Abstract
Oblivious transfer is a fundamental cryptographic primitive in which Bob transfers one of two bits to Alice in such a way that Bob cannot know which of the two bits Alice has learned. We present an optimal security bound for quantum oblivious transfer protocols under a natural and demanding definition of what it means for Alice to cheat. Our lower bound is a smooth tradeoff between the probability B with which Bob can guess Alice's bit choice and the probability A with which Alice can guess both of Bob's bits given that she learns one of the bits with certainty. We prove that 2B + A is greater than or equal to 2 in any quantum protocol for oblivious transfer, from which it follows that one of the two parties must be able to cheat with probability at least 2/3. We prove that this bound is optimal by exhibiting a family of protocols whose cheating probabilities can be made arbitrarily close to any point on the tradeoff curve.
Highlights
The rise of quantum information has rekindled interest in information theoretic cryptography—especially in fundamental two-party primitives such as coin flipping, bit commitment, and oblivious transfer
Any protocol for any of these primitives is completely insecure against a cheating party, and one must assume a bounded adversary in order to realize these primitives with nonzero security
Optimal security bounds are known for both coin flipping [12, 17, 5] and bit commitment [6], but the security of quantum protocols
Summary
The rise of quantum information has rekindled interest in information theoretic cryptography—especially in fundamental two-party primitives such as coin flipping, bit commitment, and oblivious transfer. Initial results assert only that perfect security cannot be achieved [16, 14, 15, 13, 4], leaving a wide range of possibilities for imperfect unconditional security of these primitives. Optimal security bounds are known for both coin flipping [12, 17, 5] and bit commitment [6], but the security of quantum protocols. Key words and phrases: quantum oblivious transfer, semi-honest security, optimal bounds. It is a fascinating fact that different primitives have different security bounds, as each new bound we learn provides another perspective on quantum information and what can be achieved with it
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.