Oblivious Transfer With Privacy-preserving Authorization

Oblivious transfer can be used as a building block for more complex secure protocols, or as stand-alone protocol for privacy preserving in ecommerce. By obscuring the receiver's choices, oblivious transfer is able to protect the privacy of the users. It can be applied to oblivious subscription, on-line pay-per-view service, stock exchange and etc. Compared to anonymous protocol, oblivious transfer is a weak protocol for privacy preserving. However, oblivious transfer is most beneficial when the anonymous protocol is insufficient, undesirable, or difficult to achieve.The question of authorization to the receiver has not been investigated in available oblivious protocols. The user requires to be authorized by the authority organization for some resources or services. The authorization is related to the user's attribute information, such as employee, membership, trust information, secure clearance and etc. The authorization in the standard attribute certificate (e.g. X.509) exposures the receiver's personal sensitive information to the sender while it entitle rights to the receiver. Therefore, it is impossible for the standard attribute certificate to provide the function of authorization for oblivious transfer.The main purpose of this thesis is to construct oblivious transfer with privacy-preserving authorization (PA-OT). PA-OT has the following properties: Only the receiver which has been authorized by the authority organization can receive the messages which it chooses, and the sender can neither decide which messages the receiver acquires nor decide whether the receiver is an authorized user or not. By combining authorization with message transfer, PA-OT not only makes the receiver's choices but also the receiver's rights oblivious. However, similar to original oblivious transfer, PA-OT does not provide anonymity.PA-OT is based on two cryptography concepts proposed lately which are oblivious signature-based envelope (OSBE) and hidden credentials based on bilinear pairings on elliptic curves. OSBE and hidden credentials can acquire privacy-preserving authorization and can be applied to oblivious transfer.We investigate the design methods of available oblivious transfer protocols and analyze the properties of the oblivious transfer protocols suitable for making the privacy-preserving authorization available effectively. We propose OSBE scheme based on logarithm signatures, which is one of the bases of PA-OT and the scheme has other applications. Based on some well-known oblivious transfer protocols, we construct several RSA signature-based PA-OT protocols, some logarithm signature-based PA-OT protocols, and a hidden authorization OT protocol by making use of the idea of OSBE and hidden credentials. We also construct a conditional oblivious transfer protocol with hidden authorization. In this protocol, the receiver acquires the first message when the attribute, which has been authorized by the authority organization, is bigger or equal to the value the sender specified; otherwise, the receiver acquires the second message. The security of the schemes is analyzed and proved particularly based on the decisional Diffie-Hellman (DDH) assumption or the bilinear Diffie-Hellman (BDH) assumption.