Constant-Rate Oblivious Transfer from Noisy Channels

  • Yuval Ishai
  • Eyal Kushilevitz
  • Rafail Ostrovsky
  • Manoj Prabhakaran
  • Amit Sahai
  • Jürg Wullschleger
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6841)


A binary symmetric channel (BSC) is a noisy communication channel that flips each bit independently with some fixed error probability 0 < p < 1/2. Crépeau and Kilian (FOCS 1988) showed that oblivious transfer, and hence general secure two-party computation, can be unconditionally realized by communicating over a BSC. There has been a long line of works on improving the efficiency and generality of this construction. However, all known constructions that achieve security against malicious parties require the parties to communicate poly(k) bits over the channel for each instance of oblivious transfer (more precisely, \({2\choose 1}\)-bit-OT) being realized, where k is a statistical security parameter. The question of achieving a constant (positive) rate was left open, even in the easier case of realizing a single oblivious transfer of a long string.

We settle this question in the affirmative by showing how to realize n independent instances of oblivious transfer, with statistical error that vanishes with n, by communicating just O(n) bits over a BSC. As a corollary, any boolean circuit of size s can be securely evaluated by two parties with O(s) + poly(k) bits of communication over a BSC, improving over the O(spoly(k) complexity of previous constructions.


Noisy Channel Oblivious Transfer Real Execution Binary Symmetric Channel Secure Multiparty Computation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ahlswede, R., Csiszar, I.: On Oblivious Transfer Capacity. In: ISIT 2007, pp. 2061–2064 (2007)Google Scholar
  2. 2.
    Bennett, C.H., Brassard, G., Crépeau, C., Maurer, U.: Generalized privacy amplification. IEEE Transactions on Information Theory 41, 1915–1923 (1995)zbMATHCrossRefGoogle Scholar
  3. 3.
    Bennett, C.H., Brassard, G., Robert, J.-M.: Privacy Amplification by Public Discussion. SIAM J. Comput. 17(2), 210–229 (1988)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Brassard, G., Crépeau, C., Robert, J.-M.: All-or-nothing disclosure of secrets. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 234–238. Springer, Heidelberg (1987)Google Scholar
  5. 5.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. Journal of Cryptology 13(1), 143–202 (2000)MathSciNetzbMATHCrossRefGoogle Scholar
  6. 6.
    Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: FOCS 2001, pp. 136–145 (2001)Google Scholar
  7. 7.
    Cascudo, I., Cramer, R., Xing, C.: The Torsion-Limit for Algebraic Function Fields and Its Application to Arithmetic Secret Sharing. In: Crypto 2011 (2011)Google Scholar
  8. 8.
    Chen, H., Cramer, R.: Algebraic geometric secret sharing schemes and secure multi-party computations over small fields. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 521–536. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Crépeau, C.: Efficient cryptographic protocols based on noisy channels. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 306–317. Springer, Heidelberg (1997)Google Scholar
  10. 10.
    Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions. In: FOCS 1988, pp. 42–52 (1988)Google Scholar
  11. 11.
    Crépeau, C., Morozov, K., Wolf, S.: Efficient Unconditional Oblivious Transfer from Almost Any Noisy Channel. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 47–59. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Damgård, I., Fehr, S., Morozov, K., Salvail, L.: Unfair Noisy Channels and Oblivious Transfer. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 355–373. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Damgård, I., Ishai, Y.: Scalable Secure Multiparty Computation. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 501–520. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Damgård, I., Kilian, J., Salvail, L.: On the (Im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 56–73. Springer, Heidelberg (1999)Google Scholar
