Reference : Issuer-Free Oblivious Transfer with Access Control Revisited
Scientific journals : Article
Engineering, computing & technology : Computer science
Security, Reliability and Trust
Issuer-Free Oblivious Transfer with Access Control Revisited
Rial, Alfredo mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Information Processing Letters
[en] oblivious transfer ; universal composability
[en] Oblivious transfer with access control (OTAC) is an extension of oblivious transfer where each message is associated with an access control policy. A receiver can obtain a message only if her attributes satisfy the access control policy for that message. In most schemes, the receiver's attributes are certified by an issuer. Recently, two Issuer-Free OTAC protocols have been proposed. We show that the security definition for Issuer-Free OTAC fulfilled by those schemes poses a problem. Namely, the sender is not able to attest whether a receiver possesses a claimed attribute. Because of this problem, in both Issuer-Free OTAC protocols, any malicious receiver can obtain any message from the sender, regardless of the access control policy associated with the message. To address this problem, we propose a new security definition for Issuer-Free OTAC. Our definition requires the receiver to prove in zero-knowledge to the sender that her attributes fulfill some predicates. Our definition is suitable for settings with multiple issuers because it allows the design of OTAC protocols where the receiver, when accessing a record, can hide the identity of the issuer that certified her attributes.

File(s) associated to this reference

Fulltext file(s):

Open access
1-s2.0-S0020019017300923-main-6.pdfPublisher postprint213.77 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.