4.5 Extensions
4.5.2 Other Predicates
In addition to the basic predicates, we can design COC schemes for many other interesting predicates. For these predicates, the sender may need to perform multiplication on two messages encrypted by an additively homo-morphic encryption scheme. However, there is no known encryption scheme with both additive and multiplicative homomorphism properties. So we use the BGN encryption scheme which can perform multiplication on two cipher-texts “one-time”. In the setting of using threshold cryptosystems, the sender can even perform multiplication on two ciphertexts arbitrary times via some interactions [CDN01].
In fact, COC can be designed for a predicate of evaluating a bivariate polynomial f (x, y). For example, to compute a public polynomial f (x, y) = a2x2y2 + a1x2y + a0y, the receivers send the encryptions of x, x2, y and y2
to the sender respectively. The sender then computes the polynomial by the following steps.
1. Perform the one-time multiplication on the encrypted messages such that z2 = x2y2 and z1 = x2y.
2. Perform the constant multiplication: a2z2, a1z1 and a0y.
3. Compute f (x, y) = a2z2+ a1z1+ a0y.
After computing f (x, y), the sender can embed messages by the result.
Alternatively, we can let one receiver hold the polynomial f and the other one hold the secret x. The sender sends messages by the result of f (x). For example, for the “membership” predicate, one receiver encodes his set of secrets as a k-degree polynomial such that f (x) = 0 if and only if x belongs to the set, and the other receiver computes x, x2, . . . , xk for his secret x. The sender then sends the message to the receivers such that they get it if and only if f (x) = 0. This “membership” predicate can be used in our oblivious authenticated information retrieval application described in Section 1.
• Message sender S has a message m ∈ M and receivers A and B have their secrets x and y, respectively, where x, y ∈ {0, 1}n.
• Each of A, B and S has a secret key share corresponding to the public key pk.
• All parties should verify received proofs and encryptions of constants.
Once a verification fails, the party terminates the protocol.
1. S posts Em= Epk(m) and the corresponding NI-PPK proof.
2. A and B post Ex[i] = Epk(x[i]), Ey[i] = Epk(y[i]) and the corresponding encryption of rAi, rBi, rSi, and the corresponding NI-PCM proofs, respectively.
(e) Compute Efi = EfAi¢ EfBi¢ EfSi. (f) All parties compute Evi= Em¢ Efi. 5. All parties perform (Ev0
1, Ev0
2, . . . , Ev0n) = Mix-Net(Ev1, Ev2, . . . , Evn).
6. S sends the partial decryptions of (Ev01, Ev20, . . . , Ev0n) to A and B.
7. A and B jointly decrypt the ciphertexts with S’s partial decryptions and identify the correct message if existent.
Figure 4.6: MAL-INE-COC-I scheme against malicious parties
• Message sender S has a secret message m ∈ M.
• Receivers A and B have their own key pairs (pkA, skA), (pkB, skB) of E0 = (G0, E0, D0) respectively, and a common key pair (pkR, skR) of E = (G, E, D).
1. A and B send EpkR(x), EpkR(y) to S, respectively, where x, y ∈R{0, 1}.
2. S computes the following values via the homomorphic encryption scheme:
(a) d = x − y, d0= x + y − 1.
(b) v = m + rd, v0= m + r0d0, where r, r0 ∈RM.
3. S sends Epk0 A(EpkR(v)) and Epk0 B(EpkR(v0)) to A and B, respectively.
4. A and B decrypt the received messages and get the message m or a random value.
Figure 4.7: The Oblivious Cast Scheme
Chapter 5 Conclusion
In this thesis we discussed privacy-preserving data retrieval via introducing k-out-of-n oblivious transfer and conditional oblivious cast. We presented four very efficient OTknschemes with unconditional security of either receiver or sender. The first two OTkn schemes with unconditional receiver’s security are secure against semi-honest receivers in the standard model and malicious receivers in the random oracle model, respectively. The other two schemes with unconditional sender’s security can be either generically constructed or efficiently performed. We also proposed an efficient Adpt-OTkn for adaptive queries. The essential technique is to reverse the order of key commitment and message commitment. In most previous schemes (including Semi-OTkn-I), the message commitments are dependent on the key commitments. Never-theless, in our scheme Mal-OTkn-I, the message commitments are independent of the key commitments. Thus, the message commitments can be sent to R first.
