Abstract

Oblivious transfer is a fundamental cryptographic primitive in which Bob transfers one of two bits to Alice in such a way that Bob cannot know which of the two bits Alice has learned. We present an optimal security bound for quantum oblivious transfer protocols under a natural and demanding definition of what it means for Alice to cheat. Our lower bound is a smooth tradeoff between the probability B with which Bob can guess Alice's bit choice and the probability A with which Alice can guess both of Bob's bits given that she learns one of the bits with certainty. We prove that 2B + A is greater than or equal to 2 in any quantum protocol for oblivious transfer, from which it follows that one of the two parties must be able to cheat with probability at least 2/3. We prove that this bound is optimal by exhibiting a family of protocols whose cheating probabilities can be made arbitrarily close to any point on the tradeoff curve.

Highlights

  • The rise of quantum information has rekindled interest in information theoretic cryptography—especially in fundamental two-party primitives such as coin flipping, bit commitment, and oblivious transfer

  • Any protocol for any of these primitives is completely insecure against a cheating party, and one must assume a bounded adversary in order to realize these primitives with nonzero security

  • Optimal security bounds are known for both coin flipping [12, 17, 5] and bit commitment [6], but the security of quantum protocols

Read more

Summary

Introduction

The rise of quantum information has rekindled interest in information theoretic cryptography—especially in fundamental two-party primitives such as coin flipping, bit commitment, and oblivious transfer. Initial results assert only that perfect security cannot be achieved [16, 14, 15, 13, 4], leaving a wide range of possibilities for imperfect unconditional security of these primitives. Optimal security bounds are known for both coin flipping [12, 17, 5] and bit commitment [6], but the security of quantum protocols. Key words and phrases: quantum oblivious transfer, semi-honest security, optimal bounds. It is a fascinating fact that different primitives have different security bounds, as each new bound we learn provides another perspective on quantum information and what can be achieved with it

Soundness against cheating-Alice
Results
Notes on the security definition
Prior work
Mathematical preliminaries and notation
Lower bound on the security tradeoff
Cheating Alice
Cheating Bob
Obtaining the lower bound
Protocols arbitrarily close to the tradeoff curve
A trivial optimal protocol in which Bob cannot cheat
An optimal protocol in which Alice cannot cheat
Combining the protocols via weak coin flipping
An optimal quantum protocol
Robustness of semi-honest oblivious transfer
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.