Oblivious transfer (OT) is a cryptographic primitive between two parties, in the following called Alice and Bob. OT can be used as a building block for any arbitrary multiparty computation protocol (including, e.g., bit commitment).
It exists various versions of OT primitives, whose functionality of some of them is explained in the following.
- Rabin OT: Alice chooses as input one bit b. Then, with probability 1/2, Bob gets the bit b, and nothing otherwise.
- 1-out-of-2 OT: Alice chooses as input two bits b0 and b1. Bob chooses a selection bit c and gets as output the bit bc.
It can be shown that these two versions of OT can be reduced to each other. Moreover, one can define similar functionalities for strings (instead of bits).
A protocol for realizing OT is said to be secure if none of the two parties learns any information she is not supposed to learn according to the above description (e.g., in 1-out-of-2 OT, Alice should be unable to learn the selection bit c chosen by Bob.)
Classically, there are only computationally secure OT protocols. In fact, it can be shown that even with the help of quantum mechanics, fully secure OT cannot be realized, unless additional assumptions are made.
Recently, Damgaard, Fehr, Salvail, and Schaffner came up with a quantum protocol for realizing OT (and bit commitment) which is secure under the sole assumption that the adversary cannot store more than a certain number of qubits.