Article

Universally Composable Adaptive Priced Oblivious Transfer

Authors:

Markulf Kohlweiss,

Bart PreneelAuthors Info & Claims

Pairing '09: Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography

Pages 231 - 247

https://doi.org/10.1007/978-3-642-03298-1_15

Published: 31 July 2009 Publication History

Abstract

An adaptive <em>k</em> -out-of-<em>N</em> Priced Oblivious Transfer (POT) scheme is a two-party protocol between a vendor and a buyer. The vendor sells a set of messages <em>m</em> ₁, . . . ,<em>m</em> _<em>N</em> with prices <em>p</em> ₁, . . . , <em>p</em> _<em>N</em> . In each transfer phase <em>i</em> = 1, . . . , <em>k</em>, the buyer chooses a selection value <em>***</em> _<em>i</em> *** {1, . . . ,<em>N</em> } and interacts with the vendor to buy message <em>m</em> _<em>***</em> _<em>i</em> in such a way that the vendor does not learn <em>***</em> _<em>i</em> and the buyer does not get any information about the other messages.

We present a POT scheme secure under pairing-related assumptions in the standard model. Our scheme is universally composable and thus, unlike previous results, preserves security when it is executed with multiple protocol instances that run concurrently in an adversarially controlled way. Furthermore, after an initialization phase of complexity <em>O</em> (<em>N</em> ), each transfer phase is optimal in terms of rounds of communication and it has constant computational and communication cost. To achieve these properties, we design the first efficient non-interactive proof of knowledge that a value lies in a given interval we are aware of.

References

[1]

Koargonkar, P., Wolin, L.: A multivariate analysis of web usage. Journal of Advertising Research, 53-68 (March/April 1999).

[2]

Tsai, J., Egelman, S., Cranor, L., Acquisti, R.: The effect of online privacy information on purchasing behavior: An experimental study, working paper (June 2007).

[3]

Grimm, R., Aichroth, P.: Privacy protection for signed media files: a separation-of-duty approach to the lightweight drm (lwdrm) system. In: Dittmann, J., Fridrich, J.J. (eds.) MM&Sec, pp. 93-99. ACM, New York (2004).

[4]

Lee, D.G., Oh, H.G., Lee, I.Y.: A study on contents distribution using electronic cash system. In: EEE 2004: Proceedings of the 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service (EEE 2004), Washington, DC, USA, pp. 333-340. IEEE Computer Society, Los Alamitos (2004).

[5]

Chaum, D.: Blind signatures for untraceable payments. In: CRYPTO 1982, pp. 199-203. Plenum Press, New York (1999).

[6]

Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact E-Cash. In: Cramer, R. (ed.) EUROCRYPT2005. LNCS, vol. 3494, pp. 302-321. Springer,Heidelberg (2005).

[7]

Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: Compact e-cash and simulatable VRFs revisited. Cryptology ePrint Archive, Report 2009/107 (2009), http://eprint.iacr.org/

[8]

Berthold, O., Federrath, H., Köhntopp, M.: Project anonymity and unobservability in the internet. In: CFP 2000: Proceedings of the tenth conference on Computers, freedom and privacy, pp. 57-65. ACM, New York (2000).

[9]

Sun, H.-M., Wang, K.-H., Hung, C.-F.: Towards privacy preserving digital rights management using oblivious transfer.

[10]

Aiello, W., Ishai, Y., Reingold, O.: Priced oblivious transfer: How to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119-135. Springer, Heidelberg (2001).

[11]

Rabin, M.O.: How to exchange secrets by oblivious transfer (1981).

[12]

Naor, M., Pinkas, B.: Oblivious transfer with adaptive queries. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 573-590. Springer, Heidelberg (1999).

[13]

Kohlweiss, M., Faust, S., Fritsch, L., Gedrojc, B., Preneel, B.: Efficient oblivious augmented maps: Location-based services with a payment broker. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 77-94. Springer, Heidelberg (2007).

[14]

Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: FOCS 2001: Proceedings of the 42nd IEEE symposium on Foundations of Computer Science, Washington, DC, USA, p. 136. IEEE Computer Society, Los Alamitos (2001).

[15]

Camenisch, J., Neven, G., Shelat, A.: Simulatable adaptive oblivious transfer. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 573-590. Springer, Heidelberg (2007).

[16]

Green, M., Hohenberger, S.: Blind identity-based encryption and simulatable oblivious transfer. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 265-282. Springer, Heidelberg (2007).

[17]

Green, M., Hohenberger, S.: Universally composable adaptive oblivious transfer. Cryptology ePrint Archive, Report 2008/163 (2008), http://eprint.iacr.org/

[18]

Damgård, I., Nielsen, J.B., Orlandi, C.: Essentially optimal universally composable oblivious transfer. Cryptology ePrint Archive, Report 2008/220 (2008), http://eprint.iacr.org/

[19]

Wagner, D. (ed.): CRYPTO 2008. LNCS, vol. 5157. Springer, Heidelberg (2008).

