# Optimal bounds for semi-honest quantum oblivious transfer

@article{Chailloux2013OptimalBF, title={Optimal bounds for semi-honest quantum oblivious transfer}, author={Andr{\'e} Chailloux and Gus Gutoski and Jamie Sikora}, journal={Chic. J. Theor. Comput. Sci.}, year={2013}, volume={2016} }

Oblivious transfer is a fundamental cryptographic primitive in which Bob transfers one of two bits to Alice in such a way that Bob cannot know which of the two bits Alice has learned. We present an optimal security bound for quantum oblivious transfer protocols under a natural and demanding definition of what it means for Alice to cheat. Our lower bound is a smooth tradeoff between the probability B with which Bob can guess Alice's bit choice and the probability A with which Alice can guess…

## 15 Citations

### Non-interactive XOR quantum oblivious transfer: optimal protocols and their experimental implementations

- Computer Science, Mathematics
- 2022

This work determines the smallest possible cheating probabilities for unrestricted dishonest parties in non-interactive quantum XOT protocols using symmetric pure states, and presents an optimal protocol, which outperforms classical protocols.

### A Constant Lower Bound for Any Quantum Protocol for Secure Function Evaluation

- Computer Science, MathematicsTQC
- 2022

This work generalizes the no-go result by exhibiting a constant lower bound on the cheating probabilities for any quantum protocol for secure function evaluation, and presents many applications from oblivious transfer to the millionaire’s problem.

### Imperfect 1-Out-of-2 Quantum Oblivious Transfer: Bounds, a Protocol, and its Experimental Implementation

- Computer Science, MathematicsPRX Quantum
- 2020

A theoretical framework for studying semi-random quantum oblivious transfer is introduced, which is shown equivalent to regular oblivious transfer in terms of cheating probabilities and used to derive bounds on cheating.

### Check-based generation of one-time tables using qutrits

- Computer Science, MathematicsArXiv
- 2021

This work proposes a bipartite quantum protocol for generating a simple type of one-time tables (the correlation in the Popescu-Rohrlich nonlocal box) with partial security, and shows that by running many instances of the first protocol and performing checks on some of them, asymptotically informationtheoretically secure generation of one -time tables can be achieved.

### A device-independent protocol for XOR oblivious transfer

- Computer Science, MathematicsQuantum
- 2022

This work gives a fully device-independent quantum protocol for XOR oblivious transfer and states that Alice and Bob should not learn any more than what is logically implied by the function value.

### On the computational hardness needed for quantum cryptography

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2022

EFI pairs are shown to play a similar role to that played by OWFs in the classical setting: they are simple to describe, essential, and also serve as a linchpin for demonstrating equivalence between primitives.

### Quantum weak coin flipping

- Mathematics, Computer ScienceSTOC
- 2019

This work proposes a framework to construct new explicit protocols achieving biases below 1/6 and introduces what it calls the Elliptic Monotone Align algorithm which, together with the framework, allows us to construct protocols with arbitrarily small biases.

### Quantum Oblivious Transfer: A Short Review

- Computer Science, MathematicsEntropy
- 2022

This review article surveys the work developed around the concept of oblivious transfer within theoretical quantum cryptography and focuses on some proposed protocols and their security requirements.

### Privacy and correctness trade-offs for information-theoretically secure quantum homomorphic encryption

- Computer Science, MathematicsArXiv
- 2022

Using this reduction, this work unravels fundamental trade-off between circuit privacy, data privacy and correctness for a broad family of quantum homomorphic encryption protocols, including schemes that allow only computation of Cliﬀord circuits.

### Oblivious Transfer is in MiniQCrypt

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2020

An oblivious transfer protocol is constructed in MiniQCrypt that achieves simulation-security in the plain model against malicious quantum polynomial-time adversaries, building on the foundational work of Bennett, Brassard, Cr\'epeau and Skubiszewska (CRYPTO 1991).

## References

SHOWING 1-10 OF 30 REFERENCES

### Lower bounds for Quantum Oblivious Transfer

- Computer Science, MathematicsFSTTCS
- 2010

This paper shows that every 1-out-of-2 oblivious transfer protocol allows a dishonest party to cheat with probability bounded below by a constant strictly larger than 1/2, and extends Kitaev's semidefinite programming formulation to more general primitives, where the security is against a dishonest player trying to force the outcome of the other player, and proves optimal lower and upper bounds for them.

### On the Power of Two-Party Quantum Cryptography

- Mathematics, Computer ScienceASIACRYPT
- 2009

It is argued that leakage is a good measure for the privacy provided to the players by a given protocol because it extends known impossibility results to all non-trivial primitives.

### Oblivious transfer, the CHSH game, and quantum encodings

- Computer Science, Mathematics
- 2013

A "learning lemma" is proved, which provides a new upper bound on the average probability of decoding each bit that depends on the probability of learning the XOR of the two bits, which helps improve the lower bounds on the cheating probabilities of any quantum oblivious transfer protocol.

### Insecurity of Quantum Secure Computations

- Computer Science, MathematicsArXiv
- 1996

This work shows that all one-sided two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure, and constructs a class of functions that cannot be computed securely in any two-sidedTwo-party computation.

### Optimal Quantum Strong Coin Flipping

- Computer Science, Mathematics2009 50th Annual IEEE Symposium on Foundations of Computer Science
- 2009

The construction of a quantum strong coin flipping protocol with cheating probability arbitrarily close to 1/sqrt{2}+O(epsilon) is presented, which follows from the construction and the optimal quantum weak coin flips protocol described by Mochon.

### Cryptography in the bounded quantum-storage model

- Computer Science, MathematicsIEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, 2005.
- 2005

It is shown that oblivious transfer and bit commitment can be implemented in this model using protocols where honest parties need no quantum memory, whereas an adversarial player needs quantum memory of size at least n/2 in order to break the protocol, where n is the number of qubits transmitted.

### Simple protocols for oblivious transfer and secure identification in the noisy-quantum-storage model

- Computer Science, Mathematics
- 2010

We present simple protocols for oblivious transfer and password-based identification which are secure against general attacks in the noisy-quantum-storage model as defined in R. Koenig, S. Wehner,…

### Unconditionally secure quantum bit commitment is impossible

- Computer Science, Mathematics
- 1997

It is shown that the claim that quantum cryptography can provide protocols that are unconditionally secure, that is, for which the security does not depend on any restriction on the time, space, or technology available to the cheaters, does not hold for any quantum bit commitment protocol.

### Cryptography from noisy storage.

- Computer Science, MathematicsPhysical review letters
- 2008

We show how to implement cryptographic primitives based on the realistic assumption that quantum storage of qubits is noisy. We thereby consider individual-storage attacks; i.e., the dishonest party…

### A Simpler Proof of the Existence of Quantum Weak Coin Flipping with Arbitrarily Small Bias

- Computer ScienceSIAM J. Comput.
- 2016

This work simplifies parts of Mochon's construction considerably, making about 20 pages of analysis in the original proof superfluous, clarifying some other parts of the proof on the way, and presenting the proof in a way which is conceptually easier to grasp.