Then we introduce a new notion of conditional oblivious cast, which
ex-tends conditional oblivious transfer to the three-party case. The definitions of this notion are given. We also provide COC implementations for some fundamental predicates, such as “equality”, “inequality”, and “greater than”
predicates. By our schemes, we construct a new oblivious cast scheme with-out any additional assumption. We believe that COC is a fundamental prim-itive for secure multi-party computation.
Bibliography
[ADR02] Yonatan Aumann, Yan Zong Ding, and Michael O. Rabin. Ev-erlasting security in the bounded storage model. IEEE Transac-tions on Information Theory, 48(6):1668–1680, 2002.
[AIR01] William Aiello, Yuval Ishai, and Omer Reingold. Priced oblivious transfer: How to sell digital goods. In Proceedings of Advances in Cryptology - EUROCRYPT ’01, volume 2045 of LNCS, pages 119–135. Springer, 2001.
[AJL04] Andris Ambainis, Markus Jakobsson, and Helger Lipmaa. Cryp-tographic randomized response techniques. In Proceedings of the Public Key Cryptography (PKC ’04), volume 2947 of LNCS, pages 425–438. Springer, 2004.
[AR99] Yonatan Aumann and Michael O. Rabin. Information theoreti-cally secure communication in the limited storage space model.
In Proceedings of Advances in Cryptology - CRYPTO ’99, vol-ume 1666 of LNCS, pages 65–79. Springer, 1999.
[BC97] Gilles Brassard and Claude Cr´epeau. Oblivious transfers and privacy amplification. In Proceedings of Advances in Cryptol-ogy - EUROCRYPT ’97, volume 1233 of LNCS, pages 334–347.
Springer, 1997.
[BCR86a] Gilles Brassard, Claude Cr´epeau, and Jean-Marc Robert. All-or-nothing disclosure of secrets. In Proceedings of Advances in Cryptology - CRYPTO ’86, volume 263 of LNCS, pages 234–238.
Springer, 1986.
[BCR86b] Gilles Brassard, Claude Cr´epeau, and Jean-Marc Robert. In-formation theoretic reductions among disclosure problems. In Proceedings of 27th Annual Symposium on Foundations of Com-puter Science (FOCS ’86), pages 427–437. IEEE, 1986.
[BCS96] Gilles Brassard, Claude Cr´epeau, and Mikl´os S´antha. Oblivious transfers and intersecting codes. IEEE Transactions on Infor-mation Theory, 42(6):1769–1780, 1996.
[BDSS02] Carlo Blundo, Paolo D’Arco, Alfredo De Santis, and Douglas R.
Stinson. New results on unconditionally secure distributed oblivious transfer. In Proceedings of Selected Areas in Cryptography -SAC ’02, volume 2595 of LNCS, pages 291–309. Springer, 2002.
[Bea92] Donald Beaver. How to break a ”secure” oblivious transfer pro-tocol. In Proceedings of Advances in Cryptology - EUROCRYPT
’92, volume 658 of LNCS, pages 285–296. Springer, 1992.
[Bea95] Donald Beaver. Precomputing oblivious transfer. In Proceedings of Advances in Cryptology - CRYPTO ’95, volume 963 of LNCS, pages 97–109. Springer, 1995.
[Bea96] Donald Beaver. Equivocable oblivious transfer. In Proceedings of Advances in Cryptology - EUROCRYPT ’96, volume 1070 of LNCS, pages 119–130. Springer, 1996.
[BGN05] Dan Boneh, Eu-Jin Goh, and Kobbi Nissim. Evaluating 2-dnf formulas on ciphertexts. In Proceedings of the 2nd Theory of Cryptography Conference (TCC 2005), volume 3378 of LNCS, pages 325–341. Springer, 2005.
[BK04] Ian F. Blake and Vladimir Kolesnikov. Strong conditional obliv-ious transfer and computing on intervals. In Proceedings of Ad-vances in Cryptology - ASIACRYPT ’04, volume 3329 of LNCS, pages 515–529. Springer, 2004.
