Efficient Oblivious Transfer in the Bounded-Storage Model

In this paper we propose an efficient OT 1 scheme in the bounded storage model, which is provably secure without complexity assumptions. Under the assumption that a public random string of M bits is broadcasted, the protocol is secure against any computationally unbounded dishonest receiver who can store τM bits, τ < 1. The protocol requires the sender and the receiver to store N · O( √ kM) bits, where k is a security parameter. When N = 2, our protocol is similar to that of Ding [10] but has more efficient round and communication complexities. Moreover, in case of N > 2, if the sender and receiver can store N ·O( √ kM) bits, we are able to construct a protocol for OT 1 which has almost the same complexity as in OT 2 1 scheme. Ding’s protocol was constructed by using the interactive hashing protocol which is introduced by Noar, Ostrovsky, Venkatesan and Yung [15] with very large roundcomplexity. We propose an efficiently extended interactive hashing and analyze its security. This protocol answers partially an open problem raised in [10].