On the Reversibility of Oblivious Transfer

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 547)


A ( 1 2 )-OT2 (one-out-of-two Bit Oblivious Transfer) is a technique by which a party S owning two secret bits b 0, b 1, can transfer one of them b c to another party R, who chooses c. This is done in a way that does not release any bias about b c to R nor any bias about c to S. How can one build a 2TO-( 1 2 ) (( 1 2 )-OT2 from R to S) given a ( 1 2 )-OT2 (from S to R)? This question is interesting because in many scenarios, one of the two parties will be much more powerful than the other.

In the current paper we answer this question and show a number of related extensions. One interesting extension of this transfer is the ( 1 2 )-OT 2 k (one-out-of-two String O.T.) in which the two secrets q 0, q 1 are elements of GF k(2) instead of bits We show that 2 k TO-( 1 2 ) can be obtained at about the same cost as ( 1 2 )-OT 2 k , in terms of number of calls to ( 1 2 )-OT2.


Smart Card Expansion Factor Interesting Extension Oblivious Transfer Related Extension 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BBR88]
    C. H. Bennett, G. Brassard, and J.-M. Robert. Privacy amplification by public discussion. SIAM J. Computing, 17(2):210–229, April 1988.CrossRefMathSciNetGoogle Scholar
  2. [BC91]
    G. Brassard and C. Crépeau. Quantum bit commitment and coin tossing protocols. In S. Vanstone, editor, Advances in Cryptology: Proceedings of Crypto’ 90, Springer-Verlag, 1991. to appear.Google Scholar
  3. [BCR86]
    G. Brassard, C. Crépeau, and J.-M. Robert. Information theoretic reductions among disclosure problems. In 27th Symp. of Found. of Computer Sci., pages 168–173, IEEE, 1986.Google Scholar
  4. [CGH*85]
    B. Chor, O. Goldreich, J. Hastad, J. Friedmann, S. Rudich, and R. Smolensky. The bit extraction problem or t-resilient functions. In Proceedings of the 26th IEEE Symposium on Foundations of Computer Science, pages 396–407, IEEE, Portland, 1985.Google Scholar
  5. [Chv84]
    V. Chvatal. Probabilistic methods in graph theory. Annals of Operations Research, 1:171–182, 1984.CrossRefGoogle Scholar
  6. [CM91]
    C. Crépeau and S. Micali. Secure two-party protocols. 1991. in preparation.Google Scholar
  7. [Cre90]
    C. Crépeau. Correct and Private Reductions among Oblivious Transfers. PhD thesis, Department of Elec. Eng. and Computer Science, Massachusetts Institute of Technology, 1990. Supervised by Silvio Micali.Google Scholar
  8. [CS]
    C. Crépeau and M. Sántha. Efficient reductions among oblivious transfer protocols. submitted to STOC 91.Google Scholar
  9. [EGL83]
    S. Even, O. Goldreich, and A. Lempel. A randomized protocol for signing contracts. In R. L. Rivest, A. Sherman, and D. Chaum, editors, Proceedings CRYPTO 82, pages 205–210, Plenum Press, New York, 1983.Google Scholar
  10. [GV88]
    O. Goldreich and R. Vainish. How to solve any protocol problem-an efficiency improvement (extended abstract). In C. Pomerance, editor, Advances in Cryptology: Proceedings of Crypto’ 87, pages 73–86. Springer-Verlag, 1988.Google Scholar
  11. [MS77]
    F.J. MacWilliams and N.J.A. Sloane. The Theory of Error-Correcting Codes. North-Holland, 1977.Google Scholar
  12. [OVY91]
    R. Ostrovsky, R. Venkatesan, and M. Yung. On the complexity of asymmetric games. In Proceedings of Sequences’ 91, 1991. to appear. This work was first presented at the DIMACS workshop on cryptography, October 1990.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1991

Authors and Affiliations

  1. 1.Laboratoire de Recherche en InformatiqueUniversité de Paris-SudOrsayFrance

Personalised recommendations