Cryptography Reference
In-Depth Information
22. Herranz, J.: Restricted adaptive oblivious transfer, Cryptology ePrint Archive,
2008/182
23. Ibraimi, L., Tang, Q., Hartel, P., Jonker, W.: Ecient and provable secure
ciphertext-policy attribute-based encryption schemes. In: Bao, F., Li, H., Wang,
G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 1-12. Springer, Heidelberg (2009)
24. Kalai, Y.T.: Smooth projective hashing and two-message oblivious transfer. In:
Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 78-95. Springer, Hei-
delberg (2005)
25. Lindell, Y.: Ecient fully-simulatable oblivious transfer. In: Malkin, T. (ed.)
CT-RSA 2008. LNCS, vol. 4964, pp. 52-70. Springer, Heidelberg (2008)
26. Ogata, W., Kurosawa, K.: Oblivious keyword search. Journal of Complexity 20(2-
3), 356-371 (2004)
27. Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-
monotonic access structures. In: ACM CCS 2007, pp. 195-203 (2007)
28. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret
sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129-140.
Springer, Heidelberg (1992)
29. Rabin, M.O.: How to exchange secrets by oblivious transfer, Technical Report
TR-81, Harvard Aiken Computation Laboratory (1981)
30. Schnorr, C.: Ecient signature generation for smart cards. Journal of Cryptol-
ogy 4(3), 239-252 (1991)
31. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.)
EUROCRYPT 2005. LNCS, vol. 3494, pp. 457-473. Springer, Heidelberg (2005)
32. Waters, B.: Ciphertext-Policy Attribute-Based Encryption: An Expressive, Ef-
ficient, and Provably Secure Realization, Cryptology ePrint Archive, 2008/290
(2008)
A Security Proofs for OT with Attribute-Based Access
Control
A.1 Proof of Theorem 1
In the proof of server security, we do not consider the case that the issuer and a
collection of users collude. Since if the issuer colludes with any user, then the user
may obtain the private keys for all attributes in
Ω
to decrypt out all messages
in the database. So we assume that the issuer will not collude with any user. In
the following, we will only consider a collection of possibly cheating users.
For any real world adversary
A
who corrupts a collection of cheating users
U
1
,...,
ˆ
ˆ
A
who corrupts the same
{
U
t
}
, we can construct an ideal world adversary
U
1
,...,
ˆ
ˆ
U
t
}
participants
{
such that for any PPT distinguisher
D
,
|
Pr
[
Real
A
(
κ
)=
1]
−
is negligible in
κ
.
We construct the adversary
Pr
[
Ideal
A
(
κ
)=1]
|
A
A
as follows.
plays simultaneously roles of
U
1
,...,
ˆ
ˆ
A
first generates
(
pk
DB
,sk
DB
) by running
Setup(
1
κ
,pk
I
)
. It generates a random commitment in
DB-Initialization
phase. In the
Transfer
phase, if the PoK does not verify, then
A
aborts, otherwise uses an extractor of knowledge proof to extract (
id, ω
i
)
of
ˆ
{
U
t
}
, and performs an honest server
S
in the real world.
A
causes
Transfer
to
U
i
, and sends (
id, ω
i
)to
T
.If
T
outputs “
⊥
”, then
Search WWH ::
Custom Search