Universally Composable Adaptive Oblivious Transfer

11 years 8 months ago
Universally Composable Adaptive Oblivious Transfer
In an oblivious transfer (OT) protocol, a Sender with messages M1, . . . , MN and a Receiver with indices 1, . . . , k [1, N] interact in such a way that at the end the Receiver obtains M1 , . . . , Mk without learning anything about the other messages and the Sender does not learn anything about 1, . . . , k. In an adaptive protocol, the Receiver may obtain Mi-1 before deciding on i. Efficient adaptive OT protocols are interesting both as a building block for secure multiparty computation and for enabling oblivious searches on medical and patent databases. Historically, adaptive OT protocols were analyzed with respect to a "half-simulation" definition which Naor and Pinkas showed to be flawed. In 2007, Camenisch, Neven, and shelat, and subsequent other works, demonstrated efficient adaptive protocols in the full-simulation model. These protocols, however, all use standard rewinding techniques in their proofs of security and thus are not universally composable. Recently, Pe...
Matthew Green, Susan Hohenberger
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Authors Matthew Green, Susan Hohenberger
Comments (0)