From d2b7b2759f68449b060ab556806ab5800953e64d Mon Sep 17 00:00:00 2001 From: Evan Chen Date: Wed, 14 Aug 2024 23:12:07 -0700 Subject: [PATCH] Add distinctness assumption to OT (#5) --- easy/src/ot.typ | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/easy/src/ot.typ b/easy/src/ot.typ index 626f563..0360ec8 100644 --- a/easy/src/ot.typ +++ b/easy/src/ot.typ @@ -4,10 +4,15 @@ Alice has $n$ messages $x_1, dots, x_n$. +We'll assume the messages are essentially unrelated to each other +(since we could always pad them with random bits). Bob wants to request the $i$-th message, without letting Alice learn anything about the value of $i$. Alice wants to send Bob $x_i$, -without letting him learn anything about the other $n-1$ messages. An _oblivious transfer (OT)_ allows Alice to transfer a single message to Bob, but she remains oblivious as to which message she has transferred. We'll see two simple protocols to achieve this. +without letting him learn anything about the other $n-1$ messages. +An _oblivious transfer (OT)_ allows Alice to transfer a single message to Bob, +but she remains oblivious as to which message she has transferred. +We'll see two simple protocols to achieve this. (In fact, for two-party computation, we only need "1-of-2 OT": @@ -51,7 +56,8 @@ by working in a finite group (for example $FF_p^times$, or an elliptic curve). Our first oblivious transfer protocol is built on the commutative encryption we just described. -Alice has $n$ messages $x_1, dots, x_n$, which we may as well assume are elements of the group $G$. Alice chooses a secret key $a$, encrypts each message, and sends all $n$ ciphertexts to Bob: +Alice has $n$ messages $x_1, dots, x_n$, which we may as well assume are elements of the group $G$. +Alice chooses a secret key $a$, encrypts each message, and sends all $n$ ciphertexts to Bob: $ Enc_a (x_1), dots, Enc_a (x_n). $