{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T10:57:30Z","timestamp":1777546650876,"version":"3.51.4"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2018,3,23]],"date-time":"2018-03-23T00:00:00Z","timestamp":1521763200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2019,4]]},"DOI":"10.1007\/s00145-018-9288-x","type":"journal-article","created":{"date-parts":[[2018,3,23]],"date-time":"2018-03-23T16:23:59Z","timestamp":1521822239000},"page":"459-497","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["(Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens"],"prefix":"10.1007","volume":"32","author":[{"given":"Seung Geol","family":"Choi","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jonathan","family":"Katz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dominique","family":"Schr\u00f6der","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Arkady","family":"Yerukhimovich","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hong-Sheng","family":"Zhou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,3,23]]},"reference":[{"key":"9288_CR1","doi-asserted-by":"crossref","unstructured":"M.\u00a0Abdalla, D.\u00a0Catalano, D.\u00a0Fiore. Verifiable random functions from identity-based key encapsulation, in Advances in Cryptology\u2014Eurocrypt 2009, volume 5479 of LNCS (Springer, 2009), pp. 554\u2013571.","DOI":"10.1007\/978-3-642-01001-9_32"},{"key":"9288_CR2","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Aumann, Y.\u00a0Lindell, Security against covert adversaries: efficient protocols for realistic adversaries. Journal of Cryptology, 23(2):281\u2013343 (2010)","DOI":"10.1007\/s00145-009-9040-7"},{"key":"9288_CR3","doi-asserted-by":"crossref","unstructured":"B.\u00a0Barak, How to go beyond the black-box simulation barrier, in 42nd Annual Symposium on Foundations of Computer Science (IEEE, 2001), pp. 106\u2013115","DOI":"10.1109\/SFCS.2001.959885"},{"key":"9288_CR4","doi-asserted-by":"crossref","unstructured":"B.\u00a0Barak, R.\u00a0Canetti, J.\u00a0B. Nielsen, R.\u00a0Pass, Universally composable protocols with relaxed set-up assumptions, in 45th Annual Symposium on Foundations of Computer Science (IEEE, 2004), pp. 186\u2013195","DOI":"10.1109\/FOCS.2004.71"},{"key":"9288_CR5","unstructured":"M.\u00a0Blum, Coin flipping by telephone, in Proceedings of IEEE COMPCOM (1982), pp. 133\u2013137"},{"key":"9288_CR6","doi-asserted-by":"crossref","unstructured":"S.\u00a0Brands, Untraceable off-line cash in wallets with observers. In Advances in Cryptology\u2014Crypto\u00a0\u201993, volume 773 of LNCS (Springer, 1994), pp. 302\u2013318","DOI":"10.1007\/3-540-48329-2_26"},{"key":"9288_CR7","doi-asserted-by":"crossref","unstructured":"R.\u00a0Canetti, Universally composable security: A new paradigm for cryptographic protocols, in 42nd Annual Symposium on Foundations of Computer Science (IEEE, 2001), pp. 136\u2013145. Full version at http:\/\/eprint.iacr.org\/2000\/067","DOI":"10.1109\/SFCS.2001.959888"},{"key":"9288_CR8","doi-asserted-by":"crossref","unstructured":"R.\u00a0Canetti, Obtaining universally compoable security: towards the bare bones of trust (invited talk), in Advances in Cryptology\u2014Asiacrypt\u00a02007, volume 4833 of LNCS (Springer, 2007), pp. 88\u2013112","DOI":"10.1007\/978-3-540-76900-2_6"},{"key":"9288_CR9","doi-asserted-by":"crossref","unstructured":"R.\u00a0Canetti, M.\u00a0Fischlin, Universally composable commitments, in Advances in Cryptology\u2014Crypto\u00a02001, volume 2139 of LNCS (Springer, 2001), pp. 19\u201340","DOI":"10.1007\/3-540-44647-8_2"},{"key":"9288_CR10","doi-asserted-by":"crossref","unstructured":"R.\u00a0Canetti, E.\u00a0Kushilevitz, Y.\u00a0Lindell, On the limitations of universally composable two-party computation without set-up assumptions. J. Cryptol. 19(2):135\u2013167 (2006)","DOI":"10.1007\/s00145-005-0419-9"},{"key":"9288_CR11","doi-asserted-by":"crossref","unstructured":"R.\u00a0Canetti, Y.\u00a0Lindell, R.\u00a0Ostrovsky, A.