Abstract
Oblivious transfer (OT) is an important cryptographic primitive. Any multiparty computation can be realized with OT as building block. xor oblivious transfer (XOT) is a variant where the sender Alice has two bits and a receiver Bob obtains either the first bit, the second bit, or their xor. Bob should not learn anything more than this and Alice should not learn what Bob has learnt. Perfect quantum OT with information-theoretic security is known to be impossible. We determine the smallest possible cheating probabilities for unrestricted dishonest parties in noninteractive quantum XOT protocols using symmetric pure states and present an optimal protocol, which outperforms classical protocols. We also “reverse” this protocol, so that Bob becomes sender of a quantum state and Alice the receiver who measures it, while still implementing oblivious transfer from Alice to Bob. Cheating probabilities for both parties stay the same as for the unreversed protocol. We optically implement both the unreversed and the reversed protocols, and cheating strategies, noting that the reversed protocol is easier to implement.
- Received 23 September 2022
- Accepted 30 March 2023
DOI:https://doi.org/10.1103/PRXQuantum.4.020320
Published by the American Physical Society under the terms of the Creative Commons Attribution 4.0 International license. Further distribution of this work must maintain attribution to the author(s) and the published article's title, journal citation, and DOI.
Published by the American Physical Society
Physics Subject Headings (PhySH)
Popular Summary
Alice has multiple pieces of important information and wishes for Bob to learn one and only one piece of her puzzle. In this paper, we describe a quantum mechanical method that reduces the chance that Bob can cheat, learning more than he is supposed to. In addition to this, the method is designed to limit the chance that Alice will learn which single piece of the puzzle Bob has obtained, making this a form of oblivious transfer.
For example, with traditional methods, an online game of poker requires a trusted host, a third party who handles all of the information and who each player trusts implicitly. With oblivious-transfer protocols, it is possible to create a new paradigm in which a trusted third party is no longer needed. Instead, the players can communicate directly and securely with each other, trusting entirely that they will be able to negotiate who has won the hand without giving their cards away.
In this work, we focus on one specific variant of this protocol, oblivious transfer. In this case, Alice has two bits of information and Bob can learn the first bit, the second bit, or their exclusive (). We investigate noninteractive oblivious transfer, where the only direct communication between the two parties is one transfer of one pure quantum state from Alice to Bob. Having calculated the lowest cheating probabilities that can be achieved by Alice and Bob, we confirm these results by presenting two optimal protocols. These protocols are not only theoretical concepts but we show how they can be experimentally implemented. As a next step, new boundaries of the problem can be explored. What might happen if Alice and Bob are not restricted to pure symmetric states?