Efficient Unconditional Oblivious Transfer from Almost Any Noisy Channel

  • Claude Crépeau
  • Kirill Morozov
  • Stefan Wolf
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3352)


Oblivious transfer (OT) is a cryptographic primitive of central importance, in particular in two- and multi-party computation. There exist various protocols for different variants of OT, but any such realization from scratch can be broken in principle by at least one of the two involved parties if she has sufficient computing power—and the same even holds when the parties are connected by a quantum channel. We show that, on the other hand, if noise—which is inherently present in any physical communication channel—is taken into account, then OT can be realized in an unconditionally secure way for both parties, i.e., even against dishonest players with unlimited computing power. We give the exact condition under which a general noisy channel allows for realizing OT and show that only “trivial” channels, for which OT is obviously impossible to achieve, have to be excluded. Moreover, our realization of OT is efficient: For a security parameter α > 0—an upper bound on the probability that the protocol fails in any way—the required number of uses of the noisy channel is of order O(log(1/ α)2 + ε) for any ε > 0.


Linear Code Noisy Channel Input Symbol Oblivious Transfer Good Pair 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bennett, C.H., Brassard, G., Crépeau, C., Maurer, U.M.: Generalized privacy amplification. In: IEEE Transactions on Information Theory, vol. 41(6), pp. 1915–1923. IEEE, Los Alamitos (1995)Google Scholar
  2. 2.
    Bennett, C.H., Brassard, G., Robert, J.-M.: Privacy amplification by public discussion. SIAM Journal on Computing 17, 210–229 (1988)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. of Computer and System Sciences 37(2), 156–189 (1988)zbMATHCrossRefGoogle Scholar
  4. 4.
    Brassard, G., Crépeau, C., Wolf, S.: Oblivious transfers and privacy amplification. Journal of Cryptology 16(4), 219–237 (2003)zbMATHMathSciNetCrossRefGoogle Scholar
  5. 5.
    Cachin, C.: Entropy measures and unconditional security in cryptography. Ph. D. Thesis, ETH Zürich, Hartung-Gorre Verlag, Konstanz (1997)Google Scholar
  6. 6.
    Crépeau, C.: Equivalence between two flavours of oblivious transfer. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 350–354. Springer, Heidelberg (1988)Google Scholar
  7. 7.
    Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions. In: Proc. 29th Annual Symposium on the Foundations of Computer Science, pp. 42–52. IEEE, Los Alamitos (1988)Google Scholar
  8. 8.
    Crépeau, C.: Efficient cryptographic primitives based on noisy channels. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 306–317. Springer, Heidelberg (1997)Google Scholar
  9. 9.
    Carter, J.L., Wegman, M.N.: Universal classes of hash functions. J. of Computer and System Sciences 18, 143–154 (1979)zbMATHMathSciNetCrossRefGoogle Scholar
  10. 10.
    Csiszár, I., Körner, J.: Broadcast channels with confidential messages. IEEE Trans. on Information Theory 24, 339–348 (1978)zbMATHCrossRefGoogle Scholar
  11. 11.
    Damgård, I., Kilian, J., Salvail, L.: On the (im)possibility of basing bit commitment and oblivious transfer on weakened security assumptions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 56–73. Springer, Heidelberg (1999)Google Scholar
  12. 12.
    Dziembowski, S., Maurer, U.M.: Tight security proofs for the bounded-storage model. In: Proceedings of STOC 2002, pp. 341–350 (2002)Google Scholar
  13. 13.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. In: Proceedings of CRYPTO 1982, pp. 205–210. Plenum Press, New York (1983)Google Scholar
  14. 14.
    Forney, G.D.: Concatenated codes. MIT Press, Cambridge (1966)Google Scholar
  15. 15.
    Korjik, V., Morozov, K.: Generalized oblivious transfer protocols based on noisy channels. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 219–229. Springer, Heidelberg (2001)Google Scholar
  16. 16.
    MacWilliams, F.J., Sloane, N.J.A.: The theory of error-correcting codes. North-Holland, Amsterdam (1977)zbMATHGoogle Scholar
  17. 17.
    Maurer, U.M.: Conditionally-perfect secrecy and a provably-secure randomized cipher. Journal of Cryptology 5(1), 53–66 (1992)zbMATHMathSciNetCrossRefGoogle Scholar
  18. 18.
    Maurer, U.M.: Information-theoretic cryptography. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 47–64. Springer, Heidelberg (1999)Google Scholar
  19. 19.
    Rabin, M.O.: How to exchange secrets by oblivious transfer. Technical Memo TR-81, Aiken Computation Laboratory, Harvard University (1981)Google Scholar
  20. 20.
    Shannon, C.E.: Communication theory of secrecy systems. Bell System Technical Journal 28, 656–715 (1949)zbMATHMathSciNetGoogle Scholar
  21. 21.
    Stebila, D., Wolf, S.: Efficient oblivious transfer from any non-trivial binary-symmetric channel. In: International Symposium on Information Theory (ISIT), p. 293 (2002)Google Scholar
  22. 22.
    Winter, A., Nascimento, A.C.A., Imai, H.: Commitment capacity of discrete memoryless channels. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 35–51. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Winter, A., Nascimento, A.C.A.: Oblivious transfer from any genuine noise. (Unpublished manuscript) (2004)Google Scholar
  24. 24.
    Wyner, A.D.: The wire-tap channel. Bell System Technical Journal 54(8), 1355–1387 (1975)MathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Claude Crépeau
    • 1
  • Kirill Morozov
    • 2
  • Stefan Wolf
    • 3
  1. 1.School of Computer ScienceMcGill UniversityMontrealCanada
  2. 2.BRICS, FICSAarhus UniversityDenmark
  3. 3.Département d’Informatique et recherche opérationnelleUniversité de MontréalCanada

Personalised recommendations