Efficient Reduction among Oblivious Transfer Protocols based on New Self-Intersecting Codes
A 1 2 -OT2 (one-out-of-two Bit Oblivious Transfer) is a technique by which a party S owning two secret bits b 0, b 1, can transfer one of them b c to another party R, who chooses c. This is done in a way that does not release any bias about b c to R nor any bias about c to S. One interesting extension of this transfer is the 1 2 -OT 1 k (one-out-of-two String O.T.) in which the two secrets q 0, q 1 are elements of GF k (2) instead of bits. A reduction of 1 2 -OT 1 k to 1 2 -OT2 presented in [BCR86] uses O(k lo 2 3) calls to 1 2 -OT2 and thus raises an interesting combinatorial question: how many calls to 1 2 -OT2 are necessary and sufficient to achieve a 1 2 -OT 1 k ?
In the current paper we answer this question quite precisely. We accomplish this reduction using Θ(k) calls to 1 2 -OT2. First, we show by probabilistic methods how to obtain such a reduction with probability essentially 1 and second, we give a deterministic polynomial time construction based on the algebraic codes of Goppa [Gop81].
Unable to display preview. Download preview PDF.
- [BCR86]G. Brassard, C. Crépeau, and J.-M. Robert. Information theoretic reductions among disclosure problems. In 27th Symp. of Found, of Computer Sci., pages 168–173, IEEE, 1986.Google Scholar
- [BET78]E.R. Berlekamp, R.J. Mc Eliece, and H.C.A. Van Tilborg. On the inherent intractability of certain coding problems. IEEE Transaction on Information Theory, 384–386, 1978.Google Scholar
- [CK88]C. Crépeau and J. Kilian. Achieving oblivious transfer using weakened security assumptions. In 28 th Symp. on Found, of Computer Sci., pages 42–52, IEEE, 1988.Google Scholar
- [Cré88]C. Crépeau. Equivalence between two flavours of oblivious transfers (abstract). In C. Pomerance, editor, Advances in Cryptology: Proceedings of Crypto ’87, pages 350–354, Springer-Verlag, 1988.Google Scholar
- [Cré89]C. Crépeau. Verifiable disclosure of secrets and application. In Advances in Cryptology: Proceedings of Eurocrypt ’89, Springer-Verlag, 1989.Google Scholar
- [EGL83]S. Even, O. Goldreich, and A. Lempel. A randomized protocol for signing contracts. In R. L. Rivest, A. Sherman, and D. Chaum, editors, Proceedings CRYPTO 82, pages 205–210, Plenum Press, New York, 1983.Google Scholar
- [Kil88]J. Kilian. Founding cryptography on oblivious transfer. In Proc. 20th ACM Symposium on Theory of Computing, pages 20–31, ACM, Chicago, 1988.Google Scholar
- [MS77]F.J. Mac Williams and N.J.A. Sloane. The Theory of Error-Correcting Codes. North-Holland, 1977.Google Scholar
- [MV84]Yu.I. Manin and S.G. Vlădut. Linear codes and modular curves (in Russian). Soυr. Prob. Mat, VINITI, 1984.Google Scholar
- [Ret86]C.T. Retter. Intersecting goppa codes. 1986. manuscript.Google Scholar
- [Vaz87]U. Vazirani. Efficiency considerations in using semi-random sources. In Proc. 19th ACM Symposium on Theory of Computing, pages 160–168, ACM, New York City, 1987.Google Scholar