Private Mutual Authentication and Conditional Oblivious Transfer
A bi-directional Private Authentication, or Unlinkable Secret Handshake, allows two parties to authenticate each other as certified by given certification authorities (i.e. affiliated with given groups), in a mutually private way, in the sense that the protocol leaks no information about either participant to a party which does not satisfy that participant's authentication policy. In particular, the protocol hides what group this participant belongs to, and protocol instances involving the same participant are unlinkable. The authors construct the first realization of such private authentication using O(1) exponentiations and bilinear maps, secure under Strong Diffie-Hellman and Decisional Linear assumptions.