Aydin Abadi,Yvo Desmedt

2024-08-25

Abstract:Oblivious Transfer (OT) is a fundamental cryptographic protocol with applications in secure Multi-Party Computation, Federated Learning, and Private Set Intersection. With the advent of quantum computing, it is crucial to develop unconditionally secure core primitives like OT to ensure their continued security in the post-quantum era. Despite over four decades since OT's introduction, the literature has predominantly relied on computational assumptions, except in cases using unconventional methods like noisy channels or a fully trusted party. Introducing "Supersonic OT", a highly efficient and unconditionally secure OT scheme that avoids public-key-based primitives, we offer an alternative to traditional approaches. Supersonic OT enables a receiver to obtain a response of size O(1). Its simple (yet non-trivial) design facilitates easy security analysis and implementation. The protocol employs a basic secret-sharing scheme, controlled swaps, the one-time pad, and a third-party helper who may be corrupted by a semi-honest adversary. Our implementation and runtime analysis indicate that a single instance of Supersonic OT completes in 0.35 milliseconds, making it up to 2000 times faster than the state-of-the-art base OT.

Cryptography and Security,Databases,Machine Learning

YANG Wei,HUANG Liu-sheng,LUO Yong-long,CHEN Guo-liang

DOI: https://doi.org/10.3321/j.issn:0372-2112.2007.08.024

2007-01-01

Abstract:As a basic protocol of Secure Multi-party Computation,Oblivious Transfer(OT) is of significant research and application value.Most of previous oblivious transfer protocols in classical environment rely either on public-key cryptography or on additional computational assumptions which will be very vulnerable under quantum mechanics.Based on the characteristics of Bell States,a new quantum oblivious transfer protocol is proposed in this paper.The correctness and security of the protocol are analyzed and proved.The protocol is secure in the presence of noise on the channel and a potential eavesdropper.Comparing with oblivious transfer protocols in classical computational environment,the protocol in this paper is superior in security,soundness and wire-tapping detecting.

Wei Yang,Liusheng Huang,Yonglong Luo,Mingjun Xiao

2006-01-01

Abstract:Oblivious transfer (OT) is an important primitive in cryptography. In chosen one-out-of-two OT, Alice offers two bits, one of which Bob can choose to read, not learning any information about the other bit. Alice on the other hand does not obtain any information about Bob’s choice. We present a new technique for the same task in quantum environment, based on POVM measurements. It is shown that our method has two important advantages over the previous approaches. First, it is unconditionally secure without invoking a commitment scheme, and second, it is more efficient in terms of communication complexity.

Zhao Shengnan,Jiang Han,Wei Xiaochao,Ke Junming,Zhao Minghao

DOI: https://doi.org/10.7544/issn1000-1239.2017.20170463

2017-01-01

Journal of Computer Research and Development

Abstract:Oblivious transfer (OT ) is a cryptographic primitive used for choice information hiding for the receiver .As a basic tool for high-level multi-party cryptographic protocol construction ,it plays an important role in numerous specific applications .In the k-out-of-n OT (OT k n ) ,the receiver acquires k selections among the n choice in an oblivious manner .Generally ,the construction of the OT kn involves lots of group exponential operations ,which brings a heavy burden for embedded devices with limited computational capabilities . With the proliferation of cloud computing ,it is feasible to implement complex cryptographic primitives with the support of powerful computing recourse and high-speed dedicated network provided by the cloud service provider (CSP) .In this paper ,we propose a service-assisted k-out-of-n OT protocol in single server architecture ,which outsources the vast majority of exponentiation operations to the cloud . This scheme is constructed with secret sharing and other fundamental public-key primitives ,and it achieves provable security on none-collusion semi-honest model under the decisional Diffie-Hellamn (DDH) hard problem ;meanwhile it ensures data privacy against the cloud server .Besides ,a detailed description of scheme construction and security proof is presented in the context .As a basic cryptographic primitive in cloud environment ,the single server-added oblivious transfer protocol will play an important role in designs of general cloud-assisted multi-party computation protocol as well as developments of secure and efficient cloud service software .