[20]

Tobias, C.: Practical oblivious transfer protocols. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 415-426. Springer, Heidelberg (2003).

[21]

Crescenzo, G.D., Ostrovsky, R., Rajagopalan, S.: Conditional oblivious transfer and timed-release encryption. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 74-89. Springer, Heidelberg (1999).

[22]

Blake, I.F., Kolesnikov, V.: Strong conditional oblivious transfer and computing on intervals. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 515-529. Springer, Heidelberg (2004).

[23]

Ishai, Y., Kushilevitz, E.: Private simultaneous messages protocols with applications. In: Proc. of 5th ISTCS, pp. 174-183 (1997).

[24]

Shankar, B., Srinathan, K., Rangan, C.P.: Alternative protocols for generalized oblivious transfer. In: Rao, S., Chatterjee, M., Jayanti, P., Murthy, C.S.R., Saha, S.K. (eds.) ICDCN 2008. LNCS, vol. 4904, pp. 304-309. Springer, Heidelberg (2008).

[25]

Herranz, J.: Restricted adaptive oblivious transfer. Cryptology ePrint Archive, Report 2008/182 (2008), http://eprint.iacr.org/

[26]

Coull, S., Green, M., Hohenberger, S.: Controlling access to an oblivious database using stateful anonymous credentials. Cryptology ePrint Archive, Report 2008/474 (2008), http://eprint.iacr.org/

[27]

Camenisch, J., Chaabouni, R., Shelat, A.: Efficient protocols for set membership and range proofs. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 234-252. Springer, Heidelberg (2008).

[28]

Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415-432. Springer, Heidelberg (2008).

[29]

Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M.K. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41-55. Springer, Heidelberg (2004).

[30]

Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: P-signatures and noninteractive anonymous credentials. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 356-374. Springer, Heidelberg (2008).

[31]

Boyen, X., Waters, B.: Full-domain subgroup hiding and constant-size group signatures. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 1-15. Springer, Heidelberg (2007).

[32]

Canetti, R.: Obtaining universally compoable security: Towards the bare bones of trust. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 88-112. Springer, Heidelberg (2007).

[33]

Santis, A.D., Di Crescenzo, G., Persiano, G.: Necessary and sufficient assumptions for non-interactive zero-knowledge proofs of knowledge for all NP relations. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 451-462. Springer, Heidelberg (2000).

[34]

Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186-208 (1989).

[35]

Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, New York (2000).

[36]

Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: STOC 1988: Proceedings of the twentieth annual ACM symposium on Theory of computing, pp. 103-112. ACM Press, New York (1988).

[37]

Feige, U., Lapidot, D., Shamir, A.: Multiple noninteractive zero knowledge proofs under general assumptions. SIAM Journal on Computing 29(1), 1-28 (1999).

[38]

Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410-424. Springer, Heidelberg (1997).

[39]

Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281-308 (1988).

[40]

Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56-73. Springer, Heidelberg (2004).

[41]

Ateniese, G., Camenisch, J., de Medeiros, B.: Untraceable RFID tags via insubvertible encryption. In: CCS 2005: Proceedings of the 12th ACM conference on Computer and communications security, pp. 92-101. ACM, New York (2005).

[42]

Canetti, R., Rabin, T.: Universal composition with joint state. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265-281. Springer, Heidelberg (2003).

Cited By

Ganesh CKhoshakhlagh HParisella R(2022)NIWI and New Notions of Extraction for Algebraic LanguagesSecurity and Cryptography for Networks10.1007/978-3-031-14791-3_30(687-710)Online publication date: 12-Sep-2022
https://dl.acm.org/doi/10.1007/978-3-031-14791-3_30
Devevey JLibert BPeters T(2022)Rational Modular Encoding in the DCR Setting: Non-interactive Range Proofs and Paillier-Based Naor-Yung in the Standard ModelPublic-Key Cryptography – PKC 202210.1007/978-3-030-97121-2_22(615-646)Online publication date: 8-Mar-2022
https://dl.acm.org/doi/10.1007/978-3-030-97121-2_22
Damodaran ARial A(2020)Unlinkable Updatable Databases and Oblivious Transfer with Access ControlInformation Security and Privacy10.1007/978-3-030-55304-3_30(584-604)Online publication date: 30-Nov-2020
https://dl.acm.org/doi/10.1007/978-3-030-55304-3_30
Show More Cited By

Recommendations

Optimistic fair priced oblivious transfer
AFRICACRYPT'10: Proceedings of the Third international conference on Cryptology in Africa

