Sequences II pp 360-368 | Cite as

Efficient Reduction among Oblivious Transfer Protocols based on New Self-Intersecting Codes

  • Claude Crépeau
  • Miklós Sántha


A 1 2 -OT2 (one-out-of-two Bit Oblivious Transfer) is a technique by which a party S owning two secret bits b 0, b 1, can transfer one of them b c to another party R, who chooses c. This is done in a way that does not release any bias about b c to R nor any bias about c to S. One interesting extension of this transfer is the 1 2 -OT 1 k (one-out-of-two String O.T.) in which the two secrets q 0, q 1 are elements of GF k (2) instead of bits. A reduction of 1 2 -OT 1 k to 1 2 -OT2 presented in [BCR86] uses O(k lo 2 3) calls to 1 2 -OT2 and thus raises an interesting combinatorial question: how many calls to 1 2 -OT2 are necessary and sufficient to achieve a 1 2 -OT 1 k ?

In the current paper we answer this question quite precisely. We accomplish this reduction using Θ(k) calls to 1 2 -OT2. First, we show by probabilistic methods how to obtain such a reduction with probability essentially 1 and second, we give a deterministic polynomial time construction based on the algebraic codes of Goppa [Gop81].


Linear Code Oblivious Transfer Line Vector Modular Curf Goppa Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BCR86]
    G. Brassard, C. Crépeau, and J.-M. Robert. Information theoretic reductions among disclosure problems. In 27th Symp. of Found, of Computer Sci., pages 168–173, IEEE, 1986.Google Scholar
  2. [BET78]
    E.R. Berlekamp, R.J. Mc Eliece, and H.C.A. Van Tilborg. On the inherent intractability of certain coding problems. IEEE Transaction on Information Theory, 384–386, 1978.Google Scholar
  3. [CK88]
    C. Crépeau and J. Kilian. Achieving oblivious transfer using weakened security assumptions. In 28 th Symp. on Found, of Computer Sci., pages 42–52, IEEE, 1988.Google Scholar
  4. [CL85]
    G. Cohen and A. Lempel. Linear intersecting codes. Discrete Mathematics, 56:35–43, 1985.MathSciNetMATHCrossRefGoogle Scholar
  5. [Cré88]
    C. Crépeau. Equivalence between two flavours of oblivious transfers (abstract). In C. Pomerance, editor, Advances in Cryptology: Proceedings of Crypto ’87, pages 350–354, Springer-Verlag, 1988.Google Scholar
  6. [Cré89]
    C. Crépeau. Verifiable disclosure of secrets and application. In Advances in Cryptology: Proceedings of Eurocrypt ’89, Springer-Verlag, 1989.Google Scholar
  7. [EGL83]
    S. Even, O. Goldreich, and A. Lempel. A randomized protocol for signing contracts. In R. L. Rivest, A. Sherman, and D. Chaum, editors, Proceedings CRYPTO 82, pages 205–210, Plenum Press, New York, 1983.Google Scholar
  8. [Gop81]
    V.D. Goppa. Codes on algebraic curves. Soviet Mathematical Dokl, 24(1):170–172, 1981.MATHGoogle Scholar
  9. [Kil88]
    J. Kilian. Founding cryptography on oblivious transfer. In Proc. 20th ACM Symposium on Theory of Computing, pages 20–31, ACM, Chicago, 1988.Google Scholar
  10. [KS83]
    G. Katona and J. Srivastava. Minimal 2-coverings of finite affine spaces based on GF(2). Journal of Statist. Plann. Inference, 8:375–388, 1983.MathSciNetMATHCrossRefGoogle Scholar
  11. [KTV84]
    G.L. Katsman, M.A. Tsfasman, and S.G. Vlădut. Modular curves and codes with a polynomial construction. IEEE Transaction on Information Theory, IT-30(2):353–355, 1984.CrossRefGoogle Scholar
  12. [Mik84]
    D. Miklós. Linear binary codes with intersecting properties. Discrete Applied Mathematics, 9(2):187–196, 1984.MathSciNetMATHCrossRefGoogle Scholar
  13. [MS77]
    F.J. Mac Williams and N.J.A. Sloane. The Theory of Error-Correcting Codes. North-Holland, 1977.Google Scholar
  14. [MV84]
    Yu.I. Manin and S.G. Vlădut. Linear codes and modular curves (in Russian). Soυr. Prob. Mat, VINITI, 1984.Google Scholar
  15. [Ret86]
    C.T. Retter. Intersecting goppa codes. 1986. manuscript.Google Scholar
  16. [TVZ82]
    M.A. Tsfasman, S.G. Vlădut, and Th. Zink. Modular curves, Shimura curves, and Goppa codes, better than Varshamov-Gilbert bound. Math. Nachr., 109:21–28, 1982.MathSciNetMATHCrossRefGoogle Scholar
  17. [Vaz87]
    U. Vazirani. Efficiency considerations in using semi-random sources. In Proc. 19th ACM Symposium on Theory of Computing, pages 160–168, ACM, New York City, 1987.Google Scholar

Copyright information

© Springer-Verlag New York, Inc. 1993

Authors and Affiliations

  • Claude Crépeau
    • 1
  • Miklós Sántha
    • 1
  1. 1.Laboratoire de Recherche en InformatiqueUniversité Paris-SudOrsayFrance

Personalised recommendations