Editing Device-Independent Oblivious Transfer
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 11: | Line 11: | ||
* The device used is computationally bounded - it cannot solve the Learning with Errors (LWE) problem during the execution of the protocol | * The device used is computationally bounded - it cannot solve the Learning with Errors (LWE) problem during the execution of the protocol | ||
* The device behaves in an IID manner - it behaves independently and identically during each round of the protocol | * The device behaves in an IID manner - it behaves independently and identically during each round of the protocol | ||
==Outline== | ==Outline== | ||
<!-- A non-mathematical detailed outline which provides a rough idea of the concerned protocol --> | <!-- A non-mathematical detailed outline which provides a rough idea of the concerned protocol --> | ||
==Notation== | ==Notation== | ||
<!-- Connects the non-mathematical outline with further sections. --> | <!-- Connects the non-mathematical outline with further sections. --> | ||
<!-- ==Knowledge Graph== --> | <!-- ==Knowledge Graph== --> | ||
<!-- Add this part if the protocol is already in the graph --> | <!-- Add this part if the protocol is already in the graph --> | ||
Line 47: | Line 24: | ||
==Protocol Description== | ==Protocol Description== | ||
<!-- Mathematical step-wise protocol algorithm helpful to write a subroutine. --> | <!-- Mathematical step-wise protocol algorithm helpful to write a subroutine. --> | ||
===Protocol 1 | ===Protocol 1: DI Rand 1-2 OT<math>^l</math>=== | ||
::'''Data generation:''' | ::'''Data generation:''' | ||
# The sender and receiver execute <math>n</math> rounds of '''Protocol 2''' (Self-testing) with the sender as Alice and receiver as Bob, and with the following modification: | # The sender and receiver execute <math>n</math> rounds of '''Protocol 2''' (Self-testing) with the sender as Alice and receiver as Bob, and with the following modification: | ||
Line 104: | Line 48: | ||
# Let <math>\tilde{I} := \{i : i \in I</math> and <math>T_i = </math> '''Generate'''} and <math>n^{\prime} = |\tilde{I}|</math>. The sender checks if there exists a <math> k > 0 </math> such that <math>\gamma n^{\prime} \leq n^{\prime}/4 - 2l -kn^{\prime}</math>. If such a <math>k</math> exists, the sender publishes <math>\tilde{I}</math> and, for each <math>i \in \tilde{I}</math>, the trapdoor <math>t_i^B</math> corresponding to the key <math>k_i^B</math> (given by the sender in the execution of '''Protocol 2,Step 1'''); otherwise the protocol aborts. | # Let <math>\tilde{I} := \{i : i \in I</math> and <math>T_i = </math> '''Generate'''} and <math>n^{\prime} = |\tilde{I}|</math>. The sender checks if there exists a <math> k > 0 </math> such that <math>\gamma n^{\prime} \leq n^{\prime}/4 - 2l -kn^{\prime}</math>. If such a <math>k</math> exists, the sender publishes <math>\tilde{I}</math> and, for each <math>i \in \tilde{I}</math>, the trapdoor <math>t_i^B</math> corresponding to the key <math>k_i^B</math> (given by the sender in the execution of '''Protocol 2,Step 1'''); otherwise the protocol aborts. | ||
<!-- INCLUDE V_i^ALPHA CALCULATION --> | <!-- INCLUDE V_i^ALPHA CALCULATION --> | ||
# For each <math>i \in \tilde{I},</math> the sender calculates <math>v_i^{\alpha} | # For each <math>i \in \tilde{I},</math> the sender calculates <math>v_i^{\alpha}</math> and defines <math>w^{\alpha}</math> by | ||
#:<math>w_i^{\alpha} = \begin{cases} v_i^{\alpha}, \mbox{if } x_i = \mbox{Hadamard}\\ 0, \mbox{if } x_i = \mbox{Computational}\end{cases}</math> | #:<math>w_i^{\alpha} = \begin{cases} v_i^{\alpha}, \mbox{if } x_i = \mbox{Hadamard}\\ 0, \mbox{if } x_i = \mbox{Computational}\end{cases}</math> | ||
#: and the receiver calculates <math>v_i^{\beta} | #: and the receiver calculates <math>v_i^{\beta}</math> and defines <math>w^{\beta}</math> by | ||
#:<math>w_i^{\beta} = \begin{cases} 0, \mbox{if } y_i = \mbox{Hadamard}\\ v_i^{\beta}, \mbox{if } y_i = \mbox{Computational}\end{cases}</math> | #:<math>w_i^{\beta} = \begin{cases} 0, \mbox{if } y_i = \mbox{Hadamard}\\ v_i^{\beta}, \mbox{if } y_i = \mbox{Computational}\end{cases}</math> | ||
#: '''Obtaining output:''' | #: '''Obtaining output:''' | ||
Line 113: | Line 57: | ||
===Protocol 2: Self-testing with a single verifier=== | |||
# Alice chooses the state bases <math>\theta^A,\theta^B \in </math> {'''Computational,Hadamard'''} uniformly at random and generates key-trapdoor pairs <math>(k^A,t^A),(k^B,t^B)</math>, where the generation procedure for <math>k^A</math> and <math>t^A</math> depends on <math>\theta^A</math> and a security parameter <math>\eta</math>, and likewise for <math>k^B</math> and <math>t^B</math>. Alice supplies Bob with <math>k^B</math>. Alice and Bob then respectively send <math>k^A, k^B</math> to the device. | |||
# Alice and Bob receive strings <math>c^A</math> and <math>c^B</math>, respectively, from the device. | |||
# Alice chooses a ''challenge type'' <math>CT \in \{a,b\}</math>, uniformly at random and sends it to Bob. Alice and Bob then send <math>CT</math> to each component of their device. | |||
# If <math>CT = a</math>: | |||
## Alice and Bob receive strings <math>z^A</math> and <math>z^B</math>, respectively, from the device. | |||
# If <math>CT = b</math>: | |||
## Alice and Bob receive strings <math>d^A</math> and <math>d^B</math>, respectively, from the device. | |||
## Alice chooses uniformly random ''measurement bases (questions)'' <math>x,y \in</math> {'''Computational,Hadamard'''} and sends <math>y</math> to Bob. Alice and Bob then, respectively, send <math>x</math> and <math>y</math> to the device. | |||
## Alice and Bob receive answer bits <math>a</math> and <math>b</math>, respectively, from the device. Alice and Bob also receive bits <math>h^A</math> and <math>h^B</math>, respectively, from the device. | |||
==Properties== | ==Properties== | ||
<!-- important information on the protocol: parameters (threshold values), security claim, success probability... --> | <!-- important information on the protocol: parameters (threshold values), security claim, success probability... --> | ||
==Further Information== | |||
<!-- theoretical and experimental papers including requirements, security proof (important), which protocol does it implement, benchmark values... --> | |||
==References== | ==References== | ||
<div style='text-align: right;'>''*contributed by Chirag Wadhwa''</div> | <div style='text-align: right;'>''*contributed by Chirag Wadhwa''</div> |