Oblivious transfer
OT是指发送方sender传输给接收方receiver n个数据,但是不知道receiver收到了n中的哪一个,而receiver也只能解码其中一个。假如需要k个数据,那么至少需要k次interaction。
In cryptography, an oblivious transfer protocol (often abbreviated OT) is a type of protocol in which a sender transfers one of potentially many pieces of information to a receiver, but remains oblivious as to what piece (if any) has been transferred.
1-2 oblivious transfer
In a 1-2 oblivious transfer protocol, the sender has two messages m0 and m1, and the receiver has a bit b, and the receiver wishes to receive mb, without the sender learning b, while the sender wants to ensure that the receiver receives only one of the two messages. The protocol of Even, Goldreich, and Lempel (which the authors attribute partially to Silvio Micali), is general, but can be instantiated using RSA encryption as follows.
Protocol of Even, Goldreich, and Lempel
- Alice has two messages, m0,m1 , and wants to send exactly one of them to Bob, but does not want to know which one Bob receives.
- Alice generates an RSA key pair, comprising the modulus N , the public exponent
e and the private exponent d . She also generates two random values,x0,x1 and sends them to Bob along with her public modulus and exponent. - Bob picks b to be either 0 or 1(基于想要
m0 还是 m1 ). He generates a random value k and sendsxb by computing v=(