Imperfect 1-Out-of-2 Quantum Oblivious Transfer: Bounds, a Protocol, and its Experimental Implementation

Oblivious transfer is an important primitive in modern cryptography. Applications include secure multiparty computation, oblivious sampling, e-voting, and signatures. Information-theoretically secure perfect 1-out-of 2 oblivious transfer is impossible to achieve. Imperfect variants, where both participants' ability to cheat is still limited, are possible using quantum means while remaining classically impossible. Precisely what security parameters are attainable remains unknown. We introduce a theoretical framework for studying semirandom quantum oblivious transfer, which is shown to be equivalent to regular oblivious transfer in terms of cheating probabilities. We then use it to derive bounds on cheating. We also present a protocol with lower cheating probabilities than previous schemes, together with its optical realization. We show that a lower bound of 2/3 on the minimum achievable cheating probability can be directly derived for semirandom protocols using a different method and definition of cheating than used previously. The lower bound increases from 2/3 to approximately 0.749 if the states output by the protocol are pure and symmetric. The oblivious transfer scheme we present uses unambiguous state elimination measurements and can be implemented with the same technological requirements as standard quantum cryptography. In particular, it does not require honest participants to prepare or measure entangled states. The cheating probabilities are 3/4 and approximately 0.729 for sender and receiver, respectively, which is lower than in existing protocols. Using a photonic testbed, we have implemented the protocol with honest parties, as well as optimal cheating strategies. Because of the asymmetry of the receiver's and sender's cheating probabilities, the protocol can be combined with a trivial protocol to achieve an overall protocol with lower average cheating probabilities of approximately 0.74 for both sender and receiver. This demonstrates that, interestingly, protocols where the final output states are pure and symmetric are not optimal in terms of average cheating probability.

Automated summary

Oblivious transfer is a crucial primitive in modern cryptography with various applications, including secure multiparty computation and e-voting. While achieving information-theoretically secure perfect 1-out-of-2 oblivious transfer is impossible, imperfect variants using quantum means are feasible. The introduced theoretical framework for studying semirandom quantum oblivious transfer provides insights into cheating probabilities and bounds on security. The proposed protocol with reduced cheating probabilities compared to existing schemes can be implemented optically and does not require entangled states, showcasing promising advancements in the field.