Optimal bounds for semi-honest quantum oblivious transfer

TL;DR

This paper establishes the fundamental limits of security in quantum oblivious transfer, showing a tight tradeoff between cheating probabilities of the involved parties and providing protocols that approach these bounds.

Contribution

It introduces an optimal security bound for quantum oblivious transfer under a natural cheating definition, characterizing the tradeoff between parties' cheating probabilities.

Findings

Proves that 2B + A ≥ 2 for any quantum protocol

Shows that at least one party can cheat with probability ≥ 2/3

Constructs protocols approaching the optimal tradeoff curve

Abstract

Oblivious transfer is a fundamental cryptographic primitive in which Bob transfers one of two bits to Alice in such a way that Bob cannot know which of the two bits Alice has learned. We present an optimal security bound for quantum oblivious transfer protocols under a natural and demanding definition of what it means for Alice to cheat. Our lower bound is a smooth tradeoff between the probability B with which Bob can guess Alice's bit choice and the probability A with which Alice can guess both of Bob's bits given that she learns one of the bits with certainty. We prove that 2B + A is greater than or equal to 2 in any quantum protocol for oblivious transfer, from which it follows that one of the two parties must be able to cheat with probability at least 2/3. We prove that this bound is optimal by exhibiting a family of protocols whose cheating probabilities can be made arbitrarily close to any point on the tradeoff curve.