A randomized protocol for signing contracts
Communications of the ACM
All-or-nothing disclosure of secrets
Proceedings on Advances in cryptology---CRYPTO '86
Completeness theorems for non-cryptographic fault-tolerant distributed computation
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Communications of the ACM
New Results on Unconditionally Secure Distributed Oblivious Transfer
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
Multiparty Protocols Tolerating Half Faulty Processors
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
On Unconditionally Secure Distributed Oblivious Transfer
INDOCRYPT '02 Proceedings of the Third International Conference on Cryptology: Progress in Cryptology
Distributed Oblivious Transfer
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On Unconditionally Secure Distributed Oblivious Transfer
Journal of Cryptology
Hi-index | 0.01 |
In a distributed oblivious transfer (DOT) the sender is replaced with m servers, and the receiver must contact k (k ≤ m) of these servers to learn the secret of her choice. Naor and Pinkas introduced the first unconditionally secure DOT for a sender holding two secrets. Blundo, D'Arco, Santis, and Stinson generalized Naor and Pinkas's protocol, in the case that the sender holds n secrets, in the first so-called (k, m)-DOT-(1n) protocol. Such a protocol should be secure against a coalition of less than k parties. However, Blundo et al. have shown that this level of security is impossible to achieve in one-round polynomialbased constructions. In this paper, we show that if communication is allowed amongst the servers, we are able to construct an unconditionally secure, polynomialbased (k, m)-DOT-(1n) protocol with the highest level of security. More precisely, in our construction, a receiver who contacts k servers and corrupt up to k - 1 servers (not necessarily from the set of the contacted servers) cannot learn more than one secret.