All-or-nothing disclosure of secrets
Proceedings on Advances in cryptology---CRYPTO '86
Privacy amplification by public discussion
SIAM Journal on Computing - Special issue on cryptography
Founding crytpography on oblivious transfer
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
Verifiable disclose for secrets and applications (abstract)
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Committed Oblivious Transfer and Private Multi-Party Computation
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
ACM SIGACT News - A special issue on cryptography
Information theoretic reductions among disclosure problems
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Smooth entropy and Rényi entropy
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Oblivious transfers and intersecting codes
IEEE Transactions on Information Theory - Part 1
Unconditionally-Secure Oblivious Transfer
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
Information-Theoretic Cryptography
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Oblivious Transfer in the Bounded Storage Model
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Efficient 1-Out-n Oblivious Transfer Schemes
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
Efficient 1-Out-of-n Oblivious Transfer Schemes with Universally Usable Parameters
IEEE Transactions on Computers
Oblivious-Transfer Amplification
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Smooth entropy and Rényi entropy
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Lower bounds for oblivious transfer reductions
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Restricted adaptive oblivious transfer
Theoretical Computer Science
Oblivious transfer and linear functions
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Hi-index | 0.00 |
Assume A owns two secret k-bit strings. She is willing to disclose one of them to B, at his choosing, provided he does not learn anything about the other string. Conversely, B does not want A to learn which secret he chose to learn. A protocol for the above task is said to implement One-out-of-two String Oblivious Transfer, denoted (2 1)-OTk. This primitive is particularly useful in a variety of cryptographic settings. An apparently simpler task corresponds to the case k = 1 of two one-bit secrets: this is known as One-out-of-two Bit Oblivious Transfer, denoted (2 1)-OT. We address the question of reducing (2 1)-OTk to (2 1)-OT. This question is not new: it was introduced in 1986. However, most solutions until now have implicitly or explicitly depended on the notion of self-intersecting codes. It can be proved that this restriction makes it asymptotically impossible to implement (2 1)-OTk with fewer than about 3.5277k instances of (2 1)-OT. The current paper introduces the idea of using privacy amplification as underlying technique to reduce (2 1)-OTk to (2 1)-OT. This allows for more efficient solutions at the cost of an exponentially small probability of failure: it is sufficient to use slightly more than 2k instances of (2 1)-OT in order to implement (2 1)-OTk. Moreover, we show that privacy amplification allows for the efficient implementation of (2 1)-OTk from generalized versions of (2 1)-OT that would not have been suitable for the earlier techniques based on self-intersecting codes. An application of this more general reduction is given.