3

For a fair channel, sender sends a bit b and receiver gets it with probability 1/2 and gets b's flipped value with probability 1/2. It is trivial to build a fair noisy channel from 1 out of 2 oblivious transfer since sender only needs to input b and b's flipped value and receiver randomly choose one.

Now I wonder if we can achieve that we can use 1 out of 2 oblivious transfer to implement an unfair noisy channel where receiver gets b with probability p and b's flipped value with probability 1-p and p is not equal to 1/2. Thanks in advance!

statham
  • 81
  • 2
  • Please give some more context. Are you really interested in how to construct a stream cipher with a biased key stream that would make it vulnerable to cipher text only attacks? – Henrick Hellström Apr 15 '12 at 00:43
  • 2
    If I'm reading your definition of a "fair channel" correctly, there's no need for oblivious transfer (or any transfer) to implement one: the receiver can just choose a random bit, which will be equal to $b$ with probability 1/2 and equal to its complement otherwise. If that's correct, I wonder what use such a "channel" might be; if it's not, please clarify your post. – Ilmari Karonen Apr 15 '12 at 04:09
  • Well, the receiver would still need to know when and how many bits it receives. –  Apr 15 '12 at 04:18
  • Hi thanks for your comment. The objective of this kind of channel is that sender does not know what value that receiver receives and receiver does not know what value that sender sends. Regarding to Ilmari's post, receiver knows the value which sender sends so it is not a secure one... – statham Apr 15 '12 at 16:57
  • I was going to give an answer based on Rabin's oblivious transfer, but I realized that your question is somewhat underspecified. In particular, does the receiver want to learn $b$, or do they not care which bit they learn? Is it acceptable for the sender to sometimes know which bit the receiver will get? And is it acceptable for the receiver to sometimes obtain proof that the bit they received is indeed $b$? (I'd guess the answers to be "yes", "no" and "maybe", but I'd like to confirm that.) – Ilmari Karonen Apr 15 '12 at 18:05
  • Malicious sender wants to control what bit that receiver receives and malicious receiver wants to learn the real b, but a secure noisy channel will prevent them doing so. So the answers to your first two questions are no. For the last question, hmm, I dont know why you need this step so I would say maybe... thanks for pointing that out. – statham Apr 15 '12 at 18:57
  • In Ilmari's method, the sender acts independently of its value, so the receiver has exactly $\hspace{0.9 in}$ zero information about which value the sender "sent". –  Apr 15 '12 at 21:06
  • yes that's true... Sorry I didnt look at that quite carefully. But that's not a channel in fact and receiver does not receive anything. The key of the channel is that R receives something but R is not sure if that's right. S sends something but S can not be sure what is the output of the other end of the channel with respect to some probability.. – statham Apr 16 '12 at 15:15

0 Answers0