\u00a0Sahai, Universally composable two-party and multi-party secure computation, in 34th Annual ACM Symposium on Theory of Computing (ACM Press, 2002), pp. 494\u2013503","DOI":"10.1145\/509907.509980"},{"key":"9288_CR12","doi-asserted-by":"crossref","unstructured":"R.\u00a0Canetti, R.\u00a0Pass, A.\u00a0Shelat, Cryptography from sunspots: How to use an imperfect reference string, in 48th Annual Symposium on Foundations of Computer Science (IEEE, 2007), pp. 249\u2013259","DOI":"10.1109\/FOCS.2007.70"},{"key":"9288_CR13","doi-asserted-by":"crossref","unstructured":"N.\u00a0Chandran, V.\u00a0Goyal, A.\u00a0Sahai, New constructions for UC secure computation using tamper-proof hardware. In Advances in Cryptology\u2014Eurocrypt\u00a02008, volume 4965 of LNCS (Springer, 2008), pp. 545\u2013562","DOI":"10.1007\/978-3-540-78967-3_31"},{"key":"9288_CR14","doi-asserted-by":"crossref","unstructured":"D.\u00a0Chaum, T.\u00a0P. Pedersen, Wallet databases with observers, in Advances in Cryptology\u2014Crypto\u00a0\u201992, volume 740 of LNCS (Springer, 1993), pp. 89\u2013105","DOI":"10.1007\/3-540-48071-4_7"},{"key":"9288_CR15","doi-asserted-by":"crossref","unstructured":"R.\u00a0Cramer, T.P. Pedersen, Improved privacy in wallets with observers, in Advances in Cryptology\u2014Eurocrypt\u00a0\u201993, volume 765 of LNCS (Springer, 1993), pp. 329\u2013343","DOI":"10.1007\/3-540-48285-7_29"},{"key":"9288_CR16","doi-asserted-by":"crossref","unstructured":"I.\u00a0Damg\u00e5rd, J.B. Nielsen, D.\u00a0Wichs, Universally composable multiparty computation with partially isolated parties, in 6th Theory of Cryptography Conference\u2014TCC\u00a02009, volume 5444 of LNCS (Springer, 2009), pp. 315\u2013331","DOI":"10.1007\/978-3-642-00457-5_19"},{"key":"9288_CR17","doi-asserted-by":"crossref","unstructured":"I.\u00a0Damg\u00e5rd, T.P. Pedersen, B.\u00a0Pfitzmann, On the existence of statistically hiding bit commitment schemes and fail-stop signatures. J. Cryptol. 10(3):163\u2013194 (1997)","DOI":"10.1007\/s001459900026"},{"key":"9288_CR18","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Desmedt, J.-J. Quisquater, Public-key systems based on the difficulty of tampering (is there a difference between DES and RSA?), in Advances in Cryptology\u2014Crypto \u201986, volume 263 of LNCS (Springer, 1987), pp. 111\u2013117","DOI":"10.1007\/3-540-47721-7_9"},{"key":"9288_CR19","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Dodis, A.\u00a0Yampolskiy, A verifiable random function with short proofs and keys, in 8th Intl. Workshop on Theory and Practice in Public Key Cryptography (PKC), volume 3386 of LNCS (Springer, 2005), pp. 416\u2013431","DOI":"10.1007\/978-3-540-30580-4_28"},{"key":"9288_CR20","doi-asserted-by":"crossref","unstructured":"N.\u00a0D\u00f6ttling, D.\u00a0Kraschewski, J.M\u00fcller-Quade, Unconditional and composable security using a single stateful tamper-proof hardware token, in 8th Theory of Cryptography Conference\u2014TCC 2011, volume 6597 of LNCS (Springer, 2011), pp. 164\u2013181","DOI":"10.1007\/978-3-642-19571-6_11"},{"key":"9288_CR21","doi-asserted-by":"crossref","unstructured":"N.\u00a0D\u00f6ttling, T.\u00a0Mie, J.M\u00fcller-Quade, T.\u00a0Nilges, Implementing resettable UC-functionalities with untrusted tamper-proof hardware-tokens, in 10th Theory of Cryptography Conference\u2014TCC 2013, volume 7785 of LNCS (Springer, 2013), pp. 642\u2013661","DOI":"10.1007\/978-3-642-36594-2_36"},{"key":"9288_CR22","unstructured":"M.\u00a0Dubovitskaya, A.\u00a0Scafuro, I.\u00a0Visconti, On efficient non-interactive oblivious transfer with tamper-proof hardware, 2010. Cryptology ePrint Archive, Report 2010\/509"},{"key":"9288_CR23","doi-asserted-by":"crossref","unstructured":"M.\u00a0Fischlin, B.\u00a0Pinkas, A.-R. Sadeghi, T.\u00a0Schneider, I.\u00a0Visconti, Secure set intersection with untrusted hardware tokens, in Cryptographers\u2019 Track\u2014RSA 2011, volume 6558 of LNCS (Springer, 2011), pp. 1\u201316","DOI":"10.1007\/978-3-642-19074-2_1"},{"key":"9288_CR24","unstructured":"O.\u00a0Goldreich, Foundations of Cryptography, vol. 2: Basic Applications (Cambridge University Press, Cambridge, 2004)"},{"key":"9288_CR25","doi-asserted-by":"crossref","unstructured":"O.