[Bla96] Matt Blaze. Oblevious key escrow. In Proceedings of Information Hiding, volume 1174 of LNCS, pages 335–343. Springer, 1996.
[BM89] Mihir Bellare and Silvio Micali. Non-interactive oblivious trans-fer and applications. In Proceedings of Advances in Cryptology
- CRYPTO ’89, volume 435 of LNCS, pages 547–557. Springer, 1989.
[BNPS01] Mihir Bellare, Chanathip Namprempre, David Pointcheval, and Michael Semanko. Power of RSA inversion oracles and the secu-rity of Chaum’s RSA-based blind signature scheme. In Proceed-ings of Financial Cryptography (FC ’01), volume 2339 of LNCS, pages 319–338. Springer, 2001.
[Boe90] Bert den Boer. Oblivous transfer protecting secrecy. In Proceed-ings of Advances in Cryptology - EUROCRYPT ’90, volume 473 of LNCS, pages 31–45. Springer, 1990.
[Bol03] Alexandra Boldyreva. Threshold signatures, multisignatures and blind signatures based on the gap-diffie-hellman-group signature scheme. In Proceedings of the Public-Key Cryptography (PKC
’03), pages 31–46. Springer, 2003.
[BPT84] Richard Berger, Ren´e Peralta, and Tom Tedrick. A provably secure oblivious transfer protocol. In Proceedings of Advances in Cryptology - EUROCRYPT ’84, volume 209 of LNCS, pages 379–386. Springer, 1984.
[BS01] Olivier Baudron and Jacques Stern. Non-interactive private auc-tions. In Proceedings of Financial Cryptography (FC ’01), vol-ume 2339 of LNCS, pages 364–378. Springer, 2001.
[Cac98] Christian Cachin. On the foundations of oblivious transfer. In Proceedings of Advances in Cryptology - EUROCRYPT ’98, vol-ume 1403 of LNCS, pages 361–374. Springer, 1998.
[CC00] Christian Cachin and Jan Camenisch. Optimistic fair secure computation. In Proceedings of Advances in Cryptology -CRYPTO ’00, volume 1880 of LNCS, pages 93–111. Springer, 2000.
[CCM98] Christian Cachin, Claude Crepeau, and Julien Marcil. Oblivious transfer with a memory-bounded receiver. In Proceedings of 39th Annual Symposium on Foundations of Computer Science (FOCS
’98), pages 493–502. IEEE, 1998.
[CD97] Ronald Cramer and Ivan Damg˚ard. Linear zeroknowledge -a note on efficient zero-knowledge proofs -and -arguments. In Proceedings of the 29th Annual ACM Symposium on the Theory of Computing (STOC ’97), pages 436–445. ACM, 1997.
[CDN01] Ronald Cramer, Ivan Damg˚ard, and Jesper Buus Nielsen. Mul-tiparty computation from threshold homomorphic encryption.
In Proceedings of Advances in Cryptology - EUROCRYPT ’01, volume 2045 of LNCS, pages 280–299. Springer, 2001.
[Cha04] Yan-Cheng Chang. Single database private information retrieval with logarithmic communication. In Proceedings of the 9th
Australasian Conference on Information Security and Privacy (ACISP ’04), volume 3108 of LNCS, pages 50–61. Springer, 2004.
[CK88] Claude Cr´epeau and Joe Kilian. Achieving oblivious transfer using weakened security assumptions. In Proceedings of 29th Annual Symposium on Foundations of Computer Science (FOCS
’88), pages 42–52. IEEE, 1988.
[CM97] Christian Cachin and Ueli Maurer. Unconditional security against memory-bounded adversaries. In Proceedings of Ad-vances in Cryptology - CRYPTO ’97, volume 1294 of LNCS, pages 292–306. Springer, 1997.
[CMO00] Giovanni Di Crescenzo, Tal Malkin, and Rafail Ostrovsky. Single database private information retrieval implies oblivious transfer.
In Proceedings of Advances in Cryptology - EUROCRYPT ’00, volume 1807 of LNCS, pages 122–138. Springer, 2000.
