Adaptively secure oblivious transfer

Abstract

Oblivious Transfer (OT) is a ubiquitous cryptographic tool that is of fundamental importance in secure protocol design. Despite extensive research into the design and veri cation of secure and e cient solutions, existing OT protocols enjoy "provable" security only against static attacks, in which an adversary must choose in advance whom it will corrupt. This model severely limits the applicability of OT, since it provides no veri able security against attackers who choose their victims adaptively (anytime during or after the protocol) or may even corrupt both players (which is not a moot point in a larger network protocol). This issue arises even if the communication model provides absolutely secure channels. Recent attention has been given to accomplishing adaptive security for encryption, multiparty protocols (for n > 3 participants, with faulty minority), and zero-knowledge proofs. Our work lls the remaining gap by demonstrating the rst (provably) adaptively secure protocol for OT, and consequently for fully general twoparty interactive computations. Based on the intractability of discrete logarithms, or more generally on a minimally restricted type of one-way trapdoor permutation, our protocols provably withstand attacks that may compromise Alice or Bob, or both, at any time.