Cryptography Reference
In-Depth Information
Oblivious Transfer with Complex
Attribute-Based Access Control
Lingling Xu and Fangguo Zhang
School of Information Science and Technology
Sun Yat-sen University, Guangzhou 510275, China
xulingling810710@163.com, isszhfg@mail.sysu.edu.cn
Abstract. In this paper, we present oblivious transfer with complex
attribute-based access control policies. The protocol allows a database
server to directly enforce “ and ”and“ or ” access control policies ( c 1 1
c 1 2 ∧...c 1 n 1 ) ( c 2 1 ∧c 2 2 ∧...c 2 n 2 ) ∨...∨ ( c t 1 ∧c t 2 ∧...c t n t ) on each message
in a database without duplication of the message as in Camenisch et al. 's
AC-OT. To realize this protocol, we present the blind attribute-based en-
cryption (ABE) scheme as a building block. Combining the blind ABE
with a credential signature scheme, a generic construction for the obliv-
ious transfer with complicated access control is presented. We also give
a concrete scheme for the construction in which the policy is provided
by an access tree which is represented by a formula involving “ and ( )”
and “ or ( )” boolean operators.
Keywords: Oblivious Transfer, Access Control, Attribute-Based En-
cryption.
1
Introduction
With the growth of the Internet, the need to provide privacy to users accessing
sensitive information is increasing. The traditional approach for protecting user
privacy is to implement an anonymous protocol [13]. Another approach is to
implement oblivious transfer (OT) protocol presented by Rabin [29] in which
user privacy is protected in such a way thatausermakesrequeststoaserver,
and at the end obtains the messages of his choices without the server learning
anything about the choices. That is, OT addresses the problem of hiding the
data choices of users rather than user anonymity. So far, plenty of OT protocols
have been proposed to provide user privacy, such as [26,16,20] et.al. As we know,
in traditional OT, a user can arbitrarily retrieve data of his choices from a server
without any restrictions, while this rules out many practical applications, such as
medical or financial data access, pay-per-view TV. In these cases, on one hand,
the database server wants to enforce access control policies on the database
such that each data can be only available, on request, to the users who meet
This work was supported by the National Natural Science Foundation of China (Nos.
60773202, 61070168) and 973 Program (No. 2006CB303104).
 
Search WWH ::




Custom Search