Efficient oblivious transfers with access control

摘要

Oblivious transfer (OT) is a protocol where a receiver can obtain t-out-of-n services from the sender without releasing anything about his choices. OT can be used to protect user's privacy. In principle, any user can interact with a server to request some services. This might allow some undesirable users to obtain services from the server. How to ensure that only the authorized receivers can obtain services obliviously is a daunting task. In this paper, we introduce oblivious signature based-on envelope (OSBE) to OT and propose two novel OT schemes, which only allow the legitimate receivers to obtain services obliviously. The receiver is required to authenticate himself to the issuer to possess the required credential prior to access the protected services; while no authentication from the sender needs to be done. The sender knows the number of the services selected by the receiver, but does not know anything about his choices and personally identifiable information. The feature of our scheme also lies in avoiding zero knowledge proofs and achieving all-or-nothing non-transferable credentials. Our schemes are efficient in the cost of communication and computation.