Write
33
edits
Device-Independent Oblivious Transfer: Difference between revisions
Device-Independent Oblivious Transfer (edit)
Revision as of 17:05, 29 January 2022
, 29 January 2022Added requirements
No edit summary |
m (Added requirements) |
||
| Line 15: | Line 15: | ||
<!-- A non-mathematical detailed outline which provides a rough idea of the concerned protocol --> | <!-- A non-mathematical detailed outline which provides a rough idea of the concerned protocol --> | ||
* The protocol consists of multiple rounds, which are randomly chosen for testing or string generation | * The protocol consists of multiple rounds, which are randomly chosen for testing or string generation | ||
* The testing rounds are carried out to ensure that the devices used are following the expected behaviour. The self-testing protocol used is a modification of the one used in DIQKD. This modification is necessary as, unlike the DIQKD scenario, the parties involved in OT may not trust each other to cooperate. The self-testing protocol uses the computational assumptions associated with ''Extended noisy trapdoor claw-free'' (ENTCF) function families to certify that the device has created the desired quantum states. If the fraction of failed testing rounds exceeds a certain limit, the protocol is aborted. | * The testing rounds are carried out to ensure that the devices used are following the expected behaviour. The self-testing protocol used is a modification of the one used in [[Device-Independent Quantum Key Distribution | DIQKD]]. This modification is necessary as, unlike the DIQKD scenario, the parties involved in OT may not trust each other to cooperate. The self-testing protocol uses the computational assumptions associated with ''Extended noisy trapdoor claw-free'' (ENTCF) function families to certify that the device has created the desired quantum states. If the fraction of failed testing rounds exceeds a certain limit, the protocol is aborted. | ||
* At the end of the protocol, the honest sender outputs two randomly generated strings of equal length, and the honest receiver outputs their chosen string out of the two. | * At the end of the protocol, the honest sender outputs two randomly generated strings of equal length, and the honest receiver outputs their chosen string out of the two. | ||
| Line 42: | Line 42: | ||
<!-- Mathematical step-wise protocol algorithm helpful to write a subroutine. --> | <!-- Mathematical step-wise protocol algorithm helpful to write a subroutine. --> | ||
===Protocol 1: Rand 1-2 OT<math>^l</math>=== | ===Protocol 1: Rand 1-2 OT<math>^l</math>=== | ||
'''Requirements:''' Entanglement distribution, classical communication | |||
'''Input:''' Receiver - a bit <math>c</math> | |||
'''Output:''' Sender outputs randomly generated <math>s_0,s_1 \in \{0,1\}^l</math>, Receiver outputs <math>s_c</math> | |||
# A device prepares <math>n</math> uniformly random Bell pairs <math>|\phi^{(v_i^{\alpha},v_i^{\beta})}\rangle, i = 1,...,n</math>, where the first qubit of each pair goes to <math>S</math> along with the string <math>v^{\alpha}</math>, and the second qubit of each pair goes to <math>R</math> along with the string <math>v^{\beta}</math>. | # A device prepares <math>n</math> uniformly random Bell pairs <math>|\phi^{(v_i^{\alpha},v_i^{\beta})}\rangle, i = 1,...,n</math>, where the first qubit of each pair goes to <math>S</math> along with the string <math>v^{\alpha}</math>, and the second qubit of each pair goes to <math>R</math> along with the string <math>v^{\beta}</math>. | ||
# R measures all qubits in the basis <math>y = [</math>'''Computational,Hadamard'''<math>]_c</math> where <math>c</math> is <math>R</math>'s choice bit. Let <math>b \in \{0,1\}^n</math> be the outcome. <math>R</math> then computes <math>b \oplus w^{\beta}</math>, where the <math>i</math>-th entry of <math>w^{\beta}</math> is defined by | # R measures all qubits in the basis <math>y = [</math>'''Computational,Hadamard'''<math>]_c</math> where <math>c</math> is <math>R</math>'s choice bit. Let <math>b \in \{0,1\}^n</math> be the outcome. <math>R</math> then computes <math>b \oplus w^{\beta}</math>, where the <math>i</math>-th entry of <math>w^{\beta}</math> is defined by | ||
| Line 52: | Line 57: | ||
===Protocol 2: Self-testing with a single verifier=== | ===Protocol 2: Self-testing with a single verifier=== | ||
'''Requirements:''' ENTCF function family, classical communication | |||
# Alice chooses the state bases <math>\theta^A,\theta^B \in </math> {'''Computational,Hadamard'''} uniformly at random and generates key-trapdoor pairs <math>(k^A,t^A),(k^B,t^B)</math>, where the generation procedure for <math>k^A</math> and <math>t^A</math> depends on <math>\theta^A</math> and a security parameter <math>\eta</math>, and likewise for <math>k^B</math> and <math>t^B</math>. Alice supplies Bob with <math>k^B</math>. Alice and Bob then respectively send <math>k^A, k^B</math> to the device. | # Alice chooses the state bases <math>\theta^A,\theta^B \in </math> {'''Computational,Hadamard'''} uniformly at random and generates key-trapdoor pairs <math>(k^A,t^A),(k^B,t^B)</math>, where the generation procedure for <math>k^A</math> and <math>t^A</math> depends on <math>\theta^A</math> and a security parameter <math>\eta</math>, and likewise for <math>k^B</math> and <math>t^B</math>. Alice supplies Bob with <math>k^B</math>. Alice and Bob then respectively send <math>k^A, k^B</math> to the device. | ||
# Alice and Bob receive strings <math>c^A</math> and <math>c^B</math>, respectively, from the device. | # Alice and Bob receive strings <math>c^A</math> and <math>c^B</math>, respectively, from the device. | ||
| Line 63: | Line 70: | ||
===Protocol 3: DI Rand 1-2 OT<math>^l</math>=== | ===Protocol 3: DI Rand 1-2 OT<math>^l</math>=== | ||
'''Requirements:''' Entanglement distribution, ENTCF function family, classical communication | |||
'''Input:''' Receiver - a bit <math>c</math> | |||
'''Output:''' Sender outputs randomly generated <math>s_0,s_1 \in \{0,1\}^l</math>, Receiver outputs <math>s_c</math> | |||
::'''Data generation:''' | ::'''Data generation:''' | ||
# The sender and receiver execute <math>n</math> rounds of '''Protocol 2''' (Self-testing) with the sender as Alice and receiver as Bob, and with the following modification: | # The sender and receiver execute <math>n</math> rounds of '''Protocol 2''' (Self-testing) with the sender as Alice and receiver as Bob, and with the following modification: | ||