\u00a0Goldreich, L.A. Levin, A hard-core predicate for all one-way functions, in 21st Annual ACM Symposium on Theory of Computing (ACM Press, 1989), pp. 25\u201332","DOI":"10.1145\/73007.73010"},{"key":"9288_CR26","doi-asserted-by":"crossref","unstructured":"S.\u00a0Goldwasser, Y.T. Kalai, G.N. Rothblum, One-time programs, in Advances in Cryptology\u2014Crypto 2008, volume 5157 of LNCS (Springer, 2008), pp. 39\u201356","DOI":"10.1007\/978-3-540-85174-5_3"},{"key":"9288_CR27","doi-asserted-by":"crossref","unstructured":"S.\u00a0Goldwasser, R.\u00a0Ostrovsky, Invariant signatures and non-interactive zero-knowledge proofs are equivalent, in Advances in Cryptology\u2014Crypto \u201992, volume 740 of LNCS (Springer, 1993), pp. 228\u2013245","DOI":"10.1007\/3-540-48071-4_16"},{"key":"9288_CR28","doi-asserted-by":"crossref","unstructured":"V.\u00a0Goyal, Y.\u00a0Ishai, M.\u00a0Mahmoody, A.\u00a0Sahai, Interactive locking, zero-knowledge PCPs, and unconditional cryptography, in Advances in Cryptology\u2014Crypto 2010, volume 6223 of LNCS (Springer, 2010), pp. 173\u2013190","DOI":"10.1007\/978-3-642-14623-7_10"},{"key":"9288_CR29","doi-asserted-by":"crossref","unstructured":"V.\u00a0Goyal, Y.\u00a0Ishai, A.\u00a0Sahai, R.\u00a0Venkatesan, A.\u00a0Wadia, Founding cryptography on tamper-proof hardware tokens, in 7th Theory of Cryptography Conference\u2014TCC 2010, volume 5978 of LNCS (Springer, 2010), pp. 308\u2013326","DOI":"10.1007\/978-3-642-11799-2_19"},{"key":"9288_CR30","doi-asserted-by":"crossref","unstructured":"S.\u00a0Halevi, S.\u00a0Micali, Practical and provably-secure commitment schemes from collision-free hashing, in Advances in Cryptology\u2014Crypto \u201996, volume 1109 of LNCS (Springer, 1996), pp. 201\u2013215","DOI":"10.1007\/3-540-68697-5_16"},{"key":"9288_CR31","doi-asserted-by":"crossref","unstructured":"C.\u00a0Hazay, Y.\u00a0Lindell, Constructions of truly practical secure protocols using standard smartcards, in 15th ACM Conf. on Computer and Communications Security (ACM Press, 2008), pp. 491\u2013500","DOI":"10.1145\/1455770.1455832"},{"key":"9288_CR32","doi-asserted-by":"crossref","unstructured":"C.\u00a0Hazay, A.\u00a0Polychroniadou, M.\u00a0Venkitasubramaniam, Composable security in the tamper-proof hardware model under minimal complexity, in 14th Theory of Cryptography Conference\u2014TCC-B\u00a02016, volume 9985 of LNCS (Springer, 2016), pp. 367\u2013399. Prior versions available at https:\/\/eprint.iacr.org\/2015\/887","DOI":"10.1007\/978-3-662-53641-4_15"},{"key":"9288_CR33","doi-asserted-by":"crossref","unstructured":"D.\u00a0Hofheinz, T.\u00a0Jager, Verifiable random functions from standard assumptions, in 13th Theory of Cryptography Conference\u2014TCC-A\u00a02016, volume 9562 of LNCS (Springer, 2016), pp. 336\u2013362","DOI":"10.1007\/978-3-662-49096-9_14"},{"key":"9288_CR34","unstructured":"D.\u00a0Hofheinz, D.\u00a0Unruh, J.M\u00fcller-Quade, Universally composable zero-knowledge arguments and commitments from signature cards, in 5th Central European Conference on Cryptology (MoraviaCrypt) (2005)"},{"key":"9288_CR35","doi-asserted-by":"crossref","unstructured":"S.\u00a0Hohenberger, B.\u00a0Waters, Constructing verifiable random functions with large input spaces, in Advances in Cryptology\u2014Eurocrypt 2010, volume 6110 of LNCS (Springer, 2010), pp. 656\u2013672","DOI":"10.1007\/978-3-642-13190-5_33"},{"key":"9288_CR36","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Ishai, J.\u00a0Kilian, K.\u00a0Nissim, E.\u00a0Petrank, Extending oblivious transfers efficiently, in Advances in Cryptology\u2014Crypto 2003, volume 2729 of LNCS (Springer, 2003), pp. 145\u2013161","DOI":"10.1007\/978-3-540-45146-4_9"},{"key":"9288_CR37","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Ishai, M.\u00a0Prabhakaran, A.\u00a0Sahai, Founding cryptography on oblivious transfer\u2014efficiently, in Advances in Cryptology\u2014Crypto 2008, volume 5157 of LNCS (Springer, 2008), pp. 572\u2013591","DOI":"10.1007\/978-3-540-85174-5_32"},{"key":"9288_CR38","doi-asserted-by":"crossref","unstructured":"K.