Wei Yang,Liusheng Huang,Yonglong Luo,Mingjun Xiao

2006-01-01

Abstract:Oblivious transfer (OT) is an important primitive in cryptography. In chosen one-out-of-two OT, Alice offers two bits, one of which Bob can choose to read, not learning any information about the other bit. Alice on the other hand does not obtain any information about Bob’s choice. We present a new technique for the same task in quantum environment, based on POVM measurements. It is shown that our method has two important advantages over the previous approaches. First, it is unconditionally secure without invoking a commitment scheme, and second, it is more efficient in terms of communication complexity.

YANG Wei,HUANG Liu-sheng,LUO Yong-long,CHEN Guo-liang

DOI: https://doi.org/10.3321/j.issn:0372-2112.2007.08.024

2007-01-01

Abstract:As a basic protocol of Secure Multi-party Computation,Oblivious Transfer(OT) is of significant research and application value.Most of previous oblivious transfer protocols in classical environment rely either on public-key cryptography or on additional computational assumptions which will be very vulnerable under quantum mechanics.Based on the characteristics of Bell States,a new quantum oblivious transfer protocol is proposed in this paper.The correctness and security of the protocol are analyzed and proved.The protocol is secure in the presence of noise on the channel and a potential eavesdropper.Comparing with oblivious transfer protocols in classical computational environment,the protocol in this paper is superior in security,soundness and wire-tapping detecting.

Esther Hänggi,Severin Winkler

2024-07-15

Abstract:Oblivious transfer (OT) is a fundamental primitive for secure two-party computation. It is well known that OT cannot be implemented with information-theoretic security if the two players only have access to noiseless communication channels, even in the quantum case. As a result, weaker variants of OT have been studied. In this work, we rigorously establish the impossibility of cheat-sensitive OT, where a dishonest party can cheat, but risks being detected. We construct a general attack on any quantum protocol that allows the receiver to compute all inputs of the sender and provide an explicit upper bound on the success probability of this attack. This implies that cheat-sensitive quantum Symmetric Private Information Retrieval cannot be implemented with statistical information-theoretic security. Leveraging the techniques devised for our proofs, we provide entropic bounds on primitives needed for secure function evaluation. They imply impossibility results for protocols where the players have access to OT as a resource. This result significantly improves upon existing bounds and yields tight bounds for reductions of 1-out-of-n OT to a resource primitive. Our results hold in particular for transformations between a finite number of primitives and for any error.

Quantum Physics,Cryptography and Security

Eleni Diamanti,Alex B. Grilo,Adriano Innocenzi,Pascal Lefebvre,Verena Yacoub,Álvaro Yángüez

2024-11-04

Abstract:We present a new simulation-secure quantum oblivious transfer (QOT) protocol based on one-way functions in the plain model. With a focus on practical implementation, our protocol surpasses prior works in efficiency, promising feasible experimental realization. We address potential experimental errors and their correction, offering analytical expressions to facilitate the analysis of the required quantum resources. Technically, we achieve simulation security for QOT through an equivocal and relaxed-extractable quantum bit commitment.

Quantum Physics

Aydin Abadi,Yvo Desmedt

2024-08-25

Abstract:Oblivious Transfer (OT) is a fundamental cryptographic protocol with applications in secure Multi-Party Computation, Federated Learning, and Private Set Intersection. With the advent of quantum computing, it is crucial to develop unconditionally secure core primitives like OT to ensure their continued security in the post-quantum era. Despite over four decades since OT's introduction, the literature has predominantly relied on computational assumptions, except in cases using unconventional methods like noisy channels or a fully trusted party. Introducing "Supersonic OT", a highly efficient and unconditionally secure OT scheme that avoids public-key-based primitives, we offer an alternative to traditional approaches. Supersonic OT enables a receiver to obtain a response of size O(1). Its simple (yet non-trivial) design facilitates easy security analysis and implementation. The protocol employs a basic secret-sharing scheme, controlled swaps, the one-time pad, and a third-party helper who may be corrupted by a semi-honest adversary. Our implementation and runtime analysis indicate that a single instance of Supersonic OT completes in 0.35 milliseconds, making it up to 2000 times faster than the state-of-the-art base OT.

