ABSTRACT
We present a protocol for anonymous access to a database where the different records have different access control permissions. These permissions could be attributes, roles, or rights that the user needs to have in order to access the record. Our protocol offers maximal security guarantees for both the database and the user, namely (1) only authorized users can access the record; (2) the database provider does not learn which record the user accesses; and (3) the database provider does not learn which attributes or roles the user has when she accesses the database.
We prove our protocol secure in the standard model (i.e., without random oracles) under the bilinear Diffie-Hellman exponent and the strong Diffie-Hellman assumptions.
- W. Aiello, Y. Ishai, O. Reingold. Priced oblivious transfer: How to sell digital goods. In EUROCRYPT 2001, LNCS vol. 2045, 119--135. Springer, 2001. Google ScholarDigital Library
- M. H. Au, W. Susilo, Y. Mu. Constant-size dynamic k-TAA. In SCN 06, LNCS vol. 4116, 111--125. Springer, 2006. Google ScholarDigital Library
- M. Bellare, O. Goldreich. On defining proofs of knowledge. In CRYPTO'92, LNCS vol. 740, 390--420. Springer, 1993. Google ScholarDigital Library
- D. Boneh, X. Boyen. Short signatures without random oracles. In EUROCRYPT 2004, LNCS vol. 3027, 56--73. Springer, 2004.Google ScholarCross Ref
- D. Boneh, X. Boyen, H. Shacham. Short group signatures. In CRYPTO 2004, LNCS vol. 3152, 41--55. Springer, 2004.Google ScholarCross Ref
- D. Boneh, C. Gentry, B. Waters. Collusion resistant broadcast encryption with short ciphertexts and private keys. In CRYPTO 2005, LNCS vol. 3621, 258--275. Springer, 2005. Google ScholarDigital Library
- S. Brands. Rapid demonstration of linear relations connected by boolean operators. In EUROCRYPT'97, LNCS vol. 1233, 318--333. Springer, 1997. Google ScholarDigital Library
- S. Brands. Rethinking Public Key Infrastructure and Digital Certificates' Building in Privacy. Ph.D. thesis, Eindhoven Institute of Technology, Eindhoven, The Netherlands, 1999.Google Scholar
- J. Camenisch, M. Dubovitskaya, G. Neven. Oblivious transfer with access control. Cryptology ePrint Archive, 2009.Google Scholar
- J. Camenisch, A. Kiayias, M. Yung. On the portability of generalized Schnorr proofs. In EUROCRYPT 2009, LNCS vol. 5479, 425--442. Springer, 2009.Google ScholarCross Ref
- J. Camenisch, A. Lysyanskaya. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In EUROCRYPT 2001, LNCS vol. 2045, 93--118. Springer, 2001. Google ScholarDigital Library
- J. Camenisch, A. Lysyanskaya. Signature schemes and anonymous credentials from bilinear maps. In CRYPTO 2004, LNCS vol. 3152, 56--72. Springer, 2004.Google ScholarCross Ref
- J. Camenisch, M. Michels. Proving in zero-knowledge that a number n is the product of two safe primes. In EUROCRYPT '99, LNCS vol. 1592, 107--122. Springer, 1999. Google ScholarDigital Library
- J. Camenisch, G. Neven, abhi shelat. Simulatable adaptive oblivious transfer. In EUROCRYPT 2007, LNCS vol. 4515, 573--590. Springer, 2007. Google ScholarDigital Library
- J. Camenisch, M. Stadler. Efficient group signature schemes for large groups. In CRYPTO '97, LNCS vol. 1296, 410--424. Springer, 1997. Google ScholarDigital Library
- J. L. Camenisch. Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. Ph.D. thesis, ETH Zürich, 1998. Diss. ETH No. 12520, Hartung Gorre Verlag, Konstanz.Google Scholar
- R. Canetti. Studies in Secure Multiparty Computation and Applications. Ph.D. thesis, Weizmann Institute of Science, Rehovot 76100, Israel, 1995.Google Scholar
- R. Canetti. Security and composition of multi-party cryptographic protocols. Journal of Cryptology, 13(1):143--202, 2000.Google ScholarDigital Library
- D. Chaum. Security without identification: transaction systems to make big brother obsolete. Communications of the ACM, 28(10):1030--1044, 1985. Google ScholarDigital Library
