Title :
Oblivious transfers and intersecting codes
Author :
Brassard, Gilles ; Crépeau, Claude ; Sántha, Miklós
Author_Institution :
Dept. d´´Inf. et de Recherche Oper., Montreal Univ., Que., Canada
fDate :
11/1/1996 12:00:00 AM
Abstract :
Assume A owns t secret k-bit strings. She is willing to disclose one of them to B, at his choosing, provided he does not learn anything about the other strings. Conversely, B does not want A to learn which secret he chose to learn. A protocol for the above task is said to implement one-out-of-t string oblivious transfer, denoted (t 1)-OTk2. This primitive is particularly useful in a variety of cryptographic settings. An apparently simpler task corresponds to the case k=1 and t=2 of two 1-bit secrets: this is known as one-out-of-two bit oblivious transfer, denoted (2 1)-OT2. We address the question of implementing ( t1)-OTk2 assuming the existence of a (21)-OT2. In particular, we prove that unconditionally secure (21)-OTk 2 can be implemented from Θ(k) calls to (2 1)-OT2. This is optimal up to a small multiplicative constant. Our solution is based on the notion of self-intersecting codes. Of independent interest, we give several efficient new constructions for such codes. Another contribution of this paper is a set of information-theoretic definitions for correctness and privacy of unconditionally secure oblivious transfer
Keywords :
cryptography; data privacy; information theory; linear codes; protocols; correctness; cryptographic setting; information-theoretic definitions; intersecting codes; oblivious transfers; one-out-of-t string oblivious transfer; one-out-of-two bit oblivious transfer; privacy; protocol; secret k-bit string; self-intersecting codes; unconditionally secure oblivious transfer; Collaboration; Cryptographic protocols; Cryptography; Helium; Information theory; Privacy; Voting;
Journal_Title :
Information Theory, IEEE Transactions on
