Delegated-Query Oblivious Transfer and its Practical Applications

TL;DR

This paper introduces practical variants of Oblivious Transfer (OT) that enable private database queries without direct access, address privacy in cloud and distributed environments, and adapt OT for thin clients like IoT devices.

Contribution

It presents new delegated-query OT protocols tailored for practical scenarios, including multi-receiver and thin client adaptations, filling gaps in existing theoretical research.

Findings

Enables private database queries without direct access.

Protects privacy in cloud and distributed database settings.

Transforms OT for resource-constrained devices like IoT.

Abstract

Databases play a pivotal role in the contemporary World Wide Web and the world of cloud computing. Unfortunately, numerous privacy violations have recently garnered attention in the news. To enhance database privacy, we consider Oblivious Transfer (OT), an elegant cryptographic technology. Our observation reveals that existing research in this domain primarily concentrates on theoretical cryptographic applications, overlooking various practical aspects: - OTs assume parties have direct access to databases. Our "1-out-of-2 Delegated-Query OT" enables parties to privately query a database, without direct access. - With the rise of cloud computing, physically separated databases may no longer remain so. Our "1-out-of-2 Delegated-Query Multi-Receiver OT" protects privacy in such evolving scenarios. - Research often ignores the limitations of thin clients, e.g., Internet of Things devices. To address this, we propose a compiler that transforms any 1-out-of-n OT into a thin client version.