Universally Composable Adaptive Priced Oblivious Transfer

Alfredo Rial; Markulf Kohlweiss; Bart Preneel

doi:10.1007/978-3-642-03298-1_15

Universally Composable Adaptive Priced Oblivious Transfer

Alfredo Rial, Markulf Kohlweiss, Bart Preneel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

An adaptive k-out-of-N Priced Oblivious Transfer (POT) scheme is a two-party protocol between a vendor and a buyer. The vendor sells a set of messages m₁, . . . ,m_N with prices p₁, . . . , p_N . In each transfer phase i = 1, . . . , k, the buyer chooses a selection value σ_i ∈ {1, . . . ,N} and interacts with the vendor to buy message m σ_i in such a way that the vendor does not learn σ i and the buyer does not get any information about the other messages.

We present a POT scheme secure under pairing-related assumptions in the standard model. Our scheme is universally composable and thus, unlike previous results, preserves security when it is executed with multiple protocol instances that run concurrently in an adversarially controlled way. Furthermore, after an initialization phase of complexity O(N), each transfer phase is optimal in terms of rounds of communication and it has constant computational and communication cost. To achieve these properties, we design the first efficient non-interactive proof of knowledge that a value lies in a given interval we are aware of.

Original language	English
Title of host publication	Pairing-Based Cryptography - Pairing 2009
Publisher	Springer
Pages	231-247
Number of pages	17
ISBN (Electronic)	978-3-642-03298-1
ISBN (Print)	978-3-642-03297-4
DOIs	https://doi.org/10.1007/978-3-642-03298-1_15
Publication status	Published - 2009
Event	3rd International Conference on Pairing-based Cryptography - Stanford University, Stanford, United States Duration: 12 Aug 2009 → 14 Aug 2009 http://cseweb.ucsd.edu/conferences/pairing09/

Publication series

Name	Lecture Notes in Computer Science
Volume	5671

Conference

Conference	3rd International Conference on Pairing-based Cryptography
Abbreviated title	Pairing 2009
Country	United States
City	Stanford
Period	12/08/09 → 14/08/09
Internet address	http://cseweb.ucsd.edu/conferences/pairing09/

Access to Document

10.1007/978-3-642-03298-1_15

https://link.springer.com/chapter/10.1007%2F978-3-642-03298-1_15

Fingerprint Dive into the research topics of 'Universally Composable Adaptive Priced Oblivious Transfer'. Together they form a unique fingerprint.

Cite this

@inproceedings{47473a1c420b457f84b97439053d1399,

title = "Universally Composable Adaptive Priced Oblivious Transfer",

abstract = "An adaptive k-out-of-N Priced Oblivious Transfer (POT) scheme is a two-party protocol between a vendor and a buyer. The vendor sells a set of messages m1, . . . ,mN with prices p1, . . . , pN . In each transfer phase i = 1, . . . , k, the buyer chooses a selection value σi ∈ {1, . . . ,N} and interacts with the vendor to buy message m σi in such a way that the vendor does not learn σ i and the buyer does not get any information about the other messages.We present a POT scheme secure under pairing-related assumptions in the standard model. Our scheme is universally composable and thus, unlike previous results, preserves security when it is executed with multiple protocol instances that run concurrently in an adversarially controlled way. Furthermore, after an initialization phase of complexity O(N), each transfer phase is optimal in terms of rounds of communication and it has constant computational and communication cost. To achieve these properties, we design the first efficient non-interactive proof of knowledge that a value lies in a given interval we are aware of.",

author = "Alfredo Rial and Markulf Kohlweiss and Bart Preneel",

year = "2009",

doi = "10.1007/978-3-642-03298-1_15",

language = "English",

isbn = "978-3-642-03297-4",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "231--247",

booktitle = "Pairing-Based Cryptography - Pairing 2009",

note = "3rd International Conference on Pairing-based Cryptography, Pairing 2009 ; Conference date: 12-08-2009 Through 14-08-2009",

url = "http://cseweb.ucsd.edu/conferences/pairing09/",

}

TY - GEN

T1 - Universally Composable Adaptive Priced Oblivious Transfer

AU - Rial, Alfredo

AU - Kohlweiss, Markulf

AU - Preneel, Bart

PY - 2009

Y1 - 2009

N2 - An adaptive k-out-of-N Priced Oblivious Transfer (POT) scheme is a two-party protocol between a vendor and a buyer. The vendor sells a set of messages m1, . . . ,mN with prices p1, . . . , pN . In each transfer phase i = 1, . . . , k, the buyer chooses a selection value σi ∈ {1, . . . ,N} and interacts with the vendor to buy message m σi in such a way that the vendor does not learn σ i and the buyer does not get any information about the other messages.We present a POT scheme secure under pairing-related assumptions in the standard model. Our scheme is universally composable and thus, unlike previous results, preserves security when it is executed with multiple protocol instances that run concurrently in an adversarially controlled way. Furthermore, after an initialization phase of complexity O(N), each transfer phase is optimal in terms of rounds of communication and it has constant computational and communication cost. To achieve these properties, we design the first efficient non-interactive proof of knowledge that a value lies in a given interval we are aware of.

AB - An adaptive k-out-of-N Priced Oblivious Transfer (POT) scheme is a two-party protocol between a vendor and a buyer. The vendor sells a set of messages m1, . . . ,mN with prices p1, . . . , pN . In each transfer phase i = 1, . . . , k, the buyer chooses a selection value σi ∈ {1, . . . ,N} and interacts with the vendor to buy message m σi in such a way that the vendor does not learn σ i and the buyer does not get any information about the other messages.We present a POT scheme secure under pairing-related assumptions in the standard model. Our scheme is universally composable and thus, unlike previous results, preserves security when it is executed with multiple protocol instances that run concurrently in an adversarially controlled way. Furthermore, after an initialization phase of complexity O(N), each transfer phase is optimal in terms of rounds of communication and it has constant computational and communication cost. To achieve these properties, we design the first efficient non-interactive proof of knowledge that a value lies in a given interval we are aware of.

U2 - 10.1007/978-3-642-03298-1_15

DO - 10.1007/978-3-642-03298-1_15

M3 - Conference contribution

SN - 978-3-642-03297-4

T3 - Lecture Notes in Computer Science

SP - 231

EP - 247

BT - Pairing-Based Cryptography - Pairing 2009

PB - Springer

T2 - 3rd International Conference on Pairing-based Cryptography

Y2 - 12 August 2009 through 14 August 2009

ER -