Citation Context

...obability at most α, where the number of uses of the channel is of order O(log(1/α) 2+ε ) for any ε > 0. Trivial channels, on the other hand, do not allow for realizing OT in an unconditional way. In =-=[22]-=-, the problem of realizing bit commitment from discrete channels was studied. They showed that string commitment with positive rate can be achieved,si.e., the length of the committed string divided by...

Citation Context

...tes [14]. However, if some additional weak and realistic primitives are available such as noisy channels and noisy correlations, then unconditional security can be often achieved [6], [5], [7], [12], =-=[21]-=-, [22]. Another way of realizing unconditionally secure oblivious transfer is from (a weaker form of) oblivious transfer itself: All the variants of oblivious transfer have been shown equivalent to di...

Citation Context

...not that k/n may be bounded away from 0 while the conditions (1)-(3) below are satisfied) see the references in [12]. A related concept of commitment capacity has been introduced and characterized in =-=[14]-=-. In the literature of OT much of the effort is devoted to designing protocols that prevent a malicious Alice from learning Bob’s bit Z or a malicious Bob from obtaining information also about K Z . T...

Citation Context

...7. For example, statistically secure and universally composable10 commitments can be implemented from shared randomness PUV that is distributed according to (p)-RabinOT at a rate of H(U | V ) = 1 − p =-=[53]-=-. Using Theorem 8, one can implement FB→A,k OT with k ∈ Ω(n(1− p)) from n copies of PUV . Since I(U ;V ) = p, quantum protocols can also violate the bound of Corollary 7. 10 Stand-alone statistically ...

Citation Context

...tion can be answered using combinatorial analysis (as, for instance, was done in [12]), information theoretic tools have been put to good use to show bounds on efficiency of protocols (e.g. [2], [5], =-=[15]-=-, [10], [17], [7], [4], [14]). Our work continues on this vein of using information theory to formulate and answer efficiency questions in cryptography. Specifically, the quantities explored in the pr...

Citation Context

...a single string commitment from noisy channels at a constant rate, meaning that the size of the string grows linearly with the number of instances of noisy channels used, which is essentially optimal =-=[WNI03]-=-. Protocols which implement individual bit commitments at a constant rate, however, are not known. In [NOIMQ03] it has been shown that in any perfectly correct and perfectly hiding non-interactive bit...

Citation Context

...ich noisy channels yield oblivious transfer was independently obtained in [14] (with efficient protocols) and in [18] (where the classification was also extended to noisy correlations). Winter et al. =-=[25]-=- introduced the concept of cryptographic capacity of a channel for secure two-party computations. They derived a single-letter characterization of the commitment capacity of a discrete memoryless chan...

Citation Context

...retic security. Classical examples of such assumptions are, for example, access to some very special forms of shared randomness supplied in advance [7], access to a noisy communication channel 2 [8], =-=[9]-=- or a limited amount of memory [10]. Similarly, it has been shown that security is possible if the attacker’s quantum memory is bounded [11], [12], [13] or more generally noisy [14], [15], [16]. Anoth...