Abstract
We present a new template for building oblivious transfer from quantum information that we call the “fixed basis” framework. Our framework departs from prior work (e.g., Crepeau and Kilian, FOCS’88) by fixing the correct choice of measurement basis used by each player, except for some hidden trap qubits that are intentionally measured in a conjugate basis. We instantiate this template in the quantum random oracle model (QROM) to obtain simple protocols that implement, with security against malicious adversaries:
-
Non-interactive random-input bit OT in a model where parties share EPR pairs a priori.
-
Two-round random-input bit OT without setup, obtained by showing that the protocol above remains secure even if the (potentially malicious) OT receiver sets up the EPR pairs.
-
Three-round chosen-input string OT from BB84 states without entanglement or setup. This improves upon natural variations of the CK88 template that require at least five rounds.
Along the way, we develop technical tools that may be of independent interest. We prove that natural functions like XOR enable seedless randomness extraction from certain quantum sources of entropy. We also use idealized (i.e. extractable and equivocal) bit commitments, which we obtain by proving security of simple and efficient constructions in the QROM.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We use the terms"one-shot", "one-message", and "non-interactive" interchangably in this work, all referring to a protocol between two parties Alice and Bob that consists only of a single message from Alice to Bob.
- 2.
While this framing of the problem is different from the previous page, the two turn out to be equivalent thanks to OT reversal and reorientation methods [36].
- 3.
Here non-trivial quantum OT means OT based on assumptions (such as symmetric-key cryptography) or ideal models that are not known to imply classical OT.
- 4.
- 5.
Our actual protocol involves an additional step that allows Alice to program any input \(m_b\) of her choice, but we suppress this detail in this overview.
- 6.
One idea would be to sample the seed s as part of the output of the random oracle. However, this does not ensure that s is uniformly random. For example Alice could bias certain bits of s by choosing her commitments in a certain way.
- 7.
For example, consider an adversary that, via a single superposition query to the random oracle, sets register \(\mathcal{B}\) to be a superposition over all x such that the first bit of \(\textsf{RO}(x)\) is 0. Then, measuring \(\mathcal{B}\) in the computational basis will result in an x with high min-entropy, but where \(\textsf{RO}(x)\) is distinguishable from a uniformly random r.
- 8.
Technically, one party prepares and the other measures BB84 states.
- 9.
That is, consider sampling H, running a purified \(A_1^H\), measuring at the end to obtain \((T,\{x_i\}_{i \in T})\), and then defining \(|\gamma \rangle \) to be the left-over state on \(\mathcal{A}\)’s remaining registers.
References
Agarwal, A., Bartusek, J., Khurana, D., Kumar, N.: A new framework for quantum oblivious transfer. Cryptology ePrint Archive, Paper 2022/1191 (2022). https://eprint.iacr.org/2022/1191
Aiello, B., Ishai, Y., Reingold, O.: Priced oblivious transfer: how to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_8
Ambainis, A., Hamburg, M., Unruh, D.: Quantum security proofs using semi-classical oracles. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 269–295. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_10
Ananth, P., Qian, L., Yuen, H.: Cryptography from pseudorandom quantum states. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13507, pp. 208–236. Springer (2022). https://doi.org/10.1007/978-3-031-15802-5_8
Badrinarayanan, S., Garg, S., Ishai, Y., Sahai, A., Wadia, A.: Two-message witness indistinguishability and secure computation in the plain model from new assumptions. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10626, pp. 275–303. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70700-6_10
Badrinarayanan, S., Goyal, V., Jain, A., Kalai, Y.T., Khurana, D., Sahai, A.: Promise zero knowledge and its applications to round optimal MPC. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 459–487. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_16
Badrinarayanan, S., Goyal, V., Jain, A., Khurana, D., Sahai, A.: Round optimal concurrent mpc via strong simulation. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 743–775. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_25
Bartusek, J., Coladangelo, A., Khurana, D., Ma, F.: One-way functions imply secure computation in a quantum world. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 467–496. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_17
Bartusek, J., Khurana, D.: Cryptography with certified deletion. Cryptology ePrint Archive, Paper 2022/1178 (2022). https://eprint.iacr.org/2022/1178
Bennett, C.H., Brassard, G., Crépeau, C., Jozsa, R., Peres, A., Wootters, W.K.: Teleporting an unknown quantum state via dual classical and einstein-podolsky-rosen channels. Phys. Rev. Lett. 70, 1895–1899 (1993). https://doi.org/10.1103/PhysRevLett.70.1895
Bennett, C.H., Brassard, G., Crépeau, C., Skubiszewska, M.-H.: Practical quantum oblivious transfer. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 351–366. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_29
Bitansky, N., Vaikuntanathan, V.: A note on perfect correctness by derandomization. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 592–606. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_20
