Optimal bounds for quantum weak oblivious transfer

Oblivious transfer is a fundamental cryptographic primitive in which Bob transfers one of two bits to Alice in such a way that Bob cannot know which of the two bits Alice has learned. We present an optimal security bound for quantum oblivious transfer protocols under a natural and demanding definition of what it means for Alice to cheat. Our lower bound is a smooth tradeoff between the probability B with which Bob can guess Alice's bit choice and the probability A with which Alice can guess both of Bob's bits given that she learns one of the bits with certainty. We prove that 2B + A is greater than or equal to 2 in any quantum protocol for oblivious transfer, from which it follows that one of the two parties must be able to cheat with probability at least 2/3. We prove that this bound is optimal by exhibiting a family of protocols whose cheating probabilities can be made arbitrarily close to any point on the tradeoff curve.

[1]  S. Wehner,et al.  An experimental implementation of oblivious transfer in the noisy storage model , 2012, Nature Communications.

[2]  Louis Salvail,et al.  On the Power of Two-Party Quantum Cryptography , 2009, ASIACRYPT.

[3]  Jeroen van de Graaf,et al.  Cryptographic Distinguishability Measures for Quantum-Mechanical States , 1997, IEEE Trans. Inf. Theory.

[4]  Roger Colbeck,et al.  The Impossibility Of Secure Two-Party Classical Computation , 2007, ArXiv.

[6]  Iordanis Kerenidis,et al.  Optimal Bounds for Quantum Bit Commitment , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[7]  Ivan Damgård,et al.  Cryptography in the bounded quantum-storage model , 2005, IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, 2005..

[8]  Iordanis Kerenidis,et al.  Lower bounds for quantum oblivious transfer , 2010, Quantum Inf. Comput..

[9]  Jaikumar Radhakrishnan,et al.  A theorem about relative entropy of quantum states with an application to privacy in quantum communication , 2007, 0705.2437.

[10]  Stephen Wiesner,et al.  Conjugate coding , 1983, SIGA.

[11]  Christian Schaffner Simple protocols for oblivious transfer and secure identification in the noisy-quantum-storage model , 2010, 1002.1495.

[12]  Gilles Brassard,et al.  Quantum Cryptography, or Unforgeable Subway Tokens , 1982, CRYPTO.

[13]  C. Mochon Quantum weak coin flipping with arbitrarily small bias , 2007, 0711.4114.

[14]  Harry Buhrman,et al.  Complete insecurity of quantum protocols for classical two-party computation Buhrman, , 2012 .

[15]  H. F. Chau,et al.  Why quantum bit commitment and ideal quantum coin tossing are impossible , 1997 .

[16]  Hoi-Kwong Lo,et al.  Insecurity of Quantum Secure Computations , 1996, ArXiv.

[17]  Jaikumar Radhakrishnan,et al.  A new information-theoretic property about quantum states with an application to privacy in quantum communication ∗ , 2009 .

[18]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[19]  Iordanis Kerenidis,et al.  Optimal Quantum Strong Coin Flipping , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[20]  Dominic Mayers Unconditionally secure quantum bit commitment is impossible , 1997 .

[21]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[22]  Iordanis Kerenidis,et al.  Strong connections between quantum encodings, non-locality and quantum cryptography , 2013, 1304.0983.

[23]  Hoi-Kwong Lo,et al.  Is Quantum Bit Commitment Really Possible? , 1996, ArXiv.

[24]  Andris Ambainis,et al.  Dense quantum coding and quantum finite automata , 2002, JACM.

[25]  Ashwin Nayak,et al.  Optimal lower bounds for quantum automata and random access codes , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[26]  Christian Schaffner,et al.  Cryptography from noisy storage. , 2007, Physical review letters.