Advertisement

On the foundations of oblivious transfer

  • Christian Cachin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1403)

Abstract

We show that oblivious transfer can be based on a very general notion of asymmetric information difference. We investigate a Universal Oblivious Transfer, denoted UOT(X, Y), that gives Bob the freedom to access Alice's input X in an arbitrary way as long as he does not obtain full information about X. Alice does not learn which information Bob has chosen. We show that oblivious transfer can be reduced to a single execution of UOT(X, Y) with Bob's knowledge Y restricted in terms of Rényi entropy of order α > 1. For independently repeated UOT the reduction works even if only Bob's Shannon information is restricted, i.e. if H(X¦Y) > 0 in every UOT(X, Y). Our protocol requires that honest Bob obtains at least half of Alice's information X without error.

Keywords

Cryptographic Protocols Oblivious Transfer Shannon Entropy Rényi Entropy Statistical Security Multiparty Computation 

References

  1. 1.
    D. Beaver, “Precomputing oblivious transfer,” in Advances in Cryptology: CRYPTO '95 (D. Coppersmith, ed.), vol. 963 of Lecture Notes in Computer Science, Springer, 1995.Google Scholar
  2. 2.
    C. H. Bennett, G. Brassard, C. Crépeau, and U. M. Maurer, “Generalized privacy amplification,” IEEE Transactions on Information Theory, vol. 41, pp. 1915–1923,Nov. 1995.MATHCrossRefGoogle Scholar
  3. 3.
    C. H. Bennett, G. Brassard, and J.-M. Robert, “How to reduce your enemy's information,” in Advances in Cryptology: CRYPTO '85 (H. C. Williams, ed.), vol. 218 of Lecture Notes in Computer Science, pp. 468–476, Springer, 1986.Google Scholar
  4. 4.
    G. Brassard and C. Crépeau, “Oblivious transfers and privacy amplification,” in Advances in Cryptology: EUROCRYPT '97 (W. Fumy, ed.), vol. 1233 of Lecture Notes in Computer Science, pp. 334–347, Springer, 1997.Google Scholar
  5. 5.
    G. Brassard, C. Crépeau, and J.-M. Robert, “Information theoretic reductions among disclosure problems,” in Proc. 27th IEEE Symposium on Foundations of Computer Science (FOCS), 1986.Google Scholar
  6. 6.
    G. Brassard, C. Crépeau, and M. Sántha, “Oblivious transfers and intersecting codes,” IEEE Transactions on Information Theory, vol. 42, pp. 1769–1780, Nov.1996.MATHCrossRefGoogle Scholar
  7. 7.
    C. Cachin, Entropy Measures and Unconditional Security in Cryptography, vol. 1 of ETH Series in Information Security and Cryptography. Konstanz, Germany:Hartung-Gorre Verlag, 1997. ISBN 3-89649-185-7 (Reprint of Ph.D. dissertation No. 12187, ETH Zürich).Google Scholar
  8. 8.
    C. Cachin, “Smooth entropy and Rényi entropy,” in Advances in Cryptology: EUROCRYPT '97 (W. Fumy, ed.), vol. 1233 of Lecture Notes in Computer Science, pp. 193–208, Springer-Verlag, 1997.Google Scholar
  9. 9.
    J. L. Carter and M. N. Wegman, “Universal classes of hash functions,” Journal of Computer and System Sciences, vol. 18, pp. 143–154, 1979.MATHMathSciNetCrossRefGoogle Scholar
  10. 10.
    T. M. Cover and J. A. Thomas, Elements of Information Theory. Wiley, 1991.Google Scholar
  11. 11.
    C. Crépeau, “Equivalence between two flavours of oblivious transfer,” in Advances in Cryptology: CRYPTO '87 (C. Pomerance, ed.), vol. 293 of Lecture Notes in Computer Science, pp. 350–354, Springer, 1988.Google Scholar
  12. 12.
    C. Crépeau, “Efficient cryptographic protocols based on noisy channels,” in Advances in Cryptology: EUROCRYPT '97 (W. Fumy, ed.), vol. 1233 of Lecture Notes in Computer Science, pp. 306–317, Springer, 1997.Google Scholar
  13. 13.
    C. Crépeau and J. Kilian, “Achieving oblivious transfer using weakened security assumptions,” in Proc. 29th IEEE Symposium on Foundations of Computer Science (FOCS), 1988.Google Scholar
  14. 14.
    I. B. Damgård, T. P. Pedersen, and B. Pfitzmann, “Statistical secrecy and multi-bit commitments.” BRICS Report, RS-96-45, 1996.Google Scholar
  15. 15.
    S. Even, O. Goldreich, and A. Lempel, “A randomized protocol for signing contracts,” in Proc. CRYPTO '82 (R. L. Rivest, A. Sherman, and D. Chaum, eds.), pp. 205–210, Plenum Press, 1983.Google Scholar
  16. 16.
    O. Goldreich, S. Micali, and A. Wigderson, “How to play any mental game or a completeness theorem for protocols with honest majority,” in Proc. 19th Annual ACM Symposium on Theory of Computing (STOC), pp. 218–229, 1987.Google Scholar
  17. 17.
    O. Goldreich and R. Vainish, “How to solve any protocol problem — an efficiency improvement,” in Advances in Cryptology: CRYPTO '87 (C. Pomerance, ed.), vol. 293 of Lecture Notes in Computer Science, pp. 73–86, Springer, 1988.Google Scholar
  18. 18.
    R. Impagliazzo, L. A. Levin, and M. Luby, “Pseudo-random generation from one-way functions,” in Proc. 21st Annual ACM Symposium on Theory of Computing (STOC), pp. 12–24, 1989.Google Scholar
  19. 19.
    Y. Ishai and E. Kushilevitz, “Private simultaneous messages protocols with applications,” in Proc. 5th Israel Symposium on the Theory of Computing and Systems, 1997.Google Scholar
  20. 20.
    J. Kilian, “A general completeness theorems for 2-party games,” in Proc. 23rd Annual ACM Symposium on Theory of Computing (STOC), pp. 553–560, 1991.Google Scholar
  21. 21.
    J. Kilian, “Founding cryptography on oblivious transfer,” in Proc. 20th Annual ACM Symposium on Theory of Computing (STOC), pp. 20–31, 1988.Google Scholar
  22. 22.
    E. Kushilevitz, S. Micali, and R. Ostrovsky, “Reducibility and completeness in multi-party private computations,” in Proc. 35th IEEE Symposium on Foundations of Computer Science (FOCS), pp. 478–489, 1994.Google Scholar
  23. 23.
    A. Orlitsky, “Worst-case interactive communication I: Two messages are almost optimal,” IEEE Transactions on Information Theory, vol. 36, pp. 1111–1126, Sept. 1990.MATHMathSciNetCrossRefGoogle Scholar
  24. 24.
    M. O. Rabin, “How to exchange secrets by oblivious transfer,” Tech. Rep. TR-81, Harvard, 1981.Google Scholar
  25. 25.
    A. Rényi, “On measures of entropy and information,” in Proc. 4th Berkeley Symposium on Mathematical Statistics and Probability, vol. 1, pp. 547–561, Univ. of Calif. Press, 1961.Google Scholar
  26. 26.
    A. C.-C. Yao, “How to generate and exchange secrets,” in Proc. 27th IEEE Symposium on Foundations of Computer Science (FOCS), pp. 162–167, 1986.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Christian Cachin
    • 1
  1. 1.MIT Laboratory for Computer ScienceCambridgeUSA

Personalised recommendations