Noninteractive xor Quantum Oblivious Transfer: Optimal Protocols and Their Experimental Implementations

Open Access

Noninteractive xor Quantum Oblivious Transfer: Optimal Protocols and Their Experimental Implementations

Lara Stroh, Nikola Horová, Robert Stárek, Ittoop V. Puthoor, Michal Mičuda, Miloslav Dušek, and Erika Andersson

PRX Quantum 4, 020320 – Published 4 May 2023

Abstract

Oblivious transfer (OT) is an important cryptographic primitive. Any multiparty computation can be realized with OT as building block. xor oblivious transfer (XOT) is a variant where the sender Alice has two bits and a receiver Bob obtains either the first bit, the second bit, or their xor. Bob should not learn anything more than this and Alice should not learn what Bob has learnt. Perfect quantum OT with information-theoretic security is known to be impossible. We determine the smallest possible cheating probabilities for unrestricted dishonest parties in noninteractive quantum XOT protocols using symmetric pure states and present an optimal protocol, which outperforms classical protocols. We also “reverse” this protocol, so that Bob becomes sender of a quantum state and Alice the receiver who measures it, while still implementing oblivious transfer from Alice to Bob. Cheating probabilities for both parties stay the same as for the unreversed protocol. We optically implement both the unreversed and the reversed protocols, and cheating strategies, noting that the reversed protocol is easier to implement.

Received 23 September 2022
Accepted 30 March 2023

DOI:https://doi.org/10.1103/PRXQuantum.4.020320

Published by the American Physical Society under the terms of the Creative Commons Attribution 4.0 International license. Further distribution of this work must maintain attribution to the author(s) and the published article's title, journal citation, and DOI.

Published by the American Physical Society

Physics Subject Headings (PhySH)

Quantum communication Quantum cryptography Quantum protocols

Quantum Information, Science & Technology

Authors & Affiliations

Lara Stroh¹, Nikola Horová ², Robert Stárek ², Ittoop V. Puthoor ¹, Michal Mičuda ², Miloslav Dušek ², and Erika Andersson^1,*

¹SUPA, Institute of Photonics and Quantum Sciences, School of Engineering and Physical Sciences, Heriot-Watt University, Edinburgh EH14 4AS, United Kingdom
²Department of Optics, Faculty of Science, Palacký University, 17. listopadu 1192/12, Olomouc 779 00, Czech Republic

^*E.Andersson@hw.ac.uk

Popular Summary

Alice has multiple pieces of important information and wishes for Bob to learn one and only one piece of her puzzle. In this paper, we describe a quantum mechanical method that reduces the chance that Bob can cheat, learning more than he is supposed to. In addition to this, the method is designed to limit the chance that Alice will learn which single piece of the puzzle Bob has obtained, making this a form of oblivious transfer.

For example, with traditional methods, an online game of poker requires a trusted host, a third party who handles all of the information and who each player trusts implicitly. With oblivious-transfer protocols, it is possible to create a new paradigm in which a trusted third party is no longer needed. Instead, the players can communicate directly and securely with each other, trusting entirely that they will be able to negotiate who has won the hand without giving their cards away.

In this work, we focus on one specific variant of this protocol, $x o r$ oblivious transfer. In this case, Alice has two bits of information and Bob can learn the first bit, the second bit, or their exclusive $o r$ ( $x o r$ ). We investigate noninteractive $x o r$ oblivious transfer, where the only direct communication between the two parties is one transfer of one pure quantum state from Alice to Bob. Having calculated the lowest cheating probabilities that can be achieved by Alice and Bob, we confirm these results by presenting two optimal protocols. These protocols are not only theoretical concepts but we show how they can be experimentally implemented. As a next step, new boundaries of the problem can be explored. What might happen if Alice and Bob are not restricted to pure symmetric states?

Key Image

Article Text

Click to Expand

References

Click to Expand

Issue

Vol. 4, Iss. 2 — May - July 2023

Reuse & Permissions

Author publication services for translation and copyediting assistance advertisement

Images

Figure 1
Alice’s optimal cheating probabilities in Eqs. (5) and (6) for different values of $G$ : (a),(d) $G = - 1 / 3$ ; (b),(e) $G = - 1 / 6$ ; (c),(f) $G = 0$ . The plots (a)–(c) show top-down views of (d)–(f), respectively.
Reuse & Permissions
Figure 2
Alice’s optimal cheating probabilities for real $F$ in Eqs. (7) and (8). The region plot in (a) is the top view of the 3D plot in (b), both showing the regions for which (i), (iii), or (iv) are the largest, respectively.
Reuse & Permissions
Figure 3
The experimental setup for the XOT protocol when Bob is honest. The green boxes labeled with black numbers represent half-wave plates (HWPs). The large semitransparent cyan boxes represent beam displacers. Next to HWP10, there is a polarizing beam splitter. Note that HWP4 is ring shaped and that polarization of the central beam is not affected. The detectors are labeled according to the corresponding POVM operators. The settings for Alice’s half-wave plates are listed in Table 2 for when she is honest and in Table 3 for when she is cheating. The settings for Bob’s half-wave plates are HWP3 $= 0^{\circ}$ , HWP4=HWP5=HWP7=HWP8=HWP10 $= {22.5}^{\circ}$ , and HWP6=HWP9 $= 45^{\circ}$ . The beams marked in red have horizontal linear polarization and the beams marked in blue have vertical polarization. Purple indicates general polarization states.
Reuse & Permissions
Figure 4
The experimental setup for the XOT protocol when Bob is cheating. The notation is the same as in Fig. 3. The settings for the receiver’s half-wave plates are HWP3 = HWP7 = HWP8 = ${22.5}^{\circ}$ , HWP4 = $45^{\circ}$ , and HWP5 $= 90^{\circ}$ . The same setup is used for the reversed protocol when Alice is honest but in that case, Bob is the sender and Alice is the receiver (names in parentheses). The settings of the sender’s half-wave plates for honest Alice in the unreversed protocol, or for cheating Bob in the reversed protocol, are listed in Table 2, and for honest Bob in the reversed protocol in Table 4.
Reuse & Permissions
Figure 5
The experimental setup for the reversed XOT protocol when Alice is cheating. The notation is the same as in Fig. 3. The settings of Alice’s half-wave plates are $HWP3 = HWP4 = HWP10 = 0^{\circ}$ , $HWP5 = 90^{\circ}$ , and $HWP6 = HWP7 = HWP9 = 45^{\circ}$ .
Reuse & Permissions
Figure 6
The detailed scheme of the experimental setup. The green boxes labeled with black numbers represent HWPs. The small orange rectangles are glass plates that serve for phase compensation. The large semitransparent cyan boxes represent beam displacers. Next to HWP10, there is a polarizing beam splitter. Note that HWP1, HWP2, HWP4, and HWP10 are ring shaped and that polarization of the central beam is not affected. The insets show the actual arrangement of the half-wave plates.
Reuse & Permissions

PRX Quantum

a Physical Review journal