On the Foundations of Oblivious Transfer

We show that oblivious transfer can be based on a very general notion of asymmetric information difference. We investigate a Universal Oblivious Transfer, denoted UOT(X, Y), that gives Bob the freedom to access Alice's input X in an arbitrary way as long as he does not obtain full information about X. Alice does not learn which information Bob has chosen. We show that oblivious transfer can be reduced to a single execution of UOT(X, Y) with Bob's knowledge Y restricted in terms of Renyi entropy of order α > 1. For independently repeated UOT the reduction works even if only Bob's Shannon information is restricted, i.e. if H(X¦Y) > 0 in every UOT(X, Y). Our protocol requires that honest Bob obtains at least half of Alice's information X without error.

[1]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[2]  Joe Kilian,et al.  A general completeness theorem for two party games , 1991, STOC '91.

[3]  C. Moler,et al.  Advances in Cryptology , 2000, Lecture Notes in Computer Science.

[4]  Claude Crépeau,et al.  Efficient Cryptographic Protocols Based on Noisy Channels , 1997, EUROCRYPT.

[5]  Gilles Brassard,et al.  How to Reduce Your Enemy's Information (Extended Abstract) , 1985, CRYPTO.

[6]  Oded Goldreich,et al.  How to Solve any Protocol Problem - An Efficiency Improvement , 1987, CRYPTO.

[7]  Jean-Marc Robert,et al.  How to reduce your enemy's information , 1986, CRYPTO 1986.

[8]  A. Rényi On Measures of Entropy and Information , 1961 .

[9]  Gilles Brassard,et al.  Oblivious transfers and intersecting codes , 1996, IEEE Trans. Inf. Theory.

[10]  Christian Cachin,et al.  Smooth Entropy and Rényi Entropy , 1997, EUROCRYPT.

[11]  Yuval Ishai,et al.  Private simultaneous messages protocols with applications , 1997, Proceedings of the Fifth Israeli Symposium on Theory of Computing and Systems.

[12]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[13]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[14]  Gilles Brassard,et al.  Information theoretic reductions among disclosure problems , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[15]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[16]  Gilles Brassard,et al.  Oblivious Transfers and Privacy Amplification , 1997, EUROCRYPT.

[17]  Alon Orlitsky,et al.  Worst-case interactive communication I: Two messages are almost optimal , 1990, IEEE Trans. Inf. Theory.

[18]  U. Maurer,et al.  Generalized Privacy Ampliication , 1995 .

[19]  Claude Crépeau,et al.  Equivalence Between Two Flavours of Oblivious Transfers , 1987, CRYPTO.

[20]  Christian Cachin,et al.  Entropy measures and unconditional security in cryptography , 1997 .

[21]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[22]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[23]  Joe Kilian,et al.  Achieving oblivious transfer using weakened security assumptions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[24]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[25]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[26]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[27]  Ivan Damgård,et al.  Statistical Secrecy and Multi-Bit Commitments , 1996 .

[28]  Rafail Ostrovsky,et al.  Reducibility and completeness in multi-party private computations , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.