Efficient fully-simulatable oblivious transfer
Andrew Y. Lindell
- 08 Apr 2008
- pp 52-70
TL;DR: This paper presents efficient oblivious transfer protocols that are secure in the presence of malicious adversaries under the real/ideal model simulation paradigm (without using general zero-knowledge proofs) and achieves constructions under the DDH, Nth residuosity and quadratic residencyuosity assumptions, as well as under the assumption that homomorphic encryption exists.
read more
Abstract: Oblivious transfer, first introduced by Rabin, is one of the basic building blocks of cryptographic protocols. In an oblivious transfer (or more exactly, in its 1-out-of-2 variant), one party known as the sender has a pair of messages and the other party known as the receiver obtains one of them. Somewhat paradoxically, the receiver obtains exactly one of the messages (and learns nothing of the other), and the sender does not know which of the messages the receiver obtained. Due to its importance as a building block for secure protocols, the efficiency of oblivious transfer protocols has been extensively studied. However, to date, there are almost no known oblivious transfer protocols that are secure in the presence of malicious adversaries under the real/ideal model simulation paradigm (without using general zero-knowledge proofs). Thus, efficient protocols that reach this level of security are of great interest. In this paper we present efficient oblivious transfer protocols that are secure according to the ideal/real model simulation paradigm. We achieve constructions under the DDH, Nth residuosity and quadratic residuosity assumptions, as well as under the assumption that homomorphic encryption exists.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
A Framework for Efficient and Composable Oblivious Transfer
Chris Peikert,Vinod Vaikuntanathan,Brent Waters +2 more
- 17 Aug 2008
TL;DR: In this paper, a general framework for constructing oblivious transfer (OT) protocols that are efficient, universally composable, and generally realizable under any one of a variety of standard number-theoretic assumptions, including the decisional Diffie-Hellman assumption, the quadratic residuosity and decisional composite residuosa assumptions, and worst-caselattice assumptions, was proposed.
•Posted Content
A Framework for Efficient and Composable Oblivious Transfer.
TL;DR: A multi-bit amortized version of Regev's lattice-based cryptosystem (STOC 2005) whose time and space complexity are improved by a linear factor in the security parameter n.
An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries
Yehuda Lindell,Benny Pinkas +1 more
- 20 May 2007
TL;DR: An efficient secure two-party protocol, based on Yao's construction, which provides security against malicious adversaries, and is the first paper to show how to properly implement these techniques, and to provide a full proof of security.
Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries
Yonatan Aumann,Yehuda Lindell +1 more
TL;DR: The notion of covert adversaries is introduced, which is believed to faithfully models the adversarial behavior in many commercial, political, and social settings and it is shown that it is possible to obtain highly efficient protocols that are secure against such adversaries.
Security against covert adversaries: efficient protocols for realistic adversaries
Yonatan Aumann,Yehuda Lindell +1 more
- 21 Feb 2007
TL;DR: This paper guarantees that if an adversary deviates from the protocol in a way that would enable it to "cheat", then the honest parties are guaranteed to detect this cheating with good probability and argues that this level of security is sufficient in many settings.
References
A public key cryptosystem and a signature scheme based on discrete logarithms
Taher Elgamal
- 23 Aug 1985
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms
Taher Elgamal
- 19 Aug 1984
TL;DR: In this article, a new signature scheme is proposed together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem and the security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
How to generate and exchange secrets
Andrew Chi-Chih Yao
- 27 Oct 1986
TL;DR: A new tool for controlling the knowledge transfer process in cryptographic protocol design is introduced and it is applied to solve a general class of problems which include most of the two-party cryptographic problems in the literature.
4.1K
•Proceedings Article
How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority
Oded Goldreich,Silvio Micali,Avi Wigderson +2 more
- 01 Jan 1987
TL;DR: Permission to copy without fee all or part of this material is granted provided that the copies are not made or Idistributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machimery.
3.9K
How to play ANY mental game
Oded Goldreich,Silvio Micali,Avi Wigderson +2 more
- 01 Jan 1987
TL;DR: This work presents a polynomial-time algorithm that, given as a input the description of a game with incomplete information and any number of players, produces a protocol for playing the game that leaks no partial information, provided the majority of the players is honest.