Eleni Diamanti,Alex B. Grilo,Adriano Innocenzi,Pascal Lefebvre,Verena Yacoub,Álvaro Yángüez

2024-11-04

Abstract:We present a new simulation-secure quantum oblivious transfer (QOT) protocol based on one-way functions in the plain model. With a focus on practical implementation, our protocol surpasses prior works in efficiency, promising feasible experimental realization. We address potential experimental errors and their correction, offering analytical expressions to facilitate the analysis of the required quantum resources. Technically, we achieve simulation security for QOT through an equivocal and relaxed-extractable quantum bit commitment.

Quantum Physics

Ricardo Faleiro,Manuel Goulão,Leonardo Novo,Emmanuel Zambrini Cruzeiro

2024-10-11

Abstract:Few primitives are as intertwined with the foundations of cryptography as Oblivious Transfer (OT). Not surprisingly, with the advent of the use of quantum resources in information processing, OT played a central role in establishing new possibilities (and defining impossibilities) pertaining to the use of these novel assets. A major research path is minimizing the required assumptions to achieve OT, and studying their consequences. Regarding its computation, it is impossible to construct unconditionally-secure OT without extra assumptions; and, regarding communication complexity, achieving 1-shot (and even non-interactive) OT has proved to be an elusive task, widely known to be impossible classically. Moreover, this has strong consequencesfor realizing round-optimal secure computation, in particular 1-shot 2-Party Computation (2PC). In this work, three main contributions are evidenced by leveraging quantum resources: 1. Unconditionally-secure 2-message non-interactive OT protocol constructed in the Noisy-Quantum-Storage Model. 2. 1-shot OT in the Noisy-Quantum-Storage Model -- proving that this construction is possible assuming the existence of one-way functions and sequential functions. 3. 1-shot 2PC protocol compiled from a semi-honest 1-shot OT to semi-honest 1-shot Yao's Garbled Circuits protocol.

Quantum Physics,Cryptography and Security

J. Mueller-Quade,H. Imai

DOI: https://doi.org/10.48550/arXiv.cs/0011004

2000-12-03

Abstract:In this short note we want to introduce {\em anonymous oblivious transfer} a new cryptographic primitive which can be proven to be strictly more powerful than oblivious transfer. We show that all functions can be robustly realized by multi party protocols with {\em anonymous oblivious transfer}. No assumption about possible collusions of cheaters or disruptors have to be made. Furthermore we shortly discuss how to realize anonymous oblivious transfer with oblivious broadcast or by quantum cryptography. The protocol of anonymous oblivious transfer was inspired by a quantum protocol: the anonymous quantum channel.

Cryptography and Security

吴建军,高济

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.07.012

2004-01-01

Abstract:A mobile agent protection scheme based on the non-interactive secure function evaluation was presented using an optimized oblivious transfer (OT) protocol. Most overheads of an OT protocol are modular exponentiations, which are computationally intensive tasks. The expansion from 1-out-of-2 OT protocol to 1-out-of-N OT protocol and the combination of N 1-out-of-2 OT protocol to one 1-out-of-N OT protocol defined a new simultaneous 1-out-of-N OT protocol, where the number of modular exponentiation was consequently reduced to a small constant. The simultaneous OT protocol and the encrypted circuit construction were combined to obtain a non-interactive secure function evaluation protocol. Source host proceeded as Alice, and multiple hosts proceeded as Bob. Each host contributed the part of encrypted circuit that represented its function, thus the resulting encrypted circuit became a cascade of sub-circuits. It is proved that the new scheme has lower overhead and more security, and is easier to implement than other similar systems.

Manuel B. Santos,Paulo Mateus,Armando N. Pinto

DOI: https://doi.org/10.3390/e24070945

2022-06-26

Abstract:Quantum cryptography is the field of cryptography that explores the quantum properties of matter. Its aim is to develop primitives beyond the reach of classical cryptography or to improve on existing classical implementations. Although much of the work in this field is dedicated to quantum key distribution (QKD), some important steps were made towards the study and development of quantum oblivious transfer (QOT). It is possible to draw a comparison between the application structure of both QKD and QOT primitives. Just as QKD protocols allow quantum-safe communication, QOT protocols allow quantum-safe computation. However, the conditions under which QOT is actually quantum-safe have been subject to a great amount of scrutiny and study. In this review article, we survey the work developed around the concept of oblivious transfer in the area of theoretical quantum cryptography, with an emphasis on some proposed protocols and their security requirements. We review the impossibility results that daunt this primitive and discuss several quantum security models under which it is possible to prove QOT security.

