Published by Dept. CS U. Chicago. Copyright 2008 CJTCS and the author.
Efficient Fully-Simulatable Oblivious Transfer
Department of Computer Science
December 2, 2008
Oblivious transfer, first introduced by Rabin, is one of the basic building
blocks of cryptographic protocols. In an oblivious transfer (or more exactly, in its
1-out-of-2 variant), one party known as the sender has a pair of messages and the other
party, known as the receiver, obtains one of them.
Somewhat paradoxically, the receiver obtains exactly one of the messages
(and learns nothing of the other), and the sender does not know which of the
messages the receiver obtained. Due to its importance as a building block
for secure protocols, the efficiency of oblivious transfer protocols has been extensively studied.
However, todate, there are almost no known oblivious transfer protocols that are
secure in the presence of malicious adversaries under the real/ideal model
simulation paradigm (without using general zero-knowledge proofs). Thus,
efficient protocols that reach this level of security are of great interest.
In this paper we present efficient oblivious transfer protocols that are secure
according to the ideal/real model simulation paradigm. We achieve constructions
under the DDH, Nth residuosity, and quadratic residuosity assumptions, as well
as under the assumption that homomorphic encryption exists.
- Preformatted versions of the article
- Source materials for custom formatting