[CNs07] Jan Camenisch, Gregory Neven, and abhi shelat. Simulatable adaptive oblivious transfer. In Proceedings of Advances in Cryp-tology - EUROCRYPT ’07, volume 4515 of LNCS, pages 573–
590. Springer, 2007.
[COR99] Giovanni Di Crescenzo, Rafail Ostrovsky, and Sivaramakrishnan Rajagopalan. Conditional oblivious transfer and timed-release
encryption. In Proceedings of Advances in Cryptology - EURO-CRYPT ’99, volume 1592 of LNCS, pages 74–89. Springer, 1999.
[Cr´e87] Claude Cr´epeau. Equivalence between two flavours of oblivious transfers. In Proceedings of Advances in Cryptology - CRYPTO
’87, volume 293 of LNCS, pages 350–354. Springer, 1987.
[Cr´e89] Claude Cr´epeau. Verifiable disclosure of secrets and applications.
In Proceedings of Advances in Cryptology - EUROCRYPT ’89, volume 434 of LNCS, pages 181–191. Springer, 1989.
[Cr´e97] Claude Cr´epeau. Efficient cryptographic protocols based on noisy channels. In Proceedings of Advances in Cryptology - EU-ROCRYPT ’97, volume 1233 of LNCS, pages 306–317. Springer, 1997.
[CS91] Claude Cr´epeau and Mikl´os S´antha. On the reversibility of obliv-ious transfer. In Proceedings of Advances in Cryptology - EU-ROCRYPT ’91, volume 547 of LNCS, pages 106–113. Springer, 1991.
[CS06] Claude Cr´epeau and George Savvides. Optimal reductions be-tween oblivious transfers using interactive hashing. In Proceed-ings of Advances in Cryptology - EUROCRYPT ’06, volume 4004 of LNCS, pages 201–221. Springer, 2006.
[CT05] Cheng-Kang Chu and Wen-Guey Tzeng. Efficient k-out-of-n oblivious trak-out-of-nsfer schemes with adaptive ak-out-of-nd k-out-of-nok-out-of-n-adaptive queries. In Proceedings of the Public Key Cryptography (PKC
’05), volume 3386 of LNCS, pages 172–183. Springer, 2005.
[CT06] Cheng-Kang Chu and Wen-Guey Tzeng. Conditional oblivious cast. In Proceedings of the Public Key Cryptography (PKC ’06), volume 3958 of LNCS, pages 443–457. Springer, 2006.
[CT08] Cheng-Kang Chu and Wen-Guey Tzeng. Efficient k-out-of-n oblivious transfer schemes. Journal of Universal Computer Sci-ence, 14(3):397–415, 2008.
[CvdGT95] Claude Cr´epeau, Jeroen van de Graaf, and Alain Tapp. Commit-ted oblivious transfer and private multi-party computation. In Proceedings of Advances in Cryptology - CRYPTO ’95, volume 963 of LNCS, pages 110–123. Springer, 1995.
[DFMS04] Ivan Damg˚ard, Serge Fehr, Kirill Morozov, and Louis Salvail.
Unfair noisy channels and oblivious transfer. In Proceedings of Theory of Cryptography Conference (TCC ’04), volume 2951 of LNCS, pages 355–373. Springer, 2004.
[DHRS04] Yan Zong Ding, Danny Harnik, Alon Rosen, and Ronen Shaltiel.
Constant-round oblivious transfer in the bounded storage model.
In Proceedings of Theory of Cryptography Conference (TCC ’04), volume 2951 of LNCS, pages 446–472. Springer, 2004.
[Din01] Yan Zong Ding. Oblivious transfer in the bounded storage model.
In Proceedings of Advances in Cryptology - CRYPTO ’01, volume 2139 of LNCS, pages 155–170. Springer, 2001.
[DKS99] Ivan Damg˚ard, Joe Kilian, and Louis Salvail. On the (im)possibility of basing oblivious transfer and bit commitment on weakened security assumptions. In Proceedings of Advances in Cryptology - EUROCRYPT ’99, volume 1592 of LNCS, pages 56–73. Springer, 1999.
[DM99] Yevgeniy Dodis and Silvio Micali. Lower bounds for oblivious transfer reductions. In Proceedings of Advances in Cryptology -EUROCRYPT ’99, volume 1592 of LNCS, pages 42–55. Springer, 1999.
[DM02] Stefan Dziembowski and Ueli Maurer. Tight security proofs for the bounded-storage model. In Proceedings of the 34th An-nual ACM Symposium on the Theory of Computing (STOC ’02), pages 341–350. ACM, 2002.
[DR02] Yan Zong Ding and Michael O. Rabin. Hyper-encryption, and everlasting security. In Proceedings of the 19th Annual
Sympo-sium on Theoretical Aspects of Computer Science (STACS ’02), volume 2285 of LNCS, pages 1–26. Springer, 2002.
[DS01] Paolo D’Arco and Douglas Stinson. Generalized zig-zag func-tions and oblivious transfer reducfunc-tions. In Proceedings of Se-lected Areas in Cryptography - SAC ’01, volume 2259 of LNCS, pages 87–102. Springer, 2001.
[EGL82] Shimon Even, Oded Goldreich, and Abraham Lempel. A ran-domized protocol for signing contracts. In Proceedings of Ad-vances in Cryptology - CRYPTO ’82, pages 205–210. Plenum, 1982.
[EGL85] Shimon Even, Oded Goldreich, and Abraham Lempel. A ran-domized protocol for signing contracts. Communications of the ACM, 28(6):637–647, 1985.
[FGMO01] Matthias Fitzi, Juan A. Garay, Ueli Maurer, and Rafail Ostro-vsky. Minimal complete primitives for secure multi-party com-putation. In Proceedings of Advances in Cryptology - CRYPTO
’01, volume 2139 of LNCS, pages 80–100. Springer, 2001.
[FMR96] Michael J. Fischer, Silvio Micali, and Charles Rackoff. A se-cure protocol for the oblivious transfer. Journal of Cryptology, 9(3):191–195, 1996.
[FPS00] Pierre-Alain Fouque, Guillaume Poupard, and Jacques Stern.
Sharing decryption in the context of voting or lotteries. In Pro-ceedings of Financial Cryptography (FC ’00), volume 1962 of LNCS, pages 90–104. Springer, 2000.
[FS86] Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Proceedings of Advances in Cryptology - CRYPTO ’86, volume 263 of LNCS, pages 186–194. Springer, 1986.
[GH07] Matthew Green and Susan Hohenberger. Blind identity-based encryption and simulatable oblivious transfer. In Proceedings of Advances on Cryptology - ASIACRYPT ’07, volume 4833 of LNCS, pages 265–282. Springer, 2007.
[GKM+00] Yael Gertner, Sampath Kannan, Tal Malkin, Omer Reingold, and Mahesh Viswanathan. The relationship between public key encryption and oblivious transfer. In Proceedings of 41th Annual Symposium on Foundations of Computer Science (FOCS ’00), pages 325–335. IEEE, 2000.
[GM97] Yael Gertner and Tal Malkin. Efficient distributed 1 out of n oblivious transfer. Technical Report MIT/LCS/TR-714, MIT Lab for Computer Science, April 1997.
[GM00] Juan Garay and Philip MacKenzie. Concurrent oblivious trans-fer. In Proceedings of 41th Annual Symposium on Foundations of Computer Science (FOCS ’00), pages 314–324. IEEE, 2000.
[GMY04] Juan Garay, Philip MacKenzie, and Ke Yang. Efficient and universally composable committed oblivious transfer and appli-cations. In Proceedings of Theory of Cryptography Conference (TCC ’04), volume 2951 of LNCS, pages 297–316. Springer, 2004.
[GV87] Oded Goldreich and Ronen Vainish. How to solve any protocol problem - an efficiency improvement. In Proceedings of Advances in Cryptology - CRYPTO ’87, volume 293 of LNCS, pages 73–86.
Springer, 1987.
[Hai04] Iftach Haitner. Implementing oblivious transfer using collec-tion of dense trapdoor permutacollec-tions. In Proceedings of Theory of Cryptography Conference (TCC ’04), volume 2951 of LNCS, pages 394–409. Springer, 2004.