\u00a0J\u00e4rvinen, V.\u00a0Kolesnikov, A.-R. Sadeghi, T.\u00a0Schneider, Embedded SFE: offloading server and network using hardware tokens, in Financial Cryptography and Data Security 2010, volume 6052 of LNCS (Springer, 2010), pp. 207\u2013221","DOI":"10.1007\/978-3-642-14577-3_17"},{"key":"9288_CR39","doi-asserted-by":"crossref","unstructured":"J.\u00a0Katz, Universally composable multi-party computation using tamper-proof hardware, in Advances in Cryptology\u2014Eurocrypt 2007, volume 4515 of LNCS (Springer, 2007), pp. 115\u2013128","DOI":"10.1007\/978-3-540-72540-4_7"},{"key":"9288_CR40","doi-asserted-by":"crossref","unstructured":"J.\u00a0Katz, Y.\u00a0Lindell, Introduction to Modern Cryptography, 2nd edition (Chapman and Hall\/CRC Press, 2014)","DOI":"10.1201\/b17668"},{"key":"9288_CR41","doi-asserted-by":"crossref","unstructured":"J.\u00a0Kilian, Founding cryptography on oblivious transfer, in 20th Annual ACM Symposium on Theory of Computing (ACM Press, 1988), pp. 20\u201331","DOI":"10.1145\/62212.62215"},{"key":"9288_CR42","doi-asserted-by":"crossref","unstructured":"V.\u00a0Kolesnikov, Truly efficient string oblivious transfer using resettable tamper-proof tokens, in 7th Theory of Cryptography Conference\u2014TCC 2010, volume 5978 of LNCS (Springer, 2010), pp. 327\u2013342","DOI":"10.1007\/978-3-642-11799-2_20"},{"key":"9288_CR43","doi-asserted-by":"crossref","unstructured":"H.\u00a0Lin, R.\u00a0Pass, M.\u00a0Venkitasubramaniam, A unified framework for concurrent security: Universal composability from stand-alone non-malleability, in 41st Annual ACM Symposium on Theory of Computing (ACM Press, 2009), pp. 179\u2013188","DOI":"10.1145\/1536414.1536441"},{"key":"9288_CR44","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Lindell, General composition and universal composability in secure multi-party computation. J. Cryptol. 22(3):395\u2013428 (2009)","DOI":"10.1007\/s00145-008-9021-2"},{"key":"9288_CR45","doi-asserted-by":"crossref","unstructured":"H.K. Maji, M.\u00a0Prabhakaran, M.\u00a0Rosulek, Complexity of multi-party computation problems: The case of 2-party symmetric secure function evaluation, in 6th Theory of Cryptography Conference\u2014TCC 2009, volume 5444 of LNCS (Springer, 2009), pp. 256\u2013273","DOI":"10.1007\/978-3-642-00457-5_16"},{"key":"9288_CR46","doi-asserted-by":"crossref","unstructured":"S.\u00a0Micali, M.O. Rabin, S.P. Vadhan, Verifiable random functions, in 40th Annual Symposium on Foundations of Computer Science (IEEE, 1999), pp. 120\u2013130","DOI":"10.1109\/SFFCS.1999.814584"},{"key":"9288_CR47","doi-asserted-by":"crossref","unstructured":"T.\u00a0Moran, G.\u00a0Segev, David and Goliath commitments: UC computation for asymmetric parties using tamper-proof hardware, in Advances in Cryptology\u2014Eurocrypt 2008, volume 4965 of LNCS (Springer, 2008), pp. 527\u2013544","DOI":"10.1007\/978-3-540-78967-3_30"},{"key":"9288_CR48","doi-asserted-by":"crossref","unstructured":"M.\u00a0Naor, Bit commitment using pseudorandomness, J. Cryptol. 4(2):151\u2013158 (1991)","DOI":"10.1007\/BF00196774"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-018-9288-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-018-9288-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-018-9288-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,2]],"date-time":"2025-07-02T23:24:39Z","timestamp":1751498679000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-018-9288-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,3,23]]},"references-count":48,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,4]]}},"alternative-id":["9288"],"URL":"https:\/\/doi.org\/10.1007\/s00145-018-9288-x","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,3,23]]},"assertion":[{"value":"29 February 2016","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 January 2018","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 March 2018","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}