Cryptography and Security,Databases,Machine Learning

Manuel B. Santos,Paulo Mateus,Armando N. Pinto

DOI: https://doi.org/10.3390/e24070945

2022-06-26

Abstract:Quantum cryptography is the field of cryptography that explores the quantum properties of matter. Its aim is to develop primitives beyond the reach of classical cryptography or to improve on existing classical implementations. Although much of the work in this field is dedicated to quantum key distribution (QKD), some important steps were made towards the study and development of quantum oblivious transfer (QOT). It is possible to draw a comparison between the application structure of both QKD and QOT primitives. Just as QKD protocols allow quantum-safe communication, QOT protocols allow quantum-safe computation. However, the conditions under which QOT is actually quantum-safe have been subject to a great amount of scrutiny and study. In this review article, we survey the work developed around the concept of oblivious transfer in the area of theoretical quantum cryptography, with an emphasis on some proposed protocols and their security requirements. We review the impossibility results that daunt this primitive and discuss several quantum security models under which it is possible to prove QOT security.

Quantum Physics

Wei Yang,Liusheng Huang,Yifei Yao,Zhili Chen

DOI: https://doi.org/10.1109/FGCN.2007.189

2007-01-01

Abstract:Oblivious transfer is an interesting cryptographic task in which one party Alice aims to transfer one of her two bits to the other party Bob, with the assurance that he can choose freely his bit, but is not able to obtain the two bits simultaneously. Bob on the other hand wants to be sure that Alice should not be capable of inferring what bit he has chosen. Quantum oblivious transfer (QOT) scheme outperforms its classical counterpart for its higher security and eavesdropping detecting ability. In this paper, we present a new and novel QOT protocol based on tripartite entangled states, which can be proven to be secure against any quantum attacking strategy allowed by physical laws.

Bo Mi,Darong Huang,Shaohua Wan,Libo Mi,Jianqiu Cao

DOI: https://doi.org/10.1109/access.2018.2846798

IF: 3.9

2018-01-01

IEEE Access

Abstract:Oblivious transfer (OT) is the most fundamental process in cryptosystems and serves as the basic building block for implementing protocols, such as the secure multi-party computation and the fair electronic contract. However, since most implementations of the Internet of Things are time-sensitive, existing works that are based on traditional public cryptosystems are not efficient or secure under quantum machine attacks. In this paper, we argued that the fastest known 1-out-of-n oblivious transfer (OTn1) protocol, which was proposed by Chou, cannot achieve semantic security and is time-consuming due to exponent arithmetic of large parameters. Utilizing NTRUEncrypt and OT extension, we devised a one-round post-quantum secure OTn1 protocol that is also proved to be active and adaptively secure under the universal composability framework. Compared with Chou's protocol, the computational overheads of our scheme are approximately 6 and 1.7 times smaller on the sender and receiver sides, in line with the standard security level.

Cosmo Lupo,James T. Peat,Erika Andersson,Pieter Kok

DOI: https://doi.org/10.1103/PhysRevResearch.5.033163

2023-09-09

Abstract:The noisy-storage model of quantum cryptography allows for information-theoretically secure two-party computation based on the assumption that a cheating user has at most access to an imperfect, noisy quantum memory, whereas the honest users do not need a quantum memory at all. In general, the more noisy the quantum memory of the cheating user, the more secure the implementation of oblivious transfer, which is a primitive that allows universal secure two-party and multi-party computation. For experimental implementations of oblivious transfer, one has to consider that also the devices held by the honest users are lossy and noisy, and error correction needs to be applied to correct these trusted errors. The latter are expected to reduce the security of the protocol, since a cheating user may hide themselves in the trusted noise. Here we leverage entropic uncertainty relations to derive tight bounds on the security of oblivious transfer with a trusted and untrusted noise. In particular, we discuss noisy storage and bounded storage, with independent and correlated noise.

