Scalar product-based distributed oblivious transfer

Abstract

In a distributed oblivious transfer (DOT) the sender is replaced with m servers, and the receiver must contact k (k ≤ m) of these servers to learn the secret of her choice. Naor and Pinkas introduced the first unconditionally secure DOT for a sender holding two secrets. Blundo, D'Arco, Santis, and Stinson generalized Naor and Pinkas’s protocol, in the case that the sender holds n secrets, in the first so-called (k, m)-DOT- protocol. Such a protocol should be secure against a coalition of less than k parties. However, Blundo et al. have shown that this level of security is impossible to achieve in one-round polynomial-based constructions.

In this paper, we show that if communication is allowed amongst the servers, we are able to construct an unconditionally secure, polynomial-based (k, m)-DOT- protocol with the highest level of security. More precisely, in our construction, a receiver who contacts k servers and corrupt up to k − 1 servers (not necessarily from the set of the contacted servers) cannot learn more than one secret.