Priced oblivious transfer (POT) is a two-party protocol between a vendor and a buyer in which the buyer purchases digital goods without the vendor learning what is bought. Although privacy properties are guaranteed, current schemes do not offer fair ...
Universally Composable Adaptive Oblivious Transfer
ASIACRYPT '08: Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology

In an oblivious transfer <Emphasis FontCategory="SansSerif">(OT)</Emphasis> protocol, a Sender with messages <em>M</em> <Subscript>1</Subscript> ,...,<em>M</em> <Subscript> <em>N</em> </Subscript> and a Receiver with indices <em>***</em> <Subscript>1</...
Essentially Optimal Universally Composable Oblivious Transfer
Information Security and Cryptology --- ICISC 2008

Oblivious transfer is one of the most important cryptographic primitives, both for theoretical and practical reasons and several protocols were proposed during the years. We propose a protocol which is simultaneously optimal on the following list of ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Pairing '09: Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography

July 2009

265 pages

ISBN:9783642032974

Editors:
Hovav Shacham
Department of Computer Science and Engineering, University of California, San Diego, La Jolla, USA 92093-0404
,
Brent Waters
University of Texas at Austin Department of Computer Science, Austin, USA 78712-1188

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 31 July 2009

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ganesh CKhoshakhlagh HParisella R(2022)NIWI and New Notions of Extraction for Algebraic LanguagesSecurity and Cryptography for Networks10.1007/978-3-031-14791-3_30(687-710)Online publication date: 12-Sep-2022
https://dl.acm.org/doi/10.1007/978-3-031-14791-3_30
Devevey JLibert BPeters T(2022)Rational Modular Encoding in the DCR Setting: Non-interactive Range Proofs and Paillier-Based Naor-Yung in the Standard ModelPublic-Key Cryptography – PKC 202210.1007/978-3-030-97121-2_22(615-646)Online publication date: 8-Mar-2022
https://dl.acm.org/doi/10.1007/978-3-030-97121-2_22
Damodaran ARial A(2020)Unlinkable Updatable Databases and Oblivious Transfer with Access ControlInformation Security and Privacy10.1007/978-3-030-55304-3_30(584-604)Online publication date: 30-Nov-2020
https://dl.acm.org/doi/10.1007/978-3-030-55304-3_30
Damodaran ARial A(2020)UC Updatable Databases and ApplicationsProgress in Cryptology - AFRICACRYPT 202010.1007/978-3-030-51938-4_4(66-87)Online publication date: 20-Jul-2020
https://dl.acm.org/doi/10.1007/978-3-030-51938-4_4
Damodaran ADubovitskaya MRial A(2019)UC Priced Oblivious Transfer with Purchase Statistics and Dynamic PricingProgress in Cryptology – INDOCRYPT 201910.1007/978-3-030-35423-7_14(273-296)Online publication date: 15-Dec-2019
https://dl.acm.org/doi/10.1007/978-3-030-35423-7_14
Daza VGonzález APindado ZRàfols CSilva J(2019)Shorter Quadratic QA-NIZK ProofsPublic-Key Cryptography – PKC 201910.1007/978-3-030-17253-4_11(314-343)Online publication date: 14-Apr-2019
https://dl.acm.org/doi/10.1007/978-3-030-17253-4_11
Diaz JChoi SArroyo DKeromytis ARodriguez FYung M(2018)Privacy in e-Shopping Transactions: Exploring and Addressing the Trade-OffsCyber Security Cryptography and Machine Learning10.1007/978-3-319-94147-9_17(206-226)Online publication date: 21-Jun-2018
https://dl.acm.org/doi/10.1007/978-3-319-94147-9_17
Blazy OChevalier CGermouty P(2016)Adaptive Oblivious Transfer and GeneralizationProceedings, Part II, of the 22nd International Conference on Advances in Cryptology --- ASIACRYPT 2016 - Volume 1003210.1007/978-3-662-53890-6_8(217-247)Online publication date: 4-Dec-2016
https://dl.acm.org/doi/10.1007/978-3-662-53890-6_8
Wang YZhang ZMatsuda THanaoka GTanaka K(2016)How to Obtain Fully Structure-Preserving Automorphic Signatures from Structure-Preserving OnesProceedings, Part II, of the 22nd International Conference on Advances in Cryptology --- ASIACRYPT 2016 - Volume 1003210.1007/978-3-662-53890-6_16(465-495)Online publication date: 4-Dec-2016
https://dl.acm.org/doi/10.1007/978-3-662-53890-6_16
Guleria VDutta R(2016)Efficient oblivious transfer with adaptive queries in UC frameworkSecurity and Communication Networks10.1002/sec.15059:15(2592-2611)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1002/sec.1505
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents