%0 Journal Article
%T A Novel k-out-of-n Oblivious Transfer Protocol from Bilinear Pairing
%A Jue-Sam Chou
%J Advances in Multimedia
%D 2012
%I Hindawi Publishing Corporation
%R 10.1155/2012/630610
%X Oblivious transfer (OT) protocols mainly contain three categories: 1-out-of-2 OT, 1-out-of-n OT, and k-out-of-n OT. In most cases, they are treated as cryptographic primitives and are usually executed without consideration of possible attacks that might frequently occur in an open network, such as an impersonation, replaying, or man-in-the-middle attack. Therefore, when used in certain applications, such as mental poker games and fair contract signings, some extra mechanisms must be combined to ensure the security of the protocol. However, after a combination, we found that very few of the resulting schemes are efficient enough in terms of communicational cost, which is a significant concern for generic commercial transactions. Therefore, we propose a novel k-out-of-n oblivious transfer protocol based on bilinear pairing, which not only satisfies the requirements of a k-out-of-n OT protocol, but also provides mutual authentication to resist malicious attacks. Meanwhile, it is efficient in terms of communication cost. 1. Introduction An oblivious transfer (OT) is an important primitive for designing security services. It can be used in various applications like the signing of fair contracts, oblivious database searches, mental poker games, privacy-preserving auctions, secure multiparty computations [1], and so on. In 1981, Rabin [2] first proposed an interactive OT scheme in which the probability of the receiver¡¯s capability to decrypt a message sent by the sender is 1/2. Rabin used the proposed OT to design a 3-pass secret exchange (EOS) protocol, hoping that two parties can exchange their secrets fairly. In 1985, Even et al. [3] presented a more generalized OT, called 1-out-of-2 OT ( ), in which a sender sends two encrypted messages to a chooser with only one of which the chooser can decrypt. They also presented a contract-signing protocol by evoking multiple times to prevent one party from obtaining the other party¡¯s contract signature without first showing his own. In 1986, Brassard et al. [4] further extended into a 1-out-of-n OT ( , also known as ¡°all-or-nothing¡±), in which only one out of n sent messages can actually be obtained by the chooser. The authors pointed out that their scheme can be used to implement a multiparty mental poker game [5] against a player coalition. In contrast to the interactive versions described above, Bellare and Micali [6] first proposed a noninteractive scheme in 1989. In this scheme, a user obliviously transfers two messages to another party equipped with two public keys to decrypt one of the messages. From 1999 to
%U http://www.hindawi.com/journals/am/2012/630610/