[HCR02] Dowon Hong, Ku-Young Chang, and Heuisu Ryu. Efficient obliv-ious transfer in the bounded-storage model. In Proceedings of Ad-vances in Cryptology - ASIACRYPT ’02, volume 2501 of LNCS, pages 143–159. Springer, 2002.
[HKN+05] Danny Harnik, Joe Kilian, Moni Naor, Omer Reingold, and Alon Rosen. On robust combiners for oblivious transfer and other primitives. In Proceedings of Advances in Cryptology - EU-ROCRYPT ’05, volume 3494 of LNCS, pages 96–113. Springer, 2005.
[IK97] Yuval Ishai and Eyal Kushilevitz. Private simultaneous messages protocols with applications. In Proceedings of 5th Israel Sympo-sium on Theory of Computing and Systems (ISTCS ’97), pages 174–184. IEEE, 1997.
[IKNP03] Yuval Ishai, Joe Kilian, Kobbi Nissim, and Erez Petrank. Ex-tending oblivious transfers efficiently. In Proceedings of Advances in Cryptology - CRYPTO ’03, volume 2729 of LNCS, pages 145–
161. Springer, 2003.
[IL89] Russell Impagliazzo and Michael Luby. One-way functions are essential for complexity based cryptography. In Proceedings of 30th Annual Symposium on Foundations of Computer Science (FOCS ’89), pages 230–235. IEEE, 1989.
[IR89] Russell Impagliazzo and Steven Rudich. Limits on the prov-able consequences of one-way permutations. In Proceedings of the 21th Annual ACM Symposium on the Theory of Computing (STOC ’89), pages 44–61. ACM, 1989.
[JS02] Ari Juels and Mike Szydlo. A two-server, sealed-bid auction protocol. In Proceedings of Financial Cryptography (FC ’02), volume 2357 of LNCS, pages 72–86. Springer, 2002.
[Kal05] Yael Tauman Kalai. Smooth projective hashing and two-message oblivious transfer. In Proceedings of Advances in Cryptology -EUROCRYPT ’05, volume 3494 of LNCS, pages 78–95. Springer, 2005.
[Kil88] Joe Kilian. Founding cryptography on oblivious transfer. In Proceedings of the 20th Annual ACM Symposium on the Theory of Computing (STOC ’88), pages 20–31. ACM, 1988.
[KK07] Kaoru Kurosawa and Takeshi Koshiba. Direct reduction of string (1,2)-ot to rabin’s ot. Technical report, Cryptology ePrint Archive: Report 2007/046, 2007.
[KSV07] Mehmet S. Kiraz, Berry Schoenmakers, and Jos´e Villegas. Effi-cient committed oblivious transfer of bit strings. In Proceedings of 10th Information Security Conference (ISC ’07), volume 4779 of LNCS, pages 130–144. Springer, 2007.
[Lip03] Helger Lipmaa. Verifiable homomorphic oblivious transfer and private equality test. In Proceedings of Advances in Cryptol-ogy - ASIACRYPT ’03, volume 2894 of LNCS, pages 416–433.
Springer, 2003.
[Lip05] Helger Lipmaa. An oblivious transfer protocol with log-squared communication. In Proceedings of 8th Information Security Conference (ISC ’05), volume 3650 of LNCS, pages 314–328.
Springer, 2005.
[Lip07] Helger Lipmaa. New communication-efficient oblivious transfer protocols based on pairings. Technical report, Cryptology ePrint Archive: Report 2007/133, 2007.
[LL06] Sven Laur and Helger Lipmaa. Consistent adaptive two-party computations. Technical report, Cryptology ePrint Archive: Re-port 2006/088, 2006.
[LL07] Sven Laur and Helger Lipmaa. A new protocol for conditional disclosure of secrets and its applications. In Proceedings of Ap-plied Cryptography and Network Security 2007 (ACNS ’07), vol-ume 4521 of LNCS, pages 207–225. Springer, 2007.