Quantum Physics

Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-24316-5_6

2011-01-01

Abstract:During an adaptive oblivious transfer (OT), a sender has n private documents, and a receiver can adaptively fetch k documents from them such that the sender learns nothing about the receiver’s selection and the receiver learns nothing more than those k documents. Most recent fully simulatable adaptive OT schemes are based on so-called “assisted decryption” or “blind decryption”. In this paper, we revisit another technique, “blind permute-decryption”, for designing adaptive OT. We propose an efficient generic fully simulatable oblivious transfer framework with statistical receiver’s privacy that based on “blind permute-decryption” together with three concrete installations. The first one is based on Elgamal, so the corresponding OT is secure under classical DDH assumption. The second one is based on Paillier, so the corresponding OT is secure under Decisional n-th Residuosity assumption. Besides, we introduce an extended zero-knowledge proof framework with several applications.

J. Rodrigues,P. Mateus,N. Paunković,A. Souto

DOI: https://doi.org/10.1088/1751-8121/aa6a69

2017-09-04

Abstract:We present a bit-string quantum oblivious transfer protocol based on single-qubit rotations. Our protocol is built upon a previously proposed quantum public-key protocol and its practical security relies on the laws of Quantum Mechanics. Practical security is reflected in the fact that, due to technological limitations, the receiver (Bob) of the transferred bit-string is restricted to performing only "few-qubit" coherent measurements. We also present a single-bit oblivious transfer based on the proposed bit-string protocol. The protocol can be implemented with current technology based on optics.

Quantum Physics,Information Theory

Kai-Yi Zhang,An-Jing Huang,Kun Tu,Ming-Han Li,Chi Zhang,Wei Qi,Ya-Dong Wu,Yu Yu

2024-11-07

Abstract:Secure multiparty computation enables collaborative computations across multiple users while preserving individual privacy, which has a wide range of applications in finance, machine learning and healthcare. Secure multiparty computation can be realized using oblivious transfer as a primitive function. In this paper, we present an experimental implementation of a quantum-secure quantum oblivious transfer (QOT) protocol using an adapted quantum key distribution system combined with a bit commitment scheme, surpassing previous approaches only secure in the noisy storage model. We demonstrate the first practical application of the QOT protocol by solving the private set intersection, a prime example of secure multiparty computation, where two parties aim to find common elements in their datasets without revealing any other information. In our experiments, two banks can identify common suspicious accounts without disclosing any other data. This not only proves the experimental functionality of QOT, but also showcases its real-world commercial applications.

Quantum Physics,Cryptography and Security

Lara Stroh,James T. Peat,Mats Kroneberg,Ittoop V. Puthoor,Erika Andersson

DOI: https://doi.org/10.1103/PhysRevResearch.6.043004

2024-10-08

Abstract:Oblivious transfer between two untrusting parties is an important primitive in cryptography. There are different variants of oblivious transfer. In Rabin oblivious transfer, the sender Alice holds a bit, and the receiver Bob either obtains the bit, or obtains no information with probability $p_?$. Alice should not know whether or not Bob obtained the bit. We examine a quantum Rabin oblivious transfer (OT) protocol that uses two pure states. Investigating different cheating scenarios for the sender and for the receiver, we determine optimal cheating probabilities in each case. Comparing the quantum Rabin oblivious transfer protocol to classical Rabin oblivious transfer protocols, we show that the quantum protocol outperforms classical protocols, which do not use a third party, for some values of $p_?$. We find that quantum Rabin OT protocols that use mixed states can outperform quantum Rabin OT protocols that use pure states for some values of $p_?$.

