tag:blogger.com,1999:blog-2752058700154467226.post3536856237321501669..comments2024-03-09T10:23:37.496+00:00Comments on Bristol Cryptography Blog: Study Group on Oblivious TransferBogdanhttp://www.blogger.com/profile/13266116282208635140noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-2752058700154467226.post-36518178585559945962012-02-29T12:54:17.490+00:002012-02-29T12:54:17.490+00:00I agree that the open problem is to design an effi...I agree that the open problem is to design an efficient adaptive protocol that is both UC secure and based on standard static assumption rather than dynamic ones...Essam Ghadafihttps://www.blogger.com/profile/02870242030385901507noreply@blogger.comtag:blogger.com,1999:blog-2752058700154467226.post-7947621546646918002012-02-29T12:52:35.561+00:002012-02-29T12:52:35.561+00:00Yes, I agree with Essam. I should have said that t...Yes, I agree with Essam. I should have said that the open problem is to design efficient UC secure OT protocols based on static assumptions. Because indeed there are special settings where we can design UC secure OT protocols. I will change the last paragraph. Thanks to Matthew and Essam.Ashish Choudhuryhttps://www.blogger.com/profile/15335658384914925308noreply@blogger.comtag:blogger.com,1999:blog-2752058700154467226.post-33681080652236049652012-02-29T12:43:31.051+00:002012-02-29T12:43:31.051+00:00This comment has been removed by the author.Essam Ghadafihttps://www.blogger.com/profile/02870242030385901507noreply@blogger.comtag:blogger.com,1999:blog-2752058700154467226.post-83481234886880578762012-02-28T15:24:14.005+00:002012-02-28T15:24:14.005+00:00"An interesting open problem is to design eff..."An interesting open problem is to design efficient UC-secure OT protocols."<br /><br />While I agree that there's lots of work to be done here, it's not completely open. There have been at least a couple of papers on this (including one of my own, though it used a specific setting and some strong assumptions). The problem here is that the /efficient/ NIZKs we have are restricted to certain types of statement, and engineering around that requires some work. Also, in the non-adaptive setting Peikert, Vaikunathan and Waters have a very efficient DDH-based construction based on 'message-lossy' public keys:<br /><br />http://www.cs.toronto.edu/~vinodv/OT.pdfMatthew Greenhttps://www.blogger.com/profile/05041984203678598124noreply@blogger.com