Quantum Physics

Slim Bettaieb,Loïc Bidoux,Olivier Blazy,Baptiste Cottier,David Pointcheval

DOI: https://doi.org/10.48550/arXiv.2209.04149

2022-09-09

Abstract:Oblivious Transfer (OT) is a major primitive for secure multiparty computation. Indeed, combined with symmetric primitives along with garbled circuits, it allows any secure function evaluation between two parties. In this paper, we propose a new approach to build OT protocols. Interestingly, our new paradigm features a security analysis in the Universal Composability (UC) framework and may be instantiated from post-quantum primitives. In order to do so, we define a new primitive named Smooth Projective Hash Function with Grey Zone (SPHFwGZ) which can be seen as a relaxation of the classical Smooth Projective Hash Functions, with a subset of the words for which one cannot claim correctness nor smoothness: the grey zone. As a concrete application, we provide two instantiations of SPHFwGZ respectively based on the Diffie-Hellman and the Learning With Errors (LWE) problems. Hence, we propose a quantum-resistant OT protocol with UC-security in the random oracle model.

Cryptography and Security

Yang Wei,Liusheng Huang,Qiyan Wang

2006-01-01

WSEAS TRANSACTIONS ON COMPUTERS

Abstract:In an Oblivious Transfer (OT) protocol, Alice has two messages and is willing to send one of them to Bob, with the guarantee that no information about another message will be obtained. Moreover, Bob can freely choose his message and wants to ensure that Alice can obtain no information about which of her message he has picked. A 1-out-of-n OT is the natural extension of normal OT to the case of n messages. The security achieved by previous constructions for this primitive is not desirable. In this paper, we present a new quantum 1-out-of-n Oblivious Transfer scheme, which is unconditionally secure for both participants. We also give a scheme for a related cryptographic task, i.e. All-or-Nothing Disclosure of Secrets (ANDOS), utilizing our new quantum OT protocol.

Léo Colisson,Garazi Muguruza,Florian Speelman

2023-10-12

Abstract:We provide a generic construction to turn any classical Zero-Knowledge (ZK) protocol into a composable (quantum) oblivious transfer (OT) protocol, mostly lifting the round-complexity properties and security guarantees (plain-model/statistical security/unstructured functions...) of the ZK protocol to the resulting OT protocol. Such a construction is unlikely to exist classically as Cryptomania is believed to be different from Minicrypt. In particular, by instantiating our construction using Non-Interactive ZK (NIZK), we provide the first round-optimal (2-message) quantum OT protocol secure in the random oracle model, and round-optimal extensions to string and k-out-of-n OT. At the heart of our construction lies a new method that allows us to prove properties on a received quantum state without revealing additional information on it, even in a non-interactive way, without public-key primitives, and/or with statistical guarantees when using an appropriate classical ZK protocol. We can notably prove that a state has been partially measured (with arbitrary constraints on the set of measured qubits), without revealing any additional information on this set. This notion can be seen as an analog of ZK to quantum states, and we expect it to be of independent interest as it extends complexity theory to quantum languages, as illustrated by the two new complexity classes we introduce, ZKstatesQIP and ZKstatesQMA.

Quantum Physics,Cryptography and Security

Manuel B. Santos,Paulo Mateus,Chrysoula Vlachou

2024-10-19

Abstract:Oblivious linear evaluation is a generalization of oblivious transfer, whereby two distrustful parties obliviously compute a linear function, f (x) = ax + b, i.e., each one provides their inputs that remain unknown to the other, in order to compute the output f (x) that only one of them receives. From both a structural and a security point of view, oblivious linear evaluation is fundamental for arithmetic-based secure multi-party computation protocols. In the classical case, oblivious linear evaluation protocols can be generated using oblivious transfer, and their quantum counterparts can, in principle, be constructed as straightforward extensions using quantum oblivious transfer. Here, we present the first, to the best of our knowledge, quantum protocol for oblivious linear evaluation that, furthermore, does not rely on quantum oblivious transfer. We start by presenting a semi-honest protocol, and then extend it to the dishonest setting employing a commit-and-open strategy. Our protocol uses high-dimensional quantum states to obliviously compute f (x) on Galois Fields of prime and prime-power dimension. These constructions utilize the existence of a complete set of mutually unbiased bases in prime-power dimension Hilbert spaces and their linear behaviour upon the Heisenberg-Weyl operators. We also generalize our protocol to achieve vector oblivious linear evaluation, where several instances of oblivious linear evaluation are generated, thus making the protocol more efficient. We prove the protocols to have static security in the framework of quantum universal composability.