Bouman, N.J., Fehr, S.: Sampling in a quantum population, and applications. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 724–741. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_39
Brun, T., Devetak, I., Hsieh, M.H.: Correcting quantum errors with entanglement. Science (New York) 314, 436–439 (2006). https://doi.org/10.1126/science.1131563
Canetti, R., et al.: Fiat-Shamir: from practice to theory. In: Charikar, M., Cohen, E. (eds.) 51st Annual ACM Symposium on Theory of Computing, pp. 1082–1090. ACM Press, Phoenix, AZ, USA (23–26 June, 2019). https://doi.org/10.1145/3313276.3316380
Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004). https://doi.org/10.1145/1008731.1008734
Chailloux, A., Gutoski, G., Sikora, J.: Optimal bounds for semi-honest quantum oblivious transfer. Chic. J. Theor. Comput. Sci. 2016 (2016). https://doi.org/10.48550/arXiv.1310.3262
Chailloux, A., Kerenidis, I., Sikora, J.: Lower bounds for quantum oblivious transfer. Quantum Info. Comput. 13(1–2), 158–177 (2013). https://doi.org/10.48550/arXiv.1007.1875
Coladangelo, A., Vidick, T., Zhang, T.: Non-interactive zero-knowledge arguments for QMA, with preprocessing. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 799–828. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_28
Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions (extended abstract). In: 29th Annual Symposium on Foundations of Computer Science, pp. 42–52. IEEE Computer Society Press, White Plains, NY (24–26 Oct 1988). https://doi.org/10.1109/SFCS.1988.21920
Damgård, I., Fehr, S., Lunemann, C., Salvail, L., Schaffner, C.: Improving the security of quantum protocols via commit-and-open. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 408–427. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_24
Damgård, I., Fehr, S., Salvail, L., Schaffner, C.: Cryptography in the bounded quantum-storage model. SIAM J. Comput. 37, 1865–1890 (2008). https://doi.org/10.1137/060651343
Don, J., Fehr, S., Majenz, C., Schaffner, C.: Security of the fiat-shamir transformation in the quantum random-oracle model. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 356–383. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_13
Don, J., Fehr, S., Majenz, C., Schaffner, C.: Online-extractability in the quantum random-oracle model. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13277, pp. 677–706. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07082-2_24
Döttling, N., Garg, S., Hajiabadi, M., Masny, D., Wichs, D.: Two-round oblivious transfer from CDH or LPN. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 768–797. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_26
Dupuis, F., Lamontagne, P., Salvail, L.: Fiat-shamir for proofs lacks a proof even in the presence of shared entanglement (2022). https://doi.org/10.48550/ARXIV.2204.02265
Ekert, A.K.: Quantum cryptography based on bell’s theorem. Phys. Rev. Lett. 67(6), 661–663 (1991). https://doi.org/10.1103/PhysRevLett.67.661
Erven, C., Ng, N., Gigov, N., Laflamme, R., Wehner, S., Weihs, G.: An experimental implementation of oblivious transfer in the noisy storage model. Nat. Commun. 5 (2014). https://doi.org/10.1038/ncomms4418
Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985). https://doi.org/10.1145/3812.3818
Furrer, F., Gehring, T., Schaffner, C., Pacher, C., Schnabel, R., Wehner, S.: Continuous-variable protocol for oblivious transfer in the noisy-storage model. Nat. Commun. 9(1) (2018). https://doi.org/10.1038/s41467-018-03729-4
Garg, S., Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Cryptography with one-way communication. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 191–208. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_10
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or A completeness theorem for protocols with honest majority. In: Aho, A. (ed.) 19th Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM Press, New York City (25–27 May 1987). https://doi.org/10.1145/28395.28420
Grilo, A.B., Hövelmanns, K., Hülsing, A., Majenz, C.: Tight adaptive reprogramming in the QROM. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13090, pp. 637–667. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92062-3_22
Grilo, A.B., Lin, H., Song, F., Vaikuntanathan, V.: Oblivious transfer is in MiniQCrypt. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 531–561. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_18
Halevi, S., Kalai, Y.T.: Smooth projective hashing and two-message oblivious transfer. J. Cryptol. 25(1), 158–193 (2010). https://doi.org/10.1007/s00145-010-9092-8
Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_9
Ishai, Y., Kushilevitz, E., Ostrovsky, R., Prabhakaran, M., Sahai, A., Wullschleger, J.: Constant-rate oblivious transfer from noisy channels. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 667–684. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_38
Ito, T., et al.: Physical implementation of oblivious transfer using optical correlated randomness. Sci. Reports 7(1) (2017). https://doi.org/10.1038/s41598-017-08229-x
Jain, A., Kalai, Y.T., Khurana, D., Rothblum, R.: Distinguisher-dependent simulation in two rounds and its applications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 158–189. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_6
