The relationship between two flavors of oblivious transfer at the quantum level

Though all-or-nothing oblivious transfer and one-out-of-two oblivious transfer are equivalent in classical cryptography, we here show that due to the nature of quantum cryptography, a protocol built upon secure quantum all-or-nothing oblivious transfer cannot satisfy the rigorous definition of quantum one-out-of-two oblivious transfer.Comment: 4 pages, no figur

The Oblivious Transfer Capacity of the Wiretapped Binary Erasure Channel

We consider oblivious transfer between Alice and Bob in the presence of an eavesdropper Eve when there is a broadcast channel from Alice to Bob and Eve. In addition to the secrecy constraints of Alice and Bob, Eve should not learn the private data of Alice and Bob. When the broadcast channel consists of two independent binary erasure channels, we derive the oblivious transfer capacity for both 2-privacy (where the eavesdropper may collude with either party) and 1-privacy (where there are no collusions).Comment: This is an extended version of the paper "The Oblivious Transfer Capacity of the Wiretapped Binary Erasure Channel" to be presented at ISIT 201

Spacetime-constrained oblivious transfer

In 1-out-of-2 oblivious transfer (OT), Alice inputs numbers x_0, x_1, Bob inputs a bit b and outputs x_b. Secure OT requires that Alice and Bob learn nothing about b and x_{\bar{b}}, respectively. We define spacetime-constrained oblivious transfer (SCOT) as OT in Minkowski spacetime in which Bob must output x_b within R_b, where R_0 and R_1 are fixed spacelike separated spacetime regions. We show that unconditionally secure SCOT is impossible with classical protocols in Minkowski (or Galilean) spacetime, or with quantum protocols in Galilean spacetime. We describe a quantum SCOT protocol in Minkowski spacetime, and we show it unconditionally secure.Comment: Improved theorem on the impossibility of classical SCOT to allow for small errors. Figure added and discussion extended in response to referee comments. Protocol and security proof unaltered. Final versio

Composable Security in the Bounded-Quantum-Storage Model

We present a simplified framework for proving sequential composability in the quantum setting. In particular, we give a new, simulation-based, definition for security in the bounded-quantum-storage model, and show that this definition allows for sequential composition of protocols. Damgard et al. (FOCS '05, CRYPTO '07) showed how to securely implement bit commitment and oblivious transfer in the bounded-quantum-storage model, where the adversary is only allowed to store a limited number of qubits. However, their security definitions did only apply to the standalone setting, and it was not clear if their protocols could be composed. Indeed, we first give a simple attack that shows that these protocols are not composable without a small refinement of the model. Finally, we prove the security of their randomized oblivious transfer protocol in our refined model. Secure implementations of oblivious transfer and bit commitment then follow easily by a (classical) reduction to randomized oblivious transfer.Comment: 21 page