Big-O notation hides 32, meaning that the communication is probably not optimal, but is essentially optimal in that the overhead is at least constant. Our construction is based on pairings, and we assume the presence of a key registration authority.

[1]  Marc Fischlin Universally Composable Oblivious Transfer in the Multi-party Setting , 2006, CT-RSA.

[2]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[3]  Matthew Green,et al.  Blind Identity-Based Encryption and Simulatable Oblivious Transfer , 2007, ASIACRYPT.

[4]  Yehuda Lindell,et al.  Efficient Fully-Simulatable Oblivious Transfer , 2008, Chic. J. Theor. Comput. Sci..

[5]  Ran Canetti,et al.  Universally composable protocols with relaxed set-up assumptions , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[6]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[7]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[8]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[9]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[10]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[11]  Yael Tauman Kalai,et al.  Smooth Projective Hashing and Two-Message Oblivious Transfer , 2005, Journal of Cryptology.

[12]  Ivan Damgård,et al.  Isolated Proofs of Knowledge and Isolated Zero Knowledge , 2008, EUROCRYPT.

[13]  Ivan Damgård,et al.  Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor , 2001, CRYPTO.

[14]  Moni Naor,et al.  Computationally Secure Oblivious Transfer , 2004, Journal of Cryptology.

[15]  Stephen Wiesner,et al.  Conjugate coding , 1983, SIGA.

[16]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[17]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[18]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[19]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[20]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[21]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[22]  Abhi Shelat,et al.  Simulatable Adaptive Oblivious Transfer , 2007, EUROCRYPT.

[23]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[24]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[25]  Vitaly Shmatikov,et al.  Efficient Two-Party Secure Computation on Committed Inputs , 2007, EUROCRYPT.

[26]  Juan A. Garay Efficient and Universally Composable Committed Oblivious Transfer and Applications , 2004, TCC.

[27]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[28]  Matthew Green,et al.  Universally Composable Adaptive Oblivious Transfer , 2008, IACR Cryptol. ePrint Arch..

[29]  Yael Tauman Kalai Smooth Projective Hashing and Two-Message Oblivious Transfer , 2005, EUROCRYPT.