TY - GEN
T1 - Constant-rate oblivious transfer from noisy channels
AU - Ishai, Yuval
AU - Kushilevitz, Eyal
AU - Ostrovsky, Rafail
AU - Prabhakaran, Manoj
AU - Sahai, Amit
AU - Wullschleger, Jürg
PY - 2011
Y1 - 2011
N2 - A binary symmetric channel (BSC) is a noisy communication channel that flips each bit independently with some fixed error probability 0 < p < 1/2. Crépeau and Kilian (FOCS 1988) showed that oblivious transfer, and hence general secure two-party computation, can be unconditionally realized by communicating over a BSC. There has been a long line of works on improving the efficiency and generality of this construction. However, all known constructions that achieve security against malicious parties require the parties to communicate poly(k) bits over the channel for each instance of oblivious transfer (more precisely, -bit-OT) being realized, where k is a statistical security parameter. The question of achieving a constant (positive) rate was left open, even in the easier case of realizing a single oblivious transfer of a long string. We settle this question in the affirmative by showing how to realize n independent instances of oblivious transfer, with statistical error that vanishes with n, by communicating just O(n) bits over a BSC. As a corollary, any boolean circuit of size s can be securely evaluated by two parties with O(s)+poly(k) bits of communication over a BSC, improving over the O(s)·poly(k) complexity of previous constructions.
AB - A binary symmetric channel (BSC) is a noisy communication channel that flips each bit independently with some fixed error probability 0 < p < 1/2. Crépeau and Kilian (FOCS 1988) showed that oblivious transfer, and hence general secure two-party computation, can be unconditionally realized by communicating over a BSC. There has been a long line of works on improving the efficiency and generality of this construction. However, all known constructions that achieve security against malicious parties require the parties to communicate poly(k) bits over the channel for each instance of oblivious transfer (more precisely, -bit-OT) being realized, where k is a statistical security parameter. The question of achieving a constant (positive) rate was left open, even in the easier case of realizing a single oblivious transfer of a long string. We settle this question in the affirmative by showing how to realize n independent instances of oblivious transfer, with statistical error that vanishes with n, by communicating just O(n) bits over a BSC. As a corollary, any boolean circuit of size s can be securely evaluated by two parties with O(s)+poly(k) bits of communication over a BSC, improving over the O(s)·poly(k) complexity of previous constructions.
UR - http://www.scopus.com/inward/record.url?scp=80051995536&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80051995536&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-22792-9_38
DO - 10.1007/978-3-642-22792-9_38
M3 - Conference contribution
AN - SCOPUS:80051995536
SN - 9783642227912
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 667
EP - 684
BT - Advances in Cryptology - CRYPTO 2011 - 31st Annual Cryptology Conference, Proceedings
PB - Springer
T2 - 31st Annual International Cryptology Conference, CRYPTO 2011
Y2 - 14 August 2011 through 18 August 2011
ER -