Kalai, Y.T., Khurana, D., Sahai, A.: Statistical witness indistinguishability (and more) in two messages. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 34–65. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_2
Kalai, Y.T., Rothblum, G.N., Rothblum, R.D.: From obfuscation to the security of fiat-shamir for proofs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 224–251. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_8
Khurana, D., Sahai, A.: How to achieve non-malleability in one or two rounds. In: Umans, C. (ed.) 58th Annual Symposium on Foundations of Computer Science, pp. 564–575. IEEE Computer Society Press, Berkeley (15–17 Oct 2017). https://doi.org/10.1109/FOCS.2017.58
Kilian, J.: Founding cryptography on oblivious transfer. In: 20th Annual ACM Symposium on Theory of Computing, pp. 20–31. ACM Press, Chicago, IL, USA (2–4 May 1988). https://doi.org/10.1145/62212.62215
Kobayashi, H.: Non-interactive quantum perfect and statistical zero-knowledge. In: Ibaraki, T., Katoh, N., Ono, H. (eds.) ISAAC 2003. LNCS, vol. 2906, pp. 178–188. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-24587-2_20
Kundu, S., Sikora, J., Tan, E.Y.Z.: A device-independent protocol for xor oblivious transfer. Physics (2020). https://doi.org/10.22331/q-2022-05-30-725, arXiv: Quantum
Lo, H.K., Chau, H.F.: Is quantum bit commitment really possible? Phys. Rev. Lett. 78(17), 3410 (1997). https://doi.org/10.1103/PhysRevLett.78.3410
Mayers, D.: Unconditionally secure quantum bit commitment is impossible. Phys. Rev. Lett. 78(17), 3414 (1997). https://doi.org/10.1103/PhysRevLett.78.3414
Mayers, D., Salvail, L.: Quantum oblivious transfer is secure against all individual measurements. In: Proceedings Workshop on Physics and Computation. PhysComp 1994, pp. 69–77. IEEE (1994). https://doi.org/10.1109/PHYCMP.1994.363696
Morimae, T., Yamakawa, T.: Classically verifiable NIZK for QMA with preprocessing. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022. LNCS, vol. 13794, pp. 599–627. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22972-5_21
Morimae, T., Yamakawa, T.: Quantum commitments and signatures without one-way functions. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13507, pp. 269–295. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15802-5_10
Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proceedings of the Twelfth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2001, p. 448–457. Society for Industrial and Applied Mathematics, USA (2001). https://dl.acm.org/doi/10.5555/365411.365502
Ostrovsky, R., Paskin-Cherniavsky, A., Paskin-Cherniavsky, B.: maliciously circuit-private FHE. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 536–553. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_30
Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_31
Rabin, M.O.: How to exchange secrets with oblivious transfer. IACR Cryptol. ePrint Arch. 2005, 187 (2005). https://eprint.iacr.org/2005/187
Renner, R., König, R.: Universally composable privacy amplification against quantum adversaries. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 407–425. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_22
Shi, S., Qian, C.: Concurrent entanglement routing for quantum networks: Model and designs. In: Proceedings of the Annual Conference of the ACM Special Interest Group on Data Communication on the Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM 2020, pp. 62–75. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3387514.3405853
Unruh, D.: Universally composable quantum multi-party computation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 486–505. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_25
Unruh, D.: Non-interactive zero-knowledge proofs in the quantum random oracle model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 755–784. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_25
Wehner, S., Curty, M., Schaffner, C., Lo, H.K.: Implementation of two-party protocols in the noisy-storage model. Phys. Rev. A - Atomic Molecular Opt. Phys. 81(5) (2010). https://doi.org/10.1103/PhysRevA.81.052336
Wehner, S., Schaffner, C., Terhal, B.: Cryptography from noisy storage. Phys. Rev. Lett. 100, 220502 (2008). https://doi.org/10.1103/PhysRevLett.100.220502
Wiesner, S.: Conjugate coding. SIGACT News 15, 78–88 (1983). https://doi.org/10.1145/1008908.1008920
Yao, A.C.C.: Security of quantum protocols against coherent measurements. In: 27th Annual ACM Symposium on Theory of Computing, pp. 67–75. ACM Press, Las Vegas, NV, USA (29 May–1 Jun 1995). https://doi.org/10.1145/225058.225085
Zhandry, M.: How to record quantum queries, and applications to quantum indifferentiability. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 239–268. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_9
Acknowledgments
A. Agarwal, D. Khurana and N. Kumar were supported in part by by NSF CNS-2238718, DARPA SIEVE and a gift from Visa Research. This material is based upon work supported by the Defense Advanced Research Projects Agency through Award HR00112020024.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Agarwal, A., Bartusek, J., Khurana, D., Kumar, N. (2023). A New Framework for Quantum Oblivious Transfer. In: Hazay, C., Stam, M. (eds) Advances in Cryptology – EUROCRYPT 2023. EUROCRYPT 2023. Lecture Notes in Computer Science, vol 14004. Springer, Cham. https://doi.org/10.1007/978-3-031-30545-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-30545-0_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30544-3
Online ISBN: 978-3-031-30545-0
eBook Packages: Computer ScienceComputer Science (R0)