[en] Priced oblivious transfer (POT) is a cryptographic protocol that can be used to protect customer privacy in e-commerce applications.
Namely, it allows a buyer to purchase an item from a seller without disclosing to the latter which item was purchased and at which price.
Unfortunately, existing POT schemes have some drawbacks in terms of design and functionality.
First, the design of existing POT schemes is not modular.
Typically, a POT scheme extends a k-out-of-N oblivious transfer (OT) scheme by adding prices to the items.
However, all POT schemes do not use OT as a black-box building block with certain security guarantees.
Consequently, security of the OT scheme needs to be reanalyzed while proving security of the POT scheme, and it is not possible to swap the underlying OT scheme with any other OT scheme.
Second, existing POT schemes do not allow the seller to obtain any kind of statistics about the buyer's purchases, which hinders customer and sales management.
Moreover, the seller is not able to change the prices of items without restarting the protocol from scratch.
We propose a POT scheme that addresses the aforementioned drawbacks.
We prove the security of our POT in the UC framework.
We modify a standard POT functionality to allow the seller to receive aggregate statistics about the buyer's purchases and to change prices dynamically.
We present a modular construction for POT that realizes our functionality in the hybrid model.
One of the building blocks is an ideal functionality for OT.
Therefore, our protocol separates the tasks carried out by the underlying OT scheme from the additional tasks needed by a POT scheme.
Thanks to that, our protocol is a good example of modular design and can be instantiated with any secure OT scheme as well as other building blocks without reanalyzing security from scratch.