  15. 15.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Communications of the ACM 28(6), 637–647 (1985)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Garcia, A., Stichtenoth, H.: On the asymptotic behavior of some towers of function fields over finite fields. Journal of Number Theory 61(2), 248–273 (1996)MathSciNetzbMATHCrossRefGoogle Scholar
  17. 17.
    Gemmell, P., Sudan, M.: Highly Resilient Correctors for Polynomials. Information Processing Letters 43(4), 169–174 (1992)MathSciNetzbMATHCrossRefGoogle Scholar
  18. 18.
    Goldreich, O.: Foundations of Cryptography, vol. 2. Cambridge University Press, Cambridge (2004)zbMATHCrossRefGoogle Scholar
  19. 19.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: STOC 1987, pp. 218–229 (1987)Google Scholar
  20. 20.
    Harnik, D., Ishai, Y., Kushilevitz, E., Nielsen, J.B.: OT-Combiners via Secure Computation. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 393–411. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Harnik, D., Kilian, J., Naor, M., Reingold, O., Rosen, A.: On tolerant combiners for oblivious transfer and other primitives. In: EUROCRYPT 2005, pp. 96–113 (2005)Google Scholar
  22. 22.
    Imai, H., Morozov, K., Nascimento, A.: Efficient Oblivious Transfer Protocols Achieving a Non-Zero Rate from Any Non-Trivial Noisy Correlation. In: Desmedt, Y. (ed.) ICITS 2007. LNCS, vol. 4883, pp. 183–194. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge from secure multiparty computation. In: STOC 2007, pp. 21–30 (2007)Google Scholar
  24. 24.
    Ishai, Y., Prabhakaran, M., Sahai, A.: Founding Cryptography on Oblivious Transfer - Efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008)Google Scholar
  25. 25.
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Extracting Correlations. In: FOCS 2009, pp. 261–270 (2009)Google Scholar
  26. 26.
    Kilian, J.: Founding cryptography on oblivious transfer. In: STOC 1988, pp. 20–31 (1988)Google Scholar
  27. 27.
    Kilian, J.: More general completeness theorems for secure two-party computation. In: STOC 2000, pp. 316–324 (2000)Google Scholar
  28. 28.
    Maurer, U.: Perfect Cryptographic Security from Partially Independent Channels. In: STOC 1991, pp. 561–571 (1991)Google Scholar
  29. 29.
    Maurer, U.M., Pietrzak, K., Renner, R.: Indistinguishability Amplification. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 130–149. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    Nascimento, A., Winter, A.: On the Oblivious Transfer Capacity of Noisy Correlations. In: ISIT 2006, pp. 1871–1875 (2006)Google Scholar
  31. 31.
    Przydatek, B., Wullschleger, J.: Error-Tolerant Combiners for Oblivious Primitives. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 461–472. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  32. 32.
    Rabin, M.O.: How to exchange secrets by oblivious transfer. TR-81, Harvard (1981)Google Scholar
  33. 33.
    Shannon, C.E.: A mathematical theory of communication. Bell System Technical Journal 27, 379–423, 623–656 (1948)MathSciNetzbMATHGoogle Scholar
  34. 34.
    Wiesner, S.: Conjugate coding. SIGACT News 15(1), 78–88 (1983)CrossRefGoogle Scholar
  35. 35.
    Winkler, S., Wullschleger, J.: On the Efficiency of Classical and Quantum Oblivious Transfer Reductions. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 707–723. Springer, Heidelberg (2010)Google Scholar
  36. 36.
    Winter, A., Nascimento, A.C.A., Imai, H.: Commitment Capacity of Discrete Memoryless Channels. In: IMA Int. Conf. pp. 35–51 (2003)Google Scholar
  37. 37.
    Wullschleger, J.: Oblivious Transfer from Weak Noisy Channels. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 332–349. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  38. 38.
    Wyner, A.D.: The wire-tap channel. Bell Cyst. Tech. J. 54, 1355–1387 (1975)MathSciNetGoogle Scholar
  39. 39.
    Yao, A.C.: How to generate and exchange secrets. In: FOCS 1986, pp. 162–167 (1986)Google Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Yuval Ishai
    • 1
  • Eyal Kushilevitz
    • 1
  • Rafail Ostrovsky
    • 2
  • Manoj Prabhakaran
    • 3
  • Amit Sahai
    • 2
  • Jürg Wullschleger
    • 4
    • 5
  1. 1.TechnionHaifaIsrael
  2. 2.University of CaliforniaLos AngelesUSA
  3. 3.University of IllinoisUrbana-ChampaignUSA
  4. 4.Université of MontréalCanada
  5. 5.McGill UniversityCanada

Personalised recommendations