In an unconditionally secure Distributed Oblivious Transfer (DOT) protocol, a receiver contacts at least k servers to obtain one of the n secrets held by a sender. Once the protocol has been executed, the sender does not know which secret was chosen by the receiver and the receiver has not gained information on the secrets she did not choose. In practical applications, the probability distribution of the secrets may not be uniform, e.g., when DOT protocols are used in auctions, some bids may be more probable than others. In this kind of scenario, we show that the claim “a party cannot obtain more than a linear combination of secrets” is incorrect; depending on the probability distribution of the secrets, some existing polynomial interpolation-based DOT protocols allow a cheating receiver, or a curious server, who has obtained a linear combination of the secrets to determine all the secrets.
CITATION STYLE
Corniaux, C. L. F., & Ghodosi, H. (2014). Security analysis of polynomial interpolation-based distributed oblivious transfer protocols. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8949, pp. 363–380). Springer Verlag. https://doi.org/10.1007/978-3-319-15943-0_22
Mendeley helps you to discover research relevant for your work.