Editing Device-Independent Oblivious Transfer
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 11: | Line 11: | ||
* The device used is computationally bounded - it cannot solve the Learning with Errors (LWE) problem during the execution of the protocol | * The device used is computationally bounded - it cannot solve the Learning with Errors (LWE) problem during the execution of the protocol | ||
* The device behaves in an IID manner - it behaves independently and identically during each round of the protocol | * The device behaves in an IID manner - it behaves independently and identically during each round of the protocol | ||
==Outline== | ==Outline== | ||
<!-- A non-mathematical detailed outline which provides a rough idea of the concerned protocol --> | <!-- A non-mathematical detailed outline which provides a rough idea of the concerned protocol --> | ||
==Notation== | ==Notation== | ||
<!-- Connects the non-mathematical outline with further sections. --> | <!-- Connects the non-mathematical outline with further sections. --> | ||
<!-- ==Knowledge Graph== --> | <!-- ==Knowledge Graph== --> | ||
<!-- Add this part if the protocol is already in the graph --> | <!-- Add this part if the protocol is already in the graph --> | ||
Line 48: | Line 25: | ||
<!-- Mathematical step-wise protocol algorithm helpful to write a subroutine. --> | <!-- Mathematical step-wise protocol algorithm helpful to write a subroutine. --> | ||
===Protocol 1: Rand 1-2 OT<math>^l</math>=== | ===Protocol 1: Rand 1-2 OT<math>^l</math>=== | ||
# A device prepares <math>n</math> uniformly random Bell pairs <math>|\phi^{(v_i^{\alpha},v_i^{\beta})}\rangle, i = 1,...,n</math>, where the first qubit of each pair goes to <math>S</math> along with the string <math>v^{\alpha}</math>, and the second qubit of each pair goes to <math>R</math> along with the string <math>v^{\beta}</math>. | # A device prepares <math>n</math> uniformly random Bell pairs <math>|\phi^{(v_i^{\alpha},v_i^{\beta})}\rangle, i = 1,...,n</math>, where the first qubit of each pair goes to <math>S</math> along with the string <math>v^{\alpha}</math>, and the second qubit of each pair goes to <math>R</math> along with the string <math>v^{\beta}</math>. | ||
# R measures all qubits in the basis <math>y = [</math>'''Computational,Hadamard'''<math>]_c</math> where <math>c</math> is <math>R</math>'s choice bit. Let <math>b \in \{0,1\}^n</math> be the outcome. <math>R</math> then computes <math>b \oplus w^{\beta}</math>, where the <math>i</math>-th entry of <math>w^{\beta}</math> is defined by | # R measures all qubits in the basis <math>y = [</math>'''Computational,Hadamard'''<math>]_c</math> where <math>c</math> is <math>R</math>'s choice bit. Let <math>b \in \{0,1\}^n</math> be the outcome. <math>R</math> then computes <math>b \oplus w^{\beta}</math>, where the <math>i</math>-th entry of <math>w^{\beta}</math> is defined by | ||
Line 63: | Line 35: | ||
===Protocol 2: Self-testing with a single verifier=== | ===Protocol 2: Self-testing with a single verifier=== | ||
# Alice chooses the state bases <math>\theta^A,\theta^B \in </math> {'''Computational,Hadamard'''} uniformly at random and generates key-trapdoor pairs <math>(k^A,t^A),(k^B,t^B)</math>, where the generation procedure for <math>k^A</math> and <math>t^A</math> depends on <math>\theta^A</math> and a security parameter <math>\eta</math>, and likewise for <math>k^B</math> and <math>t^B</math>. Alice supplies Bob with <math>k^B</math>. Alice and Bob then respectively send <math>k^A, k^B</math> to the device. | # Alice chooses the state bases <math>\theta^A,\theta^B \in </math> {'''Computational,Hadamard'''} uniformly at random and generates key-trapdoor pairs <math>(k^A,t^A),(k^B,t^B)</math>, where the generation procedure for <math>k^A</math> and <math>t^A</math> depends on <math>\theta^A</math> and a security parameter <math>\eta</math>, and likewise for <math>k^B</math> and <math>t^B</math>. Alice supplies Bob with <math>k^B</math>. Alice and Bob then respectively send <math>k^A, k^B</math> to the device. | ||
# Alice and Bob receive strings <math>c^A</math> and <math>c^B</math>, respectively, from the device. | # Alice and Bob receive strings <math>c^A</math> and <math>c^B</math>, respectively, from the device. | ||
Line 76: | Line 46: | ||
===Protocol 3: DI Rand 1-2 OT<math>^l</math>=== | ===Protocol 3: DI Rand 1-2 OT<math>^l</math>=== | ||
::'''Data generation:''' | ::'''Data generation:''' | ||
# The sender and receiver execute <math>n</math> rounds of '''Protocol 2''' (Self-testing) with the sender as Alice and receiver as Bob, and with the following modification: | # The sender and receiver execute <math>n</math> rounds of '''Protocol 2''' (Self-testing) with the sender as Alice and receiver as Bob, and with the following modification: | ||
Line 115: | Line 80: | ||
==Properties== | ==Properties== | ||
<!-- important information on the protocol: parameters (threshold values), security claim, success probability... --> | <!-- important information on the protocol: parameters (threshold values), security claim, success probability... --> | ||
==Further Information== | |||
<!-- theoretical and experimental papers including requirements, security proof (important), which protocol does it implement, benchmark values... --> | |||
==References== | ==References== | ||
<div style='text-align: right;'>''*contributed by Chirag Wadhwa''</div> | <div style='text-align: right;'>''*contributed by Chirag Wadhwa''</div> |