Quantum Physics

Kai-Yi Zhang,An-Jing Huang,Kun Tu,Ming-Han Li,Chi Zhang,Wei Qi,Ya-Dong Wu,Yu Yu

2024-11-07

Abstract:Secure multiparty computation enables collaborative computations across multiple users while preserving individual privacy, which has a wide range of applications in finance, machine learning and healthcare. Secure multiparty computation can be realized using oblivious transfer as a primitive function. In this paper, we present an experimental implementation of a quantum-secure quantum oblivious transfer (QOT) protocol using an adapted quantum key distribution system combined with a bit commitment scheme, surpassing previous approaches only secure in the noisy storage model. We demonstrate the first practical application of the QOT protocol by solving the private set intersection, a prime example of secure multiparty computation, where two parties aim to find common elements in their datasets without revealing any other information. In our experiments, two banks can identify common suspicious accounts without disclosing any other data. This not only proves the experimental functionality of QOT, but also showcases its real-world commercial applications.

Quantum Physics,Cryptography and Security

Lara Stroh,James T. Peat,Mats Kroneberg,Ittoop V. Puthoor,Erika Andersson

DOI: https://doi.org/10.1103/PhysRevResearch.6.043004

2024-10-08

Abstract:Oblivious transfer between two untrusting parties is an important primitive in cryptography. There are different variants of oblivious transfer. In Rabin oblivious transfer, the sender Alice holds a bit, and the receiver Bob either obtains the bit, or obtains no information with probability $p_?$. Alice should not know whether or not Bob obtained the bit. We examine a quantum Rabin oblivious transfer (OT) protocol that uses two pure states. Investigating different cheating scenarios for the sender and for the receiver, we determine optimal cheating probabilities in each case. Comparing the quantum Rabin oblivious transfer protocol to classical Rabin oblivious transfer protocols, we show that the quantum protocol outperforms classical protocols, which do not use a third party, for some values of $p_?$. We find that quantum Rabin OT protocols that use mixed states can outperform quantum Rabin OT protocols that use pure states for some values of $p_?$.

Quantum Physics

Bo Mi,Darong Huang,Shaohua Wan,Yu Hu,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1016/j.compeleceng.2019.01.021

IF: 4.152

2019-01-01

Computers & Electrical Engineering

Abstract:Security is a key concern in any loT deployment, particularly if we have to take into consideration future attacks facilitated by the use of quantum computers. Therefore, in this paper, we present a post-quantum lightweight 1-out-n oblivious transfer (OT) protocol, based on the NTRU cryptographic primitive. Compared to the OT scheme proposed by Chou and Orlandi in LATINCRYPT 2015, our protocol is more suitable for deployment in heterogeneous and distributed environment, due to the reusability of encoded data set. Findings from the performance evaluation indicate that the proposed protocol outperforms that of Chou and Orlandi [13] protocol, in terms of computation and communication costs. (C) 2019 Elsevier Ltd. All rights reserved.

Stephanie Wehner,Marcos Curty,Christian Schaffner,Hoi-Kwong Lo

DOI: https://doi.org/10.1103/PhysRevA.81.052336

2011-04-29

Abstract:The noisy-storage model allows the implementation of secure two-party protocols under the sole assumption that no large-scale reliable quantum storage is available to the cheating party. No quantum storage is thereby required for the honest parties. Examples of such protocols include bit commitment, oblivious transfer and secure identification. Here, we provide a guideline for the practical implementation of such protocols. In particular, we analyze security in a practical setting where the honest parties themselves are unable to perform perfect operations and need to deal with practical problems such as errors during transmission and detector inefficiencies. We provide explicit security parameters for two different experimental setups using weak coherent, and parametric down conversion sources. In addition, we analyze a modification of the protocols based on decoy states.

