Scalar Product-Based Distributed Oblivious Transfer

Purchase on

$29.95 / €24.95 / £19.95*

* Final gross prices may vary according to local VAT.

Get Access


In a distributed oblivious transfer (DOT) the sender is replaced with m servers, and the receiver must contact k (k ≤ m) of these servers to learn the secret of her choice. Naor and Pinkas introduced the first unconditionally secure DOT for a sender holding two secrets. Blundo, D’Arco, Santis, and Stinson generalized Naor and Pinkas’s protocol, in the case that the sender holds n secrets, in the first so-called (km)-DOT- $\binom{n}{1}$ protocol. Such a protocol should be secure against a coalition of less than k parties. However, Blundo et al. have shown that this level of security is impossible to achieve in one-round polynomial-based constructions.

In this paper, we show that if communication is allowed amongst the servers, we are able to construct an unconditionally secure, polynomial-based (km)-DOT- $\binom{n}{1}$ protocol with the highest level of security. More precisely, in our construction, a receiver who contacts k servers and corrupt up to k − 1 servers (not necessarily from the set of the contacted servers) cannot learn more than one secret.