New Results on Unconditionally Secure Distributed Oblivious Transfer

Extended Abstract
  • Carlo Blundo
  • Paolo D’Arco
  • Alfredo De Santis
  • Douglas R. Stinson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2595)


This paper is about the Oblivious Transfer in the distributed model recently proposed by M. Naor and B. Pinkas. In this setting a Sender has n secrets and a Receiver is interested in one of them. During a set up phase, the Sender gives information about the secrets to m servers. Afterwards, in a recovering phase, the receiver can compute the secret she wishes by interacting with k of them. More precisely, from the answers received she computes the secret in which she is interested but she gets no information on the others and, at the same time, any coalition of k - 1 servers can neither compute any secret nor figure out which one the receiver has recovered.

We present an analysis and new results holding for this model: lower bounds on the resources required to implement such a scheme (i.e., randomness, memory storage, communication complexity); some impossibility results for one-round distributed oblivious transfer protocols; two polynomial-based constructions implementing 1-out-of-n distributed oblivious transfer, which generalize the two constructions for 1-out-of-2 given by Naor and Pinkas; as well as new one-round and two-round distributed oblivious transfer protocols, both for threshold and general access structures on the set of servers, which are optimal with respect to some of the given bounds. Most of these constructions are basically combinatorial in nature.


Access Structure Secret Sharing Scheme Oblivious Transfer Conditional Mutual Information Unconditionally Secure 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    D. Beaver, J. Feigenbaum, J. Kilian, and P. Rogaway, Locally Random Reductions: Improvements and Applications, Journal of Cryptology 10 (1), pp. 17–36, 1997.MathSciNetCrossRefGoogle Scholar
  2. 2.
    A. Beimel, Y. Ishai, and T. Malkin, Reducing the Servers Computation in Private Information Retrieval: PIR with Preprocessing, Advances in Cryptology: Proceedings of Crypto 2000, Springer-Verlag, vol. 1880, pp. 55–73, 2000.CrossRefGoogle Scholar
  3. 3.
    M. Bellare and S. Micali, Non-interactive Oblivious Transfer and Applications, Advances in Cryptology: Crypto’ 89, Springer-Verlag, pp. 547–559, 1990.Google Scholar
  4. 4.
    G.R. Blakley. Safeguarding Cryptographic Keys. Proceedings of AFIPS 1979 National Computer Conference, Vol. 48, pp. 313–317, 1979.Google Scholar
  5. 5.
    M. Blum, How to Exchange (Secret) Keys, ACM Transactions of Computer Systems, vol. 1, No. 2, pp. 175–193, 1993.CrossRefGoogle Scholar
  6. 6.
    C. Blundo, B. Masucci, D.R. Stinson and R. Wei, Constructions and Bounds for Unconditionally Secure Non-Interactive Commitment Schemes, Designs, Codes, and Cryptography, Vol. 26, pp. 97–110, 2002.MathSciNetCrossRefGoogle Scholar
  7. 7.
    G. Brassard, C. Crepéau, and J.-M. Roberts, Information Theoretic Reductions Among Disclosure Problems, Proceedings of 27th IEEE Symposium on Foundations of Computer Science, pp. 168–173, 1986.Google Scholar
  8. 8.
    G. Brassard, C. Crepéau, and J.-M. Roberts, All-or-Nothing Disclosure of Secrets, Advances in Cryptology: Crypto’ 86, Springer-Verlag, vol. 263, pp. 234–238, 1987.MathSciNetGoogle Scholar
  9. 9.
    G. Brassard, C. Crepéau, and M. Sántha, Oblivious Transfer and Intersecting Codes, IEEE Transaction on Information Theory, special issue in coding and complexity, Vol. 42, No. 6, pp. 1769–1780, 1996.MathSciNetCrossRefGoogle Scholar
  10. 10.
    R.M. Capocelli, A. De Santis, L. Gargano and U. Vaccaro, On the Size of the Shares in Secret Sharing Schemes, Advances in cryptology-CRYPTO’91, Lecture Notes in Computer Science, vol. 576, pp. 101–113, 1992.Google Scholar
  11. 11.
    B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan, Private Information Retrieval, Proc. 36th IEEE Symposium on Foundations of Computer Science (FOCS), 1995, 41–50.Google Scholar
  12. 12.
    T. M. Cover and J. A. Thomas, Elements of Information Theory, John Wiley amp;Sons, 1991.Google Scholar
  13. 13.
