Efficient k-out-of-n Oblivious Transfer Schemes

In this paper we propose efficient two-round k-out-of-n oblivious transfer schemes, in which R sends O(k) messages to S, and S sends O(n) messages back to R. The computation cost of R and S is reasonable. The choices of R are unconditionally secure. For the basic scheme, the secrecy of unchosen messages is guaranteed if the Decisional Diffie-Hellman problem is hard. When k=1, our basic scheme is as efficient as the most efficient 1-out-of-n oblivious transfer scheme. Our schemes have the nice property of universal parameters, that is each pair of R and S need neither hold any secret key nor perform any prior setup (initialization). The system parameters can be used by all senders and receivers without any trapdoor specification. Our k-out-of-n oblivious transfer schemes are the most efficient ones in terms of the communication cost, in both rounds and the number of messages. Moreover, one of our schemes can be extended in a straightforward way to an adaptivek-out-of-n oblivious transfer scheme, which allows the receiver R to choose the messages one by one adaptively. In our adaptive-query scheme, S sends O(n) messages to R in one round in the commitment phase. For each query of R, only O(1) messages are exchanged and O(1) operations are performed. In fact, the number k of queries need not be pre-fixed or known beforehand. This makes our scheme highly flexible.

[1]  Julien P. Stern A new and efficient all-or-nothing disclosure of secrets protocol , 1998 .

[2]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[3]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[4]  Alfredo De Santis,et al.  New Results on Unconditionally Secure Distributed Oblivious Transfer , 2002, Selected Areas in Cryptography.

[5]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[6]  Oded Goldreich,et al.  How to Solve any Protocol Problem - An Efficiency Improvement , 1987, CRYPTO.

[7]  Gilles Brassard,et al.  Oblivious transfers and intersecting codes , 1996, IEEE Trans. Inf. Theory.

[8]  Silvio Micali,et al.  Non-Interactive Oblivious Transfer and Spplications , 1989, CRYPTO.

[9]  Wen-Guey Tzeng Efficient 1-Out-of-n Oblivious Transfer Schemes with Universally Usable Parameters , 2004, IEEE Trans. Computers.

[10]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[11]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[12]  Jianhong Zhang,et al.  Practical t-out-n Oblivious Transfer and Its Applications , 2003, ICICS.

[13]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[14]  Helger Lipmaa,et al.  An Oblivious Transfer Protocol with Log-Squared Communication , 2005, ISC.

[15]  Moni Naor,et al.  Distributed Oblivious Transfer , 2000, ASIACRYPT.

[16]  Moni Naor,et al.  Oblivious Transfer with Adaptive Queries , 1999, CRYPTO.

[17]  Gilles Brassard,et al.  Practical Quantum Oblivious Transfer , 1991, CRYPTO.

[18]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[19]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[20]  Gilles Brassard,et al.  All-or-Nothing Disclosure of Secrets , 1986, CRYPTO.

[21]  Yael Gertner,et al.  Oblivious Transfer , 1997 .

[22]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[23]  Lila Kari,et al.  Secret Selling of Secrets with Several Buyers , 1990, Bull. EATCS.

[24]  Gilles Brassard,et al.  Information theoretic reductions among disclosure problems , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[25]  Wen-Guey Tzeng,et al.  Efficient 1-Out-n Oblivious Transfer Schemes , 2002, Public Key Cryptography.

[26]  Zhide Chen,et al.  Quantum m-out-of-n oblivious transfer , 2004, Proceedings. ISCC 2004. Ninth International Symposium on Computers And Communications (IEEE Cat. No.04TH8769).

[27]  Claude Crépeau,et al.  Oblivious transfer with a memory-bounded receiver , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[28]  Markus Stadler,et al.  Publicly Verifiable Secret Sharing , 1996, EUROCRYPT.

[29]  Chanathip Namprempre,et al.  The Power of RSA Inversion Oracles and the Security of Chaum's RSA-Based Blind Signature Scheme , 2002, Financial Cryptography.

[30]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[31]  Feng Bao,et al.  Security analysis of three oblivious transfer protocols , 2004 .

[32]  Kaoru Kurosawa,et al.  Oblivious keyword search , 2004, J. Complex..

[33]  Julien P. Stern A New Efficient All-Or-Nothing Disclosure of Secrets Protocol , 1998, ASIACRYPT.

[34]  Yan Zong Ding,et al.  Oblivious Transfer in the Bounded Storage Model , 2001, CRYPTO.

[35]  Valtteri Niemi,et al.  Cryptographic Protocols and Voting , 1994, Results and Trends in Theoretical Computer Science.

[36]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[37]  Yi Mu,et al.  m out of n Oblivious Transfer , 2002, ACISP.