[LT05] Hsiao-Ying Lin and Wen-Guey Tzeng. An efficient solution to the millionaires’ problem based on homomorphic encryption. In Proceedings of Applied Cryptography and Network Security 2005 (ACNS ’05), volume 3531 of LNCS, pages 456–466. Springer, 2005.
[Lu02] Chi-Jen Lu. Hyper-encryption against space-bounded adver-saries from on-line strong extractors. In Proceedings of Advances
in Cryptology - CRYPTO ’02, volume 2442 of LNCS, pages 257–
271. Springer, 2002.
[Mau90] Ueli Maurer. A provably-secure strongly-randomized cipher. In Proceedings of Advances in Cryptology - EUROCRYPT ’90, vol-ume 473 of LNCS, pages 361–373. Springer, 1990.
[MZV02] Yi Mu, Junqi Zhang, and Vijay Varadharajan. m out of n obliv-ious transfer. In Proceedings of the 7th Australasian Conference on Information Security and Privacy (ACISP ’02), volume 2384 of LNCS, pages 395–405. Springer, 2002.
[Nie07] Jesper Buus Nielsen. Extending oblivious transfers efficiently -how to get robustness almost for free. Technical report, Cryp-tology ePrint Archive: Report 2007/215, 2007.
[NNPV02] Ventzislav Nikov, Svetla Nikova, Bart Preneel, and Joos Vande-walle. On unconditionally secure distributed oblivious transfer.
In Proceedings of Progress in Cryptology - INDOCRYPT ’02, volume 2551 of LNCS, pages 395–408. Springer, 2002.
[NP99a] Moni Naor and Benny Pinkas. Oblivious transfer and polynomial evaluation. In Proceedings of the 31st Annual ACM Symposium on the Theory of Computing (STOC ’99), pages 245–254. ACM, 1999.
[NP99b] Moni Naor and Benny Pinkas. Oblivious transfer with adaptive queries. In Proceedings of Advances in Cryptology - CRYPTO
’99, volume 1666 of LNCS, pages 573–590. Springer, 1999.
[NP00] Moni Naor and Benny Pinkas. Distributed oblivious transfer.
In Proceedings of Advances in Cryptology - ASIACRYPT ’00, volume 1976 of LNCS, pages 200–219. Springer, 2000.
[NP01] Moni Naor and Benny Pinkas. Efficient oblivious transfer proto-cols. In Proceedings of the 12th Annual Symposium on Discrete Algorithms (SODA ’01), pages 448–457. ACM/SIAM, 2001.
[NPS99] Moni Naor, Benny Pinkas, and Reuban Sumner. Privacy pre-serving auctions and mechanism design. In Proceedings of the 1st ACM conference on Electronic commerce (EC ’99), pages 129–139. ACM, 1999.
[NR94] Valtteri Niemi and Ari Renvall. Cryptographic protocols and voting. In Results and Trends in Theoretical Computer Science, volume 812 of LNCS, pages 307–317. Springer, 1994.
[NR97] Moni Naor and Omer Reingold. Number-theoretic constructions of efficient pseudo-random functions. In Proceedings of 38th An-nual Symposium on Foundations of Computer Science (FOCS
’97), pages 458–467. IEEE, 1997.
[NSNK04] Lan Nguyen, Reihaneh Safavi-Naini, and Kaoru Kurosawa. Ver-ifiable shuffles: A formal model and a paillier-based efficient construction with provable security. In Proceedings of Applied Cryptography and Network Security 2004 (ACNS ’04), volume 3089 of LNCS, pages 61–75. Springer, 2004.
[OK04] Wakaha Ogata and Kaoru Kurosawa. Oblivious keyword search.
Journal of Complexity, 20(2-3):356–371, 2004.
[Pai99] Pascal Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of Advances in Cryptol-ogy - EUROCRYPT ’99, volume 1592 of LNCS, pages 223–238.
Springer, 1999.
[Rab81] Michael O. Rabin. How to exchange secrets by oblivious trans-fer. Technical Report TR-81, Aiken Computation Laboratory, Harvard University, 1981.
[SCP95] Alfredo De Santis, Giovanni Di Crescenzo, and Giuseppe
[SCP95] Alfredo De Santis, Giovanni Di Crescenzo, and Giuseppe