Cryptography Reference
In-Depth Information
the corresponding policies. On the other hand, the users do not want to reveal
what part of the data they are retrieving or more personal information than is
absolutely necessary.
Specially, consider the following motivating example: a paper database server
wants only students in College A or teachers in College B to download mas-
ter's theses, and wants only teachers in College C to download the PhD theses,
namely, the access control condition for master's theses is (
Student
∧
Col.A
)
∨
(
Tea
Col.C
). Mean-
while, the users want to protect their identities and choices during the access to
the database, that is, all electronic transactions performed between the server
and the users will not reveal more personal information than is absolutely neces-
sary. To achieve this functionality, some papers [17,7,1,22,12,10] have given their
solutions.
In 1999, Crescenzo
et al.
[17] proposed conditional oblivious transfer. Later,
in 2004, Blake
et al.
[7] presented strong conditional oblivious transfer. In 2001,
priced OT [1] was proposed in which each user can buy goods if and only if the
price of the goods is less than the user's balance. However, neither of the above
schemes provided the user anonymity, and they can only achieve simple access
control such as “ = ” or “
∧
Col.B
), and the condition for PhD theses is (
Teacher
∧
”.
In [22], Herranz proposed a primitive called restricted adaptive oblivious
transfer in which the policies defines which subsets of entries of the database
can be available, on request, to the different users. However, the second scheme
is not ecient due to the amount of computational and communication effort
whichisrequiredineachexecutionoftheprotocol.
To the best of our knowledge, so far there have been two papers that consider
oblivious transfer with access control. One is Coull
et al.
's protocol [12] using
stateful anonymous credential which permits a database server to restrict which
messages each user may access, without learning anything about users' identities
or message choices. However, since the user credential must be re-issued when
each user requests a message each time, the protocol is not very e
cient. Another
one is Camenisch
et al.
's OT protocol with access control (AC-OT) [10] for
anonymous access to a database where the different records have different control
permissions. Camenisch
et al.
show that the AC-OT can be implemented using
Coull
et al.
's protocol and it is more ecient. However, in AC-OT, for each
message which is associated with a category set, if and only if one user has all
these categories in the set, they can obtain the message by queries. Namely, for
each message, AC-OT just directly achieves “
and
” access control policy. The
“
or
” policy can be realized by duplicating the messages in the database with a
second set of categories. For example, for a database in which the complicated
policies for each message such as (
c
1
1
∧
≥
c
1
2
∧
...c
1
n
1
)
∨
(
c
2
1
∧
c
2
2
∧
...c
2
n
2
)
∨
...
...c
t
n
t
) is requested, then using the method to realize “
or
”
policy in AC-OT, the message must be duplicated for
t
times, each with a policy
(
c
i
1
∧
∨
(
c
t
1
∧
c
t
2
∧
...c
i
n
i
). Moreover, when the server initializes the database, he must
encrypt the message for
t
times under different “
and
” policies, and the initialized
database will also increase greatly.
c
i
2
∧
Search WWH ::
Custom Search