# Oblivious transfer

**Oblivious transfer** (*OT*) is a cryptographic primitive between two parties, in the following called Alice and Bob. *OT* can be used as a building block for any arbitrary multiparty computation protocol (including, e.g., bit commitment).

It exists various versions of *OT* primitives, whose functionality of some of them is explained in the following.

**Rabin OT**: Alice chooses as input one bit*b*. Then, with probability 1/2, Bob gets the bit*b*, and nothing otherwise.

**1-out-of-2 OT**: Alice chooses as input two bits*b*0 and*b*1. Bob chooses a selection bit*c*and gets as output the bit*b**c*.

It can be shown that these two versions of *OT* can be reduced to each other. Moreover, one can define similar functionalities for strings (instead of bits).

A protocol for realizing *OT* is said to be *secure* if none of the two parties learns any information she is not supposed to learn according to the above description (e.g., in 1-out-of-2 *OT*, Alice should be unable to learn the selection bit c chosen by Bob.)

Classically, there are only computationally secure *OT* protocols. In fact, it can be shown that even with the help of quantum mechanics, fully secure *OT* cannot be realized, unless additional assumptions are made.

Recently, Damgaard, Fehr, Salvail, and Schaffner came up with a quantum protocol for realizing *OT* (and bit commitment) which is secure under the sole assumption that the adversary cannot store more than a certain number of qubits.