Paper 2005/349
Oblivious Transfer and Linear Functions
Ivan B. Damgaard, Serge Fehr, Louis Salvail, and Christian Schaffner
Abstract
We study unconditionally secure 1-out-of-2 Oblivious Transfer (1-2 OT). We first point out that a standard security requirement for 1-2 OT of bits, namely that the receiver only learns one of the bits sent, holds if and only if the receiver has no information on the XOR of the two bits. We then generalize this to 1-2 OT of strings and show that the security can be characterized in terms of binary linear functions. More precisely, we show that the receiver learns only one of the two strings sent if and only if he has no information on the result of applying any binary linear function (which non-trivially depends on both inputs) to the two strings. We then argue that this result not only gives new insight into the nature of 1-2 OT, but it in particular provides a very powerful tool for analyzing 1-2 OT protocols. We demonstrate this by showing that with our characterization at hand, the reduceability of 1-2 OT (of strings) to a wide range of weaker primitives follows by a very simple argument. This is in sharp contrast to previous literature, where reductions of 1-2 OT to weaker flavors have rather complicated and sometimes even incorrect proofs.
Metadata
- Available format(s)
- PDF PS
- Category
- Foundations
- Publication info
- Published elsewhere. Full version of the Crypto 2006 paper.
- Keywords
- Oblivious transferinformation theory
- Contact author(s)
- Serge Fehr @ cwi nl
- History
- 2006-08-28: last of 2 revisions
- 2005-10-05: received
- See all versions
- Short URL
- https://ia.cr/2005/349
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2005/349, author = {Ivan B. Damgaard and Serge Fehr and Louis Salvail and Christian Schaffner}, title = {Oblivious Transfer and Linear Functions}, howpublished = {Cryptology {ePrint} Archive, Paper 2005/349}, year = {2005}, url = {https://eprint.iacr.org/2005/349} }