Skip to Main content Skip to Navigation
Conference papers

Adaptive Oblivious Transfer with Access Control from Lattice Assumptions

Abstract : Adaptive oblivious transfer (OT) is a protocol where a sender initially commits to a database $\{M_i\}_{i=1}^N$. Then, a receiver can query the sender up to $k$ times with private indexes $\rho_1,\ldots,\rho_k$ so as to obtain $M_{\rho_1},\ldots , M_{\rho_k}$ and nothing else. Moreover, for each $i \in [k]$, the receiver's choice $\rho_i$ may depend on previously obtained messages. Oblivious transfer with access control (OT-AC) is a flavor of adaptive OT where database records are protected by distinct access control policies that specify which credentials a receiver should obtain in order to access each $M_i$. So far, all known OT-AC protocols only support access policies made of conjunctions or rely on {\it ad hoc} assumptions in pairing-friendly groups (or both). In this paper, we provide an OT-AC protocol where access policies may consist of any branching program of polynomial length, which is sufficient to realize any access policy in NC1. The security of our protocol is proved under the Learning-with-Errors (LWE) and Short-Integer-Solution (SIS) assumptions. As a result of independent interest, we provide protocols for proving the correct evaluation of a committed branching program on a committed input.
Document type :
Conference papers
Complete list of metadata

Cited literature [59 references]  Display  Hide  Download
Contributor : Benoit Libert Connect in order to contact the contributor
Submitted on : Tuesday, January 9, 2018 - 9:27:44 PM
Last modification on : Friday, September 30, 2022 - 4:12:18 AM


Files produced by the author(s)




Benoît Libert, San Ling, Fabrice Mouhartem, Khoa Nguyen, Huaxiong Wang. Adaptive Oblivious Transfer with Access Control from Lattice Assumptions. ASIACRYPT 2017 - Advances in Cryptology, Dec 2017, Hong Kong, China. pp.533-563, ⟨10.1007/978-3-319-70694-8_19⟩. ⟨hal-01622197v3⟩



Record views


Files downloads