Quantum Physics

Esther Hänggi,Severin Winkler

2024-07-15

Abstract:Oblivious transfer (OT) is a fundamental primitive for secure two-party computation. It is well known that OT cannot be implemented with information-theoretic security if the two players only have access to noiseless communication channels, even in the quantum case. As a result, weaker variants of OT have been studied. In this work, we rigorously establish the impossibility of cheat-sensitive OT, where a dishonest party can cheat, but risks being detected. We construct a general attack on any quantum protocol that allows the receiver to compute all inputs of the sender and provide an explicit upper bound on the success probability of this attack. This implies that cheat-sensitive quantum Symmetric Private Information Retrieval cannot be implemented with statistical information-theoretic security. Leveraging the techniques devised for our proofs, we provide entropic bounds on primitives needed for secure function evaluation. They imply impossibility results for protocols where the players have access to OT as a resource. This result significantly improves upon existing bounds and yields tight bounds for reductions of 1-out-of-n OT to a resource primitive. Our results hold in particular for transformations between a finite number of primitives and for any error.

Quantum Physics,Cryptography and Security

Slim Bettaieb,Loïc Bidoux,Olivier Blazy,Baptiste Cottier,David Pointcheval

DOI: https://doi.org/10.48550/arXiv.2209.04149

2022-09-09

Abstract:Oblivious Transfer (OT) is a major primitive for secure multiparty computation. Indeed, combined with symmetric primitives along with garbled circuits, it allows any secure function evaluation between two parties. In this paper, we propose a new approach to build OT protocols. Interestingly, our new paradigm features a security analysis in the Universal Composability (UC) framework and may be instantiated from post-quantum primitives. In order to do so, we define a new primitive named Smooth Projective Hash Function with Grey Zone (SPHFwGZ) which can be seen as a relaxation of the classical Smooth Projective Hash Functions, with a subset of the words for which one cannot claim correctness nor smoothness: the grey zone. As a concrete application, we provide two instantiations of SPHFwGZ respectively based on the Diffie-Hellman and the Learning With Errors (LWE) problems. Hence, we propose a quantum-resistant OT protocol with UC-security in the random oracle model.

Cryptography and Security

Bingsheng Zhang,Helger Lipmaa,Cong Wang,Kui Ren

DOI: https://doi.org/10.1007/978-3-642-39884-1_8

2013-01-01

Abstract:During an adaptive k-out-of-N oblivious transfer (OT), a sender has N private documents, and a receiver wants to adaptively fetch k documents from them such that the sender learns nothing about the receiver’s selection and the receiver learns nothing more than those chosen documents. Many fully simulatable and universally composable adaptive OT schemes have been proposed, but those schemes typically require \(\mathcal{O}(N)\) communication in the initialization phase, which yields \(\mathcal{O}(N)\) overall communication. On the other hand, in some applications, the receiver just needs to fetch a small number of documents, so the initialization cost dominates in the entire protocol, especially for 1-out-of-N OT. We propose the first fully simulatable adaptive OT with sublinear communication under the DDH assumption in the plain model. Our scheme has \(\mathcal{O}(N^{1/2})\) communication in both the initialization phase and each transfer phase. It achieves better (amortized) overall communication complexity compared to existing schemes when \(k=\mathcal{O}(N^{1/2})\).

Chuan Zhao,Han Jiang,Xiaochao Wei,Qiuliang Xu,Minghao Zhao

DOI: https://doi.org/10.1109/trustcom.2015.398

2015-01-01

Abstract:Oblivious transfer is a fundamental tool in cryptographic protocols, especially in secure two-party computation. In TCC 2011, Lindell and Pinkas proposed a variant called cut-and-choose oblivious transfer, which did a great job in solving the selective failure attack in secure two-party computation protocols based on cut-and-choose paradigm. In this paper, we present a new primitive called cut-and-choose bilateral oblivious transfer. As an extension to cut-and-choose oblivious transfer, in addition to overcoming the selective failure attack, this primitive also makes a contribution to reducing the round number of the protocols that invoke it. This is very important in the scenarios where interactions between parties are limited. Besides, the application of this primitive in the outer protocols enables us to present a more modular and clean high-level description of the protocol framework. Furthermore, we believe that the new primitive is of independent research interest itself and could be useful in many cut-and-choose scenarios. Based on homomorphic encryption, we construct an efficient instantiation of this primitive in malicious model, and present a formal rigorous proof of its security under ideal/real simulation paradigm.

