On the Foundations of Oblivious Transfer

Christian Cachin

Advances in Cryptology — EUROCRYPT '98, Lecture Notes in Computer Science, Springer-Verlag, vol. 1403, pp. 361–374, May 1998.

We show that oblivious transfer can be based on a very general notion of asymmetric information difference. We investigate a Universal Oblivious Transfer, denoted UOT $(X, Y)$ , that gives Bob the freedom to access Alice's input $X$ in an arbitrary way as long as he does not obtain full information about $X$ . Alice does not learn which information Bob has chosen. We show that oblivious transfer can be reduced to a single execution of UOT $(X, Y)$ with Bob's knowledge $Y$ restricted in terms of Rényi entropy of order $α > 1$ . For independently repeated UOT the reduction woks even if only Bob's Shannon information is restricted, i.e. $H (X | Y) > 0$ in every UOT $(X, Y)$ . Our protocol requires that honest Bob obtains at least half of Alice's information $X$ without error.

BibTeX Citation

@inproceedings{Cachin98,
    author       = {Christian Cachin},
    title        = {On the Foundations of Oblivious Transfer},
    editor       = {Kaisa Nyberg},
    booktitle    = {Advances in Cryptology --- EUROCRYPT~'98},
    pages        = {361--374},
    series       = {Lecture Notes in Computer Science},
    volume       = {1403},
    year         = {1998},
    month        = {5},
    publisher    = {Springer-Verlag},
}