- D. Chaum, J.-H. Evertse. A secure and privacy-protecting protocol for transmitting personal information between organizations. In CRYPTO'86, LNCS vol. 263, 118--167. Springer, 1987. Google ScholarDigital Library
- D. Chaum, T. P. Pedersen. Wallet databases with observers. In CRYPTO '92, LNCS vol. 740, 89--105. Springer-Verlag, 1993. Google ScholarDigital Library
- L. Chen. Access with pseudonyms. In Proceedings of the International Conference on Cryptography: Policy and Algorithms, 232--243. Springer, 1995. Google ScholarDigital Library
- S. Coull, M. Green, S. Hohenberger. Controlling access to an oblivious database using stateful anonymous credentials. Cryptology ePrint Archive, Report 2008/474, 2008.Google Scholar
- R. Cramer, I. Damgård, P. D. MacKenzie. Efficient zero-knowledge proofs of knowledge without intractability assumptions. In PKC 2000, LNCS vol. 1751, 354--372. Springer, 2000. Google ScholarDigital Library
- R. Cramer, I. Damgård, B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In CRYPTO '94, LNCS vol. 839, 174--187. Springer, 1994. Google ScholarDigital Library
- I. Damgård. Payment systems and credential mechanisms with provable security against abuse by individuals. In CRYPTO'88, LNCS vol. 403, 328--335. Springer, 1990. Google ScholarDigital Library
- G. Di Crescenzo, R. Ostrovsky, S. Rajagopalan. Conditional oblivious transfer and timed-release encryption. In EUROCRYPT'99, LNCS vol. 1592, 74--89. Springer, 1999. Google ScholarDigital Library
- Y. Dodis, A. Yampolskiy. A verifiable random function with short proofs and keys. In Public Key Cryptography -- PKC 2005, LNCS vol. 3386, 416--431. Springer, 2005. Google ScholarDigital Library
- T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4):469--472, 1985.Google ScholarDigital Library
- J. Herranz. Restricted adaptive oblivious transfer. Cryptology ePrint Archive, Report 2008/182, 2008.Google Scholar
- A. Lysyanskaya, R. Rivest, A. Sahai, S. Wolf. Pseudonym systems. In Selected Areas in Cryptography, LNCS vol. 1758. Springer, 1999. Google ScholarDigital Library
- B. Pfitzmann, M. Waidner. Composition and integrity preservation of secure reactive systems. In Proc. 7th ACM Conference on Computer and Communications Security, 245--254. ACM press, 2000. Google ScholarDigital Library
- B. Pfitzmann, M. Waidner. A model for asynchronous reactive systems and its application to secure message transmission. In Proceedings of the IEEE Symposium on Research in Security and Privacy, 184--200. IEEE Computer Society, IEEE Computer Society Press, 2001. Google ScholarDigital Library
- C. P. Schnorr. Efficient signature generation for smart cards. Journal of Cryptology, 4(3):239--252, 1991.Google ScholarDigital Library
Index Terms
- Oblivious transfer with access control
Recommendations
Oblivious transfer with hidden access control policies
PKC'11: Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptographyConsider a database where each record has different access control policies. These policies could be attributes, roles, or rights that the user needs to have in order to access the record. Here we provide a protocol that allows the users to access the ...
Universally composable adaptive oblivious transfer (with access control) from standard assumptions
DIM '13: Proceedings of the 2013 ACM workshop on Digital identity managementIn this paper, we provide the first scheme that realises an attribute-based access control system for static resources that offers maximal privacy and is secure in the universal composability framework (UC). More precisely, we offer a protocol for ...
AAC-OT: Accountable Oblivious Transfer With Access Control
To prevent illegal users accessing the database and protect users' privacy, oblivious transfer with access control (AC-OT) was proposed. In an AC-OT scheme, the database provider can encrypt the records and publish corresponding access control lists (ACLs)...
Comments