Quantum Physics

André Chailloux,Iordanis Kerenidis,Jamie Sikora

DOI: https://doi.org/10.48550/arXiv.1007.1875

2013-03-23

Abstract:Oblivious transfer is a fundamental primitive in cryptography. While perfect information theoretic security is impossible, quantum oblivious transfer protocols can limit the dishonest players' cheating. Finding the optimal security parameters in such protocols is an important open question. In this paper we show that every 1-out-of-2 oblivious transfer protocol allows a dishonest party to cheat with probability bounded below by a constant strictly larger than 1/2. Alice's cheating is defined as her probability of guessing Bob's index, and Bob's cheating is defined as his probability of guessing both input bits of Alice. In our proof, we relate these cheating probabilities to the cheating probabilities of a coin flipping protocol and conclude by using Kitaev's coin flipping lower bound. Then, we present an oblivious transfer protocol with two messages and cheating probabilities at most 3/4. Last, we extend Kitaev's semidefinite programming formulation to more general primitives, where the security is against a dishonest player trying to force the outcome of the other player, and prove optimal lower and upper bounds for them.

Quantum Physics

James Bartusek,Dakshita Khurana

2024-11-07

Abstract:We put forth Oblivious State Preparation (OSP) as a cryptographic primitive that unifies techniques developed in the context of a quantum server interacting with a classical client. OSP allows a classical polynomial-time sender to input a choice of one out of two public observables, and a quantum polynomial-time receiver to recover an eigenstate of the corresponding observable -- while keeping the sender's choice hidden from any malicious receiver. We obtain the following results: - The existence of (plain) trapdoor claw-free functions implies OSP, and the existence of dual-mode trapdoor claw-free functions implies round-optimal (two-round) OSP. - OSP implies the existence of proofs of quantumness, test of a qubit, blind classical delegation of quantum computation, and classical verification of quantum computation. - Two-round OSP implies quantum money with classical communication, classically-verifiable position verification, and (additionally assuming classical FHE with log-depth decryption) quantum FHE. Several of these applications were previously only known via tailored LWE-based constructions, whereas our OSP-based constructions yield new results from a wider variety of assumptions, including hard problems on cryptographic group actions. Finally, towards understanding the minimal hardness assumptions required to realize OSP, we prove the following: - OSP implies oblivious transfer between one classical and one quantum party. - Two-round OSP implies public-key encryption with classical keys and ciphertexts. In particular, these results help to ''explain'' the use of public-key cryptography in the known approaches to establishing a ''classical leash'' on a quantum server. For example, combined with a result of Austrin et al. (CRYPTO 22), we conclude that perfectly-correct OSP cannot exist unconditionally in the (quantum) random oracle model.

Quantum Physics,Cryptography and Security

David Reichmuth,Ittoop Vergheese Puthoor,Petros Wallden,Erika Andersson

2024-09-26

Abstract:Oblivious transfer is a fundamental cryptographic primitive which is useful for secure multiparty computation. There are several variants of oblivious transfer. We consider 1 out of 2 oblivious transfer, where a sender sends two bits of information to a receiver. The receiver only receives one of the two bits, while the sender does not know which bit the receiver has received. Perfect quantum oblivious transfer with information theoretic security is known to be impossible. We aim to find the lowest possible cheating probabilities. Bounds on cheating probabilities have been investigated for complete protocols, where if both parties follow the protocol, the bit value obtained by the receiver matches the sender bit value. We instead investigate incomplete protocols, where the receiver obtains an incorrect bit value with probability pf. We present optimal non interactive protocols where Alice bit values are encoded in four symmetric pure quantum states, and where she cannot cheat better than with a random guess. We find the protocols such that for a given pf, Bob cheating probability pr is as low as possible, and vice versa. Furthermore, we show that non-interactive quantum protocols can outperform non-interactive classical protocols, and give a lower bound on Bob cheating probability in interactive quantum protocols. Importantly for optical implementations, our protocols do not require entanglement nor quantum memory.

Quantum Physics