A randomized protocol for signing contracts
Communications of the ACM
All-or-nothing disclosure of secrets
Proceedings on Advances in cryptology---CRYPTO '86
Minimum disclosure proofs of knowledge
Journal of Computer and System Sciences - 27th IEEE Conference on Foundations of Computer Science October 27-29, 1986
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
Oblivious transfer protecting secrecy
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Adaptively secure multi-party computation
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Equivalence Between Two Flavours of Oblivious Transfers
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Non-Interactive Oblivious Transfer and Spplications
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Information theoretic reductions among disclosure problems
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Minimum resource zero knowledge proofs
SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
Adaptively Secure Oblivious Transfer
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Introduction to Secure Computation
Lectures on Data Security, Modern Cryptology in Theory and Practice, Summer School, Aarhus, Denmark, July 1998
Efficient 1-Out-n Oblivious Transfer Schemes
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
| Hi-index | 0.00 |
We analyze and enhance Oblivious Transfer (OT) protocols to accommodate security against adaptive attacks. Previous analysis has been static in nature, treating the security of Alice and the security of Bob as separate cases, determined in advance. It remains unclear whether existing protocols are provably secure against adaptive attacks, but we provide enhancements to make them provably secure against attacks by adaptive 1-adversaries, who can choose at any time whether to corrupt Alice or Bob. We determine circumstances under which OT can be executed "in the open," without encrypting the messages, thereby giving simple alternatives to encrypting an entire interaction. We isolate equivocation properties that provide enough flexibility for a simulator to handle adaptive attacks. These properties also provide a means for classifying OT protocols and understanding the subtle demands of security against adaptive adversaries, as well as designing protocols that can be proven secure against adaptive attacks.