Léo Colisson,Garazi Muguruza,Florian Speelman

2023-10-12

Abstract:We provide a generic construction to turn any classical Zero-Knowledge (ZK) protocol into a composable (quantum) oblivious transfer (OT) protocol, mostly lifting the round-complexity properties and security guarantees (plain-model/statistical security/unstructured functions...) of the ZK protocol to the resulting OT protocol. Such a construction is unlikely to exist classically as Cryptomania is believed to be different from Minicrypt. In particular, by instantiating our construction using Non-Interactive ZK (NIZK), we provide the first round-optimal (2-message) quantum OT protocol secure in the random oracle model, and round-optimal extensions to string and k-out-of-n OT. At the heart of our construction lies a new method that allows us to prove properties on a received quantum state without revealing additional information on it, even in a non-interactive way, without public-key primitives, and/or with statistical guarantees when using an appropriate classical ZK protocol. We can notably prove that a state has been partially measured (with arbitrary constraints on the set of measured qubits), without revealing any additional information on this set. This notion can be seen as an analog of ZK to quantum states, and we expect it to be of independent interest as it extends complexity theory to quantum languages, as illustrated by the two new complexity classes we introduce, ZKstatesQIP and ZKstatesQMA.

Quantum Physics,Cryptography and Security

Elette Boyle,Geoffroy Couteau,Niv Gilboa,Yuval Ishai,Lisa Kohl,Peter Rindal,Peter Scholl

DOI: https://doi.org/10.1145/3319535.3354255

2019-11-06

Abstract:We consider the problem of securely generating useful instances of two-party correlations, such as many independent copies of a random oblivious transfer (OT) correlation, using a small amount of communication. This problem is motivated by the goal of secure computation with silent preprocessing, where a low-communication input-independent setup, followed by local ("silent") computation, enables a lightweight "non-cryptographic" online phase once the inputs are known. Recent works of Boyle et al. (CCS 2018, Crypto 2019) achieve this goal with good concrete efficiency for useful kinds of two-party correlations, including OT correlations, under different variants of the Learning Parity with Noise (LPN) assumption, and using a small number of "base'' oblivious transfers. The protocols of Boyle et al. have several limitations. First, they require a large number of communication rounds. Second, they are only secure against semi-honest parties. Finally, their concrete efficiency estimates are not backed by an actual implementation. In this work we address these limitations, making three main contributions: Eliminating interaction. Under the same assumption, we obtain the first concretely efficient 2-round protocols for generating useful correlations, including OT correlations, in the semi-honest security model. This implies the first efficient 2-round OT extension protocol of any kind and, more generally, protocols for non-interactive secure computation (NISC) that are concretely efficient and have the silent preprocessing feature. Malicious security. We provide security against malicious parties without additional interaction and with only a modest overhead; prior to our work, no similar protocols were known with any number of rounds. Implementation. Finally, we implemented, optimized, and benchmarked our 2-round OT extension protocol, demonstrating that it offers a more attractive alternative to the OT extension protocol of Ishai et al. (Crypto 2003) in many realistic settings.

Qinglong Wang,Jintai Ding

DOI: https://doi.org/10.1080/01611194.2014.915261

2014-01-01

Cryptologia

Abstract:Abstract In this article, the authors cryptanalyze a k-out-of-n oblivious transfer protocol proposed in [12]. Their protocol is one of the most efficient k-out-of-n oblivious transfer protocols and is directly built from a 1-out-of-n oblivious transfer protocol. However, their analysis shows that the proposed k-out-of-n oblivious transfer protocol is insecure, though the primitive 1-out-of-n oblivious transfer protocol is secure. The weakness is that with high probability the receiver in their protocol can get all n secret messages encrypted by the sender. Finally, they fix the serious flaw and introduce an improved k-out-of-n oblivious transfer protocol without increasing any cost.