Efficient and Adaptive Procurement Protocol with Purchasing Privacy

A procurement protocol is a protocol for a buyer to purchase digital goods at their prices from a vendor. A procurement protocol with privacy preservation can be achieved by priced oblivious transfer (POT). POT allows the buyer to obliviously procure items one by one. An adaptive POT protocol only consumes $O(1)$O(1) communication cost in each transaction, where all items are committed and encrypted before transactions. However, we found that the state-of-the-art adaptive POT protocol proposed by Rial et al. is less practical and does not meet real-world needs. It has to restrict to the one-buyer setting where all items are encrypted associated with one buyer's public key. For multiple buyers, the vendor must respectively encrypt all the same items for each buyer. Besides, it has to employ computationally expensive primitives such as zero-knowledge proof which imply inefficient computation operations. It is therefore unscalable and unsuitable in large-scale applications. In this paper, we propose an efficient adaptive priced oblivious transfer protocol to address the aforementioned problems. The proposed adaptive POT is built on top of a new cryptographic primitive, namely, adaptive set membership encryption (ASME). In our proposed protocol, all items are encrypted without the use of buyers' public keys and hence they can be used for universal buyers. Our protocol significantly reduces the transaction cost compared to existing schemes. For example, the communication in each transaction costs only 6 group elements compared to at least 141 group elements in Rial et al.'s protocol. The implementation shows that our protocol is efficient in terms of bandwidth and computational cost.