    C. Crepéau, Equivalence between to flavors of oblivious transfers, Advances in Cryptology: Proceedings of Crypto’ 87, vol. 293, pp. 350–354, Springer Verlag, 1988.Google Scholar
  14. 14.
    C. Crepéau, A Zero-Knowledge Poker Protocol that achieves confidentiality of the players’ strategy or how to achieve an electronic poker face, Advances in Cryptology: Proceedings of Crypto’ 86, Springer-Verlag, pp. 239–247, 1987.Google Scholar
  15. 15.
    G. Di Crescenzo, Y. Ishai, and R. Ostrovsky, Universal Service-Providers for Database private Information Retrieval, Proc. of Seventeenth Annual ACM Symposium on Principles of Distributed Computing (PODC), 1998.Google Scholar
  16. 16.
    P. D’Arco and D.R. Stinson, Generalized Zig-zag Functions and Oblivious Transfer Reductions, Selected Areas in Cryptography SAC 2001, vol. 2259, pp. 87–103, 2001.MathSciNetzbMATHGoogle Scholar
  17. 17.
    Y. Dodis and S. Micali, Lower Bounds for Oblivious Transfer Reduction, Advances in Cryptology: Proceedings of Eurocrypt’ 99, vol. 1592, pp. 42–54, Springer Verlag, 1999.Google Scholar
  18. 18.
    S. Even, O. Goldreich, and A. Lempel, A Randomized Protocol for Signing Contracts, Communications of the ACM 28, pp. 637–647, 1985.MathSciNetCrossRefGoogle Scholar
  19. 19.
    M. Fisher, S. Micali, and C. Racko., A Secure Protocol for the Oblivious Transfer, Journal of Cryptology, vol. 9, No. 3, pp. 191–195, 1996.MathSciNetCrossRefGoogle Scholar
  20. 20.
    Y. Gertner, Y. Ishai, E. Kushilevitz, and T. Malkin, Protecting Data Privacy in Private Information Retrieval Schemes, Proc. of the 30th Annual ACM Symposium on Theory of Computing (STOC), 1998, pp. 151–160.Google Scholar
  21. 21.
    Y. Gertner, S. Goldwasser, and T. Malkin, A Random Server Model for Private Information Retrieval or How to Achieve Information Theoretic PIR Avoiding Database Replication, RANDOM 1998, Lecture Notes in Computer Science, Vol. 1518, pp. 200–217, 1998.Google Scholar
  22. 22.
    Y. Gertner, S. Kannan, T. Malkin, O. Reingold, and M. Viswanathan, The Relationship between Public Key Encryption and Oblivious Transfer, Proceedings of the 41st Annual Symposium on Foundations of Computer Science (FOCS 2000), pp. 325–339, 2000.Google Scholar
  23. 23.
    O. Goldreich, S. Micali, and A. Wigderson, How to play ANY mental game or: A Completeness Theorem for Protocols with Honest Majority, Proceedings of 19th Annual Symposium on Theory of Computing, pp. 20–31, 1987.Google Scholar
  24. 24.
    J. Kilian, Founding Cryptography on Oblivious Transfer, Proceedings of 20th Annual Symposium on Theory of Computing, pp. 20–31, 1988.Google Scholar
  25. 25.
    M. Naor and B. Pinkas, Distributed Oblivious Transfer, Advances in Cryptology: Proceedings of Asiacrypt’ 00, Springer-Verlag, pp. 205–219, 2000.Google Scholar
  26. 26.
    M. Naor, B. Pinkas, and R. Sumner, Privacy Preserving Auctions and Mechanism Design, ACM Conference on Electronic Commerce, 1999 available at
  27. 27.
    M. Rabin, How to Exchange Secrets by Oblivious Transfer, Technical Memo TR-81, Aiken Computation Laboratory, Harvard University, 1981.Google Scholar
  28. 28.
    R. Rivest, Unconditionally Secure Committment and Oblivious Transfer Schemes Using Private Channels and a Trusted Initializer, manuscript. Available:
  29. 29.
    A. Shamir. How to Share a Secret. Communications of ACM, vol. 22, n. 11, pp. 612–613, 1979.MathSciNetCrossRefGoogle Scholar
  30. 30.
    D.R. Stinson. Bibliography on Secret Sharing Schemes.
  31. 31.
    D.R. Stinson. An explication of secret sharing schemes. Des. Codes Cryptogr., 2, 357–390, 1992.MathSciNetCrossRefGoogle Scholar
  32. 32.
    W. Tzeng, Efficient 1-out-of-n Oblivious Transfer Schemes, Proceedings of PKC 2002, Lecture Notes in Computer Science, Vol. 2274, pp. 159–171, 2002.zbMATHGoogle Scholar
  33. 33.
    S. Wiesner, Conjugate Coding, SIGACT News 15, pp. 78–88, 1983.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Carlo Blundo
    • 1
  • Paolo D’Arco
    • 2
  • Alfredo De Santis
    • 1
  • Douglas R. Stinson
    • 3
  1. 1.Dipartimento di Informatica ed ApplicazioniUniversità di SalernoBaronissi (SA)Italy
  2. 2.Department of Combinatorics and OptimizationUniversity of WaterlooWaterlooCanada
  3. 3.School of Computer ScienceUniversity of WaterlooWaterlooCanada

Personalised recommendations