Adaptive Oblivious Transfer with Access Control from Lattice Assumptions

Abstract : Adaptive oblivious transfer (OT) is a protocol where a sender initially commits to a database $\{M_i\}_{i=1}^N$. Then, a receiver can query the sender up to $k$ times with private indexes $\rho_1,\ldots,\rho_k$ so as to obtain $M_{\rho_1},\ldots , M_{\rho_k}$ and nothing else. Moreover, for each $i \in [k]$, the receiver's choice $\rho_i$ may depend on previously obtained messages. Oblivious transfer with access control (OT-AC) is a flavor of adaptive OT where database records are protected by distinct access control policies that specify which credentials a receiver should obtain in order to access each $M_i$. So far, all known OT-AC protocols only support access policies made of conjunctions or rely on {\it ad hoc} assumptions in pairing-friendly groups (or both). In this paper, we provide an OT-AC protocol where access policies may consist of any branching program of polynomial length, which is sufficient to realize any access policy in NC1. The security of our protocol is proved under the Learning-with-Errors (LWE) and Short-Integer-Solution (SIS) assumptions. As a result of independent interest, we provide protocols for proving the correct evaluation of a committed branching program on a committed input.
Document type :
Conference papers
Complete list of metadatas

Cited literature [59 references]  Display  Hide  Download

https://hal.inria.fr/hal-01622197
Contributor : Benoit Libert <>
Submitted on : Tuesday, January 9, 2018 - 9:27:44 PM
Last modification on : Wednesday, April 3, 2019 - 1:31:28 AM

File

OT-LWE-full-version.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Benoît Libert, San Ling, Fabrice Mouhartem, Khoa Nguyen, Huaxiong Wang. Adaptive Oblivious Transfer with Access Control from Lattice Assumptions. ASIACRYPT 2017 - Advances in Cryptology, Dec 2017, Hong Kong, China. pp.533-563, ⟨10.1007/978-3-319-70694-8_19⟩. ⟨hal-01622197v3⟩

Share

Metrics

Record views

337

Files downloads

301