AAC-OT: Accountable Oblivious Transfer With Access Control

To prevent illegal users accessing the database and protect users´ privacy, oblivious transfer with access control (AC-OT) was proposed. In an AC-OT scheme, the database provider can encrypt the records and publish corresponding access control lists (ACLs). Prior to accessing the records, a user needs to obtain anonymous credentials from the issuer. Subsequently, an authorized user can obtain the intended records without the database provider knowing its choices. Although AC-OT schemes have shown a lot of merits, there are some practical issues: 1) one of the inherited problems in anonymous credentials is timely revocation and 2) how to prevent malicious users overusing the records. In this paper, we propose an accountable AC-OT scheme to address these issues. In our scheme, an authorized user can access the protected records without the database provider knowing his personal information and choices if: 1) he has obtained the required credentials listed in the ACLs and 2) the number of the access times for each record is no more than the specified bound. Notably, the database provider can trace and revoke the user who overused the records even in the lifetime of his credentials. To the best of our knowledge, it is the first AC-OT scheme where timely revocation and overuse detection are considered.