On the Foundations of Oblivious Transfer
Christian Cachin
We show that oblivious transfer can be based on a very general notion of asymmetric information difference. We investigate a Universal Oblivious Transfer, denoted UOT$(X, Y)$, that gives Bob the freedom to access Alice's input $X$ in an arbitrary way as long as he does not obtain full information about $X$. Alice does not learn which information Bob has chosen. We show that oblivious transfer can be reduced to a single execution of UOT$(X, Y)$ with Bob's knowledge $Y$ restricted in terms of Rényi entropy of order $\alpha > 1$. For independently repeated UOT the reduction woks even if only Bob's Shannon information is restricted, i.e. $H(X|Y) > 0$ in every UOT$(X, Y)$. Our protocol requires that honest Bob obtains at least half of Alice's information $X$ without error.
BibTeX Citation
@inproceedings{Cachin98,
author = {Christian Cachin},
title = {On the Foundations of Oblivious Transfer},
editor = {Kaisa Nyberg},
booktitle = {Advances in Cryptology --- EUROCRYPT~'98},
pages = 361--374,
series = {Lecture Notes in Computer Science},
volume = 1403,
year = 1998,
month = 5,
publisher = {Springer-Verlag},
}