Universally Composable Adaptive Priced Oblivious Transfer

An adaptive k-out-of-N Priced Oblivious Transfer (POT) scheme is a two-party protocol between a vendor and a buyer. The vendor sells a set of messages m 1, . . . ,m N with prices p 1, . . . , p N . In each transfer phase i = 1, . . . , k, the buyer chooses a selection value σ i  ∈ 1, . . . ,N and interacts with the vendor to buy message m σ i in such a way that the vendor does not learn σ i and the buyer does not get any information about the other messages.
We present a POT scheme secure under pairing-related assumptions in the standard model. Our scheme is universally composable and thus, unlike previous results, preserves security when it is executed with multiple protocol instances that run concurrently in an adversarially controlled way. Furthermore, after an initialization phase of complexity O(N), each transfer phase is optimal in terms of rounds of communication and it has constant computational and communication cost. To achieve these properties, we design the first efficient non-interactive proof of knowledge that a value lies in a given interval we are aware of.